1. Field of the Invention
This invention relates to the arts of user identification, such as personal identification numbers and signature recognition.
2. Description of the Related Art
When making a transaction using a credit account, credit card, or automatic teller machine (“ATM”), many systems require users to identify themselves using a unique number, such as a personal identification number (PIN), or to place their signature onto a paper slip or into a digitizing tablet. Methods for verifying a user's PIN from data stored on the magnetic strip of a card or via a transaction over a computer network are well known. Additionally, methods for recognizing a digitized signature are also well known in the art.
PINs are highly subject to fraud, however. For example, it is well known in the law enforcement community that many identity thieves simply sit in a position within a public space such as an airport terminal where they can view an ATM or pay phone. Then, when an unsuspecting user keys in his or her PIN, the thief simply watches the entry, sometimes with the aid of binoculars. In the case of a phone credit card, the thief may also be able to watch and learn the user's account number, thereby directly enabling him or her to use the victim's account. In the case of an ATM or credit card, the thief may then proceed to steal the victims wallet or purse to obtain the card.
Signature recognition has promised greater security, and many point-of-sale (POS) systems have been equipped with electronic tablets upon which a credit card or ATM card user must sign in order to complete a transaction. However, due to the limitations in accuracy and the shear volume of data needed to store many reference copies of signatures for card holders, as well as the intense computational capabilities needed to accurately characterize and recognize a human signature, these POS systems are rarely used to actually perform signature recognition. Rather, they have been used to reduce the physical storage requirements for a retailer to maintain paper copies of signed credit slips. Instead, copies of the digitized signatures are kept electronically for a period of time in case they are needed during a credit card dispute resolution investigation.
Recently, another consumer identification device has been introduced into the market place, most notably in the “pay-at-the-pump” retail fuel market. These small devices hang on a key chain or ring, and contain a small integrated circuit (“IC”) similar in technology to those employed for theft prevention in retail stores. As illustrated in FIG. 1, the system (1) consists of a key fob (11) device, which is usually hand held by a user (12). The point-of-sale system (or other system requiring user identification such as an automatic door lock) has a radio-frequency (“RF”) transparent panel (10), behind which is concealed a transmitter-receiver “sensor” (13) element such as an antenna element. The transmitter-receiver (13) is interfaced to a Consumer Identification Unit (“CIDU”) (14), which is usually microprocessor based. To improve performance, a large panel may be equipped with multiple sensors whose signals are summed by the CIDU.
In practice, the consumer places the key fob (11) within a sensitivity proximity P of the panel (10) when he or she wishes to authorize a transaction. A low-power RF signal which is constantly emitted by the sensor (13) is received by the IC in the key fob (11), which induces enough energy from the emitted signal to power the IC and to transmit a unique code or number which is associated with the consumer or user. This signal is received by the CIDU, decoded, and the user's identity is determined (either in a local datastore or via a look-up over a computer network (15)). The transaction can then be processed as is done in the art currently, either by requesting transaction authorization from a credit server over a computer network (15), or performing the authorization locally.
This technology can be applied to a number of problems requiring quick identification of a user. For example, the same system can be applied to the controls for an automatic door lock, and the IC device can be carried in a key fob or a ID “badge”, thereby allowing the user to approach the door, place the key fob or badge within proximity of the access control panel, and the system automatically verifies authorization to enter the door and unlocks the door.
However, this RF ID process does not actually verify that the person who possesses the RF ID device is the actual user associated with the device. For example, if a woman's purse is stolen, the thief may simply use her key fob device to purchase fuel at such a gas pump because the system does not require entry of a signature or PIN. This step is avoided because one key to the marketability of the key fob device is convenience and quickness of completing the transaction—simply “wanding” the key fob past the panel to complete a transaction. Adding a step to enter a PIN number or sign a touch-sensitive pad would make this process less convenient than the standard credit card and ATM process previously in use.
As such, this type of RF ID technology has seen limited adoption by the industry, primarily limited to applications where purchase amounts are limited by some practical factor. Gasoline purchases, for example, rarely exceed $50 for a typical retail customer, and as such, the increased risk of fraudulent use of the devices is not associated with tremendous loss when measured in dollar value.
Therefore, there is a need in the art for a system and method which allows the convenience of the RF ID system to be securely employed in applications which authorize transactions of greater significance in order to promote their use in a widespread manner. Further, this new system and method must provide a user-unique identification step which does not decrease the convenience or speed with which the transaction can be completed (when compared to the current RF ID process), does not significantly increase the processing requirements of a CIDU to perform the decoding and user identification functions, and preferably allows a single user to define his or her own identification signature or multiple signatures.