THE INVENTION - A CARD AND IDENTITY VERIFICATION SYSTEM

3. PCT PATENT SPECIFICATION (INCLUDING CLAIMS)

BACKGROUND OF THE INVENTION

THIS invention relates to a card, as well as an identity verification system and method. The invention further also relates to a system and method for access control and facilitating financial transactions. Currently, the only main security features when using cards {e.g. smart cards) for the purposes of access control or financial transactions, is the use of a PIN code which is entered on a keypad of a card terminal The drawback with this security feature is that if another person steals the card and obtains the PIN code, then he/she will be able to use the card (e.g. to withdraw money or access a secured area).

The table below summarises certain traits of different biometric identity verification systems/methods:

In terms of biometric comparisons as depicted above, the characteristic location of finger-vein is internal. It is therefore extremely difficult to steal and forge someone's finger-vein. In this way, finger-vein is highly secure. Fingerprint Is less secure, since it is relatively easy to steal and fake someone's fingerprint Furthermore, finger-vein is not affected by external factors. Consequently, it is highly reliable.

Both finger-vein and iris also have high accuracy, which means that by combining the two, identity verification would be even higher, which thereby provides very strong authentication.

The Inventor wishes to adopt a holistic approach in addressing the problems of finger print and face/as well as PIN code and signatures when using debit/credit cards. DESCRIPTION OF THE INVENTION

The abovementloned invention is described, by way of example, with reference to the accompanying diagrammatic drawings attached hereto.

In the drawings:

Figure 1 shows a schematic layout of a system In accordance with the invention.

Figure 2a shows a schematic layout of a card in accordance with the invention.

Figure 2b shows a functional layout of the card of Figure 2a.

Figure 3 shows a flow diagram of the operation of the system shown in Figure 1.

Figure 4 shows a schematic layout of an example of how an access control system, in accordance with the invention, can be implemented.

Figure 5 shows a layout of an encryption which is implemented on a smartcard.

Figure 6 shows a diagrammatic layout of a quadruple/four-fold authentication implemented by the system shown in Figure 1.

The above invention relates to a card, for example a smartcard, which can be used for financial transactions and access control. The card incorporates duel biometric authentication in order to allow only an authorised person, who is associated with a card {i.e. the cardholder), to use it. In addition, the card also includes an account number/serial number together with an identification number, which can be used for further verification purposes. More specifically, the serial number stored on the card is the cardholder's account number.

In Figure 1, reference numeral 10 refers generally to a system in accordance with the Invention. The system 10 includes a central processing/control station 12 which has a processor/server 16 and a database 18 which is operatively connected thereto. The processing station 12 may, for example, be a bank or another type of financial facility. Details of all users/clients 100.1, 100.2 (hereinafter only referred to as "user 100") which are registered with the system 10 are typically stored on the database 18. These details include an account number, an ID (identification)/learner number which are associated with the particular person/entity and biometric identification information of the user. The biometric identification information typically includes information on two different biometric traits, namely finger vein information and iris information.

The system also includes a plurality of smartcards 20.1, 20.2 (collectively hereinafter referred to as "smartcard(s) 20") which are each associated with a particular registered user/cardholder 100. Each smartcard 20 includes a finger vein scanner/reader 22 and an iris scanner/reader 24 which are incorporated into a body 26 of the smartcard 20 (see Figure 2a). Both the finger vein scanner 22 and iris scanner 24 are connected to a microchip/microprocessor 28 which is embedded in the smartcard 20, in order to allow biometric identification information which is captured by the scanners 22, 24 to be sent to the microprocessor 28. It should be appreciated that the smartcard 20 may also have the same general features of a normal smartcard.

The smartcard 20 includes an internal storage medium 30 (e.g. a database) on which biometric identification information of the particular user 100 which is associated with the card 20 is stored. More specifically, the biometric identification information includes information on both finger vein and iris biometric traits of the user 100. In addition, a built-in serial number which corresponds with the account number of the particular user 100 (e.g. the serial number may be identical to the account number) and ID/learner number which are associated with the registered user are also stored on the database 30. The serial number is typically associated with (i.e. is linked to) an account of the user 100. More specifically, the serial number is the account number of the user 100. The biometric Identification information, serial number and ID/learner number are typically stored on the database 30 In encrypted form. More specifically, the biometric identification information is concatenated and bound with a digital key using biometric encryption. The key is then used to encrypt the user data stored on the smartcard 20.

