GB2366056A - Verifying identities - Google Patents
Verifying identities Download PDFInfo
- Publication number
- GB2366056A GB2366056A GB0020219A GB0020219A GB2366056A GB 2366056 A GB2366056 A GB 2366056A GB 0020219 A GB0020219 A GB 0020219A GB 0020219 A GB0020219 A GB 0020219A GB 2366056 A GB2366056 A GB 2366056A
- Authority
- GB
- United Kingdom
- Prior art keywords
- entity
- verification
- transaction
- identity
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Apparatus for verifying the identity of an entity comprises a database storing, for each of a plurality of entities, identification information for identifying the entity, and verification information for verifying the identity of the entity. This information can be used for verifying the identities of both parties to a commercial transaction, e.g. an EPOS transaction or electronic commerce over the Internet, by comparison with information (e.g. ID and PIN) sent.
Description
2366056 APPARATUS FOR AND METHODS OF VERIFYING IDENTITIES The invention
relates to apparatus for and methods of verifying the identity of an entity, such as an 5 individual or a company. The invention has particular (but not exclusive) application in the verification of parties to a retail or an electronic commerce (e commerce) transaction, to enable the transaction to be authorised.
In known systems for authorising transactions, a party to the transaction maintains its own database of entities which have previously-registered with that party. The entities may be, for example, individuals, 15 companies or other organizations.
As an example, if a company offers goods or services via the Internet, the company may require that customers to whom the goods or services are to be 20 supplied first register with the co ' mpany. When an customer registers with the company, the customer is assigned a unique identification code (referred to herein as an "ID") and a password. The company maintains a database which stores the IDs and passwords 25 of all customers which are registered with the company.
If a customer wishes to purchase a product from the company, the customer sends his ID and password to the company via the Internet. The company is able to verify the identity of the customer by checking that 30 the customer is registered and that the password matches the password held in the database for the customer.
A problem in the system described above is that, while 35 the system offers some level of security to the company,.it offers little security to the customer, since the customer is not able to verify the identity of the company. Furthermore, the company must maintain a database of all customers with their IDs and passwords, which may be expensive and time consuming.
5 In addition, the requirement for new customers to register with the company, together with the lack of security for the customer, may discourage customers from purchasing from the company. Also, if a customer is to obtain goods or services from a number of 10 companies, he may be required to register with all those companies, which may be cumbersome and time consuming for the customer, especially if he/she has chosen a different password for each different company.
15 According to a first aspect of the present invention there is provided apparatus for verifying the identity - of an entity, comprising:
a database comprising, for each of a plurality of entities, identification information for identifying 20 the entity, and verification information for verifying the identity of the entity; means for receiving a request from a first entity, being one of the plurality of entities, for verification of the identity of a second entity, being 25 another of the plurality of entities; means for receiving identification information and verification information relating to the second entity; means for determining whether the-received identification information and verification information 30 match identification information and verification informa tion relating to the second entity stored in the database; and means for issuing, in dependence on an output from the determining means, an indication to the first 35 entity of whether the identity of the second entity is verified By providing a database comprising identification information and verification information, and means for allowing the identity of an entity to be verified, and either or both parties to a transaction may verify the 5 identity of the other party before the transaction is carried out. The apparatus may receive requests from a plurality of entities for the verification of the identity of a single entity. Thus the invention avoids the need for an entity to register with a 10 plurality of other entities, since in effect an independent repository of identification and verification information is provided which may be accessed by all entities that-are registered therewith.
Furthermore, an entity (such as a company) does not is need to maintain its own database of identification information of other entities (such as customers), since the independent database may be used for verification.
20 The database may.be an,database running on a single server, or it may be a distributed database running on a plurality of servers. The database may be physically stored on one or more computer storage devices. In the case of a distributed database, the servers may be of 25 different types using different platforms running different database engines, communibating using common threads and methods.
The apparatus may further comprise means for receiving 30 identification information and verification information relating to the first entity, and means for determining whether the received identification information and verification information relating to the first entity match identification information and verification 35 information relating to the first entity stored in the database. In this way, the identity of the first entity may be verified before any information is issued to the first entity, which increases the security of the apparatus.
5 In one implementation, the identification information and verification information relating to the second entity are received from the first entity. For example, the identification information and verification information relating to the second entity could be sent as part of the request. This might be appropriate where, for example, the second entity (such as an individual) is physically present with the second entity (such as a retailer) so- that the second entity is able to pass its identification information and is verification information directly to the second entity without risk of interception.
In another implementation, the identification information relating to the second entity is received from the first entity,,and the verification information is received separately. This might be appropriate where the first and second entities are physically remote from each other. In this case, the second entity might pass its identification information to the first entity so that the first entity can request verification of the identity of the-second entity, and the second entity might pass its verification information directly to the verification apparatus. In this way, the second entity does not p ass both its identification information and verification information to the first entity, which increases the security of the system. Furthermore, an indication of the fact that the identity of the first entity has been verified may be sent to the second entity, for example by email, giving added security to the second entity.
The apparatus may further comprise means for issuing an indication to the second entity that the request has been received. In this way, the second entity is informed that its identity has been checked, and if the 5 second entity's identity has been used fraudulently, the second entity is warned.
