Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 1 of 18
`Case 6:21-cv-00165—ADA Document 1-1 Filed 02/23/21 Page 1 of 18
`
`
`EXHIBIT A
`
`EXHIBIT A
`
`
`
`
`
`

`

`USOO8620039B2
`
`(12) United States Patent
`Burke
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8.620,039 B2
`Dec. 31, 2013
`
`(54) CARD DEVICE SECURITY USING
`BOMETRICS
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`(75) Inventor: Christopher John Burke, Ramsgate
`(AU)
`(73) Assignee: Securicom (NSW) Pty Ltd, New South
`Wales (AU)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 912 days.
`12/063,650
`Aug. 10, 2006
`
`(*) Notice:
`
`(21) Appl. No.:
`(22) PCT Filed:
`(86). PCT No.:
`S371 (c)(1),
`(2), (4) Date:
`(87) PCT Pub. No.: WO2007/019605
`PCT Pub. Date: Feb. 22, 2007
`
`PCT/AU2OO6/OO1136
`
`Aug. 12, 2010
`
`5,457,747 A 10/1995 Drexler et al. .................. 380.24
`6,665,601 B1
`12/2003 Nielsen ........................... 7O1, 50
`6,796.492 B1
`9/2004 Gatto ..........
`... 235,379
`2004/0041690 A1
`3/2004 Yamagishi ........................ 340/5
`
`FOREIGN PATENT DOCUMENTS
`
`5, 2003
`2412403 A1
`CA
`5, 2003
`WO 03/036861 A1
`WO
`WO WO 2004/100053 A1 11, 2004
`
`OTHER PUBLICATIONS
`
`International Search Report dated Oct. 20, 2006.
`International Preliminary Report on Patentability dated Nov. 19.
`2007.
`Supplementary European Search Report dated Aug. 29, 2011 for
`EPO Application No. EP 06760981.8.
`
`Primary Examiner — Andrew W. Johns
`(74) Attorney, Agent, or Firm — Brinks Gilson & Lione
`
`(57)
`ABSTRACT
`The disclosed Biometric Card Pointer arrangements store
`(207) a card user's biometric signature in a local memory
`(124) in a verification station (127) the first time the card user
`uses the verification station (127) in question. The biometric
`signature is stored at a memory address (607) defined by the
`card information (605) on the user's card (601). All future
`uses of the particular verification station (127) by someone
`submitting the aforementioned card (601) requires the card
`user to submit both the card and a biometric signature, which
`is verified against the signature Stored at the memory address
`defined by the card information (605) thereby determining if
`the person Submitting the card is authorized to do so.
`
`20 Claims, 7 Drawing Sheets
`
`(65)
`
`(30)
`
`Prior Publication Data
`US 2010/O296708 A1
`Nov. 25, 2010
`Foreign Application Priority Data
`
`Aug. 12, 2005 (AU) ................................ 2005904375
`
`(2006.01)
`
`(51) Int. Cl.
`G06K 9/00
`(52) U.S. Cl.
`USPC .......................................... 382/119; 340/5.82
`(58) Field of Classification Search
`USPC .................... 382/115, 119, 155, 159; 356/71;
`350/5.2, 5.52, 5.53, 5.8, 5.81, 5.82,
`350/5.83: 235/380,382; 340/5.2, 5.52,
`340/5.53, 5.8, 5.81, 5.82, 5.83
`See application file for complete search history.
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 2 of 18
`
`pointer
`used for
`3rd party
`reader
`application
`
`eas engaged?
`
`Yes
`
`process caid
`information
`
`Request &
`rescews bioetic
`signature
`
`205 see Fig.6
`
`Memory (card data) is
`signature?
`
`YES verification
`process
`
`Memory card data) =
`empty?
`
`208
`
`Alert process
`
`
`
`Eleft
`process
`
`2O7
`see Fig. 7
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 1 of 7
`
`US 8,620,039 B2
`
`700
`f prior art
`
`701 swipe card
`
`
`
`703 signature used by person
`at point of transaction
`
`702
`card information detected
`by card reader device
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 3 of 18
`
`Fig. 1
`prior art
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 2 of 7
`
`US 8.620,039 B2
`
`701 swipe card
`
`703 signature used by person
`at point of transaction
`
`800
`1. prior art
`
`702
`card information detected
`by card reader device
`
`803
`
`-
`
`N
`
`biometric
`signature reader
`
`802
`
`801
`biometric input
`by card holder
`
`back end
`database
`806
`
`
`
`804
`
`l
`
`Computer
`Network
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 4 of 18
`
`C d
`
`? 805
`
`/
`
`/
`
`1 1.
`
`Fig. 2
`prior art
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 3 of 7
`
`US 8,620,039 B2
`
`Back-end
`Processor
`
`
`
`100
`?n
`
`Computer
`NetWork
`
`120
`
`127
`Verification
`Station
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`-
`
`LCD
`Display
`
`117
`
`116
`
`126
`
`S 7 108
`
`110
`
`111
`
`Interface
`
`Interface
`
`Storage Device
`
`107
`
`101
`
`
`
`109
`
`104
`
`Biometric
`Reader
`
`Card device
`"Reader'
`
`103
`
`125
`biometric card
`pointer reader
`
`102
`
`112
`
`
`
`
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 5 of 18
`
`
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 4 of 7
`
`US 8,620,039 B2
`
`600
`1. biometric card
`pointer concept
`
`601 swipe or smart card
`
`605 card information
`
`
`
`602 603
`card card
`type range
`
`
`
`604
`card data -
`points to
`address of
`biometric
`signature
`
`606
`header - used
`to determine
`permitted
`Card Set
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 6 of 18
`
`Fi 9. 4
`
`124
`local
`database
`
`607
`memory address
`defined by card
`data
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 5 Of 7
`
`US 8,620,039 B2
`
`200
`u1 biometric
`Card
`pointer
`used for
`3rd party
`reader
`application
`
`Card device
`engaged?
`
`Process Card
`information
`
`Request &
`receive biometric
`signature
`
`
`
`
`
`
`
`
`
`
`
`205 see Fig. 6
`
`Memory (card data) =
`signature?
`
`YES
`
`Verification
`process
`
`Enrolment
`process
`
`
`
`
`
`
`
`
`
`Alert process
`
`2O7
`see Fig. 7
`
`
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 7 of 18
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 6 of 7
`
`US 8,620,039 B2
`
`from 204 Fig. 5
`
`o
`
`205
`
`/ Verification
`process
`
`Authorise
`transaction
`
`301
`
`Perform transaction
`process
`
`302
`
`to 201 Fig. 5
`
`Fig. 6
`
`from 206 Fig. 5
`
`2O7
`M enrolment
`process
`
`store received
`signature at memory
`(card data)
`
`401
`
`authorise
`transaction
`
`402
`
`perform transaction
`process
`
`to 201 Fig. 5
`
`Fig. 7
`
`
`
`
`
`
`
`
`
`
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 8 of 18
`
`

`

`U.S. Patent
`
`Dec. 31, 2013
`
`Sheet 7 Of 7
`
`US 8,620,039 B2
`
`202
`/ O
`
`from 201 Fig. 5
`
`
`
`Read card
`information
`
`
`
`Determine
`permitted card set
`
`502
`
`
`
`Reject
`Card
`
`Card header
`in Set?
`
`
`
`504
`
`503
`
`to 201 Fig. 5
`
`to 203 Fig. 5
`
`pointer used for
`1st party reader
`application
`
`Purchase / hire BCP reader
`at registered supplier
`
`
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 9 of 18
`
`Perform enrolment process
`at Supplier premises
`
`
`
`Use "pre-loaded" BCP
`reader + card for 3rd party
`transactions
`
`901
`
`902
`
`903
`
`

`

`US 8,620,039 B2
`
`1.
`CARD DEVICE SECURITY USING
`BIOMETRICS
`
`This application is the National Stage of International
`Application No. PCT/AU2006/001136, filed Aug. 10, 2006,
`which claims the benefit of priority to Australian Patent
`Application No. 2005904375, filed on Aug. 12, 2005. All of
`the foregoing applications are hereby incorporated herein in
`their entirety in this application.
`
`5
`
`10
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to security issues
`and, in particular, to security issues associated with use of
`card devices such as credit cards, Smart cards, and wireless
`card-equivalents such as wireless transmitting fobs.
`
`BACKGROUND
`
`This description makes reference to various types of “card
`device' and their associated “reader devices’ (respectively
`referred to merely as cards and readers). The card devices all
`contain card information that is accessed by “coupling the
`card device to an associated reader device. The card informa
`tion is used for various secure access purposes including
`drawing cash from an Automatic Teller Machine (ATM),
`making a purchase on credit, updating a loyalty point account
`and so on. The card information is typically accessed from the
`card by a corresponding card reader which then sends the card
`information to a “back-end' system that completes the appro
`priate transaction or process.
`One type of card is the “standard credit card” which in this
`description refers to a traditional plastic card 701 as depicted
`in FIG. 1. The standard credit card is typically “swiped
`through a slot in a standard credit card reader in order to
`access card information 702 on the card 701. The card infor
`mation 702 can alternately be encoded using an optical code
`Such as a bar code, in which case the reader is Suitably
`adapted. The standard credit card 701 also typically has the
`signature 703 of the card-owner written onto a paper strip on
`the card 701. This is used for verification of the identity of the
`person Submitting the card when conducting a transaction
`using the card 701.
`Another type of card device is the smart card (not shown)
`that typically has an on-board processor and a memory. The
`Smart card typically has electrical contacts that mate with
`corresponding contacts on a Smart card reader (not shown)
`when accessing data in the memory of the Smart card.
`Another type of card device is the wireless "key-fob”
`which is a Small radio transmitter that emits a radio frequency
`(RF) signal when abutton on the fob is pressed. The RF signal
`can be encoded using the Wiegand protocol, or any other
`suitable protocol, such as rolling code or BluetoothTM and can
`include encryption if desired. The key-fob typically has a
`processor and memory storing data that is sent via the trans
`mitted signal to a corresponding receiver, which is the “reader
`device' for this type of card device.
`The description also refers to "card user' and “card
`owner. The card user is the person who submits the card for
`a particular transaction. The card user can thus be the (autho
`rised) card owner oran (unauthorised) person who has found
`or stolen the card.
`Clearly the signature 703 on the standard credit card 701 in
`FIG. 1 can be forged. Thus, if the standard card 701 is stolen
`or lost, an unauthorised user can use the card provided that
`they can Supply a Sufficiently accurate version of the signature
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 10 of 18
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`703. The only recourse available to the card owner is to notify
`the card issuing company to "cancel the card.
`Current card devices such as the standard credit card, the
`Smart card and the key-fob can have their security enhanced
`by requiring the card user to provide PIN (Personal Identifi
`cation Number) information through a keypad to verify their
`identity prior to completing a transaction. However, PIN
`information can also be "stolen” by surveillance of the card
`owners hands as the card owner operates the keypad.
`Biometric verification can also be incorporated into current
`card systems to enhance security. In FIG. 2 the card user
`swipes the standard card 701 through an associated card
`reader (not shown) that accesses the card information 702 on
`the card 701. The card user also provides a biometric input
`801, for example by pressing their thumb against a biometric
`(eg fingerprint) reader 802. The card information 702 that is
`read by the card reader (not shown), together with the bio
`metric signature that is read by the biometric (fingerprint)
`reader 802, are sent, as depicted by a dashed arrow 803, a
`computer network 804, and a further dashed arrow 805, to a
`back-end system including a database 806 and associated
`processor (not shown).
`In this arrangement, the card owner needs to have previ
`ously registered their biometric signature 801 and the card
`information 702 for pre-loading onto the back-end database
`806. Having done so, the back-end processor (not shown)
`compares the pre-loaded information on the database 806
`with the information received at 805, in order to check that the
`cardholder of the card 701 is the (authorised) card owner and
`that the card itself is valid, in which case the transaction in
`question can proceed. Clearly this arrangement requires a
`central repository (806) of card information 702 and biomet
`ric information 801. This is cumbersome and potentially
`compromises the privacy of the holder of the card 701. This
`arrangement also requires complex back-end database man
`agement and the communications network 804. Furthermore,
`the front-end biometric signature reader 802 requires storage
`and/or processing capabilities for the biometric signatures.
`This results in a complex and expensive solution.
`Privacy concerns have also been raised against the arrange
`ment of FIG. 2 which involves centralised storage and pro
`cessing of personal information including biometric informa
`tion. These concerns have slowed widespread use of
`biometrics to enhance user verification.
`
`SUMMARY
`
`It is an object of the present invention to substantially
`overcome, or at least ameliorate, one or more disadvantages
`of existing arrangements.
`Disclosed are arrangements, referred to as Biometric Card
`Pointer (BCP) arrangements or systems, which seek to
`address the above problems relating to secure access and/or
`secure processes, by automatically storing a card user's bio
`metric signature in a local memory in a verification station
`comprising a card reader, a biometric signature reader, the
`local biometric signature memory (preferably in a mechani
`cally and electronically tamper-proof form), an alphanumeric
`keypad (optional), and a communication module for commu
`nicating with back-end system that may be remotely acces
`sible over a network.
`The card user's biometric signature is automatically stored
`the first time the card user uses the verification station in
`question (this being referred to as the enrolment phase). The
`biometric signature is stored at a memory address defined by
`the (“unique') card information on the user's card as read by
`the card reader of the verification station. Clearly the term
`
`

`

`3
`“unique' means unique in the context of a permitted set of
`cards associated with the verification station. This is
`described in more detail in regard to FIG. 8.
`All future uses (referred to as uses in the verification phase)
`of the particular verification station by someone submitting
`the aforementioned card requires the card user to submit both
`the card to the card reader and a biometric signature to the
`biometric reader, which is verified against the signature
`stored at the memory address defined by the card information
`thereby determining if the person Submitting the card is
`authorised to do so.
`Each use of the verification station is identical from the
`card user's perspective, requiring merely input of the card to
`the card reader, and provision of the biometric signature (eg
`thumb print or retinal scan etc.) to the biometric reader.
`An authorised card user will be automatically verified by
`the BCP arrangement in the verification station, and the cor
`responding transaction, be it an ATM cash withdrawal, a
`credit purchase, a loyalty point update etc. will simply pro
`ceed as normal. An unauthorised card user (ie a card user who
`misappropriated the card after the initial enrolment) will not
`receive authorisation, and the intended transaction will not
`proceed. Furthermore, the biometric signature of the unau
`thorised user will be captured in the verification station, and
`can be used by the authorities to track the unauthorised user
`and prove misappropriation of the card.
`The disclosed BCP arrangements require little if any modi
`fication of the back-end systems or the (front-end) card. The
`additional administrative overheads associated with the BCP
`30
`arrangements, above those already required for systems using
`(standard) cards and back-end systems, are minimal. The
`BCP arrangements also potentially have a reduced impact on
`privacy of card users. The biometric signatures stored in the
`local database of the verification station can be made off
`limits to anyone, or limited to law enforcement agencies,
`depending on the administrative environment in which the
`BCP arrangements are implemented. Users of current card
`systems can learn to use BCP arrangements without much
`effort, needing only to provide a biometric signature when
`40
`asked to do so at the verification station. The difference
`between the enrolment and verification phases are transparent
`to users, further reducing the effort in learning how to use the
`BCP arrangements.
`According to a first aspect of the present invention, there is
`provided a method of enrolling in a biometric card pointer
`system, the method comprising the steps of
`receiving card information;
`receiving the biometric signature; and
`storing, if a memory location defined by the card informa
`tion is unoccupied, the biometric signature at the defined
`memory location.
`According to another aspect of the present invention, there
`is provided a method of obtaining verified access to a process,
`the method comprising the steps of
`storing a biometric signature according to the noted enrol
`ment method;
`Subsequently presenting card information and a biometric
`signature; and
`Verifying the Subsequently presented presentation of the
`card information and the biometric signature if the Subse
`quently presented biometric signature matches the biometric
`signature at the memory location defined by the Subsequently
`presented card information.
`According to another aspect of the present invention, there
`is provided a method of securing a process at a verification
`station, the method comprising the steps of
`
`50
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 11 of 18
`
`45
`
`55
`
`60
`
`65
`
`US 8,620,039 B2
`
`10
`
`15
`
`25
`
`35
`
`4
`(a) providing card information from a card device to a card
`reader in the verification station;
`(b) inputting a biometric signature of a user of the card
`device to a biometric reader in the verification station;
`(c) determining if the provided card information has been
`previously provided to the verification station;
`(d) if the provided card information has not been previ
`ously provided to the verification station;
`(da) storing the inputted biometric signature in a memory
`at a memory location defined by the provided card infor
`mation; and
`(db) performing the process dependent upon the received
`card information;
`(e) if the provided card information has been previously
`provided to the verification station;
`(ea) comparing the inputted biometric signature to the bio
`metric signature stored in the memory at the memory
`location defined by the provided card information;
`(eb) if the inputted biometric signature matches the stored
`biometric signature, performing the process dependent
`upon the received card information; and
`(ec) if the inputted biometric signature does not match the
`stored biometric signature, not performing the process
`dependent upon the received card information.
`According to another aspect of the present invention, there
`is provided a verification station for securing a process, the
`Verification station comprising:
`a card device reader for receiving card information from a
`card device coupled to the verification station;
`a biometric signature reader for receiving a biometric sig
`nature provided to the verification station;
`means for determining if the provided card information has
`been previously provided to the verification station;
`means, if the provided card information has not been pre
`viously provided to the verification station, for:
`storing the inputted biometric signature in a memory at a
`memory location defined by the provided card informa
`tion; and
`performing the process dependent upon the received card
`information;
`means, if the provided card information has been previ
`ously provided to the verification station, for:
`comparing the inputted biometric signature to the biomet
`ric signature Stored in the memory at the memory loca
`tion defined by the provided card information;
`if the inputted biometric signature matches the stored bio
`metric signature, performing the process dependent
`upon the received card information; and
`if the inputted biometric signature does not match the
`stored biometric signature, not performing the process
`dependent upon the received card information.
`According to another aspect of the present invention, there
`is provided a computer program product including a com
`puter readable medium having recorded thereon a computer
`program for directing a processor to execute a method for
`securing a process at a verification station, said program
`comprising:
`code for determining if card information, provided to a
`card device reader incorporated into the Verification station,
`has been previously provided to the verification station;
`code, if the provided card information has not been previ
`ously provided to the verification station, for:
`storing a biometric signature, inputted to a biometric sig
`nature reader incorporated into the verification station,
`in a memory incorporated into the Verification station, at
`a memory location defined by the provided card infor
`mation; and
`
`

`

`US 8,620,039 B2
`
`5
`performing the process dependent upon the received card
`information;
`code, if the provided card information has been previously
`provided to the verification station, for;
`comparing the inputted biometric signature to the biomet
`ric signature Stored in the memory at the memory loca
`tion defined by the provided card information;
`if the inputted biometric signature matches the stored bio
`metric signature, performing the process dependent
`upon the received card information; and
`if the inputted biometric signature does not match the
`stored biometric signature, not performing the process
`dependent upon the received card information.
`According to another aspect of the present invention, there
`is provided a computer program product including a com
`puter readable medium having recorded thereon a computer
`15
`program for directing a processor to execute a method of
`enrolling in a biometric card pointer system, the program
`comprising:
`code for receiving card information;
`code for receiving the biometric signature; and
`code for storing, if a memory location defined by the card
`information is unoccupied, the biometric signature at the
`defined memory location.
`According to another aspect of the present invention, there
`is provided a computer program product including a com
`25
`puter readable medium having recorded thereon a computer
`program for directing a processor to execute a method of
`obtaining verified access to a process, the program compris
`1ng:
`code for storing a biometric signature according to the
`noted enrolment method;
`code for Subsequently presenting card information and a
`biometric signature; and
`code for Verifying the Subsequently presented presentation
`of the card information and the biometric signature if the
`Subsequently presented biometric signature matches the bio
`metric signature at the memory location defined by the Sub
`sequently presented card information.
`Other aspects of the invention are also disclosed.
`
`10
`
`30
`
`35
`
`6
`same reference numerals, those steps and/or features have for
`the purposes of this description the same function(s) or opera
`tion(s), unless the contrary intention appears.
`FIG. 3 is a functional block diagram of a system 100 in
`which the disclosed BCP arrangements can be practiced. The
`disclosed BCP methods particularly lend themselves to
`implementation on the special-purpose computer system 100
`such as that shown in FIG. 3 wherein the processes of FIGS.
`5-8 and 9 may be implemented as software, such as a BCP
`application program executing within the computer system
`100. In particular, the steps of the BCP processes are effected
`by instructions in the BCP software that are carried out by a
`verification station 127. The verification station 127 is typi
`cally constructed in a tamper-proof manner, both physically
`and electronically, to prevent unauthorised access to the inner
`mechanism of the verification station 127. The instructions
`may be formed as one or more code modules, each for per
`forming one or more particular tasks. The BCP software may
`also be divided into two separate parts, in which a first part
`performs the BCP methods and a second part manages a user
`interface between the first part and the user.
`The BCP software may be stored in a computer readable
`medium, including the storage devices described below, for
`example. The BCP software is loaded into the verification
`station 127 from the computer readable medium, and then
`executed by the verification station 127. A computer readable
`medium having such software or computer program recorded
`on it is a computer program product. The use of the computer
`program product in the computer preferably effects an advan
`tageous apparatus for effecting the BCP arrangements.
`The verification station 127 comprises, in the described
`arrangement, a biometric card pointer reader 125, a keypad
`103, and a computer module 101. The biometric card pointer
`reader is made up of a biometric reader 102, a card device
`reader 112 and a local database 124.
`The computer system 100 consists of a computer module
`101, input devices such as a biometric reader 102, a card
`reader 112, and a keypad 103, output devices including an
`LCD (Liquid Crystal Display) display device 126 and a loud
`speaker 117. The computer module 101 uses a Modulator
`Demodulator (Modem) transceiver device 116 for communi
`cating to and from a communications network 120, for
`example connectable via a telephone line 121 or other func
`tional medium. The modem 116 can be used to obtain access
`to a back end system including a processor 122 and back-end
`database 123 over the Internet, and other network systems,
`such as a Local Area Network (LAN) or a Wide Area Network
`(WAN).
`The computer module 101 typically includes at least one
`processor unit 105, and a memory unit 106, for example
`formed from semiconductor random access memory (RAM)
`and read only memory (ROM). The module 101 also includes
`a number of input/output (I/O) interfaces including an audio
`video interface 107 that couples to the LCD display 126 and
`loudspeaker 117, an I/O interface 113 for the keypad 103.
`biometric reader 102 and card reader 112, and an interface
`108 for the modem 116. In some implementations, the
`modem 1116 may be incorporated within the computer mod
`ule 101, for example within the interface 108.
`A storage device 109 is provided and typically includes a
`hard disk drive 110 and a flash memory 111. The components
`105, to 111 and 113 of the computer module 101, typically
`communicate via an interconnected bus 104 and in a manner
`that results in a conventional mode of operation of the com
`puter system 100 known to those in the relevant art.
`Typically, the BCP application program is resident on the
`hard disk drive 110 and read and controlled in its execution by
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`40
`
`Some aspects of the prior art and one or more embodiments
`of the present invention will now be described with reference
`to the drawings, in which:
`FIG. 1 depicts a standard credit card;
`FIG. 2 shows the card of FIG. 1 being used together with
`biometric verification;
`FIG. 3 is a functional block diagram of a special-purpose
`computer system upon which described methods for the BCP
`arrangements can be practiced;
`50
`FIG. 4 illustrates the biometric card pointer concept;
`FIG. 5 is a flow chart of a process for using the biometric
`card pointer arrangement;
`FIG. 6 shows the verification process of FIG. 5 in more
`detail;
`FIG. 7 shows the enrolment process of FIG. 5 in more
`detail;
`FIG. 8 shows the card information process of FIG. 5 in
`more detail; and
`FIG.9 shows an alternate use for the biometric card pointer
`arrangement.
`
`45
`
`55
`
`60
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 12 of 18
`
`DETAILED DESCRIPTION INCLUDING BEST
`MODE
`
`Where reference is made in any one or more of the accom
`panying drawings to steps and/or features, which have the
`
`65
`
`

`

`US 8,620,039 B2
`
`15
`
`25
`
`30
`
`35
`
`40
`
`7
`the processor 105. Intermediate storage of the program and
`any data fetched from the network 120 may be accomplished
`using the semiconductor memory 106, possibly in concert
`with the hard disk drive 110. In some instances, the BCP
`application program may be supplied to the user encoded on
`the flash memory device 111, or alternatively may be read by
`the computer module 101 from the network 120 via the
`modem device 116.
`Still further, the software can also be loaded into the com
`puter system 100 from other computer readable media. The
`10
`term “computer readable medium' as used herein refers to
`any storage or transmission medium that participates in pro
`viding instructions and/or data to the computer system 100
`for execution and/or processing. Examples of storage media
`include floppy disks, magnetic tape, CD-ROM, a hard disk
`drive, a ROM or integrated circuit, a magneto-optical disk, or
`a computer readable card such as a PCMCIA card and the
`like, whether or not such devices are internal or external of the
`computer module 101. Examples of transmission media
`include radio or infra-red transmission channels as well as a
`network connection to another computer or networked
`device, and the Internet or Intranets including e-mail trans
`missions and information recorded on Websites and the like.
`As illustrated in FIG. 4, a standard card 601 has card
`information 605 typically comprising three fields, namely
`602 which is the card type, 603 which is the card range, and
`604 which comprises card data specific to the particular card
`601. The card information 605 can be encoded using a mag
`netic strip, a barcode, or a solid state memory on the card 601.
`Alternately, the card device can be implemented as a wireless
`key fob. In one example of the disclosed BCP approach, the
`card data 604 acts as the memory reference which points, as
`depicted by an arrow 608, to a particular memory location at
`an address 607 in the local database 124 in the verification
`station 127 of FIG.3. The fields 602 and 603, which together
`form a header 606, can be used by the disclosed BCP system
`to determine if the card 601 is to be processed according to the
`disclosed BCP approach or not. This is described in more
`detail in regard to FIG.8. Alternately, any segment of the card
`information 605 can be used as the memory reference which
`points to the particular memory location in the local database
`124.
`In an initial enrolment phase, the card user couples their
`card 601 (or key-fob or other card device) to the card reader
`112. The card user is then required to input a biometric sig
`nature. Such as fingerprint, face, iris, or other unique signa
`ture, into the biometric reader102. The card data 604 defines
`the location 607 in the memory 124 where their unique bio
`metric signature is stored.
`Thereafter, in later verification phases, the user couples
`their card 601 to the card reader 112, after which the carduser
`is required to again present their unique biometric to the
`biometric reader 102. This signature is compared to the sig
`nature stored at the memory location 607 in the memory 124,
`the memory location 607 being defined by the card data 604
`read from their card 601 by the card reader 112. Once verifi
`cation is confirmed, the card information 605 is transferred
`from the verification station 127 to the back-end processor
`122 for completion of the transaction.
`Importantly, the back-end processor 122 does not see the
`difference between receiving the card information 605 from
`the verification station 127, and receiving it from a conven
`tional card reader in the absence of the verification station
`implementing the disclosed BCP arrangement. This means
`that back-end processes (depicted by the back-end processor
`122 and the back-end database 123) need no modification
`when incorporating the BCP arrangement into current card
`
`45
`
`Case 6:21-cv-00165-ADA Document 1-1 Filed 02/23/21 Page 13 of 18
`
`50
`
`55
`
`60
`
`65
`
`8
`systems. There are additional elements in the verification
`station 127 (see FIG. 3) compared to the normal card reader,
`however this is a relatively simple an inexpensive upgrade
`compared to the centralised arrangement depicted in FIG. 2.
`FIG. 5 shows a process 200 for normal use of the BCP
`approach. In a first step 201, the processor 105 determines if
`the card 601 has been read by the card reader 112. If this is not
`the case, then the process 200 follows a NO arrow back to the
`step 201. If, on the other hand, the card 601 has been read by
`the card reader 1