Smart card technology makes use of embedded circuit chip that is a secure microcontroller. With an embedded microcontroller, the smart card has a unique ability to store a large amount of data while carrying out functions like encryption and biometric matching. Biometric encryption is the process that securely binds a cryptographic key to a biometric, so that neither key nor the biometric can be retrieved from the stored template. The key is recreated only if the correct live biometric sample is present on verification.

For finger-vein biometrics, the biometric sample of the user is captured during the enrolment process using a near-infrared light beam shone on the side of the finger which travels through the finger and traces out the vein pattern. This vein pattern is captured as an image on the other side of the camera using a special camera. The unique features are extracted from the biometric sample (e.g. an image). The image is then converted into an encrypted biometric key or mathematical representation. The unique features are extracted from the biometric sample. The enrol algorithm accepts the biometric samples and outputs a template and a cryptographic key.

For iris biometrics, the biometric sample of the user Is captured during the enrolment process using a near-infrared light; a close-up photograph of open eye is taken. Edge detectors are used to locate the actual shape and position of the iris in the captured image. The Iris area is identified from the image, the texture can be localised and feature values extracted from it using an extraction algorithm. The unique features are extracted from the biometric sample. The enrol algorithm accepts the biometric samples and outputs a template and a cryptographic key.

Biometric Encryption (BE) Is used to secure the cryptographic keys.

During the enrolment phase, the process combines biometric data finger vein and biometric data from the iris biometric image with their cryptographic key respectively, to create two secure blocks of data. The key is retrieved using the "live" biometrics during the verification phase.

The authentication process uses both finger-vein and iris at the same time - a double technology operation which provides strong authentication. The authentication may however use finger-vein only or iris only.

In the key binding mode, the digital key is generated on enrolment so that neither the user nor anybody else knows it. The key itself is completely independent of biometrics, and therefore, can always be changed or updated. After a biometric sample is acquired, the BE algorithm securely and consistently binds the key to the biometric to create a b!ometrically encrypted key. The BE template provides privacy protection and can be stored either in a database or locally (smart card, token, laptop and cell phone). At the end of the enrolment, both the key and the biometric data are discarded.

On verification, the user presents his or her fresh biometric sample, which, when applied to the legitimate BE template, will let the BE algorithm recreate the key. At the end of verification, the biometric sample is discarded once again. The BE algorism is designed to biometric. On the other hand, an impostor whose biometric sample is different enough will not be able to recreate the key.

An Advanced Encryption Standard (AES) Algorithm can be used for encryption and decryption of the user data, in this example, symmetric (also known as secret-key) ciphers use the same key for encrypting and decrypting, so the sender and the receiver must both know, and use, the same secret key. In our scenario the released key from the BE will be used as the cryptographic key to encrypt and decrypt the user data.

Encryption process (e.g. assuming AES 128 block dpher block)

There are typically 10 rounds for this process. For this description however, we will only describe a typical round of AES encryption. Each round comprises four sub-processes. The Cipher key would be the biometry key initially stored on the biometric template. Below is the first round of the Encryption process.

^■ Cipher key: the released key from the Biometric Encryption

^■ Plain text: user data

Reference Is in this regard made to Figure 5.

Byte Substitution (Sub Bytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns.

Shift rows

Each of the four rows of the matrix is shifted to the left. Any entries that 'fall off are re-inserted on the right side of the row. Shift is carried out as follows -

^■ First row is not shifted.

^■ Second row is shifted one (byte) position to the left.

^■ Third row is shifted two positions to the left.

^■ Fourth row is shifted three positions to the left.

The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. Mix Columns

Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round.

Addroundkey

The 16 bytes of the matrix are now considered as 128 bits and are XOR'ed (XOR is a bitwise operation that results in true or false) to the 128 bits of the round key. If this is the last round, then the output is the cipher text. Otherwise, the resulting 128 bits are interpreted as 16 bytes and another similar round Is begun.

Decryption Process

The process of decryption of an AES cipher text is » process in the reverse order.

Each round consists of the four processes conducted in the reverse order - ^■ Add round key

^■ Mix columns

■ Shift rows

^■ Byte substitution

Since sub-processes in each round are in reverse manner the encryption and decryption algorithms needs to be separately implemented, although they are very closely related.

The microprocessor 28 and database 30 can typically be Implemented on an EMV2 chip. EMV stands for Europay, Mastercard and Visa and is a global standard for cards equipped with computer chips and technology used to authenticate card transactions.