The database may include distinctive information relating to at least the second entity, and the 10 apparatus may further comprise means for sending distinctive information relating to the second entity to the first entity. The distinctive information may comprise, for example, a digital version of a signature, a photograph, a fingerprint, a voice sample 15 or a retina image. In this way a further check on the identity of the second entity may be carried out. For example, where the second entity is an individual, a photograph sent by the verification apparatus could be visually compared with the appearance of the 20 individual, or a signature which has ' been transmitted could be compared with a signature provided by the individual, or automatic recognition software could-be used.
25 The apparatus may be apparatus for verifying the identities of parties to a transaction, in which case the apparatus may further comprise means for storing details of the transaction. The apparatus may also comprise means for sending the details of the 30 transaction to a party to the transaction. In this way, a record of transactions may be kept, which may allow transactions to be reported and audited at a later date.
35 The invention extends to apparatus for use by the first entity in conjunction with the apparatus described above, and therefore in a second aspect of the invention there is provided apparatus for use by a first entity in the verification of the identity of a second entity, comprising:
5 means for receiving identification information and verification information relating to the second entity; means for transmitting a request for verification of the identity of the second entity to a verification apparatus; 10 means for transmitting to the verification apparatus identification information and verification information relating to the second entity; and means for receiving an indication from the verification apparatus that the identity of the second 15 entity is verified by the verification apparatus.
This aspect of the invention allows the first entity to verify the identity of the second entity by receiving information such as an ID and PIN from the second 20 entity, and then.checking that the second entity has registered with the verification apparatus and that the ID and PIN correspond.
The apparatus may further comprise means for indicating 25 that the identity of the second entity has been verified, such as a visual display br an audible indication, or the fact that the identity of the second entity has been confirmed may be implicit, for example because a transaction is allowed to continue.
The apparatus may be, for example, an electronic point of-sale (EPOS) device for processing a transaction. In this case, the apparatus may be adapted only to process a transaction if the identity of the second entity is 35 verified.
Preferably the apparatus further comprises means for transmitting to the verification apparatus identification information and verification information relating to the first entity. In this way, the 5 identity of the first entity may be verified before any information is issued to the first entity, which increases the security of the system.
The apparatus may further comprise means for receiving 10 from the verification apparatus distinctive information relating to the second entity. The distinctive information may comprise, for example, a digital version of a signature, a photograph, a fingerprint or a retina image. In this way a further check on the 15 identity of the second entity may be carried out. For example, where the second entity is an individual, a photograph sent by the verification apparatus could be visually compared with the appearance of the individual. Alternatively the apparatus may further 20 comprise means for comparing the distinctive information received from the verification apparatus with corresponding information input by the second entity. The comparing means may bei for example, a processor programmed with software tha can compare 25 signatures, or facial images or retina images, or fingerprints. In this case the apparatus may include means for receiving the corresponding distinctive information, such as a signature pad which captures and digitizes a signature for further processing, or a 30 digital camera for capturing a facial image or a retina image.
In either of the above aspects of the invention, the apparatus is preferably adapted to communicate over a 35 distributed network such as the Internet, although it may be used with other networks such as an intranet or -8 a purpose built network.
The invention has particular (but not exclusive) application in e-commerce, and thus in a third aspect 5 of the invention there is provided a web server which, when in use, provides a web site for carrying out transactions over the Internet, the web site comprising:
means for proposing a transaction to an Internet 10 device; means for receiving an acceptance of the transaction from the Internet device; means for receiving identification information identifying a user of the Internet device; 15 means for sending the identification information identifying the user to a verification apparatus; means for receiving from the verification apparatus an indication of whether the user's identity has been verified; and 20 means for carrying out the transaction in dependence on the indication of whether the user's identity has been verified.
In this way, security may be enhanced in online 25 transactions, since the identity of the user of the Internet device may be verified by -reference to an independent repository of verification information.
The transaction may involve any type of interaction 30 between the two parties; for example it might involve the supply of goods or services by the web site to the user of the Internet device, or some form of communication or dissemination of information between the two parties.
Preferably the web site further comprises means for sending identification information identifying the web site and verification information verifying the identity of the web site to the verification apparatus.
In this way, the identity of the web site provider may 5 also be verified, giving extra security to the user of the web site and encouraging use of the web site.
The web site may further comprise means for sending details of the transaction to the verification 10 apparatus. The verification apparatus may then keep a record of transactions for reporting or auditing at a later date.
The invention extends to an Internet device when 15 suitably programmed for use with a web site as described above, and thus in a fourth aspect of the invention there is provided an Internet device adapted to carry out transactions via the Internet, the Internet device comprising:
20 means for sending,an acceptance of a proposed transaction to a web site provided by a web server; means for sending identification information identifying a user of the Internet device to the web site; 25 means for receiving from the user of the Internet device verification information verifying the identity of the user; means for sending the verification information to a verification apparatus; 30 means for receiving an indication of whether the transaction has been processed; and means for indicating to the user whether the transaction has been processed.
35 In this way the user of the Internet device may carry out a transaction with a web site (for example the purchase of goods or services) without having previously registered with that web site. The web site is able to verify the identity of the user by reference to an independent repository of information, thus 5 making it unnecessary for the user to pre-register with the web site.
