WO2003034307A1 - Method of tying a product and/or a service to a person - Google Patents

Method of tying a product and/or a service to a person Download PDF

Info

Publication number
WO2003034307A1
WO2003034307A1 PCT/SE2002/001893 SE0201893W WO03034307A1 WO 2003034307 A1 WO2003034307 A1 WO 2003034307A1 SE 0201893 W SE0201893 W SE 0201893W WO 03034307 A1 WO03034307 A1 WO 03034307A1
Authority
WO
WIPO (PCT)
Prior art keywords
person
product
data
service
biometric data
Prior art date
Application number
PCT/SE2002/001893
Other languages
French (fr)
Inventor
Douglas Oest
Original Assignee
Produkt Poolen I Stockholm Ab
Johansson, Göran
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SE0103491A external-priority patent/SE0103491D0/en
Application filed by Produkt Poolen I Stockholm Ab, Johansson, Göran filed Critical Produkt Poolen I Stockholm Ab
Publication of WO2003034307A1 publication Critical patent/WO2003034307A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/0042Coin-freed apparatus for hiring articles; Coin-freed facilities or services for hiring of objects
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/40Coin-freed apparatus for hiring articles; Coin-freed facilities or services for devices for accepting orders, advertisements, or the like

Definitions

  • the present invention relates to a method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person.
  • the problem recurs when a person for various reasons, during a limited period of time, leaves a product with another person and receives a ticket, for example when repairing a VCR or having film developed. Beyond the fact that the ticket can be lost or destroyed, an extra dimension of the problem arises, since the ticket in no way constitutes proof that the person who has the ticket is the same person who originally was given the ticket when leaving the item in question. It is thus difficult to assert one's right to the item if the ticket is stolen.
  • a problem of the same type arises when depositing empty bottles or cans, with the difference that the person is now the seller instead of the buyer.
  • Another common problem today which is a direct result of the above described problem of tying a person to a specific product or service, is that people, who for security or other reasons should not be given access to certain products or services, can obtain without difficulty these products or use these services.
  • One purpose of the present invention is therefore to supply a method for registering, whereby a product and/or service can be simply and securely tied to a specific per- son, without resorting to the use of tickets or other identification means which can be lost or be falsified.
  • the method must also make it possible to identify parameters, which can determine the price of the service and/or product in question. Finally, this must be effected in a manner, which protects the person's personal integrity.
  • An additional purpose is to make it possible for authorised parties to prevent persons, who for various reasons are denied access to a product or service, from buying or selling the product and/or service in question. If a person should succeed in using a product or service to which he has no access, it should be possible for an authorised party to identify this person after the fact.
  • Claim 1 describes a method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person, characterized in that the person must provide at least one primary set of biometric data in connection with the purchase/sale, said primary biometric data being stored in at least storage medium as at least one piece of tie-in data tied to the product and/or service; that the person must provide at least a secondary set of biometric data during the course of the purchase/sale; that said secondary biometric data is compared to the tie-in data stored in said storage medium; that the person, if said secondary biometric data agrees with at least one piece of tie- in data in the storage medium, is identified as the buyer/seller of the product and/or service tied to said tie-in data; and that said tie-in data is erased from the storage medium within a predetermined time interval after the service has been provided or the product, or economic compensation for
  • Claim 7 describes in turn a method, when buying/selling a product and/or a service of tying, during a limited time period, the product and/or service to a person, char- acterized in that the person must provide at least one set of primary biometric data in conjunction with the purchase/sale, said primary biometric data being stored in at least one storage medium as at least one piece of tie-in data tied to the product and/or service; and that said tie-in data is erased from the storage medium within a predetermined time interval after use of the service or after receipt of the product or economic compensation for the product.
  • the method of claim 1 eliminates the risk of someone else taking the tie-in data or of the person using it. At the same time it makes it possible to check whether the person for some reason lacks access to the product or service, by comparing the person's primary biometric data with stop lists storing biometric data from persons not having access. Preferably, this check will be made in accordance with local laws and by authorized parties, e.g. a police authority.
  • the check need not mean that a person who is identified as not entitled to access will be identified by name, which could be considered to be an invasion of personal integrity, since the stop lists only need to store biometric data from these persons who are denied access, without any other characteristic features, such as names or per- sonal identity numbers. It should also be pointed out that this check is in no way absolutely necessary. Rather, it is up to the user of the present invention to decide whether such a check is to be carried out.
  • Another advantage is that, depending on local laws, it is possible to store the pri- mary biometric data for a limited period of time, even after the service or product has been consumed or economic compensation has been received, in order to be able to identify the person who used the service if one suspects that this person has improperly obtained the product or service or the compensation therefor. Since the biometric data is erased after a limited period of time after the transaction has been completed, this advantage can be utilized without impinging on personal integrity. Furthermore, according to the present invention, the person will only be identified by name if criminal acts are suspected, which is the case today.
  • Fig. 1 illustrates a flow chart of a first embodiment of the method according to the present invention
  • Fig. 2 illustrates a flow chart of a second embodiment of the method according to the present invention
  • Fig. 3 illustrates a flow chart of a third embodiment of the method according to the present invention
  • Fig. 4 illustrates a flow chart of a fourth embodiment of the method according to the present invention.
  • biometric data' encompasses here by way of examples signatures, fingerprints, handprints, DNA-codes, voice recognition, retina or iris scanning, vein patterns or other data by which a specific person can be identified and which are difficult to change.
  • a biological unit is a part of a person's body, from which the biometric data is obtained.
