A SECURITY SYSTEM FOR USE WITH THE PERFORMANCE OF A RESTRICTED ACTION

THIS INVENTION relates to a security system for use with the performance of a restricted action.

The invention relates in particular to a security system for use with the performance of a restricted action that must be at least partially authorized by the use of a token that has an electronic memory.

It is already known in relation to various restricted actions that the performance of these actions require authorization, the use of an electronic token often serving to provide for the required authorization. An electronic token as envisaged can take many different forms, an electronic card, often referred to as a smart card and serving the purpose of a credit card, a debit card, a medical aid card, a loyalty card, and the like, constituting a token of the type envisaged. Still different forms of electronic tokens also are known.

A token as envisaged generally is associated with at least one person who is authorized to use it and has a memory in which it carries information including a unique code. As such, and in order to perform a restricted action, which may be a financial transaction, security requires a card reader to read the unique code from a token presented to it prior to authorizing the restricted action, i.e. the restricted action only can proceed in response to the unique code having been read from the token presented. A token can be similarly

used for access control where the token is presented to a reader which reads the unique code and permits access in response thereto. The security as above envisaged, in order to perform restricted actions, apply also to many other situations and insofar as the broad concepts associated therewith are already well known, these are not described in further detail herein. Also, the exact configuration of a token that can be used within a security system as envisaged, as well as the additional hardware used in conjunction with such a system, are well known and are not described further herein.

Insofar as an electronic token as herein envisaged can take many different forms while fulfilling an authorization purpose within a security system as envisaged, any reference hereinafter to a token must be interpreted as a reference to a token of the above general type and which is provided for fulfilling an authorization function as part of a security system as envisaged.

According to the invention there is provided a security system for use with the performance of a restricted action that must be at least partially authorized by the use of a token that has an electronic memory, which includes

for each token issued to a person for use to authorize the performance of a restricted action, storing in the memory of the token a unique code and an electronic representation of a fingerprint of the person; and

for authorizing the use of the token in order to perform a restricted action, requiring a card reader to read the unique code stored in the memory of the token, a fingerprint scanner to scan a fingerprint of the person presenting the token and a processor to compare the fingerprint scanned with the fingerprint stored and to identify the fingerprints as matching.

Particularly for practical implementation, the security system of the invention may include providing at a location where a restricted action is to be performed and for enabling the

use of a token for authorizing the restricted action, authorizing means that includes a card reader, for reading the unique code stored in the memory of the token, and a fingerprint scanner, for scanning the fingerprint of a person presenting the token, and that permits a processor to compare a fingerprint scanned by the fingerprint scanner with the fingerprint stored in the memory of a token and to identify whether fingerprints match.

According to one particular implementation of the security system of the invention, each token issued to a person may include therein input means and a processor and the authorizing means may include means to transmit to the processor of a token via the input means thereof an electronic representation of a fingerprint scanned by the fingerprint scanner thereof, the processor of the token permitting the fingerprint scanned and the fingerprint stored in the memory of the token to be compared and a match to be identified.

According to another implementation of the security system of the invention, the authorizing means may include a reader for reading the electronic representation of a fingerprint stored in the memory of the token and means to transmit the representation and an electronic representation of a fingerprint scanned by the fingerprint scanner thereof to a processor for comparing the two representations and for identifying a match. As such, the security system may include a processor as part thereof, that may be remotely located from the authorizing means, or that may form a part of the authorizing means, and that can serve to compare an electronic representation of a fingerprint scanned with an electronic representation of a fingerprint stored in the memory of a token and to identify a match.

Further according to the invention, the security system may provide for each token issued to a person to include disabling means for disabling the use of the token in response to fingerprints compared not identifying a match. As such, the possible use of a lost or stolen token can be completely eliminated.

Still further according to the invention, the security system may provide, for each token issued to a person, storing in the memory of the token unique information associated with the person, permitting use of the information for overriding the requirement of a fingerprint match for authorizing the performance of a restricted action with the use of the token. The unique information associated with a person to whom a token is issued typically may be the identity number of the person or the passport number of the passport of the person, the provision of this information to the processor of the system, typically via a keypad associated with the fingerprint scanner, providing for a restricted action to be authorized in a situation in which the person to whom the relevant token has been issued cannot have his fingerprints scanned due to injury or due to being otherwise incapacitated.

It is envisaged also that the security system of the invention can be integrated with the use of a computer for making financial transactions via the internet, an authorizing means as envisaged thus being associated with a computer and requiring a fingerprint match as envisaged for authorizing the financial transaction via the internet with the use of the computer. Clearly, the security system of the invention can be similarly integrated with other financial transactions to be performed by a different means and where authorization is necessary.

Insofar as the authorizing means for use with the security system of the invention is concerned, this clearly can take many different configurations, state-of-the-art equipment already being known that can be used for providing such an authorizing means. Insofar as electronic tokens for use in the security system of the invention is concerned, tokens may have suitable microchips incorporated therein for permitting the tokens to fulfill the various electronic functions as herein envisaged. The design of microchips for this purpose will be clearly apparent to those skilled in the art.

The security system of the invention is described hereafter with reference to an example of the system which is illustrated in the accompanying drawing, which illustrates diagrammatically the use of the system in relation to the performance of a restricted action.

Referring to the diagram, a bank has a server which is a processor that serves to authorize and perform actions in the form of certain types of payment transactions made via the use of tokens in the form of debit or credit cards issued by the bank to customers. Each card so issued to a customer is linked to at least one account of the customer with the bank. Each such card may then be used to pay for purchases at remote points of sale of merchants, each of which is provided with a point of sale terminal. Only one such terminal 14 is shown in the diagram, this terminal including a central processor 16, a card reader 18, a fingerprint scanner 20 and a keypad 22. The server 10 and the point of sale terminal 14 form part of a payment transaction authorization system.

Each card issued to a customer is a smart card and, as such, each card has a processor and an electronic memory. The electronic memory of each card has a unique code stored therein which is linked to at least one account with the bank.

Prior to the bank issuing a customer with a card, be it a debit card or a credit card, the customer is required to present himself at the bank to have a scan of the print of a particular finger performed. An electronic representation of the fingerprint as scanned is then stored in the memory of the card. The customer clearly is the person authorized to use the card to make payments from the account to which the card is linked. Such a card is an example of a token as herein envisaged and insofar as such a card may be used by more than one customer, it will be understood that in such a case a representation of a fingerprint scan of each customer must be stored in the memory of the card.

Upon a customer wishing to pay for a purchase via the point of sale terminal using his debit or credit card, which clearly is a restricted action as herein envisaged insofar as such a payment only should be permitted if the card is presented by the person to whom it has been issued, the card is inserted into the card reader 18. The customer also presents the finger which has an electronic representation of its print stored in the memory of the card to the fingerprint scanner for scanning and the scanner performs a scan thereof.

The card reader 18 then reads from the memory of the card the electronic fingerprint representation stored in the memory and transmits it to the central processor 16. The fingerprint scanner 20 also transmits the electronic representations of the fingerprint scanned to the processor 16, the processor hence running an algorithm which compares the fingerprint scanned with the stored fingerprint representation and, upon finding a match, permits the reader 20 to read the unique code of the card and to transmit it to the processor. Upon the code being recognized and accepted, the restricted action can proceed insofar as the use of the card for performing the restricted action is then authorized. The restricted action will proceed via the keypad 22, this process involving details of the purchase and payment option exercised to be entered and transmitted via the processor 16 to the server 10, which then accepts the payment transaction on the account associated with the code.

It will be appreciated from the above that the payment transaction only will be authorized upon the presentation of the unique code and a fingerprint match having been established, the latter requirement ensuring that the card only is used by an authorized person being the person to whom it has been issued.

It is envisaged in the above regard that unauthorized use of a card where a fingerprint match does not occur, will not only prevent a restricted action from being performed, but that the card will be simultaneously disabled, particularly via the processor 16. In this way unauthorized use of the card when lost or stolen can be completely prevented.

In an alternative implementation of the security system of the invention, the comparison of the fingerprint representation stored in the card and the fingerprint scanned may be performed via an algorithm run on a remote server such as the server 10. In yet an alternative implementation, the processor of the card used to perform a transaction may run an algorithm which does the comparison. This will require the fingerprint scanned to be transmitted via the card reader, or any other reader, to the processor of the card.

It is clear that many variations of the above system are possible and the invention accordingly extends also to all such systems which include the essential principles and features of the system as hereinabove defined and described.

It must be understood also that a token need not necessary be in the form of a card, it thus being envisaged that a token can have various other physical properties that will render it suitable for particular applications.

One particular alternative application of the security system of the invention is within an access control system, e.g. a system which controls an electronic lock on a door that provides access to a restricted area. Such a system may require, prior to unlocking the lock, the presentation of both a token, in the form of an access card that has a code and an electronic representation of a fingerprint stored therein, for reading via a reader, and the corresponding finger, for scanning via a fingerprint scanner. A correct code being read by the reader and a fingerprint match clearly will then permit unlocking of the lock and, as such, access through the door controlled thereby.

It is envisaged also that the security system of the invention can be associated with many other applications including different financial applications, particularly such applications where restricted actions are involved and where a token is used for performing these actions. Particularly for a situation where the person to whom a token has been issued, for whatever reason cannot present his correct finger for a fingerprint, the memory of the associated token may have personal information stored therein, e.g.

an identity number or a passport number, and by providing this number to a processor via a suitable keypad, use of the token for performing a required action can be authorized. The use of the personal information thus effectively serves as the override in such situations in which a fingerprint scan cannot be effectively performed.

The security system of the invention also can be associated with many other security precautions which may be associated with the performance of restricted actions in combination with the authorization of the use of a token as herein envisaged.