The Internet device may be any device that can send and receive over the Internet and run appropriate software, 10 for example a personal computer, a WAP (Wireless Application Protocol) telephone, or a digital television with an Internet box. The Internet device may have a screen for displaying information to a user and/or means for producing audible sounds for passing 15 information to the user. Information may be input by the user to the Internet device via a keyboard, a key - pad, a writing recognition pad, a mouse, a remote control unit, or any other suitable device.
20 Preferably, in order to increase the security for the user, the web site's identification is also verified by the verification apparatus. Thus the Internet device may further comprise means for receiving from the verification apparatus an indication of whether the web 25 site's identification has been verified. The Internet device may further comprise means for aborting the transaction in dependence on the indication of whether the web site's identification has been verified. For example, the indication may be communicated to the 30 user, and the user may abort the transaction if the web site's identification has not been verified, or the transaction may be aborted automatically if the web site's identification has not been verified.
35 The Internet device may further comprise means for indicating to the user that the transaction has been processed. The indication that the transaction has been processed may include details of the transaction.
This may allow the user of the Internet device to keep a record of transactions. The Internet device may also 5 comprise means for requesting details of transactions from the verification apparatus, and means for receiving such details. This may allow the user to analyse transactions at a later date.
10 In any of the aspects described above, the various means may be software modules running on an appropriate processor.
The invention also provides corresponding method 15 aspects. Thus the invention may provide a method of verifying the identity of an entity comprising:
storing in a database, for each of a plurality of entities, identification information for identifying the entity, and verification information for verifying 20 the identity of the entity; receiving a request from a first entity, being one of the plurality of entities, for verification of the identity of a second entity, being another of the plurality of entities; 25 receiving identification information and verification information relating t6 the second entity; determining whether the received identification information and verification information match identification information and verification information 30 relating to the second entity stored in the database; and issuing, in dependence on the determining step, an indication to the first entity of whether the identity of the second entity is verified.
other method aspects corresponding to the various apparatus, web server and Internet device aspects described above may also be provided within the scope of the invention.
5 The invention is preferably implemented in the form of computer programs running on suitable processors. Thus the invention may provide a computer program which, when run on a computer that is connected to the Internet, causes the computer to provide a web site for 10 carrying out transactions over the Internet, the program comprising:
a program portion for proposing a transaction to an Internet device; a program portion for receiving an acceptance of 15 the transaction from the Internet device; a program portion for receiving identification information identifying a user of the Internet device; a program portion for sending the identification information identifying the user to a verification 20 apparatus; a program portion for receiving from the verification apparatus an indication of whether the user's identity hasbeen verified; and a progr am portion'for carrying out the transaction 25 in dependence on the indication of whether the user's identity has been verified.
The invention may also provide a computer program which, when run on a computer that is connected to the 30 Internet, causes the computer to function as an Internet device for carrying out transactions via the Internet, the program comprising:
a program portion for sending an acceptance of a proposed transaction to a web site provided by a web 35 server; a program portion for sending identification information identifying a user of the Internet device to the web site; a program portion for receiving from the user of the Internet device verification information verifying 5 the identity of the user; a program portion for sending the verification information to a verification apparatus; a program portion for receiving an indication of whether the transaction has been processed; and 10 a program portion for indicating to the user whether the transaction has been processed.
The invention also extends to-computer programs which, when run on a computer, would cause the computer to.
15 function as an apparatus as described above, or a web server as described above, or an Internet device as described above. The invention also extends to a computer program or a computer program product for carrying out any of the methods described herein, or a 20 computer readable medium having stored thereon a computer program for carrying out any of the methods described herein.
Features of one aspect may'be applied to any other 25 aspect where appropriate; apparatus features may be applied to method aspects and vice -versa.
Preferred features of the present invention will now be described, purely by way of example, with reference to 30 the accompanying drawings, in which:
Figure 1 shows a verification device embodying the invention; Figure 2 shows a verification system according to 35 a first embodiment of the invention; Figure 3 illustrates the operation of the first embodiment of the invention; Figure 4 shows a verification system according to a second embodiment of the invention; and Figure 5 illustrates the operation of the second 5 embodiment of the invention.
Referring to Figure 1, a verification apparatus 10 embodying the invention is shown. The verification apparatus 10 provides an independent repository of 10 identification and verification information, so that the identity of entities registered with the apparatus can be verified. Entities registered with the apparatus may be individuals,-companies or other organisations or undertakings.
The verification apparatus 10 comprises a relational database 12 which stores information relating to each of a plurality of entities. For each entity the database stores identification information, 20 verification information, and, optionally, distinctive information. Identification information may include information such as the name, address and email address of the entity, and an ID number. Verification information may include information such as a password 25 or a PIN (personal identification number) number. This information is kept secret by the ehtity and is used in verifying the identity of the entity. The verification information may be encrypted for transmission and when stored in the database 12, for added security.
30 Distinctive information may include a signature, a photograph, a fingerprint, a voice sample, a retina image, or other forms of biometric information. The distinctive information may be used as a further check on the identity of the entity. The type of information 35 stored in each category need not be the same for all entities.
The verification apparatus 10 also comprises an interface 18 which interfaces the verification apparatus to a network such as the Internet, a database manager 14 which manages the database in response to 5 requests to update the database, a verification manager 16, which manages verification requests, and a store 20 which stores details of transactions.