  • 'purchase' and 'sale' are not limited to the actual moment of payment, but define in the present patent application a process which begins when an initiative is taken for a purchase or sale, and is terminated when the use of the service has ended or the product, or compensation therefor, has been received.
  • the term 'storage medium' is used to encompass one or more means for storing information, such as an FTP-server, and a storage medium can thus comprise any number of data bases, for example.
  • Fig. 1 shows a flowchart of a first embodiment of the method according to claim 1, which describes the purchase of a ticket, e.g. an airline ticket, which is separated in space and time from the use of the ticket.
  • a person applies at least one biological unit to a first means for collecting biometric data 1.
  • the placement 2 of the biological unit is then checked and if the placement is correct, the first means will register a primary set of biometric data from the biological unit 3. If the biological unit should be improperly applied to the first means, the person will receive an error message 4, e.g. by means of a display, prompting him to try again.
  • a set of biometric stop data is a set of biometric data belonging to a person not entitled to access, who for various reasons is not allowed to buy the ticket. Such a person not allowed access could be a known terrorist or someone else with another criminal record. If this person's primary biometric data is stored in such a stop list, the person is prevented from proceeding with the purchase and an alarm is activated 6. If the person's primary biometric data is not to be found stored in any stop list, said primary biometric data is temporarily stored in a first storage medium 7 as check data and the person is permitted to complete the purchase of the ticket 8.
  • said check data is erased from the first storage medium 9. Otherwise, if the person buys the ticket, said check data is stored in a second storage medium coupled to at least a piece of identification data 10, e.g. a ticket number, so that it is possible to find said check data by searching. After the purchase has been completed, the last mentioned check data is erased 11 from the first storage medium.
  • a piece of identification data e.g. a ticket number
  • the person later wishes to use the ticket When the person later wishes to use the ticket, he must first apply the biological unit to a second means for collecting biometric data 12, at a check-in desk for example. If the biological unit is correctly placed 13 on the second means for collecting biometric data, the second means for collecting biometric data will register the sec- ondary biometric data 14. If the biological unit should be improperly applied 13 , as above the person will be notified 15, and prompted to try again. A search will then take place 16, using the knowledge of said identification data, to find said check data coupled to said identification data. The secondary biometric data is then compared 17, 18, with said check data. If the comparison should show that said secon- dary biometric data is not identical to said check data, an alarm 19 is activated, which should also mean that the ticket is blocked.
  • the person is allowed access 20 to the service and/or product which the ticket is intended for.
  • said check data is finally erased 22 from the second storage me- dium. If problems arise during the termination of the transaction, for example if the person created in some manner a dangerous situation during a flight, the check data of the person can be saved in one of the stop lists 23, for the purpose of denying this person future access to the product or service, before the check data is erased from the second storage medium 22.
  • stop lists are stored in a central storage medium, which can in turn communicate with local storage media at those locations where a check of a person's biometric data is considered suitable. In this manner, persons not entitled to access can be denied access to the product or service regardless of where the person attempts to purchase the ticket.
  • the first and second storage media could be the same storage medium, or in themselves comprise additional storage media.
  • the central storage medium can be made up of a plurality of storage media.
  • a comparison with said stop lists can be carried out at the second check as well, i.e. in conjunction with the use of the ticket.
  • the storage medium for storing said stop lists is the same storage medium as one of the above mentioned storage media, or comprises a plurality of storage media.
  • the check means and the means for collecting biometric data are suitably designed to prevent misplacement of the biological unit on the means. This can be done, for example, by using sensors which sense the position of the biological unit or providing the means with a geometric design so that it is physically impossible to incorrectly place the biological unit thereon. Furthermore, it is possible and advantageous to use a combination of the above embodiments of means and check means. Suitable means and check means are described, for example, in applicant's own Swedish Patent Application No. 0103051-9 "Purchase check via thumbprint".
  • Fig. 2 shows a second embodiment of the method according to claim 1, where the person seeks access to a service or product, e.g. a parking space in a car park.
  • the person When seeking access, the person must place 31 at least one biological unit on a first means for collecting biometric data. If the biological unit is correctly placed on the means, which is checked 32 by means of a first position control means, the means registers 33 primary biometric data, which is then checked against biometric stop data saved in a stop list 35. If the biological unit should be incorrectly applied, the person will be notified 34 and requested to try again, possibly with more detailed instructions as to what to do. If said primary biometric data is saved in the stop list, an alarm is activated 36 and the person is denied access to the service or product.
  • a service or product e.g. a parking space in a car park.
  • said primary biometric data is stored in a first storage medium 37 as check data and the person receives access to the service 38.
  • identification data tied to said primary biometric data is also saved 37. Examples of such identification data can be the time of registration of said primary biometric data or data which identifies which service and/or product which is to be bought.
  • the person When payment is to be made for the service or product, the person must provide secondary biometric data. This is done as previously by once again placing the biological unit on the second means for collecting biometric data 39, performing a check with a second check means of the placement of the biological unit on the means 40 and registering secondary biometric data after the biological unit has been correctly placed thereon 41. Incorrect placement will prompt an error message which urges the person to try again 42. Said secondary biometric data is then used to search for check data 43, 44, identical to the secondary biometric data, and the identification data tied to said check data is identified 45. If there is no identical set of check data, an alarm will be activated 46 alerting local personnel, for example, that a person not entitled to access is attempting to use the method according to the present invention.
  • the person then receives a message informing him/her that they, for some reason, are denied access to the product and/or service and are therefore asked to contact the local personnel (not shown in Fig. 2).
  • the price for the service and/or product is then computed 47, and the person is requested to pay for the service and/or product 48. If the customer makes 49 payment, the transaction is completed 50 and said check data is erased 51 from the first storage . medium. If the person should leave without paying 49, said check data will be stored in the stop list 52 and then be erased from the first storage medium 51.
  • the method according to the second embodiment can, for example, be used in a car park, where the service itself which is bought is the use of the parking space.
  • Said identification data will in this case be the registration time, since it is the length of time during which the service is used which determines the final price.
  • additional identification data not shown in Fig. 2
  • the time of termination of the service in order to be able to compute the price.
  • the method according to the second embodiment can also be applied to a service station, such as a filling station, where the product in question is automobile fuel and where said identification data is used to identify at the cash register which pump the person has used.
  • a service station such as a filling station
  • the product in question is automobile fuel and where said identification data is used to identify at the cash register which pump the person has used.
  • the price which in this application can be determined directly when the person has stopped filling the tank, can be registered at the end of filling as an additional piece of information tied to said secondary biometric data in the first storage medium (not shown in Fig. 2). In this manner, another person could begin using the fuel pump before the first person has paid for the fuel.
  • the primary biometric data is used as a receipt or ticket which the person uses to redeem a product, which the person previously left for repair or service, for example.
  • the transaction begins when the person leaves 61 a product, whereafter the person places at least one biological unit on a first means for collecting 62 biometric data, to generate a primary set of biometric data. If the biological unit is correctly applied 63 to the means, which is checked by a first check means, said primary biometric data is registered 65, whereafter it is checked 66 against a stop list. If the biological unit should be improperly applied 63 to the means, the person will be informed thereof 64 via a display or in another manner, informing the person how to perform said placement in the correct manner.
  • the stop list contains stop data disclosing the person as a person not entitled to access, the person will be prevented from access to the service and/or product at the same time as an alarm is activated 67, to alert the local personnel to the problem. If said primary biometric data are not to be found in the stop list, this primary biometric data will be stored as check data together with at least one identification data, which ties said primary biometric data to each other, in a first storage medium 68.
  • the person When picking up the product, the person again places the biological unit at a second means for collecting biometric data at 69, whereafter the means registers a secondary set of biometric data at 51, provided the biological unit is correctly applied to the means at 70. That this is the case is checked, as in the preceding embodiments, by a second check means. If not, the person receives an error message as previously 72. After the person has provided said secondary biometric data, a computer will search for check data in the first storage medium identical to said secondary biometric data at 73, 74. If this biometric data does not agree with a set of check data, an alarm will be activated 75, which alerts the local personnel, for example, to the fact that the person is attempting to retrieve a product to which he has no right.
  • said identification data will also be identified 76, identifying the person as the one who left the product.
  • the price to be paid is then calculated 77, and the customer is notified by means of a payment message 78.
  • the person is then expected to make payment 79. If he does so, the transaction is terminated at 80, i.e. the person receives the product again, and said check data will be erased 81 from the first storage medium. If the person refuses to pay, said check data will be stored in the stop list 82 prior to being erased from the first storage medium.
  • the above method can also be applied to developing photos with the difference that the product which the person retrieves is not the same as the product left at the photo shop. Rather, it is a new product which is the result of a service performed on the original product.
  • Fig. 3 can be used when a person wishes to sell a product, e.g. redeeming the deposit for bottles.
  • the person pro- vides primary biometric data when depositing the bottles and is then identified at the cash register as the one who has returned the bottles in order to get the deposit back.
  • a fourth and last embodiment of the present invention intended to detect, after the fact, persons who have wrongly gained access to a service and/or a product by lying about their identity, is described in Fig. 4.
  • the person initially attempts to gain access to a product and/or service, such as access to an account at an ATM-machine, or admittance to a building where one must identify oneself before being let in 91.
  • the person applies at least one biological unit to a means for collecting biometrical data at 92, whereafter a check is made that the biological unit has been correctly applied 93. If not, the person is notified 94, e.g. via a display. Assuming the biological unit has, however, been correctly applied to the means, the means will register primary biometric data at 95.
  • a computer device will check that said primary biometric data does not agree with stop data saved in a stop list 96. Should said primary biometric data match that in a stop list, an alarm will be activated 97 and the person will be denied access to the product and/or service.
  • said primary biometric data is saved as check data together with at least one piece of identification data, which registers, for example, a point in time or a place for registration, in a first storage medium 9-8. Said check data and the identification data tied thereto will remain stored in the first storage medium for a prede- termined period, a so-called storage period, after the person has received the desired access permission.
  • This fourth and last embodiment can, of course, be used in combination with one of the preceding embodiments.
  • the person will decide to order or sell a product service via the Internet, making it difficult to obtain biometric data at the time of ordering. The person must then instead provide biometric data when actually using the service or collecting the product.
  • the person will order the ticket via the Internet and retrieve the ticket just before the flight, and the person must then provide biometric data to retrieve the ticket and gain access to the airplane.

Abstract

The present invention relates to a method, when buying or selling a product and/or service, of tying the product and/or service to a person for a limited period of time, comprising the steps of requiring the person to provide at least one set of primary biometric data, which are stored as tie-in data tied to the product and/or service, requiring the person to provide at least one set of secondary bio-metric data, which is compared to stored tie-in data. If said secondary biometric data agrees the tie-in data, the buyer/seller of the product and/or service is identified and said tie-in data is erased within a predetermined time interval. The present invention also encompasses a method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person, characterized in that the person must disclose at least one set of primary biometric data which is stored as tie-in data and that said tie-in data is erased within a predetermined time interval.

Description

METHOD OF TYING A PRODUCT AND/OR A SERVICE TO A PERSON
Field of the invention
The present invention relates to a method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person.
Background
Today it is common that an economic transaction is initiated and completed at different places in space and time. This can make it difficult, during the course of the transaction, to tie a certain product and/or a certain service to a specific buyer or seller thereof.
This is the case, for example, at a filling station, where a person filling his vehicle with fuel at a self-service pump, pays for the fuel at the cash register, and in a car park where a person who has used the car park, pays first when he leaves. The core of the problem lies in identifying the service or product which has been bought with the person who has bought it/them. To solve this problem, certain filling stations have installed cameras, for example, which make it theoretically possible for the personnel to keep track of which person has used which pump. In practice, however, it is very difficult for the personnel to handle such a system, since they must at the same time wait on other customers at the filling station. The problem is exacerbated by the fact that there is often a delay between use of the fuel pump by the person and his arrival at the cash register to pay. Nor is it necessary that the person who has used the self-service pump is the same person who pays. Car parks often use a ticket system. The person who enters the car park with his car receives a ticket, which must then be inserted into a checking device before being allowed to leave the car park. Before the person leaves the car park, payment must be made at a payment panel, either in cash or via a credit card, which is registered on the ticket. There is also registered how long the person has used the car park and what price is applicable. An obvious disadvantage of such a process is that it is easy to lose or functionally damage the ticket before leaving the car park. It is also an unnecessarily complicated and time-consuming process, sometimes requiring that considerable time must be devoted to finding a payment panel, which is seldom in the vicinity of one's vehicle.
The problem recurs when a person for various reasons, during a limited period of time, leaves a product with another person and receives a ticket, for example when repairing a VCR or having film developed. Beyond the fact that the ticket can be lost or destroyed, an extra dimension of the problem arises, since the ticket in no way constitutes proof that the person who has the ticket is the same person who originally was given the ticket when leaving the item in question. It is thus difficult to assert one's right to the item if the ticket is stolen. A problem of the same type arises when depositing empty bottles or cans, with the difference that the person is now the seller instead of the buyer.
Another common problem today, which is a direct result of the above described problem of tying a person to a specific product or service, is that people, who for security or other reasons should not be given access to certain products or services, can obtain without difficulty these products or use these services.
The above mentioned problem is particularly acute in the airline industry where one often buys tickets a long time prior to travelling and where it is thus possible to cir- cumvent security checks by the person who uses the ticket not being the same person as the one who bought the ticket. Only a fake ID is required to board the aircraft, and this is relatively simple to buy or manufacture. Identification difficulties are also one reason that credit card frauds can trick people out of their money. Since most credit card systems use pin-codes as identification means, the frauds never need to disclose their identity, and therefore the risk of detection is minimal. Purpose
One purpose of the present invention is therefore to supply a method for registering, whereby a product and/or service can be simply and securely tied to a specific per- son, without resorting to the use of tickets or other identification means which can be lost or be falsified. The method must also make it possible to identify parameters, which can determine the price of the service and/or product in question. Finally, this must be effected in a manner, which protects the person's personal integrity.
An additional purpose is to make it possible for authorised parties to prevent persons, who for various reasons are denied access to a product or service, from buying or selling the product and/or service in question. If a person should succeed in using a product or service to which he has no access, it should be possible for an authorised party to identify this person after the fact.
Brief description
These purposes are achieved with the present invention as described in the accompanying claims 1 and 7. Claim 1 describes a method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person, characterized in that the person must provide at least one primary set of biometric data in connection with the purchase/sale, said primary biometric data being stored in at least storage medium as at least one piece of tie-in data tied to the product and/or service; that the person must provide at least a secondary set of biometric data during the course of the purchase/sale; that said secondary biometric data is compared to the tie-in data stored in said storage medium; that the person, if said secondary biometric data agrees with at least one piece of tie- in data in the storage medium, is identified as the buyer/seller of the product and/or service tied to said tie-in data; and that said tie-in data is erased from the storage medium within a predetermined time interval after the service has been provided or the product, or economic compensation for the product, has been delivered.
Claim 7 describes in turn a method, when buying/selling a product and/or a service of tying, during a limited time period, the product and/or service to a person, char- acterized in that the person must provide at least one set of primary biometric data in conjunction with the purchase/sale, said primary biometric data being stored in at least one storage medium as at least one piece of tie-in data tied to the product and/or service; and that said tie-in data is erased from the storage medium within a predetermined time interval after use of the service or after receipt of the product or economic compensation for the product.
Since biometric data, unique to each person, are used to tie a specific person to a specific service or product, the method of claim 1 eliminates the risk of someone else taking the tie-in data or of the person using it. At the same time it makes it possible to check whether the person for some reason lacks access to the product or service, by comparing the person's primary biometric data with stop lists storing biometric data from persons not having access. Preferably, this check will be made in accordance with local laws and by authorized parties, e.g. a police authority. The check need not mean that a person who is identified as not entitled to access will be identified by name, which could be considered to be an invasion of personal integrity, since the stop lists only need to store biometric data from these persons who are denied access, without any other characteristic features, such as names or per- sonal identity numbers. It should also be pointed out that this check is in no way absolutely necessary. Rather, it is up to the user of the present invention to decide whether such a check is to be carried out.
Another advantage is that, depending on local laws, it is possible to store the pri- mary biometric data for a limited period of time, even after the service or product has been consumed or economic compensation has been received, in order to be able to identify the person who used the service if one suspects that this person has improperly obtained the product or service or the compensation therefor. Since the biometric data is erased after a limited period of time after the transaction has been completed, this advantage can be utilized without impinging on personal integrity. Furthermore, according to the present invention, the person will only be identified by name if criminal acts are suspected, which is the case today.
Description of the figures
The present invention will now be described in more detail by means of examples of embodiments, which are in no way limiting, with reference to the accompanying drawings, of which
Fig. 1 illustrates a flow chart of a first embodiment of the method according to the present invention;
Fig. 2 illustrates a flow chart of a second embodiment of the method according to the present invention;
Fig. 3 illustrates a flow chart of a third embodiment of the method according to the present invention; Fig. 4 illustrates a flow chart of a fourth embodiment of the method according to the present invention.
Detailed description The term 'biometric data' encompasses here by way of examples signatures, fingerprints, handprints, DNA-codes, voice recognition, retina or iris scanning, vein patterns or other data by which a specific person can be identified and which are difficult to change. A biological unit is a part of a person's body, from which the biometric data is obtained.
The terms 'purchase' and 'sale' are not limited to the actual moment of payment, but define in the present patent application a process which begins when an initiative is taken for a purchase or sale, and is terminated when the use of the service has ended or the product, or compensation therefor, has been received.
The term 'storage medium' is used to encompass one or more means for storing information, such as an FTP-server, and a storage medium can thus comprise any number of data bases, for example.
Fig. 1 shows a flowchart of a first embodiment of the method according to claim 1, which describes the purchase of a ticket, e.g. an airline ticket, which is separated in space and time from the use of the ticket. When buying the ticket at a sales office, a person applies at least one biological unit to a first means for collecting biometric data 1. The placement 2 of the biological unit is then checked and if the placement is correct, the first means will register a primary set of biometric data from the biological unit 3. If the biological unit should be improperly applied to the first means, the person will receive an error message 4, e.g. by means of a display, prompting him to try again. Said primary biometric data will then be compared by a first check means with biometric stop data stored in a stop list 5 in at least one storage medium. A set of biometric stop data is a set of biometric data belonging to a person not entitled to access, who for various reasons is not allowed to buy the ticket. Such a person not allowed access could be a known terrorist or someone else with another criminal record. If this person's primary biometric data is stored in such a stop list, the person is prevented from proceeding with the purchase and an alarm is activated 6. If the person's primary biometric data is not to be found stored in any stop list, said primary biometric data is temporarily stored in a first storage medium 7 as check data and the person is permitted to complete the purchase of the ticket 8. If, for some reason, the person at this stage should not complete the purchase, said check data is erased from the first storage medium 9. Otherwise, if the person buys the ticket, said check data is stored in a second storage medium coupled to at least a piece of identification data 10, e.g. a ticket number, so that it is possible to find said check data by searching. After the purchase has been completed, the last mentioned check data is erased 11 from the first storage medium.
When the person later wishes to use the ticket, he must first apply the biological unit to a second means for collecting biometric data 12, at a check-in desk for example. If the biological unit is correctly placed 13 on the second means for collecting biometric data, the second means for collecting biometric data will register the sec- ondary biometric data 14. If the biological unit should be improperly applied 13 , as above the person will be notified 15, and prompted to try again. A search will then take place 16, using the knowledge of said identification data, to find said check data coupled to said identification data. The secondary biometric data is then compared 17, 18, with said check data. If the comparison should show that said secon- dary biometric data is not identical to said check data, an alarm 19 is activated, which should also mean that the ticket is blocked. Assuming that the secondary biometric data is, however, identical to said check data, the person is allowed access 20 to the service and/or product which the ticket is intended for. After completion of the transaction 21 , said check data is finally erased 22 from the second storage me- dium. If problems arise during the termination of the transaction, for example if the person created in some manner a dangerous situation during a flight, the check data of the person can be saved in one of the stop lists 23, for the purpose of denying this person future access to the product or service, before the check data is erased from the second storage medium 22. o
Preferably, said stop lists are stored in a central storage medium, which can in turn communicate with local storage media at those locations where a check of a person's biometric data is considered suitable. In this manner, persons not entitled to access can be denied access to the product or service regardless of where the person attempts to purchase the ticket.
In an additional embodiment, the first and second storage media could be the same storage medium, or in themselves comprise additional storage media. In the same manner, the central storage medium can be made up of a plurality of storage media.
Furthermore, in another embodiment, a comparison with said stop lists can be carried out at the second check as well, i.e. in conjunction with the use of the ticket. Also conceivable is an embodiment, where the storage medium for storing said stop lists is the same storage medium as one of the above mentioned storage media, or comprises a plurality of storage media.
In a development of the above embodiments, it is also obviously possible to save said second biometric data, possibly replacing said check data with said second biometric data.
The present invention is thus in no way limited by the embodiments shown here. Rather, an initiated person can easily come to conclusions concerning additional embodiments.
The check means and the means for collecting biometric data are suitably designed to prevent misplacement of the biological unit on the means. This can be done, for example, by using sensors which sense the position of the biological unit or providing the means with a geometric design so that it is physically impossible to incorrectly place the biological unit thereon. Furthermore, it is possible and advantageous to use a combination of the above embodiments of means and check means. Suitable means and check means are described, for example, in applicant's own Swedish Patent Application No. 0103051-9 "Purchase check via thumbprint".
Fig. 2 shows a second embodiment of the method according to claim 1, where the person seeks access to a service or product, e.g. a parking space in a car park. When seeking access, the person must place 31 at least one biological unit on a first means for collecting biometric data. If the biological unit is correctly placed on the means, which is checked 32 by means of a first position control means, the means registers 33 primary biometric data, which is then checked against biometric stop data saved in a stop list 35. If the biological unit should be incorrectly applied, the person will be notified 34 and requested to try again, possibly with more detailed instructions as to what to do. If said primary biometric data is saved in the stop list, an alarm is activated 36 and the person is denied access to the service or product. In the second case, i.e. where said primary biometric data is not stored in the stop list, said primary biometric data is stored in a first storage medium 37 as check data and the person receives access to the service 38. In this second embodiment, identification data tied to said primary biometric data is also saved 37. Examples of such identification data can be the time of registration of said primary biometric data or data which identifies which service and/or product which is to be bought.
When payment is to be made for the service or product, the person must provide secondary biometric data. This is done as previously by once again placing the biological unit on the second means for collecting biometric data 39, performing a check with a second check means of the placement of the biological unit on the means 40 and registering secondary biometric data after the biological unit has been correctly placed thereon 41. Incorrect placement will prompt an error message which urges the person to try again 42. Said secondary biometric data is then used to search for check data 43, 44, identical to the secondary biometric data, and the identification data tied to said check data is identified 45. If there is no identical set of check data, an alarm will be activated 46 alerting local personnel, for example, that a person not entitled to access is attempting to use the method according to the present invention. It is also conceivable that the person then receives a message informing him/her that they, for some reason, are denied access to the product and/or service and are therefore asked to contact the local personnel (not shown in Fig. 2). The price for the service and/or product is then computed 47, and the person is requested to pay for the service and/or product 48. If the customer makes 49 payment, the transaction is completed 50 and said check data is erased 51 from the first storage . medium. If the person should leave without paying 49, said check data will be stored in the stop list 52 and then be erased from the first storage medium 51.
The method according to the second embodiment can, for example, be used in a car park, where the service itself which is bought is the use of the parking space. Said identification data will in this case be the registration time, since it is the length of time during which the service is used which determines the final price. In this case, it could also be necessary, in connection with the registration of said secondary biometric data, to also register additional identification data (not shown in Fig. 2), for example the time of termination of the service, in order to be able to compute the price.
The method according to the second embodiment can also be applied to a service station, such as a filling station, where the product in question is automobile fuel and where said identification data is used to identify at the cash register which pump the person has used. Alternatively, the price, which in this application can be determined directly when the person has stopped filling the tank, can be registered at the end of filling as an additional piece of information tied to said secondary biometric data in the first storage medium (not shown in Fig. 2). In this manner, another person could begin using the fuel pump before the first person has paid for the fuel. In a third embodiment as shown in Fig/ 3, the primary biometric data is used as a receipt or ticket which the person uses to redeem a product, which the person previously left for repair or service, for example. In this embodiment, the transaction begins when the person leaves 61 a product, whereafter the person places at least one biological unit on a first means for collecting 62 biometric data, to generate a primary set of biometric data. If the biological unit is correctly applied 63 to the means, which is checked by a first check means, said primary biometric data is registered 65, whereafter it is checked 66 against a stop list. If the biological unit should be improperly applied 63 to the means, the person will be informed thereof 64 via a display or in another manner, informing the person how to perform said placement in the correct manner. If the stop list contains stop data disclosing the person as a person not entitled to access, the person will be prevented from access to the service and/or product at the same time as an alarm is activated 67, to alert the local personnel to the problem. If said primary biometric data are not to be found in the stop list, this primary biometric data will be stored as check data together with at least one identification data, which ties said primary biometric data to each other, in a first storage medium 68.
When picking up the product, the person again places the biological unit at a second means for collecting biometric data at 69, whereafter the means registers a secondary set of biometric data at 51, provided the biological unit is correctly applied to the means at 70. That this is the case is checked, as in the preceding embodiments, by a second check means. If not, the person receives an error message as previously 72. After the person has provided said secondary biometric data, a computer will search for check data in the first storage medium identical to said secondary biometric data at 73, 74. If this biometric data does not agree with a set of check data, an alarm will be activated 75, which alerts the local personnel, for example, to the fact that the person is attempting to retrieve a product to which he has no right. In the other case, i.e. that said primary biometric data is found 74 in the first storage medium, said identification data will also be identified 76, identifying the person as the one who left the product. The price to be paid is then calculated 77, and the customer is notified by means of a payment message 78. The person is then expected to make payment 79. If he does so, the transaction is terminated at 80, i.e. the person receives the product again, and said check data will be erased 81 from the first storage medium. If the person refuses to pay, said check data will be stored in the stop list 82 prior to being erased from the first storage medium.
The above method can also be applied to developing photos with the difference that the product which the person retrieves is not the same as the product left at the photo shop. Rather, it is a new product which is the result of a service performed on the original product.
It is also possible that the embodiment according to Fig. 3 can be used when a person wishes to sell a product, e.g. redeeming the deposit for bottles. The person pro- vides primary biometric data when depositing the bottles and is then identified at the cash register as the one who has returned the bottles in order to get the deposit back.
A fourth and last embodiment of the present invention intended to detect, after the fact, persons who have wrongly gained access to a service and/or a product by lying about their identity, is described in Fig. 4. In this embodiment, the person initially attempts to gain access to a product and/or service, such as access to an account at an ATM-machine, or admittance to a building where one must identify oneself before being let in 91. The person applies at least one biological unit to a means for collecting biometrical data at 92, whereafter a check is made that the biological unit has been correctly applied 93. If not, the person is notified 94, e.g. via a display. Assuming the biological unit has, however, been correctly applied to the means, the means will register primary biometric data at 95. Thereafter, a computer device will check that said primary biometric data does not agree with stop data saved in a stop list 96. Should said primary biometric data match that in a stop list, an alarm will be activated 97 and the person will be denied access to the product and/or service. Other- wise, said primary biometric data is saved as check data together with at least one piece of identification data, which registers, for example, a point in time or a place for registration, in a first storage medium 9-8. Said check data and the identification data tied thereto will remain stored in the first storage medium for a prede- termined period, a so-called storage period, after the person has received the desired access permission. If we assume that a person not entitled to access has obtained access to a service and/or product by using means, e.g. a credit card or ID-card, belonging to another person, or in another manner has falsely identified himself, there is the possibility that this fact will arise afterwards. If this fact should come forth during the limited storage period 99, which reasonably should extend over at least one week, it is possible to go back and study check data belonging to people, going back in time for a period corresponding to the storage period, who have gained access to the service. It may also be possible to identify these people. Beyond any legal action, these check data will be saved in at least the stop list 100, whereafter said check data will be erased from the first storage medium 101. Should no irregularities be revealed during the limited storage period, said check data will be erased from the first storage medium 101.
This fourth and last embodiment can, of course, be used in combination with one of the preceding embodiments. For example, it is conceivable that the person will decide to order or sell a product service via the Internet, making it difficult to obtain biometric data at the time of ordering. The person must then instead provide biometric data when actually using the service or collecting the product. In the case with the above-mentioned airline ticket, it is possible that the person will order the ticket via the Internet and retrieve the ticket just before the flight, and the person must then provide biometric data to retrieve the ticket and gain access to the airplane. The above-mentioned embodiments have encompassed checking of the person's biometric data against some form of register, containing biometric data from access- denied persons and against a register containing biometric data from persons encountering problems during the purchase or sale. It should be noted that these components of the embodiments are in no way necessary to the invention, but are alternative elements in the method. It is thus possible to completely eliminate these elements, as is the feature of the checking triggering some type of alarm, if the biometric data are found to be in some stop list.

Claims

Claims
Method, when buying/selling a product and/or a service, of tying, during a limited period of time, the product and/or service to a person, characterized in - that the person must provide at least one primary set of biometric data in connection with the purchase/sale, said primary biometric data being stored in a storage medium as tie-in data tied to the pro-duct and/or service;
- that the person must provide at least a secondary set of biometric data during the course of the purchase/sale; - that said secondary biometric data is compared to the tie-in data stored in said storage medium;
- that the person, if said secondary biometric data agrees with the tie-in data in the storage medium, is identified as the buyer/seller of the product and/or service tied to said tie-in data; and - that said tie-in data is erased from the storage medium within a predetermined time interval after the service has been provided or the product, or economic compensation for the product, has been delivered.
Method according to Claim 1, characterized in that the person is permitted to terminate the purchase/sale of the produce and/or service, if the secondary biometric data agrees with the tie-in data tied to the product and/or service and stored in the storage medium.
Method according to one of the preceding claims, characterized in that the per- c an_is_gιvp:n across tn the; product and/or service, if the secondary biometric data agrees with the tie-in data tied to the product and/or service.
Method according to one of the preceding claims, characterized in that the primary biometric data is removed from the storage medium immediately at the termination of the purchase/sale. Method according to one of the preceding claims, characterized in that the primary biometric data is removed from the storage medium first after a predetermined time period after the termination of the purchase/sale.
Method according to one of the preceding claims, characterized in that the secondary biometric data are used to determine the value of a price-determining unit of the product or service which the person has bought or sold.
Method, when buying/selling a product and/or a service of tying, during a limited time period, the product and/or service to a person, characterized in
- that the person must provide at least one set of primary biometric data in conjunction with the purchase/sale, said primary biometric data being stored in at least one storage medium as tie-in data tied to the product and/or serv- ice; and
- that said tie-in data is erased from the storage medium within a predetermined time interval after use of the service or after receipt of the product or economic compensation for the product.
PCT/SE2002/001893 2001-10-19 2002-10-17 Method of tying a product and/or a service to a person WO2003034307A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US33011501P 2001-10-19 2001-10-19
SE0103491-7 2001-10-19
SE0103491A SE0103491D0 (en) 2001-10-19 2001-10-19 Procedure for linking an item and / or service with a person
US60/330,115 2001-10-19

Publications (1)

Publication Number Publication Date
WO2003034307A1 true WO2003034307A1 (en) 2003-04-24

Family

ID=26655569

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2002/001893 WO2003034307A1 (en) 2001-10-19 2002-10-17 Method of tying a product and/or a service to a person

Country Status (1)

Country Link
WO (1) WO2003034307A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003302490B1 (en) * 2003-06-04 2004-09-30 Shaw Ip Pty Ltd A system for and method of monitoring an item
WO2004109564A1 (en) * 2003-06-04 2004-12-16 Shaw Ip Pty Ltd A system for and method of monitoring an item
WO2017201007A1 (en) * 2016-05-16 2017-11-23 Cubic Corporation Implicitly trusted travel token authentication
EP3522121A1 (en) * 2018-01-31 2019-08-07 Siemens Schweiz AG Method for granting access for a person to enter protected sectors

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19541672A1 (en) * 1995-11-09 1997-05-15 Hsb Umwelttechnik Gmbh Biometric access control to secured process
WO1999006298A1 (en) * 1997-08-01 1999-02-11 P + S Mako Verpackungsmaschinen Gmbh Seal for sealing and re-sealing a bag, and bag with such seal
US6105010A (en) * 1997-05-09 2000-08-15 Gte Service Corporation Biometric certifying authorities
WO2001052177A2 (en) * 2000-01-11 2001-07-19 Rfi Elektronik Gmbh Method and device for establishment of entry authorisation to a public event

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19541672A1 (en) * 1995-11-09 1997-05-15 Hsb Umwelttechnik Gmbh Biometric access control to secured process
US6105010A (en) * 1997-05-09 2000-08-15 Gte Service Corporation Biometric certifying authorities
WO1999006298A1 (en) * 1997-08-01 1999-02-11 P + S Mako Verpackungsmaschinen Gmbh Seal for sealing and re-sealing a bag, and bag with such seal
WO2001052177A2 (en) * 2000-01-11 2001-07-19 Rfi Elektronik Gmbh Method and device for establishment of entry authorisation to a public event

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003302490B1 (en) * 2003-06-04 2004-09-30 Shaw Ip Pty Ltd A system for and method of monitoring an item
WO2004109564A1 (en) * 2003-06-04 2004-12-16 Shaw Ip Pty Ltd A system for and method of monitoring an item
GB2422035A (en) * 2003-06-04 2006-07-12 Shaw Ip Pty Ltd A system for and method of monitoring an item
GB2422035B (en) * 2003-06-04 2007-04-25 Shaw Ip Pty Ltd A system for and method of monitoring an item
US8001382B2 (en) 2003-06-04 2011-08-16 Shaw Ip Pty. Ltd. System for and method of monitoring an item
WO2017201007A1 (en) * 2016-05-16 2017-11-23 Cubic Corporation Implicitly trusted travel token authentication
US10108618B2 (en) 2016-05-16 2018-10-23 Cubic Corporation Implicitly trusted travel token authentication
EP3522121A1 (en) * 2018-01-31 2019-08-07 Siemens Schweiz AG Method for granting access for a person to enter protected sectors
WO2019149490A1 (en) * 2018-01-31 2019-08-08 Siemens Schweiz Ag Method for granting a person access to protected regions which the person is to enter

Similar Documents

Publication Publication Date Title
US20160155127A1 (en) Smart vending apparatus with automated regulatory compliance verification and method of use
US7604169B2 (en) Methods and systems for customer validation using any of a plurality of identification documents and identification document readers
US5457747A (en) Anti-fraud verification system using a data card
US6711465B2 (en) Vending machine having a biometric verification system for authorizing the sales of regulated products
US5559885A (en) Two stage read-write method for transaction cards
US5354974A (en) Automatic teller system and method of operating same
US6695203B2 (en) Boarding pass processing unit, boarding gate reader, person collation unit, boarding system, boarding pass, boarding pass processing method, service kiosk for boarding pass
US20060266823A1 (en) Authentication method and system for use in vending a restricted product or service
US7481366B2 (en) Methods and systems for customer validation using an identification document and/or one or more pins
US20070198287A1 (en) Method and apparatus allowing individuals to enroll into a known group, dispense tokens, and rapidly identify group members
US20070168290A1 (en) System and method for biometric authorization for age verification
US20140278555A1 (en) Method and Apparatus for Driver's License Analysis to Support Rental Vehicle Transactions
US20040073439A1 (en) Method and apparatus for issuing a non-transferable ticket
US20040200897A1 (en) Methods and systems for retail club membership authorization
US20070094095A1 (en) Internet anti-fraud cardholder verification system
JP2007172605A (en) Self-checkout system
CA2420800A1 (en) Biometric identification and security system associated with cash register
US20110145147A1 (en) System and method for authorizing transactions
US7493190B1 (en) Vending system having biometric verification protocols for user verification
US20210264395A1 (en) Automated sale device that uses biometrics
JP3543763B2 (en) Key management system and method in sales system using existing lockers
US20080179397A1 (en) Methods and systems for customer validation and payment using any of a plurality of identification documents
US6912312B1 (en) Credit card verification system and method
JP5051419B2 (en) Authentication system, authentication method, and program
WO2003034307A1 (en) Method of tying a product and/or a service to a person

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VC VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP