[go: up one dir, main page]

WO2016083987A1 - Method of and system for obtaining proof of authorisation of a transaction - Google Patents

Method of and system for obtaining proof of authorisation of a transaction Download PDF

Info

Publication number
WO2016083987A1
WO2016083987A1 PCT/IB2015/059066 IB2015059066W WO2016083987A1 WO 2016083987 A1 WO2016083987 A1 WO 2016083987A1 IB 2015059066 W IB2015059066 W IB 2015059066W WO 2016083987 A1 WO2016083987 A1 WO 2016083987A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
identification information
authorisation
biometric identification
proof
Prior art date
Application number
PCT/IB2015/059066
Other languages
French (fr)
Inventor
Marius COETZEE
Original Assignee
Ideco Biometric Security Solutions (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ideco Biometric Security Solutions (Proprietary) Limited filed Critical Ideco Biometric Security Solutions (Proprietary) Limited
Publication of WO2016083987A1 publication Critical patent/WO2016083987A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • This invention relates to a method of and system for obtaining proof of authorisation of a transaction conducted by a person.
  • the invention further also extends to a method of and system for conducting a financial transaction.
  • Identity management is part of all aspects of a person's life. For example, employment, health, marital and criminal data are all linked to a person's identity. Identity management is however not limited to personal records, as it is also crucial in securing physical facilities, computers and networks. From the above examples it should be clear that identity control is a significant part of identity management, and is applied in a wide range of applications, including national identification, licensing, health care, banking, travel security, and access control in both the private and corporate sectors.
  • Identity control relies on solutions that can accurately and consistently recognise and confirm the identity of an individual.
  • a Password, Personal Identity Number (PIN) or One Time PIN (OTP) is primarily used to confirm the Identity of the customer. This confirmation attempts to create a unique link between an individual and the transaction being processed as it assumes that only the customer knows the relevant password, PIN or OTP that is required to approve the financial transaction.
  • Biometrics on the other hand, is playing an ever-increasing role in identity management with the advancement in technology in the digital age. Biometrics is generally accepted as unique and permanent traits of a person's identity and allow for the unrepudiable electronic identification of an individual, which is a key principle in identity control. Advanced biometric algorithms are able to consistently and accurately recognise an individual and authenticate the identity of that person.
  • Verification which is also known as 1 :1 or One to One
  • Identification which is also known as 1 :N or One to Many, on the other hand is where a sample is effectively matched against all templates in the database.
  • ABIS Automated Biometric Identification Systems
  • the first and also the traditional method involve the customer signing the transaction receipt as part of the authorisation process. This paper receipt, with the customer's signature is then stored as proof of authorisation of the transaction.
  • the second is known as the Personal Identification Number (PIN) or Password and involves the customer entering his/her secret and unique number or code as part of the transaction authorisation process. For example, by entering your PIN at the point of sale as part of a financial transaction, the financial institution will acknowledge you as the account - -
  • the secret PIN is therefore associated with the individual's identity and accepted as part of the proof of payment authorisation process.
  • the identity verification process is typically performed automatically by an underlying matching algorithm within the payment terminal, matching the unique secret PIN to the reference PIN in the system.
  • the third type is known as the One Time PIN (OTP) and involves a unique sequence of characters and/or numbers that are issued and sent to the customer, typically via a messaging service, to his/her assigned mobile phone (e.g. via an SMS).
  • OTP One Time PIN
  • the process may also require the customer to enter the unique OTP in order to conclude the transaction.
  • this method of authentication is often used in association with the PIN process as a second layer of security to authenticate the individual's identity as part of the transaction authorisation process.
  • underlying algorithms are used to verify the individual's identity associated with the transaction authorisation process.
  • a method of obtaining proof of authorisation of a transaction includes: receiving a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction (being authorised), and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the said transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction (i.e. the specific transaction being conducted by the person).
  • a “terminal”, in the context of the specification, includes any computer, mobile communication device (e.g. a smart phone) or a point-of-sale device.
  • step of receiving a request/information from a terminal should be interpreted that the information may be received - -
  • the method may include sending information on the type of biometric identification information required for proof of the authorisation of the transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction.
  • the terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received, are the same terminal.
  • the method may include generating, by using a processor, the unique transaction code for the said transaction.
  • the method may further include sending the transaction code to the terminal from which the biometric identification information is received over a communication link/network.
  • the request to perform a transaction authorisation may include identification information which identifies a particular entity (e.g. a person or company), account or accountholder which should be associated with the said transaction.
  • entity e.g. a person or company
  • the terminal from which the request to perform a transaction or to obtain proof of authorisation of the transaction is received may be a merchant or service provider terminal and the said person who is a party to the transaction may be a customer/client of the merchant or service provider.
  • the terminal from which the biometric identification information is received may be a mobile communication device of the customer/client.
  • the method may include, in response to receiving a request to perform a transaction or to obtain proof of authorisation of the transaction, generating a unique session identifier by using a processor and sending the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network.
  • the method may include, after sending the unique session identifier, establishing a secure communication link with the mobile application via - -
  • the method may further include, after establishing a secure communication link with the mobile application, sending information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
  • the method may include receiving geographic location information on the current location of the mobile communication device over a communication link/network and storing it together with the received biometric identification information and transaction code on the database.
  • the biometric identification information may include: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client (e.g. a facial portrait).
  • the biometric identification information may include information on two biometric traits.
  • One of the biometric traits may be a voice sample of the customer/client.
  • one of the biometric traits may be a video sample in which video of the customer/client is captured and/or an image of at least a face of the customer/client.
  • the transaction may be a financial transaction.
  • the communication networks/links referred to may be a local area network, mobile communication network and/or the Internet.
  • a system for obtaining proof of authorisation of a transaction includes: a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the said transaction; and a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and
  • proof-of-authorisation module is further configured to:
  • biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the said transaction.
  • a “module”, in the context of the specification, includes an identifiable portion of code, computational or executable instructions, or a computational object to achieve a particular function, operation, processing, or procedure.
  • a module may be implemented in software, hardware or a combination of software and hardware. Furthermore, modules need not necessarily be consolidated into one device.
  • the proof-of-authorisation module may be configured to send information on the type of biometric identification information required for proof of the authorisation of the said transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction, over a communication link/network.
  • the terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received may be the same terminal.
  • the transaction-facilitation module may be configured to generate the unique transaction code for the transaction.
  • the proof-of-authorisation module may be configured to send the generated transaction code to the terminal from which the biometric identification information is received over a communication link/network.
  • the terminal from which the request to perform a transaction or to obtain proof of authorisation of the said transaction is received is a merchant or service provider terminal and wherein the said person who is a party to the transaction is a customer/client of the merchant or service provider.
  • the terminal from which the biometric identification information is received may be a mobile communication device of the customer/client.
  • the proof-of-authorisation module may be configured, in response to receiving a request to perform a transaction or to obtain proof of authorisation of the said transaction, to generate a unique session identifier and send the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network.
  • the proof-of-authorisation module may be further configured, after sending the unique session identifier, to establish a secure communication link with the mobile application via which the biometric identification information is received, by utilising the session identifier.
  • the proof-of-authorisation module may be configured, after establishing a secure communication link with the mobile application, to send information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
  • the proof-of-authorisation module may be configured to receive geographic location information on the current location of the mobile communication device over a communication link/network and to store it together with the received biometric identification information and transaction code on the database.
  • the biometric identification information may include: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client.
  • the biometric identification information may include information on two biometric traits.
  • the one biometric trait may be a voice sample of the customer/client.
  • the other biometric trait may be a video sample in which video of the client is captured and/or an image of at least a face of the said person.
  • the system may include a server of which the transaction-facilitation module and the proof-of-authorisation module form part of.
  • the transaction may be a financial transaction.
  • a method of conducting a transaction includes: receiving a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction, and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction on a database.