When an entity, for example an individual or company, 10 first registers with the verification apparatus 10, the entity passes information about itself to the verification apparatus through a secure source. The information includes details of the entity such as name, address and email addres ' s, and information which 15 can be used to verify the entity's identity, such as a password, a signature or a photograph. This information may be input through input device 22, or via interface 18. Input device 22 may include, for example, a keyboard, and/or a scanner for converting an 20 image, such as a.signature or a photograph, into a digitized version of the image, and/or an analogue-to digital converter for converting analogue information such as a voice sample into digital form. The identity of the entity may be checked, for example against an 25 electoral register in the case of an individual or a company register in the case of a co-mpany. Database manager 14 may assign further identification information or verification information to the entity; for example the database manager may assign an ID 30 number and a PIN number to the entity. The database manager 14 then updates the database with the information relating to the entity.
In operation, if a first party wishes to verify the 35 identity of a second party, the first party sends a request for verification to the verification apparatus 10. The request is received by the interface 18 and passed to the verification manager 16. The request must include both identification information and verification information relating to the first party, 5 and at least identification information relating to the second party. When a request is received, the verification manager 16 first checks the identity of the first party, that is, the party making the request.
This is done by consulting the database 12 to check 10 that the identification information and the verification information relating to the first party are correct. If they are not correct, then the verification manager 16 sends -a warning to the entity whose identity has been used, and the verification process is halted.
- once the identity of the first party has been confirmed, verification of the second party can be carried out. If the verification request included both 20 identification information and verif ication information relating to the second party, then the identity of the second party can be checked immediately by consulting the database 12. If only identification information relating to the second party was present, then the 25 verification manager sends a request for verification information. This request may either be sent to the second party directly, or to the first party, if it is believed that the first party has this information available, for example because the second party is 30 physically present with the first party. In response to this request, verification information relating to the second party is sent to the verification apparatus and is received by the verification manager 14. The verification manager then consults the database 12 to 35 check that the identification information and the verification information relating to the second party -17 are correct.
If the identification information and verification information relating to the second party are correct, 5 then a message confirming the identity of the second party is sent to the first party. If the information is not correct, then a message indicating that the identity of the second party has not been confirmed is sent to the first party, and a warning is also sent to 10 the entity whose identity has been used.
If requested by the first party, distinctive information, such as a photograph, signature or voice sample, may also be sent by the -verification apparatus 15 to the first party to allow the first party to carry out a further check on the identity of the second party. The first party may manually compare the distinctive information sent by the verification apparatus with a sample of the distinctive information 20 submitted by the.second party to the first party, or an automatic comparison could be carried out using automatic recognition software, such as signature recognition, voice recognition or image recognition software.
A first embodiment of a verificatioh system will now be described with reference to Figure 2. The verification system of the first embodiment is designed to operate within a retail environment. Referring to Figure 2, 30 the customer 30 is an individual who is registered with the verification apparatus 10. In this embodiment it is assumed that the customer has submitted sample signatures to the verification apparatus, and that he has been assigned an ID number and a PIN number., The 35 ID may be taken from his credit card, chip card or similar device.
The retailer is equipped with an electronic point of sale (EPOS) device 32. The EPOS 32 may take the form of an electronic cash register, a personal computer or 5 another similar device comprising a digital processor.
The EPOS 32 is provided with an input device 33 for receiving information from the customer. The input device may be, for example, a keypad, a signature tablet for capturing a signature, a microphone for 10 capturing a voice sample, or any other suitable input device. Additional input devices may be provided where required. The input devices may be internalor external to the EPOS 32. The EPOS 32 also has a screen for displaying information such as a signature or a 15 photograph; the screen may be either external or integral with the EPOS. The EPOS 32 may be provided with software which can compare signatures, finger prints, voice samples or other forms of biometric information. The EPOS 32 is also provided with software 20 that enables a secure TCP/IP (Transport Control Protocol/Internet Protocol) socket connection with the verification apparatus 10 via the Internet. The file layouts and the method of connection of the EPOS 32 are such as to enable it to communicate with the 25 verification apparatus 10. In this embodiment, the EPOS 32 also has an ID and a PIN nuffiber that are registered with the verification apparatus 10.
Retail server 34 is a server which in this embodiment 30 links several EPOS tills together. Retail server 34 processes transactions involving the retailer's financial systems and also processes credit card payments and other types of electronic payments.
35 The verification apparatus 10 in this embodiment is a computer of appropriate resources (memory, capacity, speed etc.) to suit the environment in which it is running. It is able to communicate with other computers and devices using TCP/IP. The verification apparatus may be implemented as a single server, or as 5 a plurality of servers all running as part of a distributed database.
The customer's email reader 36 is a device such as a personal computer, a personal organizer or a mobile 10 telephone that is able to read email. The email reader may be designed to use the SMTP (Simple Mail Transfer Protocol) system.
Figure 3 is a flow chart illustrating operation of the 15 first embodiment of the verification system. It is assumed that the customer has selected his goods as he would normally in a retail environment. In step 40, the prices, and optionally other details of the goods, are entered on the EPOS 32. This may be done', for 20 example, by manually entering the details, or by scanning the goods and referring to a stock database on the retailer's server. The goods are totalled by the EPOS as they would normally be.