The microprocessor 28 is configured, by way of software, to implement an identity verification module 32. The identity verification module 32 is configured to compare the biometric identification information captured by the scanners 22, 24 and compare it against the stored biometric identification information (i.e. for both finger vein and Iris). If the scanned and stored biometric identification information of both biometric traits match each other, then the identity verification module 32 verifies that the person whose biometric identification was captured by the scanners 22, 24 is in fact the associated/authorised card user.

If one or both of the comparisons (i.e. the iris or finger vein comparisons) do not match, then a mismatch/unauthorised user is identified by the Identity verification module 32.

In a slight alternative embodiment, the biometric identification information captured by the scanners 22, 24 can be sent via the card reader terminal to the processor IS, together with the serial and ID numbers. The processor 16 can then compare the received biometric identification information with biometric identification information which is stored against the particular serial number, in order to determine if the captured biometric identification information matches the biometric identification Information associated with the registered cardholder.

In another slight variation, the biometric identification information captured by the scanners 22, 24, as well as the biometric identification information stored on the database 30, can be sent to the card reader terminal 132 for the purposes of performing a matching function.

It should therefore be clear from the above that the actual matching of the captured and stored biometric identification information may be done on the smart card 20, by the processor 16 or even by the card reader terminal 132.

This type of verification is typically implemented when the smartcard 20 is being used. This may, for example, be when a financial transaction is initiated/requested (see reference numeral 110) through the use of the smartcard 20, or if access is requested to an access controlled area by making use of the smartcard 20 (e.g. at concerts, train stations (see reference numeral 112) or secure areas).

The smartcard 20 may, in one example, be configured to work as a type of contact card where It needs to be inserted into a card reader. In this case the smartcard 20 typically has a conductive plate (typically gold- plated) on the surface of the card. Data transmission can then take place through this physical contact point. In another example, the smartcard 20 can be a contactless smartcard, in which case it should merely be in dose proximity of a wireless scanner/reader. The card does not have a battery and derives its power for the internal chip/processor 28 from the electromagnetic field (signal) (e.g. generated by the wireless scanner/reader). That means the cryptography cannot consume too much energy. The range is typically one-half to three inches (±1.27cm to ±7.62cm) for non-battery powered cards.

It is preferable to use a contactless smartcard 20, since it is cost-effective by virtue of consuming relatively less energy.

The invention will now be described by means of a few practical examples. Example Vr Pln»"dal Transactions

The system 10 can typically be implemented by a financial institution(s) (e.g. banks or Institutions such as Mastercard/VISA)) in order to facilitate financial transactions. In this case, details of the financial institution's customers/clients 100 are stored on the database 18 (e.g. during a registration process). These details typically include an account number, a bank account number which is linked to the account number (which is also the built-in serial number of the card), an 10 (identification)/ learner number and biometric identification information of the two biometric traits (i.e. finger vein and iris). The bank account number is typically allocated by a bank, while the account number is linked to a built-in serial number of the card which the system uses as its account number.

The biometric Identification information of the two biometric traits are typically captured during a registration process and also stored on the smartcard 20 (i.e. on the database 30). In addition, a serial number, which is associated with the account number, and ID number are also stored on the smart card 20.

When a client 100 wishes to conduct a financial transaction at a merchant 130, for example, in order to purchase certain goods, then he (or she) would typically Insert his smart card 20 into a card reader/card reader terminal 132. In a slight alternative embodiment, if the card reader terminal 132 is configured to communicate wirelessly (e.g. using near-field communication (NFC) with smartcards, then the smartcard 20 wHI typically not need to be physically connected to the card reader terminal 132. In this case, communication will then occur wirelessly between the card reader terminal 132 and the smartcard 20. The card readers/card reader terminals 132 are connected to the processor 16 via a communication network (e.g. including the Internet and/or a mobile/wireless telecommunication networks 150)

When the smartcard 20 is inserted into the card reader terminal 132 (see Figure 3, at block 400), an authentication process is initiated whereby the card user 100.1 is required to place his finger on the finger vein scanner 22 and, at the same time, allows the iris scanner 24 to scan his iris (i.e. the user 100.1 looks at the iris scanner) (at block 402). The scanning of the iris therefore occurs while the finger of the card user 100.1 is placed on the finger vein scanner 22.

When the scanners 22, 24 have captured biometric identification information of the cardholder 100.1, these details are compared by the identity verification module 32 to the stored biometric identification information of the person who is associated with the smartcard 20 (i.e. the person who is registered against the smartcard 20 on the system 10) (at block 404)

If the captured and stored biometric identification Information of both biometric traits match (at block 406), then the serial number and ID number, which are stored on the database 30, are sent to the processing station 12 (e.g. a processing server of the bank) (at block 408). If the captured and stored biometrlc Identification information do not match, then an error message is presented/displayed (e.g. on the card reader terminal) (at block 410).

