Patent Application
20150317637
This specification relates to a patent application of invention that foresees a multibank biometric authentication system applied in automatic teller machines, which preferably has three biometric sensors.
Nowadays, financial institutions are replacing their security solutions for bank account access through ATM, which occurs by entering personal passwords, security codes, personal information and other combinations of numerical, syllabic and similar information, which are generally entered by users upon accessing, via biometric authentication solutions.
Currently, on the financial institutions branch, there is no provision of a system that enables the biometric authentication of several banks in one ATM network used by such banks, where such biometric authentication can be based on at least three different sensors.
The applicant acts within the context described above, being a company that manages a network of multibank ATMs that are used by users of several financial institutions, where each one of it must preferably adopt three security solutions with biometric authentication.
The applicant, hereinafter referred to as “Company X” in this specification, after a long development period enabled the system to attend users of financial institutions adopting different biometric authentication solutions.
The Company “X”, interested in providing improvements regarding security when using automatic teller machines, after countless researches and tests, created and developed this “MULTIBANK BIOMETRIC AUTHENTICATION SYSTEM APPLIED IN AUTOMATIC TELLER MACHINES WITH BIOMETRIC SENSORS”, which must be placed with highlights among its counterparts and personalized before the consumer market because it presents a multibank biometric authentication system preferably using three biometric sensors, system where financial institutions may choose to adopt one of the biometric technologies on the market, which may include fingerprint biometric authentication (using fingerprint sensors), vein biometric authentication (using palm vein or finger vein sensors), to authenticate its users. It is worth underlining that the herein claimed matter does not approach technical and/or functional characteristics of these biometric sensors genres.
The system created by the financial institutions via information of physical characteristics of each user preferably uses three market biometric authentication technologies—fingerprint biometric authentication (using fingerprint sensor), vein biometric authentication (using palm vein or finger vein sensors), considering that, this way, the usage and access to bank account of each user by ATM of the Company “X” will be performed with biometric technologies selected by each one of the financial institutions.
The “Multibank Biometric Authentication System Applied in Automatic Teller Machines Preferably with Three Biometric Sensors” will be comprehensively described with reference to drawings related below, where:
According to the presented on drawings above displayed, on the System proposed by the Company “X”, the biometric information of User Us are required from the financial institution informing which biometric sensors are available to be used by its User Us on the ATM in use. The financial institution verifies the biometric sensors available on the ATM and sends the corresponding biometric characteristics (biometric templates encrypted) for authentication of User U using the market biometric technology selected by the financial institution, being, for example, palm vein, finger vein or fingerprint, or even any other technology that demonstrates being proper) and performs transaction via biometric authentication.
Firstly, a biometric key is defined between the financial institution 16 and the Host of the Company “X” and a key for each ATM between the Host of the Company “X” and ATMs, with this key being periodically changed.
The biometric encrypted template is an important identification of the User U and needs to be securely stored and transported by the biometric key defined between the financial institution 16 Host and Company “X”, being translated on the Host of Company “X” for the ATM key and, subsequently, submitted to the requesting ATM. Thus, a security architecture is defined for transporting the referred templates between the financial institution and software of biometric devices of ATMs from the Company “X” (as it may be understood by observing FIG. 2).
The Company “X” performs biometric authentications applied in market ATM 1, for users of financial institutions, through information of physical characteristics of each user for preferably three market biometric authentication technologies being used, for example, fingerprint sensor 4, biometric authentication by veins (using palm vein sensors 2), or finger vein 3.
The present system also enables transactions to be performed requesting only biometric authentication with the market technology selected by the financial institution (such as palm vein 2, finger vein 3 or fingerprint 4) and/or requesting contingency security mechanisms (positive identification, TAN CODE and TOKEN), or even further, to be performed requesting the combination of security devices and mechanisms, i.e., as example: biometry and card password; biometry and positive identification; biometry, positive identification, TAN CODE and/or TOKEN; no biometry with card password, Positive Identification, “TAN CODE” and TOKEN; or even further, only biometry.