25 In step 42, the customer enters his ID number and his PIN number into EPOS 32 and signs a-signature pad. The ID number may be entered on a keypad, or the ID number may be entered automatically using a device such as a payment card, chip card or identity card. In either 30 case, the PIN is entered by the customer manually. In step 44 it is decided whether the retailer requires samples of the customer's signatures for additional verification of the customer's identity. This may be decided automatically by the EPOS 32, for example if 35 the total value of the goods is above a predetermined amount, or the cashier may decide whether additional verification is required, in which case the cashier inputs the decision to the EPOS manually in response to a prompt from the EPOS. In alternative embodiments additional verification may be by means of a photograph 5 or a fingerprint or other distinctive information.
In step 46 the EPOS 32 sends a request for verification of the customer's identity to the verification apparatus 10. The request includes the retailer's ID 10 and PIN number and the customer's ID and PIN. The request also includes an indication of whether the retailer requires additional verification of the customer's identity, and the type of verification that is required, for example signature, photograph, voice 15 sample or finger print.
In response to the request, in step 48 the verification apparatus 10 verifies that the retailer's ID and PIN match, thus confirming that the retailer is registered 20 with the verification apparatus, giving the customer added confidence about the identity of the retailer. If the retailer's ID and PIN do not match, the transaction is aborted and an email is sent to the customer (step 66). An email may also be sent to the retailer whose 25 identity was used. In step 50 the verification apparatus 10 verifies that the custbmer's ID and PIN match. If the customer's ID and PIN do not match, the transaction is aborted and an email is sent to the customer and other designated parties (step 66).
If the both the retailer's ID and PIN and the customer's ID and PIN do match, then in step 52 the verification apparatus sends a message to the EPOS 32 confirming the identity of the customer.
In step 54 the verification apparatus 10 checks whether samples of the customer's signature (or other distinctive information) are required by the retailer for additional verification of the customer's identity.
If the retailer does required additional verification, 5 then in step 56 the verification apparatus sends the appropriate information, such as one or more digitized samples of the customer's signature, to the EPOS 32.
In step 58, the distinctive information is compared with a sample of the distinctive information submitted 10 by the customer. For example, if a sample signature is sent, then in step 58 it is determined whether the sample signatures match the signature that the customer has entered on the signature pad. This may be done either by visual comparison, or the signatures may be 15 compared automatically using a signature comparison program running on the EPOS 32. If the signatures do not match, the transaction is terminated and an email is sent to the person whose ID and PIN were used informing them that there may have been an attempt to 20 use their identity fraudulently (step 66). If the signatures match, the transaction continues.
Distinctive information other than a signature may be used in the verification. For example the verification 25 apparatus may store a voice sample of the customer speaking a password, and this could-be sent on request to the EPOS 32. The customer may then speak the password into a microphone at the EPOS. The EPOS then digitizes the spoken password and compares it with the 30 voice sample sent by the verification apparatus using voice recognition software to check the identity of the customer.
In step 60 the EPOS 32 sends the store ID, the till ID 35 and the operator ID to the verification apparatus 10.
optionally, details of the type of purchase are also sent. This information --.s stored by the verification apparatus, and may be used at a later date, for example, to provide an analysis of expenses to the customer.
In step 62 the verification apparatus 10 stores the transaction details and sends a transaction ID to the EPOS to give an audit trail of the transaction. A message is sent to the retailer's server (if present) 10 and an email is sent to the customer informing him of the transaction.
In step 64 the transaction is 'completed in the normal way, and the transaction ID is added to the customer's 15 receipt. The customer is thus provided with a transaction ID that matches the details that were sent to the customer by email, and the details stored at the verification apparatus.
20 Step 66 is carried out,if the transaction is terminated for any reason. In step 66 the customer is sent an email informing him of the reason why the transaction was aborted, or warning him that they may have been an attempt to use his identity fraudulently. Since the 25 customer is always sent an email when his identification is used, the customer will be informed of any fraudulent use of his credit cards etc.
A second embodiment of a verification system will now 30 be described with reference to Figure 4. The verification system of the second embodiment is designed to operate within an e-commerce environment over the Internet. Referring to Figure 4, the customer's Internet device 70 is a device that is able 35 to communicate over the Internet and has the ability to send and receive information. For example, the Internet device 70 might be a personal computer, a WAP (Wireless Application Protocol) telephone, a digital television with an Internet box (set-top box), or any other suitable data processing device. Typically the 5 Internet device runs commercially available Internet browser software such as Internet Explorer supplied by Microsoft or Navigator supplied by Netscape. Specially designed client software is also installed on the Internet device 70.
Web server 72 is any type of computer that is capable of connection to the Internet and hosting applications that run over it. In this embodiment web server 72 - hosts the retailer's web site. The retailer's web site is allows goods or services to be purchased over the Internet.
verification apparatus 74 is a server having appropriate resources (memory, capacity, speed etc.) to 20 suit the environment in which it is ' running. It is able to communicate with other devices via the Internet. Details of registered entities are held in a database appropriate to the platform that the server runs. The.server may in practice be several servers 25 all running as part of a distributed database.
The retailer's server 76 is a computer that processes transactions in the retailer's financial systems and also processes credit card or other types of payment.
operation of the second embodiment will now be described with reference to Figure 5. In step 80 the customer uses his Internet device 70 to select goods that he wishes to purchase on the retailer's web site, 35 under control of the web site. The customer also enters his ID, which is sent to the web site.