  • the transaction may be a financial transaction.
  • a method of conducting a transaction includes: capturing biometric identification information of a first biometric trait of a person requesting to perform a transaction, by using a biometric scanning arrangement; capturing biometric identification information of a second biometric trait of the person, by using a biometric scanning arrangement; sending the captured biometric identification information of the first and second biometric traits to a remote server via a communication link; and receiving an identification code which is configured to identify the particular transaction via a communication link.
  • the transaction may be a financial transaction.
  • a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction;
  • a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and wherein the proof-of-authorisation module is further configured to: save the biometric identification information and a unique transaction code for identifying the particular transaction on a database of the system as proof of authorisation of the transaction; and/or
  • biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction.
  • the transaction may be a financial transaction.
  • a mobile application which is installable on a mobile communication device, for obtaining proof of authorisation of a transaction
  • the mobile application includes: a communication module which is configured to receive a request over a communication link/network to authorise a transaction by capturing biometric identification information; and a biometric capture module which is configured to allow a person to capture biometric identification information by utilising a biometric capturing arrangement of the mobile communication device (e.g. a camera, microphone, or fingerprint scanner of the mobile communication device) on which the mobile application is installed, wherein the communication module is further configured to send the captured biometric identification information as proof of authorisation of the transaction to a terminal over a communication link/network.
  • a biometric capture module which is configured to allow a person to capture biometric identification information by utilising a biometric capturing arrangement of the mobile communication device (e.g. a camera, microphone, or fingerprint scanner of the mobile communication device) on which the mobile application is installed, wherein the communication module is further configured to send the captured biometric identification information as proof of author
  • the mobile application may include a location module which is configured to capture the geographic location of the mobile communication device, on which the mobile application is installed, when the biometric identification information is captured,
  • the communication module may be configured to also send information on the geographic location to the terminal.
  • Figure 1 shows a simplified schematic layout of a system in accordance with the invention
  • Figure 2 shows a schematic layout of a server of the system of Figure
  • Figure 3 shows a simplified flow diagram of how the system of Figure 1 operates when obtaining proof of authorisation for a transaction
  • Figure 4 shows a simplified schematic layout of another example of the system in accordance with the invention.
  • Figure 5 shows another schematic layout of the system of Figure 4.
  • Figure 6 shows a simplified flow diagram of how the system of Figure
  • Figure 7 shows a schematic layout of a mobile application in accordance with the invention.
  • the invention relates to a system for performing a transaction which captures biometric identification information and stores the information on a database as proof of the authorisation of the transaction.
  • the captured biometric identification information is verified and a verification result thereof is stored on the database as proof of the authorisation of the transaction. Should the authorisation of a specific transaction therefore ever be queried, then the saved biometric identification information or verification result can be used as proof that authorisation was given for the transaction.
  • the system is generally operated by either an institution (e.g. a financial institution such as a bank) or an intermediary (e.g. an entity which facilitates transactions between customers/clients, service providers/merchants and an associated institution(s)).
  • the institution or intermediary typically includes: a transaction-facilitation module which is generally configured to perform/facilitate a transaction upon receiving a request from a terminal (e.g.
  • POS point-of-sale
  • a proof-of-authorisation module which is configured to store biometric identification information and/or a verification result of the biometric identification information received from the terminal or another mobile communication device which is associated with a particular customer, together with the generated transaction code, on a database.
  • the transaction-facilitation module may also be configured to send the generated unique transaction code back to the terminal which can then be presented to the customer.
  • the code may be sent to the customer's mobile communication device from which the biometric identification information was received. The customer may then use this code should he ever query whether or not he gave appropriate authorisation for the specific transaction.
  • modules in the context of the specification, includes an identifiable portion of code, computational or executable instructions, or a computational object to achieve a particular function, operation, processing, or procedure.
  • a module may be implemented in software, hardware or a combination of software and hardware. Furthermore, modules need not necessarily be consolidated into one device.
  • the system may therefore include a transaction server which implements the transaction-facilitation module and a proof-of-authorisation server, which is operatively connected to the transaction server, and which implements the proof-of-authorisation module.
  • both modules may be implemented in a single server.
  • the different functions of the two modules may therefore be implemented in software on a single server.
  • reference numeral 400 refers generally to a system for performing a transaction, in accordance with the invention.
  • the system 400 may typically include a transaction-facilitation module 402 and a proof-of-authorisation module 404 (see also Figure 2) which are implemented by a server 406 (e.g. a POT server) of an intermediary 500.
  • the server 406 typically facilitates transactions between customers 510 and service providers/merchants 520 by acting as an intermediary between them and an associated banking institution(s) 530.
  • the intermediary 500 would typically be required when a particular entity/organisation (e.g. the banking institution 530, or service provider 520) requires proof of the authorisation of the particular transaction by a customer.
  • the functions of the intermediary 520 may also be implemented by a server of the banking institution 530.
  • the process of capturing the biometric identification information and storing proof of the authorisation will typically be implemented after a first authorisation phase of a transaction.
  • the first phase will generally include a PIN and/or One-Time PIN (OTP) verification step as discussed in another example of the invention described further below and illustrated in Figure 6.
  • OTP One-Time PIN
  • functions of the "transaction server 18" in relation to the above-mentioned blocks could typically by implemented by the server 406.
  • a proof-of-authorisation request 410 would typically be sent from a terminal 408 of the service provider 520 via a communication network/link to the server 406 (at block 800).
  • the proof-of-authorisation request 410 will typically include details of the type of biometric identification/authorisation information (hereinafter merely referred to as "biometric identification information") they require from a particular customer 510.
  • biometric identification information may, for example, be a voice sample, a video sample and/or other biometric identification information.
  • the server 406 will typically also receive transaction details of the proposed transaction (e.g. details of a financial transaction) from the terminal 408, such as a payment amount, account details, etc.
  • the server 406 Upon receipt of the request 410, the server 406 generates a unique session identification (ID) (e.g. an identification code) and a unique identifier/transaction code which is associated with the particular request/transaction 410 (at block 802).
  • ID e.g. an identification code
  • unique identifier/transaction code which is associated with the particular request/transaction 410
  • the server 406 will send an SMS (or another type of messaging system) (at block 806) which includes a link for the customer 510 to download the mobile app 948 and register his smart device 416 (see blocks 808 and 810).
  • the server 406 will generate a token for the customer 510 (at block 812).
  • the server 406 then initiates and sends a session request 411 to the smart device 416, via a communication network 504 (e.g. a cloud messaging network, such as Google Cloud Messaging (GCM)) (at block 814). More specifically, details of the customer and its associated smart device are typically retrieved from a database 409 of the server 406, or another database which is accessible by the server 406, on which the details are stored (e.g. the details are stored during the registration process).
  • the session request 411 typically includes the unique session identification (ID) which is associated with the particular proof-of- authorisation request 410.
  • ID unique session identification
  • the smart device 416 When the smart device 416 receives the session request 411 it will typically launch the associated mobile app 948 on the device 416 (at block 816), which then sets up a secure connection between the smart device 416 and the server 406 (see reference numeral 420) (at block 818). Once this connection is established, the unique session ID is used by the app 948 in order to retrieve transaction parameters/information related to the request 410 of the service provider (at block 820).
  • the transaction parameters may, for example, include a request to obtain the biometric identification information specified in the authorisation request 410.
  • the transaction parameters may include a request for capturing a voice sample, the capturing of a video sample and/or any other response required by the client for proof of authorisation of the particular transaction.
  • the app 948 will then prompt the customer 510 to provide the requested biometric identification information. For example, the app 948 will prompt the customer 510 to utilise a camera of the smart device 416 to capture a video sample (e.g. if the request includes a video sample request). Once the required biometric identification information has been captured (at block 822), it is sent back to the server 406 via the secure communication channel 420 (see block 824). The server 406 then stores - -
  • the received authorisation information together with the unique identifier/transaction code which is associated with the original authorisation request 410, on the database 409 (at block 826) to thereby record the proof of the authorisation of the particular transaction, which helps to provide an audit trail of the proof of authorisation.
  • the current geographical location of the mobile device 416 can also be stored together with the unique identifier and biometric authorisation information on the database 409. More specifically, the mobile app 948 installed on the mobile device 416 will determine/obtain the current geographical location of the mobile device 416 and send the geographical location information to the server 406 (e.g. via the secure communication channel 420). This information may be sent together with the authorisation information or separately therefrom.
  • the geographical location may, for example, be in the form of GPS coordinates. In other words, the GPS coordinates of the mobile device 416, at the time when the authorisation is made, can be stored on the database 409. The GPS coordinates may then, for example, show that the customer 510 was at a particular merchant (or more specifically a terminal 408 of the merchant) when the biometric identification/authorisation information was captured.
  • the proof-of-authorisation module 404 of the server 406 may be configured to verify the received biometric authorisation information by comparing it with biometric identification information of customers/clients stored on the database 409.
  • the stored biometric identification information of customers/clients may, for example, have been obtained during a registration process when the app 948 was downloaded. If the received biometric identification information is verified then a verification result thereof, together with the unique identifier/transaction code which is associated with the original authorisation request 410 and, optionally, the geographic location of the mobile device 416, is stored on the database 409 as proof of the authorisation. If the biometric identification information is however not verified, then the transaction will be cancelled.
  • the app 948 includes: a communication module 950 (see Figure 7) which is configured to communicate with the server 406 (as described above); a biometric capture module 952 which is configured to allow a person/customer to capture biometric identification information by utilising a biometric capturing arrangement of the smart device 416 (e.g. a camera, microphone, or fingerprint scanner of the smart device 416); and a location module 954 which is configured to capture the geographic location of the smart device 416, when the biometric identification information is captured.
  • a communication module 950 see Figure 7
  • a biometric capture module 952 which is configured to allow a person/customer to capture biometric identification information by utilising a biometric capturing arrangement of the smart device 416 (e.g. a camera, microphone, or fingerprint scanner of the smart device 416)
  • a location module 954 which is configured to capture the geographic location of the smart device 416, when the biometric identification information is captured.
  • the system in accordance with the invention may typically be implemented by a financial institution, such as a banking institution 100.
  • the system 10 includes a transaction-facilitation module 12 and a proof-of-authorisation module 14.
  • the transaction-facilitation module 12 is communicatively connected to a plurality of terminals 16 via a communication link (e.g. via a local area network, mobile communication network and/or the Internet).
  • the terminals 16 may be point-of-sale devices, computers connected to the internet or mobile communication devices (e.g. smart devices, such as smart phones).
  • the system 10 includes a transaction server 18 which is configured to implement the functions of the transaction-facilitation module 12, and a proof-of-authorisation server 20 which is configured to implement the functions of the proof-of-authorisation module 14.
  • the transaction server 18 is configured (e.g. by way of software) to receive a request/request message from a terminal 16 to perform a particular financial transaction.
  • the request typically includes, amongst others, account/identification information which identifies a particular account or accountholder.
  • the terminal 16 may be a pay-point terminal at a merchant which sends a request to the transaction server 18 including details of a bankcard number read by a card reader of the terminal 16.
  • the transaction server 18 Upon receiving the request, the transaction server 18 queries a database 22 on which account/accountholder information (for ease of explanation, reference is only hereinafter made to "account”) is saved, in order to locate the particular account which is associated with the bankcard number.
  • account/accountholder information for ease of explanation, reference is only hereinafter made to "account"
  • an authorisation procedure is instituted in which a PIN and/or OTP are requested from the person 200 requesting the transaction (the authorisation procedure will be described in more detail below). If the authorisation procedure is successfully completed, then the transaction server 18 sends a request message to the terminal 16 to capture certain biometric identification information.
  • the biometric identification information may specifically be for a voice sample and/or a video sample of the person 200.
  • the terminal 16 should therefore have a biometric scanning arrangement (or be connected to one) in order to capture the required biometric identification information.
  • the biometric identification information is then captured by the terminal 16 and sent to the transaction server 18.
  • the transaction server 18 generates a unique transaction code which is associated with the particular transaction and sends the code, together with the received biometric identification information, to the proof-of- authorisation server 20, which saves the information, together with the associated transaction code, on a database 24.
  • proof-of-authorisation server 20 may be configured to verify the received biometric authorisation information by comparing it with biometric identification information of customers/clients stored on a database. If the received biometric authorisation information has been verified, then a verification result thereof is saved on the database 24 together with the associated transaction code.
  • the transaction server 18 also sends the transaction code to the terminal 16, so that it may be presented to the person 200.
  • One of the main aims of saving the biometric identification information/verification result, together with its associated transaction code, on a separate, designated database 24 is to provide proof that the person 200 authorised the particular transaction, should it ever be queried at a later stage.
  • the point-of-sale device 16 will typically have a card reader in order to read a bankcard of the customer 200.
  • the point of sale device 16 would also have a microphone which is configured to capture a voice sample, and a camera which is configured to capture a video of the customer. This point of sale may not necessary be one single integrated device and may consist of two separate devices performing the full financial transaction.
  • a payment request is sent (at block 300) from the terminal 16 to the transaction server 18.
  • the request includes, amongst others, a bankcard number and the associated PIN of the customer.
  • the transaction server 18 queries the database 22 in order to locate an account which is associated with the bankcard number (at block 302) to thereby process the financial transaction.
  • the transaction server 18 may generate an OTP and send it to an assigned mobile phone of the customer (not specifically shown in Figure 6). The transaction server 18 will also then send a request (at block 304) to the terminal 16, requesting that the customer 200 enter his OTP. The customer 200 then utilises a keypad of the point-of-sale device 16 in order to type in his OTP (at block 306,) which is then sent to the transaction server 18. Upon receiving the OTP, the transaction server 18 compares it with the - 3-
  • the transaction server 18 sends a request to the terminal 16, requesting that biometric identification information, in the form of a speech sample and video sample, be captured (at block 312).
  • the matching of the PIN numbers may be conducted by the terminal 18.
  • the transaction server 18 may therefore send the stored PIN number to the terminal 18 for matching purposes, or the PIN number may be retrieved by the terminal 18 from the bankcard itself (i.e. the PIN number may be saved locally on the bankcard).
  • the point-of-sale device 16 is accordingly configured to utilise a microphone and camera in order to capture the speech and video samples, respectively.
  • the captured speech and video samples is then sent back to the transaction server 18 (at block 314).
  • the transaction server 18 then generates, by using a processor, a unique transaction code (at block 316) which is associated with the particular transaction and sends the code, together with the captured biometric identification information, to the proof- of-authorisation server 20 (at block 318).
  • the proof-of-authorisation server 20 then stores the information on the database 24 (at block 320) or implements a verification procedure (at block 340) in which the received biometric identification information is verified by comparing it with biometric identification information of the customer 200 stored on a database. If the received biometric identification information is verified, then a verification result thereof and the transaction code are saved on the database 24 (a - -
  • the code is also sent to the terminal 16 (at block 322) which is then presented to the customer 200 (e.g. by means of a payment slip) (at block 324).
  • the same general process, as described above, will be followed if another type of terminal 16 is used, such as a mobile phone, except for a few adjustments.
  • the mobile phone may, for instance, make use of an online payment gateway in order to perform a financial transaction.
  • the biometric identification information will therefore be sent to the payment gateway which will then send the information onto the appropriate banking institution 100 (more specifically the proof-of-authorisation server 20 of the institution 100).
  • the Inventor believes that the system, in accordance with the invention, effectively addresses the problems mentioned in the background of the invention.
  • By capturing and storing specific biometric identification information or the verification results for each transaction it is relatively easy to provide concrete proof that a particular transaction was authorised by someone, should the person (or someone else), ever wish to query it.
  • This evidence/proof could be used for future reference purposes and/or post processing through matching algorithms for real-time risk profiling.
  • the system can relatively easily be implemented in existing payment systems, without adversely affecting the standard authentication processes currently in place (e.g. the use of PIN numbers and OTP's).
  • the system also provides a useful addition and/or alternative to existing payment systems, such as mobile phone payment systems.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention relates to a method of, and system (400) for, obtaining proof of authorisation of a transaction. The system (400) includes a transaction- facilitation module (402) and a proof-of-authorisation module (404). The transaction-facilitation module (402) is configured to receive a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the transaction (block 800). The proof-of- authorisation module is configured to receive biometric identification information (block 824) over a communication link/network (420) of a person (510) who is a party to the transaction. In addition, the proof-of- authorisation module (404) is configured to save/store the biometric identification information (block 826) and/or a verification result (block 901) thereof together with a unique transaction code for identifying the particular transaction on a database (409) of the system (400), as proof of authorisation of the transaction. The verification result is obtained by comparing the received biometric identification information with biometric identification information stored on a database (409).

Description

- -
METHOD OF AND SYSTEM FOR OBTAINING PROOF OF AUTHORISATION OF A TRANSACTION
BACKGROUND OF THE INVENTION
This invention relates to a method of and system for obtaining proof of authorisation of a transaction conducted by a person. The invention further also extends to a method of and system for conducting a financial transaction.
Identity management is part of all aspects of a person's life. For example, employment, health, marital and criminal data are all linked to a person's identity. Identity management is however not limited to personal records, as it is also crucial in securing physical facilities, computers and networks. From the above examples it should be clear that identity control is a significant part of identity management, and is applied in a wide range of applications, including national identification, licensing, health care, banking, travel security, and access control in both the private and corporate sectors.
Identity control relies on solutions that can accurately and consistently recognise and confirm the identity of an individual. In the financial payment world, a Password, Personal Identity Number (PIN) or One Time PIN (OTP) is primarily used to confirm the Identity of the customer. This confirmation attempts to create a unique link between an individual and the transaction being processed as it assumes that only the customer knows the relevant password, PIN or OTP that is required to approve the financial transaction. Biometrics, on the other hand, is playing an ever-increasing role in identity management with the advancement in technology in the digital age. Biometrics is generally accepted as unique and permanent traits of a person's identity and allow for the unrepudiable electronic identification of an individual, which is a key principle in identity control. Advanced biometric algorithms are able to consistently and accurately recognise an individual and authenticate the identity of that person.
Looking briefly at the process of authentication, there are generally two authentication methods namely verification and identification. Verification, which is also known as 1 :1 or One to One, is where a biometric sample is matched against one specific pre-selected biometric reference template. In other words, the person needs to provide his/her ID number or account number, swipe a card or enter a user code, to select a biometric template to match against. Identification, which is also known as 1 :N or One to Many, on the other hand is where a sample is effectively matched against all templates in the database. In specialised high-end systems, such as Automated Biometric Identification Systems (ABIS) solutions used in law enforcement, a biometric sample can be matched against millions of biometric templates. Simply put, a person does not have to provide any input other than their biometric.
Turning now to the current methods of recording proof of transaction authorisation. There are mainly three different types of processes followed when collecting this proof. The first and also the traditional method involve the customer signing the transaction receipt as part of the authorisation process. This paper receipt, with the customer's signature is then stored as proof of authorisation of the transaction.
The second is known as the Personal Identification Number (PIN) or Password and involves the customer entering his/her secret and unique number or code as part of the transaction authorisation process. For example, by entering your PIN at the point of sale as part of a financial transaction, the financial institution will acknowledge you as the account - -
holder and approve the financial transaction. The secret PIN is therefore associated with the individual's identity and accepted as part of the proof of payment authorisation process. The identity verification process is typically performed automatically by an underlying matching algorithm within the payment terminal, matching the unique secret PIN to the reference PIN in the system.
The third type is known as the One Time PIN (OTP) and involves a unique sequence of characters and/or numbers that are issued and sent to the customer, typically via a messaging service, to his/her assigned mobile phone (e.g. via an SMS). In addition to the customer's secret Password or PIN, the process may also require the customer to enter the unique OTP in order to conclude the transaction. As a result, this method of authentication is often used in association with the PIN process as a second layer of security to authenticate the individual's identity as part of the transaction authorisation process. Again, underlying algorithms are used to verify the individual's identity associated with the transaction authorisation process.
One disadvantage of the above methods is that it assumes the customer's Password or PIN remains a secret and the unique OTP cannot be copied to another device. It is however general knowledge that fraudsters are aggressively targeting customers to illegally obtain their PINs and/or clone their mobile devices in order to gain access to financial facilities and authorise fraudulent transactions. This poses a major risk to financial institutions, merchants and account holders, as they may potentially face major losses as a result of this type of fraud. The mere fact that a merchant does not have irrefutable proof of a person's identity associated with a transaction authorisation is a major concern.
It is therefore an object of this invention to alleviate at least some of the above-identified problems. SUMMARY OF THE INVENTION
In accordance with an aspect of the invention there is provided a method of obtaining proof of authorisation of a transaction, wherein the method includes: receiving a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction (being authorised), and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the said transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction (i.e. the specific transaction being conducted by the person).
A "terminal", in the context of the specification, includes any computer, mobile communication device (e.g. a smart phone) or a point-of-sale device.
It should be understood that the step of receiving a request/information from a terminal should be interpreted that the information may be received - -
directly or indirectly (e.g. via a financial switch or payment gateway) from the terminal.
The method may include sending information on the type of biometric identification information required for proof of the authorisation of the transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction. The terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received, are the same terminal.
The method may include generating, by using a processor, the unique transaction code for the said transaction. The method may further include sending the transaction code to the terminal from which the biometric identification information is received over a communication link/network.
The request to perform a transaction authorisation may include identification information which identifies a particular entity (e.g. a person or company), account or accountholder which should be associated with the said transaction.
The terminal from which the request to perform a transaction or to obtain proof of authorisation of the transaction is received, may be a merchant or service provider terminal and the said person who is a party to the transaction may be a customer/client of the merchant or service provider. The terminal from which the biometric identification information is received may be a mobile communication device of the customer/client.
The method may include, in response to receiving a request to perform a transaction or to obtain proof of authorisation of the transaction, generating a unique session identifier by using a processor and sending the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network.
The method may include, after sending the unique session identifier, establishing a secure communication link with the mobile application via - -
which the biometric identification information is received, by utilising the session identifier. The method may further include, after establishing a secure communication link with the mobile application, sending information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
The method may include receiving geographic location information on the current location of the mobile communication device over a communication link/network and storing it together with the received biometric identification information and transaction code on the database.
The biometric identification information may include: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client (e.g. a facial portrait).
The biometric identification information may include information on two biometric traits. One of the biometric traits may be a voice sample of the customer/client. Alternatively, or in addition, one of the biometric traits may be a video sample in which video of the customer/client is captured and/or an image of at least a face of the customer/client.
The transaction may be a financial transaction.
A "database", in the context of the specification, should be interpreted broadly to also include more than one database (e.g. a plurality of databases). The communication networks/links referred to may be a local area network, mobile communication network and/or the Internet.
In accordance with another aspect of the invention there is provided a system for obtaining proof of authorisation of a transaction, wherein the system includes: a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the said transaction; and a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and
wherein the proof-of-authorisation module is further configured to:
save the biometric identification information and a unique transaction code for identifying the particular transaction on a database of the system as proof of authorisation of the transaction; and/or
verify the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the said transaction.
A "module", in the context of the specification, includes an identifiable portion of code, computational or executable instructions, or a computational object to achieve a particular function, operation, processing, or procedure. A module may be implemented in software, hardware or a combination of software and hardware. Furthermore, modules need not necessarily be consolidated into one device.
The proof-of-authorisation module may be configured to send information on the type of biometric identification information required for proof of the authorisation of the said transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction, over a communication link/network.
The terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received , may be the same terminal.
The transaction-facilitation module may be configured to generate the unique transaction code for the transaction.
The proof-of-authorisation module may be configured to send the generated transaction code to the terminal from which the biometric identification information is received over a communication link/network.
The terminal from which the request to perform a transaction or to obtain proof of authorisation of the said transaction is received is a merchant or service provider terminal and wherein the said person who is a party to the transaction is a customer/client of the merchant or service provider.
The terminal from which the biometric identification information is received may be a mobile communication device of the customer/client.
The proof-of-authorisation module may be configured, in response to receiving a request to perform a transaction or to obtain proof of authorisation of the said transaction, to generate a unique session identifier and send the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network. The proof-of-authorisation module may be further configured, after sending the unique session identifier, to establish a secure communication link with the mobile application via which the biometric identification information is received, by utilising the session identifier.
The proof-of-authorisation module may be configured, after establishing a secure communication link with the mobile application, to send information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
The proof-of-authorisation module may be configured to receive geographic location information on the current location of the mobile communication device over a communication link/network and to store it together with the received biometric identification information and transaction code on the database.
The biometric identification information may include: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client.
The biometric identification information may include information on two biometric traits. The one biometric trait may be a voice sample of the customer/client. The other biometric trait may be a video sample in which video of the client is captured and/or an image of at least a face of the said person.
The system may include a server of which the transaction-facilitation module and the proof-of-authorisation module form part of.
The transaction may be a financial transaction.
In accordance with a further aspect of the invention there is provided a method of conducting a transaction, wherein the method includes: receiving a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction, and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction on a database.
The transaction may be a financial transaction.
In accordance with yet a further aspect of the invention there is provided a method of conducting a transaction, wherein the method includes: capturing biometric identification information of a first biometric trait of a person requesting to perform a transaction, by using a biometric scanning arrangement; capturing biometric identification information of a second biometric trait of the person, by using a biometric scanning arrangement; sending the captured biometric identification information of the first and second biometric traits to a remote server via a communication link; and receiving an identification code which is configured to identify the particular transaction via a communication link.
The transaction may be a financial transaction.
In accordance with yet another aspect of the invention there is provided a system for conducting a transaction, wherein the system includes: a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction; and
a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and wherein the proof-of-authorisation module is further configured to: save the biometric identification information and a unique transaction code for identifying the particular transaction on a database of the system as proof of authorisation of the transaction; and/or
verify the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction.
The transaction may be a financial transaction.
In accordance with yet another aspect of the invention there is provided a mobile application, which is installable on a mobile communication device, for obtaining proof of authorisation of a transaction, wherein the mobile application includes: a communication module which is configured to receive a request over a communication link/network to authorise a transaction by capturing biometric identification information; and a biometric capture module which is configured to allow a person to capture biometric identification information by utilising a biometric capturing arrangement of the mobile communication device (e.g. a camera, microphone, or fingerprint scanner of the mobile communication device) on which the mobile application is installed, wherein the communication module is further configured to send the captured biometric identification information as proof of authorisation of the transaction to a terminal over a communication link/network.
The mobile application may include a location module which is configured to capture the geographic location of the mobile communication device, on which the mobile application is installed, when the biometric identification information is captured,
The communication module may be configured to also send information on the geographic location to the terminal.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described, by way of example, with reference to the accompanying diagrammatic drawings. In the drawings:
Figure 1 shows a simplified schematic layout of a system in accordance with the invention;
Figure 2 shows a schematic layout of a server of the system of Figure
1 ; Figure 3 shows a simplified flow diagram of how the system of Figure 1 operates when obtaining proof of authorisation for a transaction;
Figure 4 shows a simplified schematic layout of another example of the system in accordance with the invention;
Figure 5 shows another schematic layout of the system of Figure 4;
Figure 6 shows a simplified flow diagram of how the system of Figure
4 operates when conducting a financial transaction; and
Figure 7 shows a schematic layout of a mobile application in accordance with the invention.
DESCRIPTION OF PREFERRED EMBODIMENTS
The invention relates to a system for performing a transaction which captures biometric identification information and stores the information on a database as proof of the authorisation of the transaction. In a slightly alternative arrangement, the captured biometric identification information is verified and a verification result thereof is stored on the database as proof of the authorisation of the transaction. Should the authorisation of a specific transaction therefore ever be queried, then the saved biometric identification information or verification result can be used as proof that authorisation was given for the transaction.
The system is generally operated by either an institution (e.g. a financial institution such as a bank) or an intermediary (e.g. an entity which facilitates transactions between customers/clients, service providers/merchants and an associated institution(s)). The institution or intermediary typically includes: a transaction-facilitation module which is generally configured to perform/facilitate a transaction upon receiving a request from a terminal (e.g. a point-of-sale (POS) device, internet connected computer or a smart phone) and generate a unique transaction code for the transaction; and a proof-of-authorisation module which is configured to store biometric identification information and/or a verification result of the biometric identification information received from the terminal or another mobile communication device which is associated with a particular customer, together with the generated transaction code, on a database.
The transaction-facilitation module may also be configured to send the generated unique transaction code back to the terminal which can then be presented to the customer. Alternatively, the code may be sent to the customer's mobile communication device from which the biometric identification information was received. The customer may then use this code should he ever query whether or not he gave appropriate authorisation for the specific transaction.
As mentioned above, a "module", in the context of the specification, includes an identifiable portion of code, computational or executable instructions, or a computational object to achieve a particular function, operation, processing, or procedure. A module may be implemented in software, hardware or a combination of software and hardware. Furthermore, modules need not necessarily be consolidated into one device.
The system may therefore include a transaction server which implements the transaction-facilitation module and a proof-of-authorisation server, which is operatively connected to the transaction server, and which implements the proof-of-authorisation module. Alternatively, both modules may be implemented in a single server. The different functions of the two modules may therefore be implemented in software on a single server. In Figure 1 , reference numeral 400 refers generally to a system for performing a transaction, in accordance with the invention.
The system 400 may typically include a transaction-facilitation module 402 and a proof-of-authorisation module 404 (see also Figure 2) which are implemented by a server 406 (e.g. a POT server) of an intermediary 500. The server 406 typically facilitates transactions between customers 510 and service providers/merchants 520 by acting as an intermediary between them and an associated banking institution(s) 530. The intermediary 500 would typically be required when a particular entity/organisation (e.g. the banking institution 530, or service provider 520) requires proof of the authorisation of the particular transaction by a customer. However, it should be borne in mind that, in an alternative arrangement, the functions of the intermediary 520 may also be implemented by a server of the banking institution 530.
It will be appreciated that the process of capturing the biometric identification information and storing proof of the authorisation will typically be implemented after a first authorisation phase of a transaction. The first phase will generally include a PIN and/or One-Time PIN (OTP) verification step as discussed in another example of the invention described further below and illustrated in Figure 6. Reference is in this regard specifically made to blocks 300, 302, 304, 306, 308 and 310. In this instance, functions of the "transaction server 18" in relation to the above-mentioned blocks, could typically by implemented by the server 406.
Reference is now also made to Figure 3. In the event that a particular entity, such as the service provider 520, requires proof of authorisation of a particular transaction, a proof-of-authorisation request 410 would typically be sent from a terminal 408 of the service provider 520 via a communication network/link to the server 406 (at block 800). The proof-of-authorisation request 410 will typically include details of the type of biometric identification/authorisation information (hereinafter merely referred to as "biometric identification information") they require from a particular customer 510. The biometric identification information may, for example, be a voice sample, a video sample and/or other biometric identification information. In addition to receiving a proof-of-authorisation request, the server 406 will typically also receive transaction details of the proposed transaction (e.g. details of a financial transaction) from the terminal 408, such as a payment amount, account details, etc.
Upon receipt of the request 410, the server 406 generates a unique session identification (ID) (e.g. an identification code) and a unique identifier/transaction code which is associated with the particular request/transaction 410 (at block 802).
If the particular customer 510 has not yet installed a mobile app 948 (see also Figure 7) on his smart device 416 which is associated with the system 400 and the server 406 has no registration token (e.g. a GCM (Google Cloud Messaging) registration token (or another type of cloud messaging system)) for the particular customer 510 (at block 804), then the server 406 will send an SMS (or another type of messaging system) (at block 806) which includes a link for the customer 510 to download the mobile app 948 and register his smart device 416 (see blocks 808 and 810). During the registration process, the server 406 will generate a token for the customer 510 (at block 812).
The server 406 then initiates and sends a session request 411 to the smart device 416, via a communication network 504 (e.g. a cloud messaging network, such as Google Cloud Messaging (GCM)) (at block 814). More specifically, details of the customer and its associated smart device are typically retrieved from a database 409 of the server 406, or another database which is accessible by the server 406, on which the details are stored (e.g. the details are stored during the registration process). The session request 411 typically includes the unique session identification (ID) which is associated with the particular proof-of- authorisation request 410.
When the smart device 416 receives the session request 411 it will typically launch the associated mobile app 948 on the device 416 (at block 816), which then sets up a secure connection between the smart device 416 and the server 406 (see reference numeral 420) (at block 818). Once this connection is established, the unique session ID is used by the app 948 in order to retrieve transaction parameters/information related to the request 410 of the service provider (at block 820).
The transaction parameters may, for example, include a request to obtain the biometric identification information specified in the authorisation request 410. For example, the transaction parameters may include a request for capturing a voice sample, the capturing of a video sample and/or any other response required by the client for proof of authorisation of the particular transaction.
The app 948 will then prompt the customer 510 to provide the requested biometric identification information. For example, the app 948 will prompt the customer 510 to utilise a camera of the smart device 416 to capture a video sample (e.g. if the request includes a video sample request). Once the required biometric identification information has been captured (at block 822), it is sent back to the server 406 via the secure communication channel 420 (see block 824). The server 406 then stores - -
the received authorisation information, together with the unique identifier/transaction code which is associated with the original authorisation request 410, on the database 409 (at block 826) to thereby record the proof of the authorisation of the particular transaction, which helps to provide an audit trail of the proof of authorisation.
In addition, the current geographical location of the mobile device 416 can also be stored together with the unique identifier and biometric authorisation information on the database 409. More specifically, the mobile app 948 installed on the mobile device 416 will determine/obtain the current geographical location of the mobile device 416 and send the geographical location information to the server 406 (e.g. via the secure communication channel 420). This information may be sent together with the authorisation information or separately therefrom. The geographical location may, for example, be in the form of GPS coordinates. In other words, the GPS coordinates of the mobile device 416, at the time when the authorisation is made, can be stored on the database 409. The GPS coordinates may then, for example, show that the customer 510 was at a particular merchant (or more specifically a terminal 408 of the merchant) when the biometric identification/authorisation information was captured.
In a slightly alternative embodiment, the proof-of-authorisation module 404 of the server 406 may be configured to verify the received biometric authorisation information by comparing it with biometric identification information of customers/clients stored on the database 409. The stored biometric identification information of customers/clients may, for example, have been obtained during a registration process when the app 948 was downloaded. If the received biometric identification information is verified then a verification result thereof, together with the unique identifier/transaction code which is associated with the original authorisation request 410 and, optionally, the geographic location of the mobile device 416, is stored on the database 409 as proof of the authorisation. If the biometric identification information is however not verified, then the transaction will be cancelled. In this regard, reference is specifically made to blocks 900-902.
In order to implement all the functions of the mobile app 948 described above, the app 948 includes: a communication module 950 (see Figure 7) which is configured to communicate with the server 406 (as described above); a biometric capture module 952 which is configured to allow a person/customer to capture biometric identification information by utilising a biometric capturing arrangement of the smart device 416 (e.g. a camera, microphone, or fingerprint scanner of the smart device 416); and a location module 954 which is configured to capture the geographic location of the smart device 416, when the biometric identification information is captured.
Reference is now specifically made to Figures 4-6 which illustrate another example of the invention.
In this example, the system in accordance with the invention may typically be implemented by a financial institution, such as a banking institution 100. The system 10 includes a transaction-facilitation module 12 and a proof-of-authorisation module 14.
The transaction-facilitation module 12 is communicatively connected to a plurality of terminals 16 via a communication link (e.g. via a local area network, mobile communication network and/or the Internet). The terminals 16 may be point-of-sale devices, computers connected to the internet or mobile communication devices (e.g. smart devices, such as smart phones).
Reference is now also specifically made to Figure 5. In this example, the system 10 includes a transaction server 18 which is configured to implement the functions of the transaction-facilitation module 12, and a proof-of-authorisation server 20 which is configured to implement the functions of the proof-of-authorisation module 14.
The transaction server 18 is configured (e.g. by way of software) to receive a request/request message from a terminal 16 to perform a particular financial transaction. The request typically includes, amongst others, account/identification information which identifies a particular account or accountholder. For example, the terminal 16 may be a pay-point terminal at a merchant which sends a request to the transaction server 18 including details of a bankcard number read by a card reader of the terminal 16.
Upon receiving the request, the transaction server 18 queries a database 22 on which account/accountholder information (for ease of explanation, reference is only hereinafter made to "account") is saved, in order to locate the particular account which is associated with the bankcard number.
Once the transaction server 18 has located the particular account, then an authorisation procedure is instituted in which a PIN and/or OTP are requested from the person 200 requesting the transaction (the authorisation procedure will be described in more detail below). If the authorisation procedure is successfully completed, then the transaction server 18 sends a request message to the terminal 16 to capture certain biometric identification information. The biometric identification information may specifically be for a voice sample and/or a video sample of the person 200. The terminal 16 should therefore have a biometric scanning arrangement (or be connected to one) in order to capture the required biometric identification information.
The biometric identification information is then captured by the terminal 16 and sent to the transaction server 18. In response, the transaction server 18 generates a unique transaction code which is associated with the particular transaction and sends the code, together with the received biometric identification information, to the proof-of- authorisation server 20, which saves the information, together with the associated transaction code, on a database 24. In a slightly alternative embodiment, proof-of-authorisation server 20 may be configured to verify the received biometric authorisation information by comparing it with biometric identification information of customers/clients stored on a database. If the received biometric authorisation information has been verified, then a verification result thereof is saved on the database 24 together with the associated transaction code. The transaction server 18 also sends the transaction code to the terminal 16, so that it may be presented to the person 200.
One of the main aims of saving the biometric identification information/verification result, together with its associated transaction code, on a separate, designated database 24 is to provide proof that the person 200 authorised the particular transaction, should it ever be queried at a later stage. Reference is now specifically made to Figure 6. If a person/customer 200, for instance, wants to buy groceries at a merchant, then a teller of the merchant will typically use a terminal 16 in the form of a point-of-sale device via which the financial transaction is performed.
The point-of-sale device 16 will typically have a card reader in order to read a bankcard of the customer 200. The point of sale device 16 would also have a microphone which is configured to capture a voice sample, and a camera which is configured to capture a video of the customer. This point of sale may not necessary be one single integrated device and may consist of two separate devices performing the full financial transaction.
After the bank card of the customer 200 has been read by the point- of-sale device 16 and appropriate customer PIN and transaction details (e.g. the payment amount) has been entered, a payment request is sent (at block 300) from the terminal 16 to the transaction server 18. As mentioned above, the request includes, amongst others, a bankcard number and the associated PIN of the customer. The transaction server 18 then queries the database 22 in order to locate an account which is associated with the bankcard number (at block 302) to thereby process the financial transaction.
Once the corresponding account has been located, the transaction server 18 may generate an OTP and send it to an assigned mobile phone of the customer (not specifically shown in Figure 6). The transaction server 18 will also then send a request (at block 304) to the terminal 16, requesting that the customer 200 enter his OTP. The customer 200 then utilises a keypad of the point-of-sale device 16 in order to type in his OTP (at block 306,) which is then sent to the transaction server 18. Upon receiving the OTP, the transaction server 18 compares it with the - 3-
generated OTP which is associated with the transaction and is saved on the database 22 (at block 308). If the OTP's do not match, then the transaction is declined (at block 310).
If the OTP's however do match, then the transaction server 18 sends a request to the terminal 16, requesting that biometric identification information, in the form of a speech sample and video sample, be captured (at block 312).
In a slightly alternative embodiment, the matching of the PIN numbers may be conducted by the terminal 18. The transaction server 18 may therefore send the stored PIN number to the terminal 18 for matching purposes, or the PIN number may be retrieved by the terminal 18 from the bankcard itself (i.e. the PIN number may be saved locally on the bankcard).
The point-of-sale device 16 is accordingly configured to utilise a microphone and camera in order to capture the speech and video samples, respectively. The captured speech and video samples is then sent back to the transaction server 18 (at block 314). The transaction server 18 then generates, by using a processor, a unique transaction code (at block 316) which is associated with the particular transaction and sends the code, together with the captured biometric identification information, to the proof- of-authorisation server 20 (at block 318). The proof-of-authorisation server 20 then stores the information on the database 24 (at block 320) or implements a verification procedure (at block 340) in which the received biometric identification information is verified by comparing it with biometric identification information of the customer 200 stored on a database. If the received biometric identification information is verified, then a verification result thereof and the transaction code are saved on the database 24 (a - -
block 342). If the received biometric identification information is however not verified, then the transaction is cancelled (at block 344).
The code is also sent to the terminal 16 (at block 322) which is then presented to the customer 200 (e.g. by means of a payment slip) (at block 324).
It will be appreciated that the same general process, as described above, will be followed if another type of terminal 16 is used, such as a mobile phone, except for a few adjustments. The mobile phone may, for instance, make use of an online payment gateway in order to perform a financial transaction. Using the microphone and camera of the mobile phone, the biometric identification information will therefore be sent to the payment gateway which will then send the information onto the appropriate banking institution 100 (more specifically the proof-of-authorisation server 20 of the institution 100).
The Inventor believes that the system, in accordance with the invention, effectively addresses the problems mentioned in the background of the invention. By capturing and storing specific biometric identification information or the verification results for each transaction, it is relatively easy to provide concrete proof that a particular transaction was authorised by someone, should the person (or someone else), ever wish to query it.
This evidence/proof could be used for future reference purposes and/or post processing through matching algorithms for real-time risk profiling. The system can relatively easily be implemented in existing payment systems, without adversely affecting the standard authentication processes currently in place (e.g. the use of PIN numbers and OTP's).
The system also provides a useful addition and/or alternative to existing payment systems, such as mobile phone payment systems.

Claims

1. A method of obtaining proof of authorisation of a transaction, wherein the method includes: receiving a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction, and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction.
2. The method of claim 1 , which includes sending information on the type of biometric identification required for the proof of authorisation of the transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction.
3. The method of claim 2, wherein the terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received, are the same terminal.
4. The method of any of claims 1 to 3, which includes generating, by using a processor, the unique transaction code for the transaction.
5. The method of claim 3 or claim 4, which includes sending the transaction code to the terminal from which the biometric identification information is received over a communication link/network.
6. The method of any of the preceding claims, wherein the request to perform a transaction includes identification information which identifies a particular entity, account or accountholder which should be associated with the transaction.
7. The method of claim 1 , wherein the terminal from which the request to perform a transaction or to obtain proof of authorisation of the transaction is received, is a merchant or service provider terminal and wherein the said person who is a party to the transaction is a customer/client of the merchant or service provider.
8. The method of claim 7, wherein the terminal from which the biometric identification information is received is a mobile communication device of the customer/client.
9. The method of claim 8 which includes, in response to receiving the request to perform a transaction or to obtain proof of authorisation of the transaction, generating a unique session identifier by using a processor and sending the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network.
10. The method of claim 9 which includes, after sending the unique session identifier, establishing a secure communication link with the mobile application via which the biometric identification information is received, by utilising the session identifier.
11. The method of claim 10 which includes, after establishing a secure communication link with the mobile application, sending information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
12. The method of any of claims 8 to 11 , which includes receiving geographic location information on the current location of the mobile communication device over a communication link/network and storing it together with the received biometric identification information and transaction code on the database.
13. The method of any of claims 7 to 12, wherein the biometric identification information includes: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client.
14. The method of any of claims 7 to 13, wherein the biometric identification information includes information on two biometric traits.
15. The method of any of the preceding claims, wherein the transaction is a financial transaction.
16. A system for obtaining proof of authorisation of a transaction, wherein the system includes: a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction or to obtain proof of authorisation of the transaction; and
a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and wherein the proof-of-authorisation module is further configured to: save the biometric identification information and a unique transaction code for identifying the particular transaction on a database of the system as proof of authorisation of the transaction; and/or
verify the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction.
17. The system of claim 16, wherein the proof-of-authorisation module is configured to send information on the type of biometric identification information required for proof of the authorisation of the transaction to a terminal which is associated with, or accessible by, the said person who is a party to the transaction, over a communication link/network.
18. The system of claim 17, wherein the terminal to which information on the type of biometric identification information required is sent and the terminal from which the biometric identification information is received, are the same terminal.
19. The system of any of claims 16 to 18, wherein the transaction- facilitation module is configured to generate the unique transaction code for the transaction.
20. The system of claim 19, wherein the proof-of-authorisation module is configured to send the generated transaction code to the terminal from which the biometric identification information is received over a communication link/network.
21. The system of claim 16, wherein the terminal from which the request to perform a transaction or to obtain proof of authorisation of the transaction is received is a merchant or service provider terminal and wherein the said person who is a party to the transaction is a customer/client of the merchant or service provider.
22. The system of claim 21 , wherein the terminal from which the biometric identification information is received is a mobile communication device of the customer/client.
23. The system of claim 22, wherein the proof-of-authorisation module is configured, in response to receiving a request to perform a transaction or to obtain proof of authorisation of the transaction, to generate a unique session identifier and send the unique session identifier to a mobile application of the mobile communication device of the customer/client via a communication network.
24. The system of claim 23, wherein the proof-of-authorisation module is configured, after sending the unique session identifier, to establish a secure communication link with the mobile application via which the biometric identification information is received, by utilising the session identifier.
25. The system of claim 24, wherein the proof-of-authorisation module is configured, after establishing a secure communication link with the mobile application, to send information on the type of biometric identification information required from the customer/client for proof of authorisation of the transaction over the secure communication link.
26. The system of claim 22, wherein the proof-of-authorisation module is configured to receive geographic location information on the current location of the mobile communication device over a communication link/network and to store it together with the received biometric identification information and transaction code on the database.
27. The system of any of claims 21 to 26, wherein the biometric identification information includes: a fingerprint sample of the customer/client; a voice/speech sample of the customer/client; a video sample in which video of the client is captured; and/or an image of at least a face of the customer/client.
28. The system of any of claims 21 to 26, wherein the biometric identification information includes information on two biometric traits.
29. The system of any of claims 16 to 28, which includes a server of which the transaction-facilitation module and the proof-of- authorisation module form part of.
30. The system of any of claims 16 to 29, wherein the transaction is a financial transaction.
31. A method of conducting a transaction, wherein the method includes: receiving a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction; and receiving biometric identification information, from a terminal over a communication link/network, of a person who is a party to the transaction, and wherein the method further includes: storing the biometric identification information and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction; and/or verifying, by using a processor, the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, storing a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction on a database.
32. The method of claim 31 , wherein the transaction is a financial transaction.
33. A method of conducting a transaction, wherein the method includes: capturing biometric identification information of a first biometric trait of a person requesting to perform a transaction, by using a biometric scanning arrangement; capturing biometric identification information of a second biometric trait of the person, by using a biometric scanning arrangement; sending the captured biometric identification information of the first and second biometric traits to a remote server via a communication link; and receiving an identification code which is configured to identify the particular transaction via a communication link.
34. The method of claim 33, wherein the transaction is a financial transaction.
35. A system for conducting a transaction, wherein the system includes: a transaction-facilitation module which is configured to receive a request from a terminal over a communication link/network to perform a transaction and/or to obtain proof of authorisation of the transaction; and a proof-of-authorisation module which is configured to receive biometric identification information over a communication link/network of a person who is a party to the transaction, and wherein the proof-of-authorisation module is further configured to: save the biometric identification information and a unique transaction code for identifying the particular transaction on a database of the system as proof of authorisation of the transaction; and/or
verify the authenticity of the received biometric identification information by comparing it with biometric identification information stored on a database, and, if the received biometric identification is verified, to store a verification result thereof and a unique transaction code for identifying the particular transaction on a database as proof of authorisation of the transaction.
36. The system of claim 35, wherein the transaction is a financial transaction.
37. A mobile application, which is installable on a mobile communication device, for obtaining proof of authorisation of a transaction, wherein the mobile application includes: a communication module which is configured to receive a request over a communication link/network to authorise a transaction by capturing biometric identification information; and a biometric capture module which is configured to allow a person to capture biometric identification information by utilising a biometric capturing arrangement of the mobile communication device on which the mobile application is installed, wherein the communication module is further configured to send the captured biometric identification information as proof of authorisation of the transaction to a terminal over a communication link/network. The mobile application of claim 37, which includes a location module which is configured to capture the geographic location of the mobile communication device, on which the mobile application is installed, when the biometric identification information is captured, and wherein the communication module is configured to also send information on the geographic location to the terminal.
PCT/IB2015/059066 2014-11-25 2015-11-24 Method of and system for obtaining proof of authorisation of a transaction WO2016083987A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA201408664 2014-11-25
ZA2014/08664 2014-11-25

Publications (1)

Publication Number Publication Date
WO2016083987A1 true WO2016083987A1 (en) 2016-06-02

Family

ID=54780379

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/059066 WO2016083987A1 (en) 2014-11-25 2015-11-24 Method of and system for obtaining proof of authorisation of a transaction

Country Status (1)

Country Link
WO (1) WO2016083987A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019083950A1 (en) * 2017-10-26 2019-05-02 Easy Solutions Enterprises Corp. Systems and methods to detect and notify victims of phishing activities
EP3570518A1 (en) 2018-05-16 2019-11-20 In-Idt Authentication system and method using a limited-life disposable token
US11151576B2 (en) 2019-04-05 2021-10-19 At&T Intellectual Property I, L.P. Authorizing transactions using negative pin messages
US12200132B1 (en) 2022-08-25 2025-01-14 Wells Fargo Bank, N.A. Secure multi-verification of biometric data in a distributed computing environment
US12248545B1 (en) 2022-09-01 2025-03-11 Wells Fargo Bank, N.A. Secure digital authorization via generated datasets

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015136A1 (en) * 2000-08-16 2002-02-21 Link Information Systems Limited Apparatus for and methods of verifying identities
US20060036442A1 (en) * 2004-07-30 2006-02-16 Sbc Knowledge Ventures, L.P. Centralized biometric authentication
US20090313165A1 (en) * 2006-08-01 2009-12-17 Qpay Holdings Limited Transaction authorisation system & method
US20140258718A1 (en) * 2013-03-07 2014-09-11 Asymptote Security Llc Method and system for secure transmission of biometric data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002015136A1 (en) * 2000-08-16 2002-02-21 Link Information Systems Limited Apparatus for and methods of verifying identities
US20060036442A1 (en) * 2004-07-30 2006-02-16 Sbc Knowledge Ventures, L.P. Centralized biometric authentication
US20090313165A1 (en) * 2006-08-01 2009-12-17 Qpay Holdings Limited Transaction authorisation system & method
US20140258718A1 (en) * 2013-03-07 2014-09-11 Asymptote Security Llc Method and system for secure transmission of biometric data

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019083950A1 (en) * 2017-10-26 2019-05-02 Easy Solutions Enterprises Corp. Systems and methods to detect and notify victims of phishing activities
US20190132356A1 (en) * 2017-10-26 2019-05-02 Easy Solutions Enterprises Corp. Systems and Methods to Detect and Notify Victims of Phishing Activities
US10645117B2 (en) 2017-10-26 2020-05-05 Easy Solutions Enterprises Corp. Systems and methods to detect and notify victims of phishing activities
EP3570518A1 (en) 2018-05-16 2019-11-20 In-Idt Authentication system and method using a limited-life disposable token
US11151576B2 (en) 2019-04-05 2021-10-19 At&T Intellectual Property I, L.P. Authorizing transactions using negative pin messages
US12200132B1 (en) 2022-08-25 2025-01-14 Wells Fargo Bank, N.A. Secure multi-verification of biometric data in a distributed computing environment
US12248545B1 (en) 2022-09-01 2025-03-11 Wells Fargo Bank, N.A. Secure digital authorization via generated datasets

Similar Documents

Publication Publication Date Title
US11263691B2 (en) System and method for secure transactions at a mobile device
US10771251B1 (en) Identity management service via virtual passport
US11556926B2 (en) Method for approving use of card by using blockchain-based token id and server using method
US11978051B2 (en) Authenticating remote transactions using a mobile device
US10701068B2 (en) Server based biometric authentication
JP6648110B2 (en) System and method for authenticating a client to a device
US11157905B2 (en) Secure on device cardholder authentication using biometric data
US9665868B2 (en) One-time use password systems and methods
US10489565B2 (en) Compromise alert and reissuance
MX2011002067A (en) System and method of secure payment transactions.
EP3186739B1 (en) Secure on device cardholder authentication using biometric data
WO2016083987A1 (en) Method of and system for obtaining proof of authorisation of a transaction
US11044250B2 (en) Biometric one touch system
Prasad et al. A Study on Enhancing Mobile Banking Services using Location based Authentication
EP3217593A1 (en) Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system
AU2021107510A4 (en) A method for electronic identity verification and management
US20230259602A1 (en) Method for electronic identity verification and management
Aithal A Study on Enhancing Mobile Banking Services Using Location Based Authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15804606

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15804606

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 15804606

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 01.08.17.