The invention enables the financial institution to select security devices and/or biometric technology to be used on transaction authorization. Upon logging the User U, through its identification of which financial institution that the User U is linked, the ATM (1A or 1B) verifies the financial institution (16A or 16B or 16C) to search for information regarding which security devices will be used on transaction authorization. In this information query by security devices, the ATM (1A or 1B) submits information from biometric sensors that are present and available to be used (palm vein 2, finger vein 3 and/or fingerprint 4) during the transaction authorization of the User U. The financial institution (16A or 16B or 16C) verifies the biometric sensors available (sensors 2, 3 and/or 4) and one of the sensors corresponds to the biometric technology selected for the referred User U and retrieves the security information that will be used on transaction authentication (biometric technology selected by the financial institution (16A or 16B or 16C)).
The present invention also starts the transportation on security of personal characteristics. For transportation of personal characteristics (biometric templates 15A or 15B or 15C) of User Us, a biometric key (27A or 27B or 27C) between the financial institution (16A or 16B or 16C) and the Host of the Company “X”, and a key (28A or 28B) between the Host of the Company “X” and the ATM (1A or 1B) is defined, this key being periodically changed.
Regarding the security solution, the biometric template (15A or 15B or 15C) is an important identification of the User U and needs to be securely stored and transported by the biometric key (27A or 27B or 27C) defined between the Host of the Company “X” and the financial institution (16A or 16B or 16C). The template is then translated on the Host of the Company “X” for the key (28A or 28B) of the ATM (1A or 1B) and then submitted to the requesting ATM (1A or 1B). Thus, a security architecture is defined for transportation of the referred biometric templates (15A or 15B or 15C) between the financial institution (16A or 16B or 16C) and the ATMs (1A or 1B) of the Company “X”.
The present invention monitors one, two or three biometric sensors present on the ATM. It enables to monitor which market biometric technologies (palm vein 2, finger vein 3 and/or fingerprint 4) are present on the ATM equipment (1A or 1B) and the respective states (present, operable, inoperable or disconnected sensor from the ATM CPU).
This invention provides a set of biometric sensors to perform biometric authentication 14 incorporated to an ATM 1 to enable financial institutions to select security devices and biometric technology that will be used for transaction authorization of the User U on ATM equipment 1. The set of biometric sensors that enable biometric authentication 14 allow the ATM equipment 1 to search for registration information 17 and biometric templates 15 on the financial institution 16 indicating on the request message 17, the biometric technologies (biometric sensors 2, 3 and/or 4 installed), the respective types and states of biometric sensors (operable or not). The financial institution 16 verifies the type of biometric sensors (2, 3 and/or 4) installed on the ATM 1 and selects security devices and/or the biometric technology for transaction authorization of the User U.
In this moment, other security devices might be submitted by the financial institution 16 to be captured on the ATM 1, such as, for example, the card password, the positive identification or access letter, the TAN CODE and the TOKEN.
Thus, the system is presented positively flexible and configurable for usage of security devices and/or biometric technologies (2, 3 and/or 4) in ATMs equipment 1. The system enables financial institutions to select biometric technologies on the market (2, 3 and/or 4), and keep performing transactions on ATMs equipment 1 of the Company “X” using the security devices and biometric technologies used in their networks. Examples: requesting only biometric authentication 14; transactions performed requesting contingency devices—positive identification, TAN CODE and TOKEN; transactions performed requesting the combination of following devices: biometry and card password; biometry and positive identification; biometry, card identification, TAN CODE or TOKEN; no biometry with card password, positive identification, TAN CODE and TOKEN, or only biometry.
Regarding the macro validation sequence of the User U with biometric authentication, the User U starts the session on the ATM—example: inserts card 18 for magnetic stripe scanning; the ATM requests to the financial institution 16 the registration information 17 of the User U; then the ATM 1 receives registration information 17A (smart card treatment, biometry and other security devices); subsequently, the ATM requests to insert card 18 and validates 21 the Smart Card CHIP of the User U card; requests the User U to position its finger or hand palm to perform the biometric authentication 14 of the User U; requests and captures the password 23 of the User U; requests the selection of transaction, value, requests authorization and complete the transaction.
Regarding biometric errors 25 flagged on the user biometric authentication on ATM 1, are provided errors on the biometric template 17A submitted by the financial institution 16; error on the User U authentication—different biometry from the registered on financial institution 16; biometry scanning timeout of the User U on ATM and cancellation requested by the User U while scanning biometry.
When one of these errors occur, the ATM submits incident 26 in real time to the financial institution 16.
Only for example purposes, the biometric treatment with hand palm scanning error is mentioned, with the following procedures: biometric sensor 2 is enabled for hand palm scanning; requests the User U to position its hand for scanning; requests the User U not to move its hand palm until the scan and authentication is completed (match execution); then, an error occurs while executing the Match—failed attempt of biometric authentication of the User U, unsuccessful hand palm scanning [hand scanned with template (right hand) and hand scanned with template (left hand)].
With this incident, the amount of biometric scanning errors is flagged. Then, the biometric sensor is once again enabled for hand palm scanning; requests the User U to position its hand for scanning again, reminding that the hand selection for scanning will always be made by the user; if there is a proper scan—requests the User U not to move its hand palm until the match is completed (hand palm authentication); error occurs when performing the match—error on the User U biometric authentication attempt, considering that the hand palm scan was successfully performed and the authentication failed [hand scanned with template (right hand) and hand scanned with template (left hand)].
When it occurs, the amount of biometric scan errors is updated, the biometric sensor is enabled once again for hand palm scanning, requesting the User U to position its hand once again for scanning, being the hand selection for scanning made by the user.
It requests the User U not to move its hand palm until scanning and the match (hand palm authentication) are completed; new transaction completed with authentication error (after three attempts of biometric scanning—capture and authentication).
When the third error occurs, the referred incident 26 is submitted to flag the User U biometric authentication error. A screen is displayed to the User U reporting the error and an error incident is submitted to the financial institution.
The amount of biometric scanning errors is updated and the sensor becomes unavailable for this User U, considering that for the “unavailable sensor” incident some rules are provided, among which the cable disconnection of ATM CPU biometric sensor, i.e., the biometric sensor is monitored via “XFS” commands and the triggering of this sensor must disable the biometric sensor. The operation restart of the biometric sensor (2, 3 or 4) is performed only with operation tests (remote or local).
Moreover, it becomes unavailable as well when a number of consecutive biometric validation errors occurs, i.e., the number of possible errors is configured on the Host of the Company “X” and is submitted via communication network to the ATM. Errors are counted whenever the biometric scanning error occurs, regardless if it happened to one or several users. Each unsuccessful hand palm-scanning attempt is accounted as error. When an OK scan occurs (capture and authentication OK), the amount of errors returns to zero.
In cases of unavailable biometric sensors, on the start of a transaction, the ATM submits the information query message 17 to the financial institution 16 with the information that sensors (palm Vein 2, Finger Vein 3 and Fingerprint 4) are present, but inoperative for use.
The financial institution 16 might submit the answer of the information query request 17A with the security data currently used to validate the user-IDPOS/TAN CODE/TOKEN. Transaction authorization will be performed as if the ATM did not have the biometric sensor (2, 3 or 4) installed.
Information of installed biometric sensors, available and unavailable, is submitted by the ATM 1 system to monitoring systems of the Company “X”.
The information submitted on biometric sensors monitoring are:
1. The status of sensors installed on the ATM that are:
sensor status: inexistent; operative; inoperative; or disconnected.
2. The monitoring of sensors that is performed by the ATM 1 that scans statuses and submits it to ATM monitoring systems of the Company “X”.
Regarding transaction processing, it is worth underlining that transaction records reporting that biometric authentication occurred on the ATM and the transaction base storage of the Company “X” are processed and displayed in managerial reports.
The system starts operational functions (ATM supervisor), i.e., the operational functions that allow technicians of the Company “X” to diagnose and correct problems on biometric sensors (2, 3 and/or 4), local or remotely.
The system started operational functions, which are sensor error diagnostic, biometric sensor tests and synchronization of biometric keys (28A or 28B), where the sensor error diagnostic provides, in turn, the diagnostic function of the operator menu for biometric sensor error flagging and automatic call for execution of problem correction function (biometric sensor tests); and alteration of diagnostic function of operator menu to flag update error of biometric keys on ATM and automatic call to force the update of keys (28A or 28B).
A second operational function provides biometric sensors tests (2, 3 and/or 4), performed by biometric data capture and validation execution.
And further yet, one last operational function consists on synchronization of biometric keys (28A or 28B) that forces the exchange of biometric keys with the server of the Company “X” and it can be performed automatically or by remote operation.
Although the invention is detailed, it is important to understand that it does not limit its application to details and stages herein described. The invention is capable of other modalities and being practiced or executed in a variety of methods. It must be understood that the terminology herein applied is for description purposes and not for limitation.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10-2014-010137-3 | Apr 2014 | BR | national |