In step 82 the web server sends the customer's ID, the retailer's ID and PIN, and details of the transaction (such as the amount) to the verification apparatus. In step 84 the verification apparatus checks whether the 5 retailer's ID and PIN are valid. If they are not the transaction is aborted and an email sent to the customer (step 102). If the retailer's ID and PIN are valid then the transaction continues.
10 In step 86 the verification apparatus stores the retailer's ID, the customer's ID and the details of the transaction and creates a transaction record. The transaction record includes a-transaction ID and other details of the transaction, such as the customer ID.
15 The transaction record is used to ensure that the transaction stays the same during the process of the transaction. This stops the transaction being altered or interfered with. In step 88 the verification apparatus sends the transaction record to the web 20 server.
In step 90 the web server shows the transaction details to the customer and starts the client software running on the customer's Internet device. In step 92, the 25 customer enters his PIN using the client software.
The client software then sends the customer ID (entered in step 80) and PIN, and the transaction details (as shown to the customer) to the verification apparatus.
30 In step 94 the verification apparatus checks whether the customer's ID and PIN are valid. If they are not the transaction is aborted and an email sent to the person whose ID was used warning him that an attempt may have been made to use his identity fraudulently 35 (step 102). If the customer's ID and PIN are valid then the transaction continues.
In step 96 the verification apparatus checks that the customer ID sent by the client software in the customer's Internet device matches the customer ID in the transaction record, in order to check that the 5 right transaction is being used. If the two customer IDs do not match, the transaction is terminated and the customer is sent an email (step 102). If they do match, the transaction continues.
10 In step 98 the verification apparatus checks that the transaction details sent by the customer match the transaction details sent by the web server, to ensure that nothing has been altered. If the details vary, the transaction is terminated and an email is sent to 15 the customer (step 102), and a message is sent to the web site. If the details match, the transaction - continues.
In step 100 the verification apparatus sends a message 20 to the web server confirming the transaction, sends an email to the customer confirming that the transaction has taken place, and sends details of the transaction to the retailer's server.
25 Step 102 is carried out if the transaction is terminated for any reason. In step-102 the customer is sent an email informing him of the reason why the transaction was aborted, or warning him that they may have been an attempt to use his identity fraudulently.
30 A message may also be sent to the web site identifying the reason for the termination.
The functions described above with reference to the first and second embodiments may be implemented using 35 software written in any appropriate programming language. The programming of such software will be apparent to the skilled person from the above descriptions of the various functions.
It will be understood that the present invention has 5 been described above purely by way of example, and modifications of detail can be made within the scope of the invention.
Although the invention has been illustrated with 10 reference to specific examples of transactions taking place in a retail environment and via the Internet, the invention is not limited to these situations, and may be used in any situation where'it is desired to verify the identity of an entity. For example, the invention 15 may be used for purposes such as identification for legal or financial matters, for voting or for document - verification, for drugs allocation, or for fraud prevention such as social security fraud prevention.
The invention may also be used for holding records such 20 as proof of purchase, proof of work.done, guarantees or warrantees, or as an intermediary for bill paying or ticket allocation, or for registered email.
The invention is also not limited to use with the 25 Internet, but may be used with any form of network such as an Intranet (private network), a local area network, or any form of distributed network.
The present invention may be embodied in a computer 30 program. The computer program may be stored on a computer-readable medium, or it could, for example, be in the form of a signal such as a downloadable data signal provided from an Internet web site. The appended computer program claims are to be interpreted 35 as covering a computer program by itself, or as a record on a carrier, or as a signal, or in any other -27f orm.
Each feature disclosed in the description, and (where appropriate) the claims and drawings may be provided independently or in any appropriate combination.
Claims (1)
1. Apparatus for verifying the identity of an entity, comprising:
a database comprising, for each of a plurality of entities, identification information for identifying the entity, and verification information for verifying the identity of the entity; means for receiving a request from a first entity, 10 being one of the plurality of entities, for verification of the identity of a second entity, being another of the plurality of entities; means for receiving identification information and verification information relating to the second entity; 15 means for determining whether the received identification information and verification information match identification information and verification information relating to the second entity stored in the database; and 20 means for issuing, in dependence on an output from the determining means, an indication to the first entity of whether the identity of the second entity is verified.
25 2. Apparatus according to claim 1, further comprising means for receiving identification information and verification information relating to the first entity, and means for determining whether the received identification information and 30 verification information relating to the first entity match identification information and verification information relating to the first entity stored in the database.
35 3. Apparatus according to claim 1 or 2 wherein the identification information and verification information relating to the second entity are received from the first entity.
4. Apparatus according to claim 1 or 2 wherein 5 the identification information relating to the second entity is received from the first entity, and the verification information is received separately.
5. Apparatus according to any of the preceding 10 claims further comprising means for issuing an indication to the second entity that the request has been received.
6. Apparatus according to any of the preceding 15 claims wherein the database includes distinctive information relating to at least the second entity, and the apparatus further comprising means for sending distinctive information relating to the second entity to the first entity.
7. Apparatus according to any of the preceding claims, being apparatus for verifying the identities of parties to a transaction, and further comprising means for storing details of the transaction.
8. Apparatus according to claim 7 further comprising means for sending the details of the transaction to a party to the transaction.