The processing station 12 utilises the received serial number in order to locate an account number which is associated therewith and a specific registered user which is associated with the account number. Once retrieved, the received ID number is compared against the ID number which is associated with the particular registered user (i.e. an identification number which is stored against the registered user) (at block 412).

If the received serial number does not match/link to (at block 414) any account number which is stored on the database 18, then an error message is again displayed (at block 416). Similarly, if the received serial number matches/links to a particular account number, but the received ID number does not match (at block 414) the specific ID number stored against the specific account number (on the database 18), then an error message is also displayed.

If the received serial number does however match/links to an account number stored on the database 18 and the received ID number matches the stored ID number which corresponds with the stored account number on the database 18, then the financial transaction can proceed/be finalised (at block 418).

It should be noted that the identity verification module 32 can typically form part of a larger transaction facilitation module which is configured to facilitate the financial transaction including the Identity verification of the identity verification module 32. Part of the transaction facilitation module may then be implemented on the smart card 20 (e.g. the identity verification module 32 and the sending of the serial and ID numbers), while another part may be implemented on the processor 16 (e.g. the matching of (a) the serial numbers and (b) the ID numbers and then proceeding with the financial transaction).

From the above, it will be clear that the system effectively provides a quadruple/four-fold authentication, since the financial transaction will only proceed when matches are found for two blometric traits, a serial number links to an associated account number and the identification numbers match. Preferably, the identification number should be a national ID number or learner number of the registered person. The inventor believes that this provides a strong form of authentication.

The smartcard can typically be used as a credit card/or debit card. In a preferred embodiment, then smartcard may Include a first code for it to be used as a debit card, and a second code for it to be used as a credit card. The smart card may therefore act as both a debit and a credit card.

Example 2: Access Control

The system 10 can also be implemented to provide access control.

Examples of where access control could be implemented include train stations, concerts, schools and secure facilities, amongst others.

In this example, the smartcard 20.2 (see Figure 1} can again be used to gain access to certain restricted areas (e.g. to board a train). The identity authentication/verification process will typically work in the same general fashion as in Example 1. It should however be appreciated that the authentication/verification of only the two biometric traits could be used in this instance. In other words, the verification of the account and identification numbers need not necessarily be implemented in this instance. The reason for this is that in some Instances the access control would not be linked to a specific financial transaction (e.g. to gain access to a restricted area for the purposes of work). For greater security, however, the quadruple/four-fold authentication as described in Example 1 can be implemented, the quadruple/four-fold authentication may, for example, be implemented at offke parks, hospitals, colleges, universities, etc., where security is of the utmost importance.

However, in another instance the access may be linked to a financial transaction. For example, in order to gain access to an access controlled area for boarding trains, access will only be granted if a particular payment is made {e.g. at a turnstile 130 at the train station). To initiate the payment process, the card 20 can be inserted into (or held near if using NFC) a card terminal 132 at the turnstile 130. Once inserted, the verification process as described in Example 1 is again implemented and, once verified; a certain amount of money can be deducted from an account which is associated with the account number stored on the card 20. Once payment has been made, access will be granted to the access controlled area.

It should be clear from this example that the smartcard 20 can be used as a type of prepaid card onto which money can be loaded. The smartcard 20 can be a multi-currency card in that it can be preloaded with the currencies of different countries, depending on where a user wishes to travel.

When a smartcard is lost or stolen, a new card can be reissued. A reissued smartcard 20 can then be reloaded with the balance of the lost or stolen smartcard 20, thereby solving the problem of loss of money, which serves as an incentive, for example, to tour and use integrated public transport systems (IPTS), because the smartcard 20 can be configured to be compatible with all modes of public transport, resulting in a significant boost to the economy. In other words, the smartcard 20 can be integrated for use into public transport systems (e.g. when travelling by train, buss, etc.)

The system 10 can be configured to record time and attendance, the number/name of the terminals/turnstiles (each time a smartcard 20 is used at a particular terminal/turnstile) and the identity of the person. This information can then be used, for example, to determine if more terminals/turnstiles are needed at certain access points (e.g. due to the large number of times when the terminals are used). In a similar fashion, if some terminals are not used often, it may indicate that fewer terminals could be implemented at that specific location.

If access control is, for example, implemented at places where concerts or sport activities are held, then tickets can typically be booked via the Internet and credited to the user's smartcard 20 which can then be used as a contactless pass (e.g. if near field/wireless communication is used at the access control entry points) for convenience and safety. In this instance, when a ticket is booked, it can be credited against the user's smartcard 20.

When a smartcard 20 is then read by a card reader terminal, then the system 10 is able to identify that a particular ticket is linked to this smartcard 20 and as a result allow access after the identity verification/confirmation process.

It should therefore be clear that the smartcard 20 can serve the purpose of a ticket and therefore negate the need to print physical tickets. From the above, it should be apparent that the smartcard 20 allows for the convenient use of electronic payment coupled with electronic access control for concerts, plays and sporting activities, as well as in integrated public transport system.

A reliable fast and convenient electronic access control system also makes provision for flexi time.

Example ¾: Access control at a school

Figure 4 illustrates an example of how the system 10 can be implemented at school premises 500. The system 10 can however also be implemented in educational institutions, hospitals, office and industrial parks, residential areas, etc.

In this example, staff and learners would each typically have their own smartcard 20. The smartcards can then be used at schools to go through car gates and turnstiles. It will however be dear that access to certain areas, such as the staffroom, is limited only to certain authorised people (e.g. only learners and administration staff are able to access the staffroom to consult educators on school matters and discuss with educators pertaining to official matters respectively). In the case of classrooms, only educators and learners may enter them when teaching and assessments are in progress. The main reason for this prohibition is to prevent persons, such as visitors, from gaining access to classrooms in order to help prevent assaults and murders of educators in classrooms, moreover, in the presence of learners, which have happened In the past In certain circumstances, leaners may access the staffroom to consult educators on school matters. Details on this would typically be stored on the card or central processing station 16 of the school.

It is Important to note that high security at schools significantly contributes towards enhancing staff productivity and improving learner performance.

For example, when the smartcard 20 is inserted into a card reader at the gate, the processor 16, in addition to the dual biometric authentication (I.e. finger vein and iris), also checks whether the associated cardholder is authorised to access the school premises/parking area. Details regarding which people are authorised to gain access to which areas would typically be saved on the database 18.

An electronically interlinked healthcare system in an electronic access control system in schools identifies outbreaks of diseases early, resulting In implementing containment measures timeously, which in turn results in enhanced staff productivity coupled with improved learner performance.

Such a system comprises the school, nearest clinic and Healthcare Centre.

From the above it should be clear that the system 10 typically includes a quadruple identification/verification process whereby two biometric traits, an account number and identification number are all compared against stored information. The Inventor therefore believes that the system 10 provides a high level of security, especially in places such as schools and hospitals.

During the registration process, the biometric identification information on the finger vein and iris biometric traits are essentially converted into an encrypted digital template which is stored on the smartcard 20.

The Inventor believes that the present invention provides a holistic approach by commencing with the biometric comparison described herein. In this way, a holistic approach enables one to effectively address the problems of security, reliability, accuracy, authentication and authorisation, as well as with PIN's or signatures, thereby facilitating financial transactions and access control, which are coupled with the usage of the card.

In terms of biometric comparisons as depicted above, the characteristic location of finger-vein is internal. It is therefore extremely difficult to steal and forge someone's finger-vein, tn this way, finger-vein is highly secure.

The inventor believes that the invention provides an innovative solution to the problems identified in the background of the invention and provides for the efficient and effective delivery of financial services in Africa.

The Inventor believes that finger vein scanning and iris scanning both have relatively high accuracy and are arguably less affected by factors such as skin damage, peeling, humidity, plastic surgery, make-up and weight {i.e. it is reliable).

The fact that the smartcard 20 and system 10 can be used to verify/confirm the identity of a particular person, allows the invention to be used in a variety of applications where identity verification is required, such as financial transactions and access control. Typical examples are applications in concerts, plays and sporting activities, as well as in integrated public transport systems as mentioned earlier herein.

The Inventor believes that the invention helps to reach out to the affluent, middle class and persons at the bottom of society, thereby providing financial inclusion. In addition, the invention may be used/implemented online thereby promoting digital banking.

The effective implementation of the invention can help empower communities, particularly those at the bottom of society, with capabilities to participate more effectively in the market economy in the long* term. This can help promote sustainable growth which does not leave the most vulnerable citizens of any country behind.

To help achieve a full, efficient and effective implementation of all the foregoing aspects, it is important to develop management on an ongoing basis through activity-based costing that will help to improve processes continuously within the above aspects. This should be done in order to help achieve cost- effectiveness, excellent services (in the long term), and help create opportunities to provide greater value and improve turnaround time, drive productivity and quality, achieve operational excellence and increase customer experience.