Traditionally, man-made personalized tokens are used to authorize an event or transaction being conducted via electronic means. Examples of such tokens include smart cards, magnetic swipe cards, identification cards or even a personal computer programmed with user-specific account data. These examples of tokens are “personalized” because they are programmed or encoded with data that is unique to the authorized user.
An example of a transaction that uses a personalized token is the transaction in which prescription medications are obtained. In prescribing medication to a patient, a physician may write the prescription on a prescription form and then sign the form. The physician presents the completed form (a token) to the patient who takes the form to a pharmacy. The pharmacy then provides the patient with the medication. Such a process of providing prescription medication has defects. For example, the pharmacy may have difficulty reading the physician's handwriting and may as a result issue the wrong medication, or the wrong instructions, or both. Additionally, the prescription form may be a fake or a forgery that has been created and completed to look like a legitimate authorization to dispense prescription drugs. Alternatively, the prescription form may be a legitimate form stolen from the physician and then completed by another person in an effort to cause the pharmacy to dispense prescription medication without the physician's authorization.
Man-made personalized tokens currently rely on an authorized user presenting the token. Such tokens are an attempt to identify the authorizer so that a transaction will occur. However, these tokens can be exchanged easily, either knowingly or unknowingly, between users. When such an exchange occurs, there is a danger that unauthorized events will occur.
The prior art includes biometric technologies which use a man-made token in conjunction with a biometric sample, such as a fingerprint, hand print, voice print, retinal image, facial scan or handwriting sample. In one such prior art device, a biometric sample is stored in electronic and reproducible form on the token itself, and so there is a significant risk of fraud because the token may be fraudulently altered. In another prior art device, the token must be presented in conjunction with the user presenting a biometric sample.
There is a need for an electronic authorization system that is highly fraud-resistant, practical, convenient for the user, and yet cost-effective to deploy. More specifically, there is a need for an electronic authorization system that relies solely on an authorizer's biometric for event or transaction authorization, and does not require the authorizer to possess a personalized man-made token, such as a smart card, magnetic swipe card, identification card, driver's license or personal computer. It would be preferable that such a system be affordable and flexible enough to be operatively compatible with existing systems, which have a variety of electronic transaction devices and system configurations.