30 9. Apparatus for use by a first entity in the verification of the identity of a second entity, comprising:
means for receiving identification information and verification information relating to the second entity; 35 means for transmitting a request for verification of the identity of the second entity to a verification apparatus; means for transmitting to the verification apparatus ident".fication information and verification information relating to the second entity; and 5 means for receiving an indication from the verification apparatus that the identity of the second entity is verified by the verification apparatus.
10. Apparatus according to claim 9, the apparatus 10 being an electronic point-of-sale device for processing a transaction, wherein the transaction is only processed if the identity of the second entity is verified.
15 11. Apparatus according to claim 9 or 10 further comprising means for transmitting to the verification apparatus identification information and verification information relating to the first entity.
20 12. Apparatus according to any of claims 9 to 11 further comprising means for receiving from the verification apparatus distinctive information relating to the second entity.
25 13. Apparatus according to claim 12 further comprising means for comparing the distinctive information received from the verification apparatus with corresponding information input by the second entity.
14. Apparatus according to any of the preceding claims being adapted to communicate over a distributed network.
35 15. A web server which, when in use, provides a web site for carrying out transactions over the Internet, the web site comprising:
means for proposing a transaction to an Internet device; means for receiving an acceptance of the 5 transaction from the Internet device; means for receiving identification information identifying a user of the Internet device; means for sending the identification information identifying the user to a verification apparatus; 10 means for receiving from the verification apparatus an indication of whether the user's identity has been verified; and means for carrying out the transaction in dependence on the indication of whether the user's 15 identity has been verified.
- 16. A web server according to claim 15, wherein the web site further comprises means for sending identification information identifying the web site and 20 verification information verifying the identity of the web site to the verification apparatus.
17... A web server according to-claim 15 or 16, wherein the web site furt her comprises means for 25 sending details of the transaction to the verification apparatus.
18. An Internet device adapted to carry out transactions via the Internet, the Internet device 30 comprising:
means for sending an acceptance of a proposed transaction to a web site provided by a web server; means for sending identification information identifying a user of the Internet device to the web 35 site; means for receiving from the user of the Internet device verification information verifying the identity of the user; means for sending the verification information to a verification apparatus; 5 means for receiving an indication of whether the transaction has been processed; and means for indicating to the user whether the transaction has been processed.
10 19. An Internet device according to claim 18 further comprising means for receiving from the verification apparatus an indication of whether the web site's identification has beerf verified.
15 20. An Internet device according to claim 19 further comprising means for aborting the transaction - in dependence on the indication of whether the web site's identification has been verified.
20 21. An Internet device according to any of claims 18 to 20 further comprising means for indicating to the user that the transaction has been processed.
22. An Internet device according to claim 21 25 wherein the indication that the transaction has been processed includes details of the transaction.
23. An Internet device according to any of claims 18 to 22 further comprising means for requesting 30 details of transactions from the verification apparatus, and means for receiving such details 24. A method of verifying the identity of an entity comprising:
35 storing in a database, for each of a plurality of entities, identification information for identifying the entity, and verification information for verifying the identity of the entity; receiving a request from a first entity, being one of the plurality of entities, for verification of the 5 identity of a second entity, being another of the plurality of entities; receiving identification information and verification information relating to the second entity; determining whether the received identification 10 information and verification information match identif ication inf ormation and verif ication inf ormation relating to the second entity stored in the database; and issuing, in dependence on the determining step, an is indication to the first entity of whether the identity of the second entity is verified.
25. A computer program which, when run on a computer that is connected to the Internet, causes the 20 computer to provide a web site for carrying out transactions over the Internet, the program comprising:
a program portion for proposing a transaction to an Internet device;.
a program portion for receiving an acceptance of 25 the transaction from the Internet device; a program portion for receiving identification information identifying a user of the Internet device; a program portion for sending the identification information identifying the user to a verification 30 apparatus; a program portion for receiving from the verification apparatus an indication of whether the user's identity has been verified; and a program portion for carrying out the transaction 35 in dependence on the indication of whether the user's identity has been verified.
26. A computer program which, when run on a computer that is connected to the Internet, causes the computer to function as an Internet device for carrying out transactions via the Internet, the program 5 comprising:
a program portion for sending an acceptance of a proposed transaction to a web site provided by a web server; a program portion for sending identification 10 information identifying a user of the Internet device to the web site; a program portion for receiving from the user of the Internet device verification information verifying the identity of the user; 15 a program portion for sending the verification information to a verification apparatus; a program portion for receiving an indication of whether the transaction has been processed; and a program portion for indicating to the user 20 whether the transaction has been processed.
27. A computer program which, when run on a computer, causes the computer to function as an apparatus according to any of claims I to 14,-or a web 25 server according to of any of claims 15 to 17, or an Internet device according to any of claims 18 to 23.
26. A computer program or a computer program product for carrying out any of the methods described 30 herein, or a computer readable medium having stored thereon a computer program for carrying out any of the methods described herein.
