Authentication methods and systems

Information

  • Patent Grant
  • 11036845
  • Patent Number
    11,036,845
  • Date Filed
    Friday, May 27, 2016
    8 years ago
  • Date Issued
    Tuesday, June 15, 2021
    3 years ago
Abstract
The invention provides an authentication method and system. It is particularly suited for verifying the identity of an individual prior to permitting access to a controlled resource. This may or may not be a financial resource. The invention uses biometric data relating to a user to encode and decode an identifier associated with a user. Thus the user's biometric data becomes the key for encoding and subsequently decoding the identifier. In one embodiment, the biometric data is used to generate a keypad configuration. The keypad configuration specifies the order and/or position of a plurality of keypad keys. An operable keypad and/or image of a keypad is then generated using the configuration. Thus, the individual's biometric data can be used to generate a customised keypad and/or image which can then be used to encode or decode the identifier associated with the user. A keypad or image generated from the biometric data can be used to generate a mapping between different keypad configurations. The biometric data may be captured at or on a device associated with the individual, such as a computer, mobile phone, tablet computer etc.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is the national stage of International Patent Application No. PCT/GB2016/051549 filed on May 27, 2016, and which claims priority to British Patent Applications Nos. GB 1509030.1 filed on May 27, 2015, GB 1509031.9 filed on May 27, 2015, GB 1520760.8 filed on Nov. 24, 2015 and GB 1520741.8 filed on Nov. 24, 2015, all of which are hereby incorporated by reference in their entireties as if fully set forth herein.


BACKGROUND
1. Field

This invention relates generally to authentication (verification) of an individual prior to permitting access to a controlled resource or service, and more particularly to biometric authentication. The invention is particularly suited, but not limited to, use in verification of an individual's identity prior to performing a financial transaction.


2. Related Art

Authentication methods and techniques are well known. Such techniques include the use of an identifier, such as a PIN or code, which is stored in association with a user. The user is required to supply the correct PIN before being granted access to a controlled resource (eg bank account) or service. The use of PINs has become widely accepted in the banking industry and customers are familiar and comfortable with their use.


Biometric data has also been explored for use with authentication solutions. Biometric data relates to physical or behavioural characteristics of an individual, and can thus be used to uniquely identify that individual. Biometric data may relate to iris, voice, fingerprint recognition and more.


Technologies exist for capturing such biometric data. For example, smart phones have been adapted to include fingerprint scanners. However, the use of biometric authentication has not been widely adopted for use with highly sensitive applications where there is a strong need for security eg the banking industry. One reason for this is that the current banking system and all its infrastructure is geared towards the use of PIN-based authentication. A shift towards biometric authentication would require a very significant investment of time, effort and money to change or replace the existing hardware and software platforms. Another reason is that biometric data may be compromised. For example, there have been cases where fingerprints have been ‘lifted’ and replicated by third parties. This poses a serious security risk, and while a compromised PIN can be changed, an individual cannot change their fingerprint, voice or iris pattern.


Therefore, it is desirable to provide a solution which combines the convenience of use that biometric authentication offers with the security and logistical advantages of PIN-based authentication.


SUMMARY

Such an improved solution has now been devised.


Thus, in accordance with the present invention there is provided an authentication solution as defined in the appended claims.


The invention may provide an authentication method comprising the step: using biometric data relating to a user (of an electronic device) to provide an encoded or decoded version of an identifier.


Additionally or alternatively, the method comprise the steps: capturing biometric data relating to a user;


using the biometric data as input to a software-implemented component which is arranged and configured to use the biometric data to encode an identifier associated with the user such that the biometric data is required to decode the identifier.


The user's biometric data may be used as, or serve as, a key for encoding the user's identifier. Additionally or alternatively, it may be used or serve as a key for decoding it.


The identifier may be associated with the user, and/or a resource associated with the user. The resource may be, for example, a payment card such as a debit or credit card, or a financial account. The invention is not limited with regard to the type of resource which the identifier is related to. The resource may be a physical resource or an electronic, digital or virtual resource.


The identifier may comprise any type, length or format of identifier. For example, it may comprise numerical digits, letters, pictures etc or any combination thereof. Preferably, the identifier is pre-selected (ie determined prior to the authentication process) and stored in memory on a server. The server may be located at, operated by or on behalf of, a financial institution.


The biometric data may be any type of data relating to the physical and/or behavioural attributes of the user. It may comprise data relating to the user's fingerprint(s), iris pattern, voice, writing, veins or any other biometric source. In this document, the phrase “biometric data” may be used to mean data which is captured directly from the user (i.e. “raw” biometric data such as may be captured by a sensor). Additionally or alternatively, it may mean biometric data which has been derived from a biometric capture process. For example, it may be processed data which has been obtained or derived following a biometric authentication process. This may be a cryptographic key which has been generated during a biometric authentication process, or a registration process involving the capture of the user's biometric data.


Preferably, the biometric data is generated at or on an electronic device operated by the user. The electronic device may be referred to as a ‘local’ device. Preferably, the electronic device is a handheld, portable or mobile electronic device. It may be a smart phone, laptop or tablet computer, for example. It may comprise wireless communication capabilities for the transmission of data over a local network, close proximity protocol or wide area telecommunications network.


Preferably, the electronic device comprises hardware and/or software capabilities to enable the capture and generation of the biometric data, or is in physical or wireless communication with such a biometric data capture device eg fingerprint scanner, camera, voice recognition software etc. For example, the electronic device may be a smartphone having a camera and voice recognition software, or a finger print scanner built in. Additionally or alternatively, it may comprise an interface to allow the phone to connect to, for example, a scanner.


The biometric data may comprise, or may be processed to provide, one or more strings, arrays or sequences of values. The one or more strings, arrays or sequences of values may be used as, or may be process to provide, a keypad configuration. The keypad configuration may be a scrambled or randomized keypad configuration. The order of keys in the configuration may be scrambled relative to a default or reference keypad configuration eg the default configuration for the local device.


Thus, the biometric data capture device may produce or comprise a series of values, or the output of the biometric device may be processed to provide the series of values. Those values may be used as the labels assigned to keys in a keypad or keypad image. Thus, the biometric data may be used as, or to specify, a keypad configuration. Hereafter, the series of values may simply be referred to as an array. The array may be a portion or substring of the biometric data. The invention is not to be limited in respect of the data type, length or format of the biometric data or the array(s) generated from the biometric data.


The biometric data may be provided to a keypad generation component (KGC). The KGC may be a component provided on the local device or in communication with the local device. It may be a software application. The keypad generation component may be arranged to generate a Pin Entry Device (PED).


The biometric data may be used as input into a software component provided either on a handheld device operated by the user or on a remote computing resource such as a server. The software component may be arranged to use the biometric data to encode the identifier, or to use it as a seed for an algorithm arranged to generate a keypad configuration and/or a PED. The software component may be arranged to perform an encryption and/or randomization process.


Additionally or alternatively, some other form of data may be used as the input to the keypad configuration algorithm. This data may be derived from or in some way related to the user's biometric data. It may be, for example, a cryptographic key. The cryptographic key may be used to generate the seed. The key may be a private or public cryptographic key which is associated with a user and/or a digital wallet associated with a user. The wallet may be stored on the electronic device. The cryptographic key may have been generated during a biometric authentication process, or a registration process involving the capture of the user's biometric data.


Preferably, the encoding and/or decoding process may be performed using an altered or randomised keypad configuration, although any suitable encoding/decoding method could be used which is dependent upon the biometric data.


In one or more embodiments, the method may further comprise the step of using the biometric data to generate at least one operable keypad and/or at least one keypad image. The layout of the at least one operable keypad and/or at least one keypad image may be determined using the biometric data or a portion thereof. Therefore, the biometric data may serve as or be used to supply the keypad configuration for the operable keypad and/or image. The keypad/image generation step may be performed by the KGC which may be arranged and configured to receive the biometric data and process it to provide the one or more operable keypads, and/or one or more keypad images.


Preferably, the arrangement or configuration of keys in the operable keypad is different relative to the arrangement or configuration of keys depicted in the keypad image. The operable keypad is a functional keypad comprising a plurality of keys, each key having a value or symbol associated with it upon creation of the keypad, such that when a key is selected its associated value is placed into memory. The keypad may be an object generated electronically. It may provide a model or representation of a mechanical keypad. The keypad object may be generated using a subroutine (procedure, function or method) call. The subroutine may use parameters to determine the arrangement (order, position) of keys in the keypad. Upon execution of the procedure or method, the keypad object may reside in volatile memory until it is discarded. The operable keypad may be or comprise an event handler (or “event listener” in some alternative programming terminologies). The event may be a keyboard event, a touchscreen event or some other input-related event.


By contrast, the keypad image may be a representation of a keypad and devoid of functionality in itself. Therefore, in the absence of an operable keypad, the user is not able to input any values into memory by selecting the ‘keys’ depicted in the image. In one or more embodiments, one or more keys depicted in the image may be colour coded, watermarked or otherwise tagged to provide a visual assurance to the user that the image has been provided by a legitimate source.


As the arrangement of keys in the operable keypad is preferably different relative to the arrangement of keys depicted in the keypad image, the type, order and/or position of the operable keys does not correspond exactly to the type, order and/or position of the ‘keys’ depicted in the image. The keys in either the operable keypad or the keypad image may be scrambled relative to a reference keypad. As the order of keys in the operable keypad is preferably different to the order of keys depicted in the image, a mapping may be generated between the operable keypad and the image. This mapping may be used to encode and/or decode the identifier.


Preferably, the at least one operable keypad and/or at least one keypad image are provided within a display zone of the electronic device used to capture or generate the biometric data. The display zone may comprise a portion of a touchscreen. Advantageously, they are provided within the same display zone such that the keypad image superimposes or masks the operable keypad which underlies the image. Thus, the keypad(s) and/or image(s) may be generated by procedure calls; the image may be presented such that it blocks or obscures the keypad from the user's view at least partially but preferably completely. Therefore, the user may see what they believe to be a keypad and may select eg by touching what they believe to be an operable key with a given value, while in reality they are simply touching a portion of an image. By ‘selecting’ a portion of the image, however, the user may cause an operable key of the keypad to function, and thus the value that is placed into memory by the operable keypad may not correspond to the value that the user intended to input. Therefore, an encoded version of the user's identifier may be generated due to the mapping between the keys in the keypad and those depicted in the image. An advantage of this is that the user's ‘real’ identifier is never placed into memory on the local device. Therefore, it cannot be accessed by an unauthorised third party who has managed to compromise the local device.


This encoding aspect of the invention may be substantially as described in WO 2014/013252 which discloses an authentication solution wherein an image of a scrambled keypad is superimposed over an operable keypad to provide an encoded version of an identifier. However, in accordance with the present invention the keypad(s) and or image(s) may be generated at or on the local device using biometric data.


Thus, the at least one operable keypad and/or the at least one keypad image generated using the user's biometric data may be used to provide an encoded version of the user's identifier. The encoded version of the identifier may be transmitted from the local device to a remote device (eg server) where it may be stored. It may be stored in secure storage. It may be transmitted wirelessly.


The keypad image may be generated such that one or more of the keys depicted in the image are colour coded, tagged or otherwise marked (in addition to the value associated with the key). As the biometric data ensures that the same array package and therefore the same image may be generated each time, the marked keys may provide a visual reassurance to the user that the image they are viewing is legitimate rather than the result of unauthorised activity on the local device. For example, the user may expect that the key in the top left corner of the image is coloured yellow and the middle key on the bottom row of the keypad image is coloured red. If this is not the case then the user may suspect that the image has been provided by an unauthorised party.


The identifier may be encoded as part of a registration process wherein a user registers to use an embodiment of the invention. The encoding may be performed only once in respect of the same identifier. The registration process may comprise the capture of non-biometric data relating to the user, and/or data relating to a resource associated with the user eg a credit card number. In the event that the user changes the pre-stored version of the identifier (eg via their financial institution), an encoded version of the user's new identifier may be provided using the process described above and may be stored in place of the previously encoded version.


The biometric data may be used to determine the configuration of keys in the operable keypad and/or the configuration of keys depicted in the keypad image. This may be achieved by using the biometric data as input into the procedure, function or method call(s) used to generate the at least one operable keypad and/or the at least one keypad image. The procedure or method call(s) may form part of the keypad generation component. The keypad configuration component may generate the keypad(s) and image(s) on or at the local device. The biometric data may be used to provide one or more arrays of values, each array corresponding to a keypad configuration for creation of a keypad or image. The biometric data may be processed to provide the one or more arrays.


A plurality of operable keypads may be generated by the keypad generation component. Additionally or alternatively, a plurality of keypad images may be generated. The configuration of keys in each keypad or image may be different from the others in the respective plurality. One keypad and/or image may be designated as the ‘active’ keypad or image at any given time. For example, one keypad image may be used during an authentication session while a different underlying keypad may be used per keystroke received from the user. In some embodiments, one mutable keypad may be used and the state of the keypad may be altered so as to provide a different configuration of keys. Additionally or alternatively, the underlying operable keypad may remain the same during the authentication process while the keypad image may change.


At a minimum, one operable keypad or one keypad image is generated on the local device using the biometric data to determine its configuration. Additional configuration data and/or images may be sent to the local device from a server. For example, the biometric data may be used to generate an operable keypad at the local device and the keypad then superimposed with a keypad image received from a server. Alternatively, the keypad configuration data may be received at the local device from a server while the image is generated on the local device using the locally captured biometric data. However, in a preferred embodiment, the image(s) and keypad(s) may all be generated at the local device. This is advantageous because it eliminates the risk of the configuration data being intercepted during transmission to the local device, and because it transfers the processing burden from the server to the local device.


As an individual's biometric data does not change, the same encoded version of the identifier and/or keypad configuration will be generated each time a given user uses the invention. Another advantage is that as the user's biometric data can be used to determine the mapping between the keys in the operable keypad and the keys depicted in the keypad image, the user's biometric data becomes the ‘key’ for decoding the encoded version of the user's identifier. A further advantage is that as the user's biometric data can always be captured or re-generated, it does not need to be stored. Thus, once the encoded version of the identifier has been created and stored, it can always be decoded upon supply of the user's biometric data. This avoids the need for the user to carry any additional authentication devices, such as hardware tokens, or remember any further information in order to decode the identifier. The user always carries the key to unlock the identifier. The invention therefore provides a multi-factor authentication solution which requires biometric data (who the user is) and an identifier (something the user knows). When the identifier relates to a resource eg the user's payment card (something the user has) this provides a three-factor authentication solution.


The method may also comprise the step of using biometric data relating to the user to compute a decoded version of the encoded identifier. This decoding step may be performed following the registration process described above during which the encoded version of the user's identifier may be generated and stored. The decoding step may be performed as part of an authentication session initiated when the user wishes to gain access to a controlled resource or service, or perform a transaction. The decoding step may also be performed during the registration process to verify that the user's inputted identifier is correct ie matches a pre-stored version of the identifier.


The biometric data used to decode the encoded identifier may be captured separately from and subsequently to the biometric data used to produce the encoded version. Computing the decoded version may involve the use of one or more strings, arrays or sequences of values generated from biometric data relating to the user. The decoding may be performed by or at a server. The decoding may be performed within a HSM associated with a server.


The decoded version of the identifier may be verified in relation to a previously stored version of the identifier. The previously stored version may be stored by an institution or party associated with a payment card. The verification may be performed by sending a payment message or balance enquiry to a financial institution. Verification of the identifier may be successful if the decoded version of the identifier matches the previously stored version, and unsuccessful if it does not match.


Advantageously, only the user's biometric data is required in order to decode the identifier. Re-input of the user's identifier is not required. Neither is generation of the image or operable keypad required again. Preferably, after the encoded version has been stored (and optionally verified) on a remote device, eg server, the user may only need to re-input their biometric data eg swipe finger so that the arrays may be re-generated and transmitted to the server for decoding of the identifier. The arrays may enable the server to know the mapping between the configurations of the reference keypad and the keypad and/or image generated using the biometric data. Also advantageously, the biometric data and the arrays generated from it do not need to be stored. This provides a more secure solution as the key to decode the identifier cannot therefore be accessed from storage.


Also in accordance with the invention, there is provided an authentication system arranged and configured to implement any embodiment of the method described above. Such a system may comprise an electronic device arranged and configured to encode an identifier using biometric data relating to a user of the device.


The biometric data may be generated at or on the electronic device. The electronic device may be a handheld, portable or mobile computing device. The device may be arranged and configured to generate one or more strings, arrays or sequences of values from the biometric data.


The device may be arranged to implement the encoding process described above or any other encoding process that uses the biometric data to serve as a key. It may be arranged to use the biometric data to generate or specify a keypad configuration. The keypad configuration may be used to generate at least one operable keypad and/or at least one keypad image. The configuration of keys in the operable keypad may be different relative to the configuration of keys depicted in the keypad image; and/or the at least one operable keypad and/or at least one keypad image may be provided within a display zone of the electronic device used to capture or generate the biometric data.


The biometric data may be used to determine the configuration of keys in the at least one operable keypad and/or the configuration of keys depicted in the at least one keypad image. The at least one operable keypad and/or the at least one keypad image may be used to provide an encoded version of the identifier. The system may comprise memory for storage of the encoded version of the identifier; preferably wherein the memory is provided on or at a server.


The at least one keypad and/or at least one keypad image may be generated using at least a portion of the biometric data as input into a method or procedure call. The at least one operable keypad may be at least partially masked or obscured from the user's view by the at least one keypad image.


The system may comprise a further device arranged to compute a decoded version of the encoded identifier using biometric data relating to the user. Computing the decoded version may involve the use of one or more strings, arrays or sequences of values generated from biometric data relating to the user. The system may be arranged to verify the decoded version of the user's identifier in relation to a previously stored version of the identifier.


The invention may provide an authentication method comprising the steps of:

    • generating an operable keypad or keypad image more than once, wherein the configuration of keys in the keypad or image are altered relative to a reference configuration of keys; and
      • colour coding or otherwise altering one or more pre-selected keys in the keypad or image such that the same key or key position is always altered in the same way each time the keypad or image is generated. This aspect, as described above, may provide an assurance to a user that the keypad and/or image has been generated by a legitimate source.


It should be noted that any feature described above in relation to one aspect or embodiment of the invention may also be used to advantage in relation to any or all other aspects or embodiments. For example, a feature described in relation to a method of the invention may also be applicable to a system or apparatus in accordance with the invention, or vice versa.


These and other aspects of the present invention will be apparent from and elucidated with reference to, the embodiment described herein.


An embodiment of the present invention will now be described, by way of example, and with reference to the accompanying drawings.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a flowchart showing the process of using biometric data to generate an image and a plurality of keypads to capture a user's keystroke, in accordance with the invention.



FIG. 2 shows part of the registration process in accordance with an embodiment of the invention.



FIG. 3 shows part of a post-registration process in accordance with an embodiment of the invention.



FIG. 4 shows an overview of at least some of the steps which may be used in accordance with an embodiment of the invention.





DETAILED DESCRIPTION

An illustrative embodiment of the invention will now be provided in relation to the banking industry. It also uses an encoding process which involves the use of a randomised keypad and/or keypad image generated at least in part using the biometric data. However, it should be noted that the invention is not limited in these respects.


A method according to one embodiment of the invention comprises a two-step process. The first step comprises a registration process which is used to generate and store an encoded version of a user's identifier. The identifier could be any type of code or password associated with the user. The user's biometric data is used to generate the encoded version. Following registration, the user's biometric data is used to decode the encoded version of the identifier each time the user wishes to authenticate with a service or system. Therefore, the user's biometric becomes the key to unlock the encoded version of the identifier. The user's biometric data does not need to be stored but can be captured upon demand when required. This provides a more secure but convenient authentication arrangement, which does not require alteration of existing infrastructure.



FIG. 4 shows an overview of at least part of the process of the present invention. As shown, a user's biometric data (eg fingerprint) is captured by a capture device 19. This is stored in a secure storage element on the user's device 20. The biometric data and/or the user's private key are used to generate a seed 21. The seed is used as input into an algorithm which generates a number of arrays which can be used to generate a PED 22. Thus, the PED generation is dependent upon the user's unique biometric data.


Registration Process


The user is required to register with the system before first use. Part of the registration process is shown in FIG. 1. During registration the user may need to supply data such as name, address and data relating to one or more payment cards. This data may be stored on a remote device such as a server, or on the user's (local) device. The local device may be any type of computing device such as a mobile phone, laptop computer, PC, tablet computer. The registration data may be stored in a digital wallet provided on the local device. As is known in the art, the wallet may comprise or be associated with a cryptographic private/public key pair. The key pair may have been generated during set up or registration of the wallet using a biometric capture process.


The local device either includes or is in communication with a biometric capture device. Various types of capture device are known in the prior art and the invention is not limited with regard to the type of data that is captured or the type of device used to capture it. The following example refers to fingerprint data and fingerprint scanners but other types of biometric data and their respective capture devices may be used instead or additionally.


The fingerprint scanner is used to capture the user's biometric data 1. This is then fed into a Keypad Generation Component (KGC) provided on the local device. The KGC may be a software application which is downloaded to the local device for installation from a remote source such as a cloud-based server. The biometric data is provided to the KGC as an input string. The string can be used to provide one or more arrays of values 2, each array (or part/element thereof) capable of serving as input to a procedure call. The arrays may be substrings of the String produced from the biometric capture step 1. In a preferred embodiment, the KGC processes the biometric input string to generate a package of N+1 arrays wherein N is the number of digits in the user's identifier 3. The additional array can be used to generate a keypad image. Each array specifies the order (ie configuration) of keys in the image or keypad. These arrays may be stored in secure temporary storage.


In step 3, the KGC takes the input string and uses it to make a plurality of procedure calls. The first procedure call is to an image generation procedure which takes one array (ie part of the input string) and generates an image of a keypad. Thus, the biometric data is used as the parameters to the procedure call. The parameters dictate the configuration of keys depicted in the image. The term ‘configuration’ may relate to the position, order and/or arrangement of the ‘keys’. The image is then displayed within a display zone of a screen associated with the local device. In this example, the local device is a smart phone having a touchscreen although a PC, monitor and mouse may be used to equal effect.


The image is created such that it resembles the style of a (default) keypad associated with the local device. However, in one embodiment the keys depicted in the image are scrambled relative to the device's default keypad. In other embodiments, the image may depict a non-scrambled keypad.


In one or more embodiments, the keypad image is arranged such that one or more keys are colour coded or otherwise tagged, marked or identified (besides the value associated with the key). This enables an image that is visually unique to the user to be generated. For example, certain keys can be given a background colour. This can be used as a visual reassurance to the user that the image they are seeing is from a legitimate source rather than something presented by an unauthorised party that has compromised the local device.


The KGC also makes one or more calls to a keypad generation procedure using one or more other portions of the biometric data as input. In a preferred embodiment, a plurality of operable keypads is generated, one keypad for each value or digit in the user's identifier.


An operable keypad is generated by the procedure and provided within the same portion of the screen as the image. Preferably, the image covers the keypad completely so that the user is unable to see the operable keypad due to the image that superimposes it 4. The configuration of keys in the operable keypad is different from the configuration of keys depicted in the image. At least one key is in a different position, although preferably more than one or all positions are different. Therefore, there is a mapping between the keys in the operable keypad and those depicted in the image. This mapping is dictated or at least influenced by the biometric input and therefore the encoding and subsequent decoding is dependent upon the biometric input.


In one embodiment, the image may depict a non-scrambled keypad while the keys in the underlying operable keypad are scrambled. In another embodiment, the image may depict a scrambled keypad while the keys of the underlying operable keypad are not scrambled. In yet another embodiment, both the keys depicted in the image and the keys of the operable keypad are positionally scrambled.


The user enters the first digit of their identifier which is associated with the payment card that they are registering, by ‘selecting’ the first digit on the screen 5. However, as the image comprises no keypad functionality in and of itself, and as the image is masking the operable keypad which is monitoring the screen for input, the user causes a key of the hidden keypad to operate. The value associated with the operated key is placed into memory on the local device 5. Thus, the value that is actually stored by the keypad may not correspond to the value that the user “selected” in the image. An encoded version of the input has been generated and can only be decoded if the mapping between the keypad and image configurations is known.


This input process (step 5) is repeated for each digit in the user's identifier so that a complete encoded identifier can be constructed in memory by concatenating each input to the previous inputs 6. In one embodiment, only one mutable keypad is generated but the configuration of keys is altered during the process. Arrays derived from the biometric input are used to alter the state of the keypad. In another embodiment, the underlying keypad is replaced for each keystroke so a new keypad with a different configuration is used for each input. Thus, the keypad generation procedure may be called more than once, each call using a (different) array of values derived from the biometric data. In some embodiments, the image may be replaced during the input process. In some embodiments the biometric data may be used to specify the scrambled configuration of only the operable keypad, or only the image. In other embodiments it may be used to scramble the configurations of both the displayed image and the hidden keypad.


As the same user will always provide the same biometric data, the same string and therefore image and/or keypad configuration(s) will always be generated.


Turning to FIG. 2, when an encoded version of the user's complete identifier has been constructed 6, it is stored in secure storage on the user's device along with the N+1 arrays that were used to create it. A copy of the encoded identifier and arrays is sent to a server 7 and passed to a Hardware Security Module (HSM) 8. The HSM is located remotely from the local device, at a server. Where the identifier is associated with a card such as a credit or debit card, it is necessary to check that the identifier entered by the user is the correct one for the card. Therefore, it must be verified with the card's issuing institution.


To perform the verification, the encoded identifier is decoded using the array package that was used to create it 8. This decoding is possible because the array package provides the mapping between the image and keypad configurations. The un-encoded version of the identifier is then stored in the HSM, and is used to generate a PIN block. The PIN block is used to send a payment message to an acquiring institution which then relays it to the card's issuing institution 9.


If the identifier is not correct 12 (ie does not match the identifier stored in association with that card by the issuing institution) the issuing institution will respond with a message indicating this. The user can then be asked to re-enter his identifier and the process described above is repeated. If three incorrect identifiers are inputted, the registration process may be aborted 13.


If, however, the issuing institution indicates that the identifier is correct 10, the encoded version of the identifier is moved from temporary storage to secure storage 11. The temporary storage is then erased.


It should be noted that the identifier can be verified in a variety of ways. In one embodiment, a balance enquiry can be can generated at the server and sent to issuing institution over the ATM network.


When the registration is complete, an encoded version of the user's identifier for a given card has been generated and securely stored. As the encoding was performed using a mapping generated from the user's biometric data, the biometric data is the key required to unlock or decode the identifier. The array package does not need to be stored anywhere, either at the local device or on the server, as it can be generated upon demand by re-capturing the user's biometric data. Similarly, the user does not need to re-enter the identifier during subsequent authentication sessions because the encoded version has been securely stored on the server. Therefore, only the array package needs to be generated during subsequent authentications and sent to the server so that the previously stored, encoded identifier can be decoded. This provides a secure and convenient authentication solution.


Authentication after Registration


As shown in FIG. 3, after registration, when the user wishes to perform a transaction using the registered payment card, the card is selected from the digital wallet on the local device. He scans his fingerprint 14. The string generated from the biometric capture is fed as input into the KGC as above. The N+1 arrays are generated and sent to the server 15 where they are placed into temporary storage. The previously verified, encoded identifier is retrieved from secure storage 16. The encoded identifier and arrays are put into the HSM 16 where the arrays are used to decode the identifier 17. The identifier and card details (which are retrieved from the wallet or entered when required by the user) are sent with the transaction amount to an acquiring institution e.g. bank as a payment message 18. The acquiring institution then relays the message to the issuing bank which will process the transaction if the identifier is correct or decline it if the identifier is incorrect.


Thus, the decoding process does not require any input from the user other than the biometric data. The identifier does not need to be re-entered, and the keypad(s)/image(s) do not need to be re-generated.


In one or more embodiments, the encoding process may be performed by a different party from the decoding process. The identifier may be encoded using the biometric data and then supplied to another party and stored, in encoded form, on a further system or device. The other party then only requires the user's biometric data, which can be captured and supplied as required, to unlock the identifier.


It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word “comprising” and “comprises”, and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, “comprises” means “includes or consists of” and “comprising” means “including or consisting of”. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims
  • 1. An authentication method for a user comprising: generating at least one keypad image that depicts a first plurality of keys with values or symbols associated therewith;generating a mapping between the first plurality of keys and a second plurality of keys of an operable keypad, wherein the second plurality of keys of the operable keypad has values or symbols associated therewith, wherein the keypad image has a first keypad configuration that enumerates order or position of keys in the first plurality of keys depicted in the keypad image, wherein the operable keypad has a second keypad configuration that enumerates order or position of keys in the second plurality of keys of the operable keypad, wherein the first keypad configuration is different from the second keypad configuration, and wherein at least one of the first keypad configuration and the second keypad configuration is specified by biometric data relating to the user; andusing the mapping between the first plurality of keys and the second plurality of keys to provide an encoded version of an identifier associated with the user.
  • 2. The method according to claim 1, further comprising: generating the biometric data at or on an electronic device.
  • 3. The method according to claim 2, wherein: the electronic device is a handheld, portable or mobile computing device.
  • 4. The method according to claim 1, further comprising: using the biometric data as a decode key for decoding the identifier.
  • 5. The method according to claim 1, wherein: the biometric data comprises one or more strings, arrays or sequences of values.
  • 6. The method according to claim 1, further comprising: using the mapping to decode the identifier.
  • 7. The method according to claim 1, further comprising: storing the encoded version of the identifier.
  • 8. The method according to claim 7, wherein: the encoded version of the identifier is stored on a server.
  • 9. The method according to claim 1, further comprising: using at least a portion of the biometric data as input into a subroutine call, wherein the subroutine comprises instructions to generate the at least one of the at least one operable keypad and the at least one keypad image.
  • 10. The method according to claim 1, further comprising: verifying the identifier by comparing it to a previously stored version.
  • 11. The method according to claim 1, further comprising: sending the biometric data, or data derived from the biometric data, from an electronic device operated by the user to a remote computing resource to enable the encoded version of the identifier to be decoded using the biometric data or data derived therefrom.
  • 12. The method according to claim 1, wherein: the biometric data comprises, or is processed to provide, one or more strings, arrays or sequences of values that is used as a seed for an algorithm arranged to generate at least one of the first keypad configuration and the second keypad configuration.
  • 13. The method according to claim 12, wherein: the biometric data comprises a cryptographic key generated during a biometric authentication process or during a registration process involving capture of the biometric data relating to the user.
  • 14. An authentication system for a user comprising: an electronic device operated by the user; and a remote computing resource,wherein the system is arranged and configured to: generate at least one keypad image that depicts a first plurality of keys with values or symbols associated therewith;generate a mapping between the first plurality of keys and a second plurality of keys of an operable keypad, wherein the second plurality of keys of the operable keypad has values or symbols associated therewith, wherein the keypad image has a first keypad configuration that enumerates order or position of keys in the first plurality of keys depicted in the keypad image, wherein the operable keypad has a second keypad configuration that enumerates order or position of keys in the second plurality of keys of the operable keypad, wherein the first keypad configuration is different from the second keypad configuration, and wherein at least one of the first keypad configuration and the second keypad configuration is specified by biometric data relating to the user; anduse the mapping between the first plurality of keys and the second plurality of keys to provide an encoded version of an identifier associated with the user.
  • 15. The system according to claim 14, wherein: the biometric data is generated or captured at or on the electronic device.
  • 16. The system according to claim 15, wherein: the electronic device is a handheld, portable, or mobile computing device.
  • 17. The system according to claim 14, wherein: the system is configured to use the biometric data as a decode key for decoding the identifier.
  • 18. An authentication method for a user comprising: capturing biometric data relating to the user; andusing the biometric data as input to a software-implemented component which is arranged and configured to use the biometric data to encode an identifier associated with the user by: generating at least one keypad image that depicts a first plurality of keys with values or symbols associated therewith;generating a mapping between the first plurality of keys and a second plurality of keys of an operable keypad, wherein the second plurality of keys of the operable keypad has values or symbols associated therewith, wherein the keypad image has a first keypad configuration that enumerates order or position of keys in the first plurality of keys depicted in the keypad image, wherein the operable keypad has a second keypad configuration that enumerates order or position of keys in the second plurality of keys of the operable keypad, wherein the first keypad configuration is different from the second keypad configuration, and wherein at least one of the first keypad configuration and the second keypad configuration is specified by biometric data relating to the user; andusing the mapping between the first plurality of keys and the second plurality of keys to encode the identifier associated with the user.
  • 19. The method according to claim 18, further comprising: using the mapping between the first plurality of keys and the second plurality of keys to decode the identifier associated with user.
Priority Claims (4)
Number Date Country Kind
1509030 May 2015 GB national
1509031 May 2015 GB national
1520741 Nov 2015 GB national
1520760 Nov 2015 GB national
PCT Information
Filing Document Filing Date Country Kind
PCT/GB2016/051549 5/27/2016 WO 00
Publishing Document Publishing Date Country Kind
WO2016/189323 12/1/2016 WO A
US Referenced Citations (320)
Number Name Date Kind
2819067 Dusenbury Jan 1958 A
3176324 Birgbauer, Sr. Apr 1965 A
3201732 Olsen Aug 1965 A
3255323 Austin Jun 1966 A
3270720 Ehrhardt Sep 1966 A
3347103 High Oct 1967 A
3364601 Korenek Jan 1968 A
3375428 Mitchell Mar 1968 A
3392846 Getzin Jul 1968 A
3413071 Davis Nov 1968 A
3621242 Ferguson Nov 1971 A
3762876 Koehler Oct 1973 A
3965066 Sterman Jun 1976 A
5193152 Smith Mar 1993 A
5209102 Wang May 1993 A
5234389 Goates Aug 1993 A
5257486 Holmwall Nov 1993 A
5363449 Bestock Nov 1994 A
5434702 Byron Jul 1995 A
5504808 Hamrick, Jr. Apr 1996 A
5549194 Dag Aug 1996 A
5715078 Shiraishi Feb 1998 A
5754652 Wilfong May 1998 A
5949348 Kapp Sep 1999 A
5990586 Milano, Jr. Nov 1999 A
6193152 Fernando Feb 2001 B1
6209102 Hoover Mar 2001 B1
6219794 Soutar Apr 2001 B1
6234389 Valliani May 2001 B1
6257486 Teicher Jul 2001 B1
6434702 Maddalozzo, Jr. Aug 2002 B1
6549194 McIntyre Apr 2003 B1
6630928 McIntyre Oct 2003 B1
6671405 Savakis Dec 2003 B1
6715078 Chasko Mar 2004 B1
6990586 Tresser Jan 2006 B1
7003316 Elias Feb 2006 B1
7010806 Bender Mar 2006 B2
7047222 Bush May 2006 B1
7091845 Midland Aug 2006 B2
7092915 Best Aug 2006 B2
7243237 Peinado Jul 2007 B2
7305565 Lungaro Dec 2007 B1
7395506 Tan Jul 2008 B2
7698563 Shin Apr 2010 B2
7735121 Madani Jun 2010 B2
7992007 Lazzaro Aug 2011 B2
8117458 Osborn, III Feb 2012 B2
8176324 Krishnamurthy May 2012 B1
8201732 Kropf Jun 2012 B1
8255323 Casey Aug 2012 B1
8270720 Ladd Sep 2012 B1
8297173 Teetzel Oct 2012 B1
8347103 Jones Jan 2013 B2
8364601 Dewan Jan 2013 B2
8375428 Won Feb 2013 B2
8392846 Carapelli Mar 2013 B2
8413071 Kim Apr 2013 B2
8453027 Bartz May 2013 B2
8453207 White May 2013 B1
8621242 Brown Dec 2013 B2
8762876 Puppin Jun 2014 B2
8965066 Derakhshani Feb 2015 B1
9082253 Harty Jul 2015 B1
9235967 Magee Jan 2016 B1
9552465 Pike Jan 2017 B2
9576411 Kim Feb 2017 B2
10108796 Lo Oct 2018 B2
10366215 Pike Jul 2019 B2
20020016918 Tucker Feb 2002 A1
20020023215 Wang Feb 2002 A1
20020029342 Keech Mar 2002 A1
20020046185 Villart Apr 2002 A1
20020082962 Farris Jun 2002 A1
20020012397 Hodgson Sep 2002 A1
20020129250 Kimura Sep 2002 A1
20020188872 Willeby Dec 2002 A1
20030002667 Gougeon Jan 2003 A1
20030004877 Kasasaku Jan 2003 A1
20030120612 Fujisawa Jun 2003 A1
20030120936 Farris Jun 2003 A1
20030132918 Fitch Jul 2003 A1
20030212327 Wang Nov 2003 A1
20030229597 De Jong Dec 2003 A1
20030229598 De Jong Dec 2003 A1
20030229791 De Jong Dec 2003 A1
20040010690 Shin Jan 2004 A1
20040039933 Martin Feb 2004 A1
20040044739 Ziegler Mar 2004 A1
20040073809 Wing Keong Apr 2004 A1
20040122768 Creamer Jun 2004 A1
20040122771 Celi Jun 2004 A1
20040182921 Dickson Sep 2004 A1
20050010786 Michener Jan 2005 A1
20050012715 Ford Jan 2005 A1
20050036611 Seaton Feb 2005 A1
20050043997 Sahota Feb 2005 A1
20050075973 Yousofi Apr 2005 A1
20050127156 Yoo Jun 2005 A1
20050127158 Figueras Jun 2005 A1
20050140832 Goldman Jun 2005 A1
20050144449 Voice Jun 2005 A1
20050146447 Na Jul 2005 A1
20050177522 Williams Aug 2005 A1
20050193208 Charrette, III Sep 2005 A1
20050212763 Okamura Sep 2005 A1
20060003706 Welland Jan 2006 A1
20060017691 Cruz-Hernandez Jan 2006 A1
20060018467 Steinmetz Jan 2006 A1
20060026440 Sauvebois Feb 2006 A1
20060032705 Isham Feb 2006 A1
20060037067 Morris Feb 2006 A1
20060053301 Shin Mar 2006 A1
20060104446 Varghese May 2006 A1
20060133597 Song Jun 2006 A1
20060136334 Atkinson Jun 2006 A1
20060146169 Segman Jul 2006 A1
20060149845 Malin Jul 2006 A1
20060155619 Rhiando Jul 2006 A1
20060182715 Sandrock Aug 2006 A1
20060206919 Montgomery Sep 2006 A1
20060221059 Choi Oct 2006 A1
20060224523 Elvitigala Oct 2006 A1
20060247533 Abe Nov 2006 A1
20070005500 Steeves Jan 2007 A1
20070011466 Imura Jan 2007 A1
20070014415 Harrison Jan 2007 A1
20070073937 Feinberg Mar 2007 A1
20070089164 Gao Apr 2007 A1
20070101150 Oda May 2007 A1
20070110224 Gumpel May 2007 A1
20070182715 Fyke Aug 2007 A1
20070209014 Youmtoub Sep 2007 A1
20070213090 Holmberg Sep 2007 A1
20070279391 Marttila Dec 2007 A1
20070282756 Dravenstott Dec 2007 A1
20080011098 Herremans Jan 2008 A1
20080014818 Privitera Jan 2008 A1
20080110981 Deline May 2008 A1
20080148186 Krishnamurthy Jun 2008 A1
20080165035 Bhella Jul 2008 A1
20080168546 Almeida Jul 2008 A1
20080172735 Gao Jul 2008 A1
20080184036 Kavsan Jul 2008 A1
20080209223 Nandy Aug 2008 A1
20080251969 Isham Oct 2008 A1
20080280652 Marry Nov 2008 A1
20080289035 Delia Nov 2008 A1
20080306995 Newell Dec 2008 A1
20080319902 Chazan Dec 2008 A1
20090033522 Skillman Feb 2009 A1
20090044282 Govindaraju Feb 2009 A1
20090066660 Ure Mar 2009 A1
20090067627 Hogl Mar 2009 A1
20090077383 De Monseignat Mar 2009 A1
20090106827 Cerruti Apr 2009 A1
20090183098 Casparian et al. Jul 2009 A1
20090193210 Hewett Jul 2009 A1
20090213132 Kargman Aug 2009 A1
20090235199 Mastie Sep 2009 A1
20090254986 Harris Oct 2009 A1
20090270078 Nam Oct 2009 A1
20090277968 Walker Nov 2009 A1
20090328197 Newell Dec 2009 A1
20100036783 Rodriguez Feb 2010 A1
20100049768 Robert Feb 2010 A1
20100098300 Otto Apr 2010 A1
20100109920 Spradling May 2010 A1
20100117792 Faith May 2010 A1
20100121737 Yoshida May 2010 A1
20100125509 Kranzley May 2010 A1
20100138666 Adams Jun 2010 A1
20100149100 Meiby Jun 2010 A1
20100153270 Hawkes Jun 2010 A1
20100174653 Tian Jul 2010 A1
20100175016 Tian Jul 2010 A1
20100180336 Jones Jul 2010 A1
20100182244 Onda Jul 2010 A1
20100186076 Ali Jul 2010 A1
20100215270 Manohar Aug 2010 A1
20100223663 Morimoto Sep 2010 A1
20100242104 Wankmueller Sep 2010 A1
20100259561 Forutanpour et al. Oct 2010 A1
20100287097 Treadwell Nov 2010 A1
20100287382 Gyorffy Nov 2010 A1
20100306283 Johnson Dec 2010 A1
20100323617 Hubinak Dec 2010 A1
20110004769 Won Jan 2011 A1
20110018033 Takenaka Jan 2011 A1
20110020414 Kunin Jan 2011 A1
20110055084 Singh Mar 2011 A1
20110090097 Beshke Apr 2011 A1
20110109567 Kim May 2011 A1
20110144586 Michaud Jun 2011 A1
20110180336 Kurata Jul 2011 A1
20110185313 Harpaz Jul 2011 A1
20110185319 Carapelli Jul 2011 A1
20110191591 Cheng Aug 2011 A1
20110191856 Keen Aug 2011 A1
20110199387 Newton Aug 2011 A1
20110204140 Hart Aug 2011 A1
20110246369 De Oliveira Oct 2011 A1
20110281630 Omar Nov 2011 A1
20110310019 Wilson Dec 2011 A1
20110313871 Greenwood Dec 2011 A1
20110321138 Kruger Dec 2011 A1
20120042365 Shoval Feb 2012 A1
20120047564 Liu Feb 2012 A1
20120079273 Bacchiaz Mar 2012 A1
20120095867 Mckelvey Apr 2012 A1
20120096277 Perez Soria Apr 2012 A1
20120098750 Allen Apr 2012 A1
20120132705 Golueke Peter May 2012 A1
20120158672 Oltean Jun 2012 A1
20120159160 Poisner Jun 2012 A1
20120159582 Griffin Jun 2012 A1
20120159583 Griffin Jun 2012 A1
20120159592 Griffin Jun 2012 A1
20120159593 Griffin Jun 2012 A1
20120159594 Griffin Jun 2012 A1
20120159609 Griffin Jun 2012 A1
20120159613 Griffin Jun 2012 A1
20120159614 Griffin Jun 2012 A1
20120159616 Griffin Jun 2012 A1
20120162086 Rhee Jun 2012 A1
20120185398 Weis Jul 2012 A1
20120222100 Fisk Aug 2012 A1
20120222102 Hirose Aug 2012 A1
20120249295 Yeung Oct 2012 A1
20120253971 Bansal Oct 2012 A1
20120256723 Grover Oct 2012 A1
20120260326 Steigmann Oct 2012 A1
20120291120 Griffin Nov 2012 A1
20120305648 Sondhi Dec 2012 A1
20120311723 Britt, Jr. Dec 2012 A1
20120313858 Park Dec 2012 A1
20120323788 Keresman, III Dec 2012 A1
20130018800 Devaraju Jan 2013 A1
20130019320 Ericsson Jan 2013 A1
20130020389 Barnett Jan 2013 A1
20130021233 Umminger Jan 2013 A1
20130023240 Weiner Jan 2013 A1
20130026513 Aurongzeb Jan 2013 A1
20130029824 De Koning Jan 2013 A1
20130042318 Thatha Feb 2013 A1
20130047237 Ahn Feb 2013 A1
20130050088 Smith Feb 2013 A1
20130060739 Kalach Mar 2013 A1
20130078951 Mun Mar 2013 A1
20130086382 Barnett Apr 2013 A1
20130091583 Karroumi Apr 2013 A1
20130106690 Lim May 2013 A1
20130117573 Harbige May 2013 A1
20130148044 Ohyama Jun 2013 A1
20130154937 Park Jun 2013 A1
20130154981 Park Jun 2013 A1
20130159196 DiZoglio Jun 2013 A1
20130198459 Joshi Aug 2013 A1
20130207902 Showering Aug 2013 A1
20130232549 Hawkes Sep 2013 A1
20130265136 Wadia Oct 2013 A1
20130298246 Cragun Nov 2013 A1
20130301830 Bar-El Nov 2013 A1
20140002558 Ramesh Jan 2014 A1
20140013252 Ehrler Jan 2014 A1
20140025580 Bacastow Jan 2014 A1
20140096201 Gupta Apr 2014 A1
20140162598 Villa-Real Jun 2014 A1
20140168083 Ellard Jun 2014 A1
20140173492 Yoon Jun 2014 A1
20140195429 Paulsen Jul 2014 A1
20140201831 Yi Jul 2014 A1
20140281995 Kim Sep 2014 A1
20140283022 Beloncik Sep 2014 A1
20140310531 Kundu Oct 2014 A1
20140324698 Dolcino Oct 2014 A1
20140324708 McCauley Oct 2014 A1
20150095241 Edwards Apr 2015 A1
20150116225 Luo Apr 2015 A1
20150154414 Pike Jun 2015 A1
20150154598 Forte Jun 2015 A1
20150261968 Polyachenko Sep 2015 A1
20150332038 Ramsden Nov 2015 A1
20150347774 Krstic Dec 2015 A1
20150350163 Brander Dec 2015 A1
20150371213 Pike Dec 2015 A1
20150379288 Kubik Dec 2015 A1
20160005150 Ghassabian Jan 2016 A1
20160006718 Huxham Jan 2016 A1
20160034718 Mizrachi Feb 2016 A1
20160042190 Adderly Feb 2016 A1
20160063230 Alten Mar 2016 A1
20160065546 Krishna Mar 2016 A1
20160125193 Dai Zovi May 2016 A1
20160154980 Neumann Jun 2016 A1
20160224771 Pike Aug 2016 A1
20160246955 Jiang Aug 2016 A1
20160253508 Song Sep 2016 A1
20160283013 Engstrom Sep 2016 A1
20160314293 Pike Oct 2016 A1
20160314468 Smith Oct 2016 A1
20160320965 Chung Nov 2016 A1
20160337857 Carron Nov 2016 A1
20170006140 Park Jan 2017 A1
20170061138 Lambert Mar 2017 A1
20170061408 Choi Mar 2017 A1
20170140354 Jenkins May 2017 A1
20170192670 Raman Jul 2017 A1
20170235926 Fyke Aug 2017 A1
20170270764 Riedel Sep 2017 A1
20180032831 Kim Feb 2018 A1
20180150623 Pike May 2018 A1
20180150628 Pike May 2018 A1
20180150629 Pike May 2018 A1
20180150630 Pike May 2018 A1
20180374392 Ollivier Dec 2018 A1
20200005273 Pike Jan 2020 A1
20200201960 Pike Jun 2020 A1
20200210557 Pike Jul 2020 A1
20200226235 Pike Jul 2020 A1
Foreign Referenced Citations (139)
Number Date Country
100583113 Mar 2005 CN
101082948 Dec 2007 CN
101126967 Feb 2008 CN
201035502 Mar 2008 CN
201111222 Sep 2008 CN
202150070 Feb 2012 CN
105956857 Sep 2016 CN
106022172 Oct 2016 CN
4129202 Mar 1993 DE
4129202 Mar 1993 DE
19803339 Aug 1999 DE
10100188 Jul 2002 DE
10306352 Sep 2004 DE
102008050609 Oct 2009 DE
102008056605 May 2010 DE
102009022845 Sep 2010 DE
102009022845 Sep 2010 DE
102009023925 Dec 2010 DE
102010022368 Dec 2011 DE
0432409 Jun 1991 EP
0662665 Jul 1995 EP
0870222 Oct 1998 EP
1161060 Dec 2001 EP
1161060 Dec 2001 EP
1599786 Nov 2005 EP
1600847 Nov 2005 EP
1615181 Jan 2006 EP
1742450 Jan 2007 EP
1840778 Oct 2007 EP
2141647 Jan 2010 EP
2141647 Jan 2010 EP
2365469 Sep 2011 EP
2400426 Dec 2011 EP
2458491 May 2012 EP
2458491 May 2012 EP
2466512 Jun 2012 EP
2466513 Jun 2012 EP
2466514 Jun 2012 EP
2466515 Jun 2012 EP
2466516 Jun 2012 EP
2466517 Jun 2012 EP
2466518 Jun 2012 EP
2466519 Jun 2012 EP
2466520 Jun 2012 EP
2466521 Jun 2012 EP
2487620 Aug 2012 EP
2512090 Oct 2012 EP
2523137 Nov 2012 EP
2775421 Sep 2014 EP
3163926 May 2017 EP
3176722 Jun 2017 EP
3355512 Aug 2018 EP
2622322 Apr 1989 FR
2810067 Dec 2001 FR
2812423 Feb 2002 FR
2819067 Jul 2002 FR
2923034 May 2009 FR
2961330 Dec 2011 FR
2969342 Jun 2012 FR
2387702 Oct 2003 GB
2388229 Nov 2003 GB
2389693 Dec 2003 GB
2402649 Dec 2004 GB
2416058 Jan 2006 GB
2416058 Jan 2006 GB
2427059 Dec 2006 GB
2438886 Dec 2007 GB
2454459 May 2009 GB
2457733 Aug 2009 GB
2457733 Aug 2009 GB
2520207 May 2015 GB
2542512 Mar 2017 GB
2556474 May 2018 GB
1995271884 Oct 1995 JP
2000099801 Apr 2000 JP
2000165378 Jun 2000 JP
2003346098 Dec 2003 JP
2003346098 Dec 2003 JP
2004102460 Apr 2004 JP
2005107678 Apr 2005 JP
2006243938 Sep 2006 JP
2008506198 Feb 2008 JP
2008204409 Sep 2008 JP
2008537210 Sep 2008 JP
2009199581 Sep 2009 JP
2009237774 Oct 2009 JP
2010126913 Jun 2010 JP
2010533925 Oct 2010 JP
2012138011 Jul 2012 JP
2012194648 Oct 2012 JP
20090130455 Dec 2009 KR
101520803 May 2015 KR
20180056116 May 2018 KR
9311551 Jun 1993 WO
9705578 Feb 1997 WO
0025474 May 2000 WO
0146922 Jun 2001 WO
0146922 Jun 2001 WO
02071177 Sep 2002 WO
03058947 Jul 2003 WO
03058947 Jul 2003 WO
03058947 Jul 2003 WO
2005104428 Nov 2005 WO
2005104428 Nov 2005 WO
2006010058 Jan 2006 WO
WO2006064241 Jun 2006 WO
2006095203 Sep 2006 WO
2007056746 May 2007 WO
2007143740 Dec 2007 WO
2007143740 Dec 2007 WO
2009000223 Dec 2008 WO
2009009788 Jan 2009 WO
2009009788 Jan 2009 WO
2009012326 Jan 2009 WO
2009130985 Oct 2009 WO
2010131218 Nov 2010 WO
2010131218 Nov 2010 WO
2010134808 Nov 2010 WO
2011093998 Aug 2011 WO
2011155915 Dec 2011 WO
2011155915 Dec 2011 WO
12009334 Jan 2012 WO
2012004395 Jan 2012 WO
2012077098 Jun 2012 WO
2012131420 Oct 2012 WO
2012146587 Nov 2012 WO
2013013192 Jan 2013 WO
2013021233 Feb 2013 WO
2013148044 Oct 2013 WO
WO2014013252 Jan 2014 WO
2014111689 Jul 2014 WO
2014132193 Sep 2014 WO
2015055973 Apr 2015 WO
2015063474 May 2015 WO
2016046458 Mar 2016 WO
WO-2016048236 Mar 2016 WO
2016189325 Dec 2016 WO
2017065576 Apr 2017 WO
2017190561 Nov 2017 WO
Non-Patent Literature Citations (36)
Entry
https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2011116570&tab=PCTBIBLIO&maxRec=1000 (Year: 2010).
https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2016188127&tab=PCTBIBLIO&maxRec=1000 (Year: 2015).
Fujitsu Develops World's First Authentication Technology to Extract and match 2,048-bit Feataure Codes from Palm Vein Images, Anonymous, Fujitsu Global, (Aug. 5, 2013), Retrieved from internet URL:http://www.fujitsu.com/global/about/resources/news/press-releases/2013/0805-01.html.
Using Biometrics to Generate Public and Private Keys, Satrugna Pakala, (May 31, 2006) Retrieved from internet; URL: http://www.sci.tamucc.edu/˜cams/GraduateProjects/view.php?view=266.
Examination Report of Indian Application No. 2301/KOLNP/2015 dated Oct. 18, 2019.
Decision to Grant for related GB2520207.
Examination Report of Application No. GB1619853.3 dated Mar. 8, 2017.
https://patentscope.wipo.int/search/en/detail.jsf?docId=W02016188127&tab=PCTBI BLIO&maxRec=1 000 (Year:2015).
International Search Report and Written Opinion of International Application No. PCT/GB2016/051548 dated Aug. 8, 2016.
International Search Report and Written Opinion of International Application No. PCT/GB2016/051549 dated Aug. 10, 2016.
International Search Report and Written Opinion of International Application No. PCT/GB2016/051550 dated Aug. 8, 2016.
International Search Report and Written Opinion of International Application No. PCT/GB2016/051553 dated Aug. 4, 2016.
International Search Report in related PCT Application No. PCT/GB2013/051913 dated Feb. 6, 2014.
Roos, “Automatically Downloading My ING Direct Transactions—Chris Roos”, Jun. 23, 2007, XP055085833.
Search and Examination Report of Application No. GB1906165.4 dated Aug. 23, 2019.
Search Report in related GB Application No. GB1212878.1 dated Dec. 3, 2012.
Search Report issued by United Kingdom Intellectual Property Office dated Oct. 6, 2017 for Application No. GB1321505.8.
The Usability of Picture Passwords, Fraser, Jul. 23, 2014.
Written Opinion of the Intl Searching Authority in related PCT Application No. PCT/GB2013/051913, 201, dated Jan. 20, 2015.
Search Report cited in Office Action dated Nov. 26, 2019 of Russian Application No. 2017141194/08.
Translation of Office Action dated Nov. 26, 2019 of Russian Application No. 2017141194/08.
CIPHERCARD: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen Devices Authors: Teddy Seyed; Xing-Dong Yang; Anthony Tang; Saul Greenberg; Jiawei Gubin; Zhuxiang Cao.
Japanese Office Action dated Sep. 8, 2020 of application No. 2017-561754.
Scramblepad, Scrambleprox, Scramblesmart, Scramblesmartprox Author: Hirsch Electronics Date: Jul. 27, 2013.
Search Report dated Jul. 22, 2020 of GB application No. GB1916441.7, 2 pages.
Touch Screen Remote Arming Station (RAS) Author: Tecom Date: Mar. 18, 2015.
EyeDecrypt—Private Interactions in plain Sight, Forte et al., Proc. 9th Conference on Security and Cryptography for Networks (SCN 2014).
GlobalPlatform Device Technology Trusted User Interface API, Version 1.0, Jun. 2013, Document Reference: GPD_SPE_020.
PCI Mobile Payment Acceptance Security Guidelines for Developers, Version 1.0, Emerging Technologies, PCI Security Standards Council, Sep. 2012.
PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.0, Emerging Technologies, PCI Security Standards Council, Feb. 2013.
Secure Mobile Payment on NFC-Enabled Mobile Phones Formally Analysed Using CasperFDR, S. Abughazalah et al, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 422-431.
Thales e-Security mPOS Secure Mobile Card Acceptance White Paper, Nov. 2013.
Chinese Office Action dated Dec. 3, 2020 of Application No. 201680039203.9.
Australian Office Action dated Jan. 18, 2021 of application No. 2016269268.
Indian Office Action dated Feb. 1, 2021 of application No. 20173704209.
Indian Office Action dated Jan. 21, 2021 of application No. 201737042169.
Related Publications (1)
Number Date Country
20180150623 A1 May 2018 US