27. A method or apparatus substantially as 35 described herein with reference to the accompanying drawings.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0020219A GB2366056A (en) | 2000-08-16 | 2000-08-16 | Verifying identities |
EP01956670A EP1309950A1 (en) | 2000-08-16 | 2001-08-09 | Apparatus for and methods of verifying identities |
PCT/GB2001/003608 WO2002015136A1 (en) | 2000-08-16 | 2001-08-09 | Apparatus for and methods of verifying identities |
AU2001278594A AU2001278594A1 (en) | 2000-08-16 | 2001-08-09 | Apparatus for and methods of verifying identities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0020219A GB2366056A (en) | 2000-08-16 | 2000-08-16 | Verifying identities |
Publications (2)
Publication Number | Publication Date |
---|---|
GB0020219D0 GB0020219D0 (en) | 2000-10-04 |
GB2366056A true GB2366056A (en) | 2002-02-27 |
Family
ID=9897754
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0020219A Withdrawn GB2366056A (en) | 2000-08-16 | 2000-08-16 | Verifying identities |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1309950A1 (en) |
AU (1) | AU2001278594A1 (en) |
GB (1) | GB2366056A (en) |
WO (1) | WO2002015136A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140207536A1 (en) * | 2013-01-24 | 2014-07-24 | Everyone Counts, Inc. | Electronic polling device |
WO2016083987A1 (en) * | 2014-11-25 | 2016-06-02 | Ideco Biometric Security Solutions (Proprietary) Limited | Method of and system for obtaining proof of authorisation of a transaction |
EP3151180A1 (en) * | 2015-09-29 | 2017-04-05 | STH Development & Design AB | Identification method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2264377A (en) * | 1990-09-06 | 1993-08-25 | Abbud Salomon Dahbura | System for preventing fraudulent use of credit card |
GB2331825A (en) * | 1997-11-28 | 1999-06-02 | Nec Corp | Personal identification authentication using fingerprints |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1235177A3 (en) * | 1993-12-16 | 2003-10-08 | divine technology ventures | Digital active advertising |
US5802199A (en) * | 1994-11-28 | 1998-09-01 | Smarttouch, Llc | Use sensitive identification system |
JP3361661B2 (en) * | 1995-09-08 | 2003-01-07 | 株式会社キャディックス | Authentication method on the network |
JPH0981519A (en) * | 1995-09-08 | 1997-03-28 | Kiyadeitsukusu:Kk | Authentication method on network |
US6047268A (en) * | 1997-11-04 | 2000-04-04 | A.T.&T. Corporation | Method and apparatus for billing for transactions conducted over the internet |
EP0921487A3 (en) * | 1997-12-08 | 2000-07-26 | Nippon Telegraph and Telephone Corporation | Method and system for billing on the internet |
-
2000
- 2000-08-16 GB GB0020219A patent/GB2366056A/en not_active Withdrawn
-
2001
- 2001-08-09 AU AU2001278594A patent/AU2001278594A1/en not_active Abandoned
- 2001-08-09 WO PCT/GB2001/003608 patent/WO2002015136A1/en not_active Application Discontinuation
- 2001-08-09 EP EP01956670A patent/EP1309950A1/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2264377A (en) * | 1990-09-06 | 1993-08-25 | Abbud Salomon Dahbura | System for preventing fraudulent use of credit card |
GB2331825A (en) * | 1997-11-28 | 1999-06-02 | Nec Corp | Personal identification authentication using fingerprints |
Also Published As
Publication number | Publication date |
---|---|
AU2001278594A1 (en) | 2002-02-25 |
EP1309950A1 (en) | 2003-05-14 |
WO2002015136A1 (en) | 2002-02-21 |
GB0020219D0 (en) | 2000-10-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8799088B2 (en) | System and method for verifying user identity information in financial transactions | |
US7533066B1 (en) | System and method for biometrically-initiated refund transactions | |
US7865439B2 (en) | Systems and methods for verifying identities | |
US6591249B2 (en) | Touch scan internet credit card verification purchase process | |
US6581042B2 (en) | Tokenless biometric electronic check transactions | |
US7844545B2 (en) | Systems and methods for validating identifications in financial transactions | |
US7885890B2 (en) | System for authorizing credit use | |
US20100082470A1 (en) | Method for remote check deposit | |
US20030177102A1 (en) | System and method for biometric authorization for age verification | |
US20140289120A1 (en) | Verification methods for fraud prevention in money transfer receive transactions | |
US20070119923A1 (en) | Biometric authentication | |
US20030046237A1 (en) | Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens | |
US7869625B2 (en) | Real-time remote image capture system | |
US20110196753A1 (en) | System and method for immediate issuance of an activated prepaid card with improved security measures | |
US20040049463A1 (en) | Method for preventing forgery of every kinds of lottery-ticket, exchange-ticket, certificate published by communication network and id-card, credit-card, medical insurance card with authentication code | |
US8571996B2 (en) | Apparatus and method for secured commercial transactions | |
US20080082451A1 (en) | Biometric Authorization of Electronic Payments | |
US20020120585A1 (en) | Action verification system using central verification authority | |
JP2002108823A (en) | Method for personal identification, method for one-stop service and related system | |
GB2366056A (en) | Verifying identities | |
JP2001266034A (en) | Transaction system and transaction management device | |
US20180121924A9 (en) | Apparatus and method for secured commercial transactions | |
US11587086B1 (en) | Payment distribution system and method | |
WO2009096963A1 (en) | Biometric authorization of electronic payments | |
JP2001306525A (en) | Method and system for authenticating user, user authentication system operating method, authentication sever and enterpriser server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |