AU2006200653A1 - A digital wallet - Google Patents

Description

r Our Ref: 12652601 P/00/011 Regulation 3:2

AUSTRALIA

Patents Act 1990

ORIGINAL

COMPLETE SPECIFICATION STANDARD PATENT Applicant(s): Address for Service: Invention Title: Ronald Neville Langford Browning Boulevarde Battery Hill Queensland 4551 Australia DAVIES COLLISON CAVE Patent Trade Mark Attorneys Level 10, 10 Barrack Street Sydney, New South Wales, Australia, 2000 A digital wallet The following statement is a full description of this invention, including the best method of performing it known to me:- 5951 -1- A DIGITAL WALLET Technical Field [001] The present invention relates to verifying the identity of a user, and in particular, to a method of and system for verifying the identity of a user prior to allowing the user access to a terminal. The present invention also particularly relates to verifying the identity of a user by authenticating a file supplied by or obtained from, in some form, the user.

Additionally, the present invention also relates to a computer readable medium of instructions, such as software, for giving effect to various aspects of the invention.

Background Art [002] Disclosed in International Patent Application No. PCT/AU01/01185 (Publication No. WO 02/29623), filed by the present inventor and applicant, is an invention which provides a web-page (or web-site) search results list which includes either related or unrelated images from the actual web-pages or web-sites identified in a user's search, or images associated with the actual organisation operating a web-site. This assists a user to locate web-pages of interest or relevance to the user by providing images to assess the relevance of web-pages identified in a search, prior to the user having to hyperlink to the actual web-page itself. The present invention provides significant advantages over this prior invention. The disclosures in document WO 02/29623 are incorporated herein by cross-reference.

[003] Disclosed in Australian Patent No. 2004240196, filed by the present inventor and applicant, is an invention which facilitates the authentication of images, for example on a web-site. The method includes encoding images. In one embodiment, a search request is received from a terminal and the Internet is searched in accordance with the search request and one or more web-sites identified. An image associated with the identified web-site is checked to see if the image is authentic. This can be achieved by decoding the image to obtain embedded identification information. If the image is authenticated, the image is transmitted as part of a search results list. If the image is not authenticated, the image is not transmitted or a warning that the image has not been authenticated can be provided. The

I

present invention provides significant advantages over this prior invention. The disclosures in document AU 2004240196 are incorporated herein by cross-reference.

[004] The term "file", as used herein should be understood as a reference to any type or form of computer or digital file, such as, for example, an image, document, audio, video, text, data, executable, etc., type of file. The term "file" is intended to cover any type or form of computerised data that may be stored or transmitted.

[005] The term "image", as used herein should be understood as a reference to any type or form of image, visual content, video, animation, icon, logo, trade mark, advertisement, textual information, or the like. That is, an image, as used herein, could be a string of text representing an image in a particular graphic format, for example an image can be represented by a bit-map which is simply a string of text. Moreover, however, it will be appreciated that the string of text need not actually have to represent an image, the text may be arbitrary or non-arbitrary text without connection to an image, that is, the text may be a file as hereinbefore described.

[006] The term "link information", as used herein should be understood as a reference to embedded information, for example concerning at least one of the following, URL location, registered client information, user information and system information.

[007] User identity deceptions are known to target banks, retail stores, ticket agencies for sports or musical events, and many other types of organisations, in fact almost any entity which is engaged in Internet commerce or the like. URL, or equivalently domain name, owners and consumers seek the comfort of conducting business online, but are generally suspicious of providing confidential information.

[008] A hacker or scammer does not need to break into a bank's computer system to steal account numbers and access codes. A fake web-site can be set-up using images, logos, trade marks, slogans, etc., which are either the same or deceptively similar to images on an authentic web-site. It is known that consumers have given financial information to websites thinking they were authentic.

I

-3- [009] Presently, to assist with Intemrnet security a "plugin" or "patch" to a web browser may be employed, and in some cases encryption scrambling functions using secure certificates, eg. using SSL (Secure Sockets Layers), are a further option. A patch or a plugin is a self contained software component (sub or inner application) which normally adds a new or up-dated feature to a specific stand alone program, for example RealPlayer T M or ShockwaveTM. SSL is a RSA (Rivest, Shamir, Adlermin) public key encryption system which provides both encryption, authentication and message integrity. SSL is normally layered beneath application protocols such as HTTP, SMTP, Telnet, Gopher and NNTP.

SSL is layered above the connection protocol TCP/IP. When SSL is implemented, Internet communications are transmitted in encrypted form. The encrypted link between a webserver and a browser remains private and integral, essential for the protection of credit card and Internet banking transactions. To obtain a SSL certificate a URL owner is required to provide specific security information and other identification details able to be authenticated.

[010] Public/Private key encryption involves two passwords. One password is private and is used when deciphering a message, the other is public and is used for encryption, often included in a user's on-line signature or plan file. This makes the encryption more flexible, the public key is used to send an encrypted message, then the private key is used to decipher the message. Public key encryption can also be used to verify a message where a user encrypts the message with a private key and sends the message, as the public key is able to decipher the message. The recipient is thus guaranteed that the message has come from a genuine source. PGP (Pretty Good Privacy) and RSA are examples of public key encryptions codes.

[011] However, many users desire additional security for personal data, for example using terminals that are not their own, or other types of terminals such as ATM's and POS machines.

[012] Various forms of portable memory devices for storing data are known. For example, a portable USB (Universal Serial Bus) memory storage device, commonly called -4a USB key, is an item of hardware which allows relatively large packets of data to be stored. Since the development of USB storage devices in 1997 many computer manufacturers have aligned with the USB protocol so that most computers now automatically recognize any USB device as soon as it is plugged in for plug and play or added to a chain.

[013] A continuing development of use for this type of USB device includes the ability to contain a fingerprint sensor so as to provide security to a user wherein the device will only allow access to stored data after the personal touch of an authorised user. This can avoid the need for log-in passwords or PINs (Personal Identification numbers), which can be stolen or misused through unlawful means. If the USB device is lost or stolen, the device can destroy data as a result of tampering. USB devices or the like are also capable of being used on mobile or cellular phones, hand-held computers such as PDAs, and other computerised terminals.

[014] Other types of verification or authentication techniques also exist. For example, various devices use biometric sensors to verify voice, fingerprint, retinal identification, etc.. QR (Quick Response) Code is a two dimensional barcode which allows its contents to be decoded at high speeds in contrast to traditional bar codes. A QR Code is also able to sustain damage but retain information integrity. While conventional bar codes are capable of storing a maximum of approximately 20 digits, QR Code is capable of handling several dozen to several hundred times more information. QR Code is capable of handling all types of data, such as numeric and alphabetic characters, and control codes. Since QR Code carries information both horizontally and vertically, QR Code is capable of encoding the same amount of data in approximately one-tenth the space of a traditional bar code. QR Code has error correction capability. Data can be restored even if the symbol is partially dirty or damaged.

[015] Quantum Cryptography techniques are also being developed to provide data security and authentication. Secret keys can be generated relying on photon entanglement.

The technology employs specially generated secret electronic data, or keys to encrypt a message, upon receipt of the encrypted message, the receiver uses a precisely matching decoding key to recover the original message. Only a receiver with an identical secret key can correctly decipher the encoded message and the information cannot be intercepted between the two points. The secret key can be transmitted by using laser technology.

[016] In a networked information or data communications system, a user has access to one or more terminals which are capable of requesting and/or receiving information or data from local or remote information sources. In such a communications system, a terminal may be a type of processing system, computer or computerised device, personal computer mobile, cellular or satellite telephone, mobile data terminal, portable computer, Personal Digital Assistant (PDA), pager, video telephone, ATM, POS, or any other similar type of digital electronic device. The capability of such a terminal to request and/or receive information or data can be provided by software, hardware and/or firmware. A terminal may include or be associated with other devices, for example a local data storage device such as a hard disk drive or solid state drive.

[017] An information source can include a server, or any type of terminal, that may be associated with one or more storage devices that are able to store information or data, for example in one or more databases residing on a storage device. The exchange of information the request and/or receipt of information or data) between a terminal and an information source, or other terminal(s), is facilitated by a communication means. The communication means can be realised by physical cables, for example a metallic cable such as a telephone line, semi-conducting cables, electromagnetic signals, for example radio-frequency signals or infra-red signals, optical fibre cables, satellite links or any other such medium or combination thereof connected to a network infrastructure.

[018] The network infrastructure can include devices such as a telephone switch, base station, bridge, router, or any other such specialised network component, which facilitates the connection between a terminal and an information source. Collectively, an interconnected group of terminals, communication means, infrastructure and information sources is referred to as a network. The network itself may take a variety of forms. For example, it may be a computer network, telecommunications network, data communications network, Local Area Network (LAN), Wide Area Network (WAN), -6wireless network, Intemrnetwork, Intranetwork, the Internet and developments thereof, transient or temporary networks, combinations of the above or any other type of network providing for communication between computerised, electronic or digital devices. More than one distinct network can be provided, for example a private and a public network. A network as referenced in this specification should be taken to include any type of terminal or other similar type of electronic device, or part thereof, which is rendered such that it is capable of communicating with at least one other terminal.

[019] Automatic Teller Machines (ATMs) are usually located at a bank or financial institution outlet and allow users to check account balances, deposit, transfer, or in the majority of cases withdraw funds against a prior arranged credit limit or bank balance using a magnetised card. For example, the card may be a credit card issued by a company such as Visa, Mastercard or from a bank. An alternate option is to withdraw funds from an established bank account using a debit card. In both options, either using a credit card or a debit card, the user is required to provide certain identification details which typically includes a PIN (Personal Identification Number). It is well known that many frauds or thefts have been committed by the illegal use of stolen cards or where personal details or user identities have been hi-jacked by unlawful means.

[020] An ATM is a type of data terminal, typically with two input and four output devices. Like any other data terminal, the ATM has to connect to, and communicate through, a host processor. The host processor is analogous to an Internet Service Provider (ISP) in that it is the gateway through which all the various ATM networks become available to a cardholder, that is, the person wanting to access cash from the ATM. There are thousands upon thousands of ATM machines spread throughout the world and most have the capacity to talk to each other. A person from Australia who is in London can go to an ATM outlet and provided his or her PIN details match those on record, a withdrawal of cash can be made. The host processor may be owned by a bank or financial institution, or it may be owned by an independent service provider. Bank-owned processors normally support only bank-owned machines, whereas independent processors support merchantowned machines.

[021] A Point-Of-Sale (POS) terminal is a computerised replacement for a cash register.

A POS system can include the ability to record and track customer orders, process credit and debit cards, connect to other systems in a network, and manage inventory. Generally, a POS terminal has as its core a type of computer, which is provided with applicationspecific programs and I/O devices for the particular environment in which it will serve. A POS system for a restaurant, for example, is likely to have all menu items stored in a database that can be queried for information in a number of ways. POS terminals are used in most industries that have a point of sale such as a service desk, including restaurants, lodging, entertainment, and museums. Increasingly, POS terminals are also web-enabled, which makes remote training and operation possible, as well as inventory tracking across geographically dispersed locations.

[022] ATM and POS transactions have been used to transact illegal purchases using credit cards or debit cards belonging to other people or where confidential details have been diverted to an illegal user after phishing, or where other unlawful means have been employed. A retailer has no means of establishing a fraudulent transaction if the PIN number entered or signature provided is not challenged by an alternate method of authentication of the identity of the user.

[023] The storage of personal financial details online has become a significant concern in recent times because of the likelihood of hackers being able to use key-stroke monitoring techniques to obtain and store the personal data of unsuspecting individuals, and then use that data at some future time to make credit purchases, raid bank accounts, even create false documents for ID purposes such as passports, driving licences and the like. For example, a PC user having an account with American Express and wanting to view recent transactions, the date the account is to be paid, find his/her available credit limit, etc., must currently log-in to achieve this aspiration. Because of existing incidents of people losing money and having illegal transactions made in their name, resulting from stolen identity data, many people are hesitant to use online facilities. People are concerned that their details are roaming in cyber space unprotected and available to smart hackers.

-8- [024] Presently, there are perceived to be deficiencies in the ability to verify the identity of a user. Furthermore, there does not presently exist the ability to have a suitably protected "digital wallet" or a "digital safe" in which to store personal details. As well, presently there is no provision to analyse, check dates, balances, etc., using a single interface which provides the ability to verify the identity of the user, as a form of security, without necessarily relying on a PIN or user ID.

[025] This identifies a need for a method, system and/or computer readable medium of instructions for verifying the identity of a user by authenticating a file, which overcomes or at least ameliorates problems inherent in the prior art.

[026] The reference to any prior art in this specification is not, and should not be taken as, an acknowledgment or any form of suggestion that such prior art forms part of the common general knowledge.

Disclosure Of Invention [027] In a general form, the present invention seeks to provide a method, system and/or computer readable medium of instructions for verifying the identity of a user by authenticating a file.

[028] According to a first broad form, the present invention provides a method of verifying the identity of a user by authenticating a file, the file having been encoded together with link information to produce an encoded file, the method including the steps of: receiving the encoded file; decoding the encoded file to obtain the file and the link information; retrieving a registered file identified by the link information; comparing the file to the registered file and generating an authentication response; and, transmitting the authentication response to the terminal.

[029] Preferably, the link information is obtained from a memory device in communication with the terminal, the memory device storing the link information. In one form, the memory device is a portable memory device. In a preferred form, the link information is only held during the session and is not stored permanently.

I

-9- [030] Also preferably, an image or file is located with specific inheritance values of persistence. The file is preferably never permanently maintained in one location. In a user terminal or a connected peripheral device the file is only maintained during a session. The reference image or file is maintained in remote servers and preferably never in one persistent location. The location can be moved in a predetermined manner. This feature makes hacking extremely difficult.

[031] Verification can be considered as where one entity asserts its identity and a challenge is a one to one comparison to a single profile. Validation can be considered as the process of making the comparison. Authentication can be considered as a two pass verification/validation process using independent paths, but not necessarily different channels.

[032] In accordance with specific optional embodiments, provided by way of example only: the link information can be stored as encoded link information on the portable memory device; the file is produced by the portable memory device; and/or the file is received by a peripheral device in communication with the terminal.

[033] Optionally, but not necessarily, the file is additionally encoded, prior to encoding together with the link information, to provide a first reference file, and the registered file is encoded to provide a second reference file, and the comparison is between the first reference file and the second reference file. In this form, the first reference file and the second reference file may be image hash files.

[034] In accordance with specific optional embodiments, provided by way of example only, the file and the registered file are a type of file selected from the group of: image; audio; video; text; executable; data and/or document.

[035] In accordance with another optional embodiment, provided by way of example only, the file and the registered file are image files and the images are biometric images related to the user.

[036] In accordance with another optional embodiment, provided by way of example only, the biometric images are of at least part of one or more of the group of: a fingerprint of the user; an eye of the user; and/or the face of the user. Other possible alternatives include hand prints or DNA.

[037] Optionally, but not necessarily, the portable memory device is a USB key provided with a fingerprint imaging component.

[038] In another particular, but non-limiting, form, there can additionally be provided prior registration steps of: receiving and storing the registered file; and, generating the link information, the location of the stored registered file being identified by the link information.

[039] In accordance with another optional embodiment, provided by way of example only, if the user is verified, the user is provided with access to a digital wallet via the terminal. In this form, the digital wallet may be accessed via a web browser on the terminal and/or the contents of the digital wallet can be stored remotely to the terminal.

[040] In accordance with another optional embodiment, provided by way of example only, the terminal is an Automatic Teller Machine, and if the user is verified, the user is allowed to proceed to conduct a transaction using the Automatic Teller Machine.

[041] In accordance with another optional embodiment, provided by way of example only, the terminal is a Point of Sale machine, and if the user is verified, the user is allowed to proceed to conduct a transaction using the Point of Sale machine.

[042] According to a second broad form, the present invention provides a method of verifying the identity of a user by authenticating a file, this includes optional multiple authenticating paths, the method including the steps of: receiving the file at a terminal; encoding the file together with link information to produce an encoded file; transmitting the encoded file to a server, the encoded file being decoded at the server to obtain the file,

IN

-11-

\O

the file being compared to a registered file identified by the link information, and the a) Sserver providing an authentication response as a result of the comparison; and, receiving the authentication response at the terminal.

Cc 5 [043] According to a third broad form, the present invention provides a system for IO verifying the identity of a user by authenticating a file, the system including: a terminal to Sreceive the file, the file being encoded together with link information to produce an O encoded file; a storage device to store a registered file; and, a processing system to receive Sthe encoded file, decode the encoded file to obtain the file and the link information, obtain the registered file identified by the link information, compare the file to the registered file, generate an authentication response based on the comparison, and transmit the authentication response to the terminal.

[044] According to a fourth broad form, the present invention provides a computer readable medium of instructions for verifying the identity of a user by authenticating a file, the file having been encoded together with link information to produce an encoded file, the computer readable medium of instructions performing the steps of: receiving the encoded file; decoding the encoded file to obtain the file and the link information; retrieving a registered file identified by the link information; comparing the file to the registered file and generating an authentication response based on the comparison; and, transmitting the authentication response to the terminal.

[045] In another form, the present invention seeks to provide a digital wallet or safe.

Preferably, the digital wallet or safe can only be accessed after verification of the user.

[046] According to the second broad form the present invention provides multiple forms of authentication which may include, but is not limited to, USB Devices, Quantum Cryptography, SAM's, mobile or cellular telephones, PDAs (for example Palm T M Organisers) or other digital devices.

Brief Description Of Figures -12- [047] The present invention should become apparent from the following description, which is given by way of example only, of a preferred but non-limiting embodiment thereof, described in connection with the accompanying figures.

[048] Fig. 1 illustrates an example functional block diagram of a processing system; [049] Fig. 2 illustrates an example network infrastructure; [050] Fig. 3 illustrates an example flow diagram of a method to authenticate an image; [051] Fig. 4 illustrates an example search results list; [052] Fig. 5 illustrates an example message; [053] Fig. 6 illustrates an example flow diagram of a protocol; [054] Fig. 7 illustrates an example system diagram for an image encoding process; [055] Fig. 8 illustrates an example system diagram for an image decoding process; [056] Fig. 9a illustrates an example flow diagram of a method to verify the identity of a user; [057] Fig. 9b illustrates another example flow diagram of a method to verify the identity of a user; [058] Fig. 10 illustrates an example USB key with fingerprint imaging component; [059] Fig. 11 illustrates an example system diagram for a file registration process; [060] Fig. 12 illustrates an example system diagram for a file verification process; -13- [061] Fig. 13 illustrates a flow diagram for operation of a plug-in; [062] Fig. 14 illustrates a flow diagram for a digital wallet application; [063] Fig. 15 illustrates a further flow diagram for a digital wallet application; [064] Fig. 16 illustrates a flow diagram for digital wallet login; [065] Fig. 17 illustrates a flow diagram for user fingerprint authentication; [066] Fig. 18 illustrates a flow diagram for an online purchase; and, [067] Fig. 19 illustrates a flow diagram for entry using usemame and PIN.

Modes for Carrying Out The Invention [068] The following modes, given by way of example only, are described in order to provide a more precise understanding of the subject matter of the present invention.

[069] In the figures, incorporated to illustrate features of an embodiment of the present invention, like reference numerals are used to identify like parts throughout the figures.

[070] A particular example embodiment of authenticating a file is described with reference to use of an "image". However, this should be realised to be a non-limiting particular exemplary embodiment of use of a "file". The present invention is applicable to any type or form of file, such as, for example, an image, document, audio, video, text, data, executable, etc., type of file. The term "file" is intended to cover any type or form of computerised data that may be stored or transmitted, for which an "image" file is a particular example.

r0711 System Overview -14- [072] A particular embodiment of the present invention can be realised using a processing system, such as a server, an example of which is shown in Fig. 1. In particular, the processing system 100 generally includes at least one processor 102, or processing unit or plurality of processors, memory 104, at least one input device 106 and at least one output device 108, coupled together via a bus or group of buses 110. In certain embodiments, input device 106 and output device 108 could be the same device. An interface 112 can also be provided for coupling the processing system 100 to one or more peripheral devices, for example interface 112 could be a PCI card or PC card. At least one storage device 114 which houses at least one database 116 is also be provided. The memory 104 can be any form of memory device, for example, volatile or non-volatile memory, solid state storage devices, magnetic devices, etc. The processor 102 could include more than one distinct processing device, for example to handle different functions within the processing system 100.

[073] Input device 106 receives input data 118 and can include, for example, data receiving hardware or an antenna, such as a modem or wireless data adaptor, data acquisition card, etc. Input data 118 could come from different sources, for example data received via a network. Output device 108 produces or generates output data 120 and can include, for example, a data transmitter or antenna such as a modem or wireless network adaptor, etc. Output data 120 could be transmitted to a network. A user could view data output, or an interpretation of the data output, on a terminal, for example, using a monitor or a printer. The storage device 114 can be any form of data or information storage means, for example, volatile or non-volatile memory, solid state storage devices, magnetic devices, etc.

[074] In use, the processing system 100 is preferably a server connected to the Internet, an ATM network, a POS network, etc., and adapted to allow data or information to be stored in and/or retrieved from, via wired or wireless communication means, the at least one database 116. The interface 112 may allow wired and/or wireless communication between the processing unit 102 and peripheral components that may serve a specialised purpose. The processor 102 receives a search request as input data 118 via input device 106 and can display search results or other output to a user by utilising output device 108.

More than one input device 106 and/or output device 108 can be provided. It should be appreciated that the processing system 100 may be any form of terminal, server, specialised hardware, or the like.

[075] The processing system 100 may be a part of a networked communications system 200, as shown in Fig. 2. Processing system 100 could connect to network 202, for example the Internet or a WAN. Input data 118 and output data 120 could be communicated to other devices via network 202. Other terminals, for example, thin client 204, further processing systems 206 and 208, notebook computer 210, mainframe computer 212, PDA 214, pen-based computer 216, server 218, etc., can be connected to network 202. A large variety of other types of terminals or configurations could be utilised.

The transfer of information and/or data over network 202 can be achieved using wired communications means 220 or wireless communications means 222. Server 218 can facilitate the transfer of data between network 202 and one or more databases 224. Server 218 and one or more databases 224 provide an example of an information source.

[076] Other networks may communicate with network 202. For example, telecommunications network 230 could facilitate the transfer of data between network 202 and mobile or cellular telephone 232 or a PDA-type device 234, by utilising wireless communication means 236 and receiving/transmitting station 238. Satellite communications network 240 could communicate with satellite signal receiver 242 which receives data signals from satellite 244 which in turn is in remote communication with satellite signal transmitter 246. Terminals, for example further processing system 248, notebook computer 250 or satellite telephone 252, can thereby communicate with network 202. A local network 260, which for example may be a private network, LAN, etc., may also be connected to network 202. For example, network 202 could be connected with ethernet 262 which connects terminals 264, server 266 which controls the transfer of data to and/or from database 268, and printer 270. Various other types of networks could be utilised.

[077] The processing system 100 is adapted to communicate with other terminals, for example further processing systems 206, 208, by sending and receiving data, 118, 120, to

I

-16and from the network 202, thereby facilitating possible communication with other components of the networked communications system 200. Various servers can host websites that can be accessed by processing system 100 via network 202.

[078] Thus, for example, the networks 202, 230, 240 may form part of, or be connected to, the Internet, in which case, the terminals 206, 212, 218, for example, may be web servers, Internet terminals or the like. The networks 202, 230, 240, 260 may be or form part of other communication networks, such as LAN, WAN, ethernet, token ring, FDDI ring, star, etc., networks, or mobile telephone networks, such as GSM, CDMA or 3G, etc., networks, and may be wholly or partially wired, including for example optical fibre, or wireless networks, depending on a particular implementation.

r079 Authenticating a Web-Site [080] Referring to Fig. 3, method 300 facilitates the authentication of a web-site 380. The method 300 may include registering images at step 310 in a database 320. The images are registered by a person with appropriate authority by utilising registration software. In this particular embodiment, the images are associated with particular web-sites that may be identified in an Internet search. At step 330 a search request is received from a user, having been transmitted from a terminal 340. At step 350 the Internet, or other type of network or database, is searched in accordance with the search request 340 and one or more web-sites or web-pages are identified (if any). At step 360 an image associated with an identified web-site is checked to see if the image is authentic. This can be achieved by obtaining embedded identification information from an image, as is described hereinafter in more detail. If the image is authenticated, the image and an associated hyperlink can be transmitted 390 as part of a search results list to a terminal in response to the search request 340. If the image is not authenticated, the image is not transmitted 395 as part of a search results list or a warning that the image has not been authenticated can be provided in the search results list with or without the image.

17- [081] According to an embodiment of the present invention, a browser plug-in is downloaded to assist in the authentication process. The plug-in could be provided free of charge to operate with Internet Explorer, Netscape or the like.

[082] Once downloaded, the plug-in application can become permanent and has the capacity to check every image or registered phrase linked to a URL or domain name plus other link information. Upon checking the validity of pre-approved security details for expiration date, etc., the plug-in can become an enforcement mechanism. Simultaneously, search engine operators can be offered the option of verifying all images which form a database of protected content, trade marked or other textual phrases.

[083] However, if a search engine was not part of the described authentication method or protocol, for example Yahoo T M chose not to participate, an alert signal could be generated which would inform the user that "this search engine does not support web-site authentication, users may continue at their own risk", or some similar type of warning.

[084] There are two or more specific functions that can be provided after the plug-in has been downloaded, for example: 1. An image chosen by an URL owner to describe or to attract a user to visit a website or web-page, the image being a logo, trade mark, slogan, thumbnail image of a home page or any image, is placed alongside search results made by a general search of the world wide web, once found.

2. An image may be embedded on a subsequent web-page as a consequence of being diverted from a web-page which is a genuine search result, but after clicking on an image or text a user is diverted to a fake web-site. The present invention through the use of a private/public key quickly and easily identifies the fraudulent attempt and highlights this to the user by a message or alert, presenting the user with an option to abort the linking process to a potentially fake or masquerading web-site or web-page.

[085] Using this invention, possibly in conjunction with SSL or other alternate encryption processes, can highlight the intrusion of unregistered images or phrases and can deter or -18eliminate masquerading, spamming and other fraudulent activities placed on web-sites or web-pages as an inducement to link to fake web-sites.

[086] Authenticating a Search Result [087] According to one aspect, and referring to Fig. 4, when a user elects to make a search by a search engine and a search results list 410 is retrieved, the search results list may contain at least one entry, or no entries if no search results are found. The search results list 410 could be obtained from a database and can include text, such as hyperlinks 420. Some of those retrieved search result entries may have visual content, such as images 430, 440 which are embedded in the identified web-page(s) or web-site(s), or can be actual mini-images of web-pages.

[088] By providing a protocol which asks URL owners, image owners or authorised users to register a particular image, whereby that image may be a trade mark, logo, icon or any other graphic image, registration provides considerable protection to the owner or authorised user and consumers.

[0891 Authenticating an Email [090] According to an alternate embodiment, senders of emails are able to place a visual image within an email or electronic document which acts as an authenticating stamp/image. This act conveys genuine intent by the sender to be transparent and removes the possibility ofphishing, scams or deception. The stamp/image could be placed within an email, or on any other electronic document, including being shown, for example, on an envelope in Outlook Express T M or other programs. Once the stamp visual image) is visible, and by moving a computer mouse over, or possibly clicking on, the image, the verification process, as described hereinbefore and hereinafter for search results, could occur to authenticate the visual image. As illustrated in Fig. 5, the stamp/image 430 could be displayed to a recipient as if on a traditional envelope 510.

-19- [091] When the plug-in is installed email or corporate promotional material emanating from a genuine source can carry within its body a similar stamp/image acting as a security ID, or in the case of an illegal entity the stamp/image would be missing, providing the opportunity to highlight this as a potential fraud, seam, spamn or pornography (a worded alert could highlight this and extend a validity signal to assist the authorities to eliminate or deter any of these practices). Thus, there would be an attached stamp/image carrying the ID of the sender and upon arrival the receiver then has the ability to authenticate that the message originated from a genuine URL/sender by authenticating the stamp/image. The ID stamp/image can be on an existing email program, a web-site or in the body of, for example, promotional material. Filtering material allows junk mail or pornography websites to be removed or avoided.

[092] The ability to authenticate an organisation or validate the status of a computerised communication at the point of receipt is a significant step in eliminating seam emails or being led to masquerading web-sites.

r0931 Authenticating an Image or File [094] According to a further embodiment, and referring to the method 600 illustrated in Fig. 6, at step 610 a logo is presented as a genuine logo of XYZ company on a web-site purporting to be that of XYZ company. The logo, if registered under the present protocol, is able to be displayed as an additive to a search results list at step 620. The logo is also able to be displayed on a locally hosted web-site, or other web-sites by pre-approved consent. Other URL owners seeking to display the logo or to create a link to the XYZ company URL might do so, provided a consent has been obtained. At step 630, software, for example a plug-in in conjunction with remote server software, verifies the logo as authentic and is correctly linked to XYZ company's official web-site or other approved web-site. If authenticated, the logo is included in a search results list at step 640, but if not authenticated, no logo is included as at step 650. A fake web-site which may display the logo or attempt to convey a likeness would thus be impeded from doing so in the search results list of a user's search. If a fake image had a likeness camouflaged by subtle changes such as spelling or other deceptive means, the identification process would readily identify

I

the attempt to take a user to a fake web-site or to obtain confidential information by deception.

[095] An entity may wish to have its web-pages associated with a graphic, so that the link is more meaningful. For example a well known hamburger company may wish that results returned by a search engine that link to hamburger company web-sites have the company's icon displayed. It may also require that no unauthorised display of this icon is used within the search results linking to other web-sites.

[096] A search engine might only be authorised to embed graphics registered by the owner of the intellectual property rights within its search results. A software program is able to crawl the web and identify unauthorised images. The owner of a web-site or URL registers images or other content which is desired to be protected through an authorised facility such as an accredited search engine. The owner of the web-site embeds within a web-page an encoded image which inherently contains authorisation so that the search engine can use both the image within search results for that web-page and check for authorisation. Once authorised, the web-site owner may display an accredited stamp or image on a web-page indicating authenticity.

In one particular, but non-limiting specific example, there could be embedded in a webpage details of the image and authorisation. For example, the following could be used within a web-page: <searchenginelink="www.mvexample.com/mvdir" Graphic="myicon.png" Authorisation="fgter65sjgqtsdhtdgpustrdgtud" EXPIRES=YYYYMMDD/> [097] In this particular example, a search engine may display the graphic within the search results provided that the search engine confirms the unique number from the image/URL/expiry calculation process, authorisation with an owners public key and verifies that the resultant processed data is the same as the authorisation of the web-page.

The search engine could verify that the URL of the link is the same descendant, that the -21expiry date is current and that the public key is current. A plug-in can be downloaded to help effect these features.

[098] A window or alert button can provide warning messages such as: "We cannot verify that this icon and web page is genuine do you wish to proceed?".

[099] Before connecting to a web-site a check against a secure encrypted database can be made. If the visual image on the web-page is not registered a warning could state: "An illegal attempt to masquerade has occurred do you wish to report this?".

[0100] If a search engine does not use the protocol a warning could state: "This search engine does not support an anti-masquerading protocol here is a list of search engines that do".

[0101] Each server might handle many multiple downloads per hour which means that caches are able to handle the volume required to set-up the network. Using this system, every browser effectively becomes an enforcement mechanism.

[0102] The invention may utilise security tags, SSL or PGP to encrypt, that is to scramble identification data, a protected or registered image, credit details or payment authorisations into unreadable data) then decrypt the data into readable information. In addition, where technically practical, a hologram or readable bar-code may be provided as a security confirmation of an image. Where the availability of equipment allows, a user may be able to swipe a card at a terminal or on a cellular telephone, Palm T M Internet or video phone, PC or any other digital device.

[0103] The following examples provides a more detailed discussion of particular embodiments. The examples are intended to be merely illustrative and not limiting to the scope of the present invention.

[0104] Steganography is the art of writing in cipher, or in characters, which are not intelligible except to persons who have a cryptographic key. In computer terms,

I

-22steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (for example a .wav or .mp3) or even a video file.

[0105] Like many security tools, steganography can be used for a variety of reasons.

Legitimate purposes can include watermarking images especially in copyright and trade mark material. Digital watermarks (also known as fingerprinting, especially in copyright material) are similar to steganography in that they are overlaid in files, which appear to be part of the original file and are thus not easily detectable by the average person.

Steganography can also be used as a way to make a substitute for a one-way hash value (where one takes a variable length input and creates a static length output string to verify that no changes have been made to the original variable length input). Further, steganography can be used to tag notes to on-line images (akin to post-it notes attached to paper files). Finally, steganography can be used to maintain the confidentiality of valuable information, that is to protect data from possible sabotage, theft, or unauthorised viewing by a person.

[0106] In a particular form, an embodiment confirms that an image has not been altered and is original since released by the author and provides a method to encode information into an image without any noticeable change to the image.

[0107] In a further form, an embodiment provides a way to decode information stored within an image resulting from decoding software (for example an Internet browser plugin) directing the user to a predefined location. The "plug-in", also referred to in part as the Link-Image-Decoder (LID) application, decodes an encoded image, hereinafter referred to as a "link image", validates the link image's integrity and directs the user to a pre-defined location using an associated hyperlink.

r0108] Link Image Encoder (LIE) -23- [0109] Referring to Fig. 7, a server-side system 700 is illustrated. Image encoding server LIE server 700) may be embodied as the processing system 100. LIE server 700 houses a Link Image Encoder (LIE) 710 which is a software application. The LIE 710 encodes an original image 720 rendering the original image 720 decodable by the LID 810 software. The process includes: An original image 720 is submitted, via a network 725, to the LIE 710 along with link information 730; The LIE 710 identifies the suitability of the original image 720 to be encoded; The LIE 710 analyses and/or encodes the original image 720 using encoder module 727 and generates a mathematical summary, in a particular embodiment being an image hash file, herein termed a reference image file 740, of the original image 720 based on the image's pixels and/or other properties; The reference image file 740 and link information 730 are then encrypted into ciphertext 750 (base code) using encoder module 737 (which may or may not be the same as encoder module 727); The original image 720 is encoded with the ciphertext 750 using encryption key 745 and encoder module 757 (which may or may not be the same as encoder modules 727, 737) and the process of steganography; The resulting encoded image, that is the link image 770, can be stored and visually appears the same as the original image 720 to the naked eye; The link image 770 can then be transmitted or retrieved, for example via network 725, for general use, such as on a web-site or in an electronic document, email, etc..

[0110] The process of combining the ciphertext 750 and the original image 720 using steganography uses a secret encryption key 745 which is located elsewhere and loaded at session time in both the LID 810 and LIE 710, symmetric encoding is performed between the original image 720 and ciphertext 750 using steganography. The resulting encoded image 770 is output ready to be used/deployed.

r0o1111] Link Image Decoder (LID) -24- [0112] Referring to Fig. 8, a client-side system is illustrated. A terminal houses a software application 800, for example the software application 800 may be a web browser. The software application 800 includes a software component being the Link Image Decoder (LID) 810, which may be incorporate with the software application 800 for example as a plug-in for a web browser, or may simply be interoperable with the software application for example as a stand-alone piece of software.

[0113] The LID 810 analyses each identified image 805 loaded into the software application 800, for example via network 815, the LID 810 identifies which links to identified images 805 contain valid link images 770 and which links to images do not at step 817. This is achieved by looking for identified images 805 which contain unique pixel values which are found only in link images 770 which use the LIE 710 encoding process.

[0114] If the LID 810 determines that the identified image 805 is not a link image 770 at step 817, then the identified image 805 may be rejected 820 and the decoding process ended 827, or the identified image 805 may be used by the software application 800 with a warning or notification 829 given to the user. For example, identified image 805 may be displayed in a search results list as an altered image 830, eg. highlighted or shaded, to indicate it is an unsecured or non-authenticated image. In one particular form, the LID 810 could superimpose a colour over or around images 830 and/or image links, for example translucent red on images links which are not link images 770 and green over images which are valid link images 770, or simply some other type of notification or warning.

[0115] When a user selects an identified image 805 which appears to be a link image 770 encoded by the LIE 710, the LID 810 can carry out the following steps: Decode, using decoder 840, the identified image 805, which has been determined to be a link image type, using a steganography engine and built-in decryption key 845, to obtain the original image 720 and ciphertext 750; Process the decoded identified image 805 the original image 720) using encoder 845 to generate a second reference image file 850; Decode the ciphertext 750 using decoder 855 into a first reference image file 740 (being the reference image file 740 from Fig. 7) and link information 730; Verify the first reference image file 740 is the same as the second reference image file 850 at step 860; If the LID 810 using comparison component 860 determines that the first reference image file 740 and second reference image file 850 are not the same, then the original image 720 may be rejected 870 and the authenticating process ended 875, or the original image 720 may be used by the software application 800 with a warning or notification 879 and the original image 720 may be displayed in a search results list as an altered image 885 to indicate it is an unsecured or non-authenticated image; If all previous steps are successful, including that the first reference image file 740 and second reference image file 850 are the same, them the LID 810 can instruct the software application 800 to use the obtained link information 730, for example a web browser could then load the resulting link information 730 associated with the original image 720.

[0116] In this particular form, the steganography process used means that the cipher can only be revealed if the correct key is used. There is no "look ahead", i.e. the process of the LID or any steganography decoding tool works as the image needs to be decoded before the cipher can be revealed. This process takes a certain amount of time. Even if the cipher can be discovered, the next challenge is to decrypt the cipher encryption formula. The strength of this encryption can be very high as the link information should be a relatively small amount of text. If the cipher is discovered, then a hacker would know the process used to generate the image by steganography, in this case, although the hacker would not be able to read the cipher, the hacker would know to what link it connected. An additional process of combining the image hash with the cipher would add yet another layer of protection.

[0117] Hence, in one particular form, it is possible to utilise: an image processed and encrypted into a hash file, or alternatively any other suitable type of encrypted or compressed image file; hash and link information then encrypted into ciphertext; and ciphertext encoded into an image using a steganography process which is also encoded with a secret key. Thus, there may be three layers of protection, each of which are as secure as the encryption level chosen, for example SSL 128 bit, etc.. A person (for -26example a hacker or coder) would need to decrypt each stage before the data could be entered into the next stage.

[0118] The decoding process is preferably performed on a user terminal. The skilled person may ask: if the LID takes the information it decodes from a link-image and decrypts that information to resolve the ultimate instruction, why use steganography at all? Although not an essential feature generally, an embodiment makes use of steganography.

Using steganography to encrypt information in the present manner is unique in its own right and also provides another layer of security.

[0119] The skilled person may also ask: if the LIE is an application in the public domain then is it possible that the encoding process would be more susceptible to reverse engineering or hacking techniques making the process less secure? I.e. if one has an encoded image and a decoded image, and one has the LIE, would it be an easier brute force hack than if the LIE was an application running based on a submission server which receives images, encodes and redeploys? In answer to this, a symmetric encoding (public and private key) is not needed as the LIE and LID have the required session generated keys and in part the encryption algorithm built into the applications. Therefore one is free to use symmetric encoding without worry as one does not need to communicate the one key.

[0120] Secure Link Image Director (SLID) [0121] In a further non-limiting embodiment, a method or system is provided that can stop a validated link author from using the method or system. That is, in the case where links which have been validated by a user has in some way infringed terms of usage where the protocol of registering a visual image has been ignored.

[0122] The SLID is a server which operates directly with the LID plug-in on a user's terminal. The SLID is a server on the Internet which operates much like a DNS server as follows. When a user has selected a valid link image, the LID sends the link request to the SLID server. The SLID server looks up the link request against its database and verifies that the client/user who holds the rights to the link is valid and authorised to use the link.

-27- Once confirmed, the SLID server sends an acceptance to the user LID to link onwards.

Information sent/received using a SLID server may not necessarily be link information, i.e.

a cipher which corresponds to a link account on the SLID could be used. For example, when the LID sends information to the SLID server, the information could be 10101001010 which could mean it is requesting a link which that code represents. The SLID server would then return the correct link address.

[0123] With such a process several features are available, including: a link image owner may update a link to an alternative web-site by having the SLID server provide alternative link information; an administrator can deactivate a link image account holder or redirect a link image to any location; and information regarding the user, user's IP address and other source material is known to the SLID server.

r0124] LIE server [0125] The LIE server can be located in the public domain allowing a client/user to access his or her account and submit images to be encoded by the LIE process to a predefined link. A client may have one or more links which have been authorised to an account, allowing a client to select the links the client wants to encode to which images.

[0126] The appearance of the LIE interface could operate on the basis of a simple link inbox, i.e. it may be a folder which has an inbox and an outbox. For example, IN www.companv.com and OUT www.Compan.com. The client/user could drop images to the inbox and the LIE would encode these images with the corresponding link and copy the resulting encoded image to the outbox.

[0127] Alternatives, such as tools which monitor a client's web-site could also be used.

For example, the LIE could be adapted to monitor a web-site and if a new image is detected on that web-site the LIE could copy and encode the new image. A client's account in the LIE could be managed via a secure web interface, the process could be accessed via https SSL type secure protocol with a username and password required to access and manage link image production. If used, the SLID server could also use a similar https SSL.

I

-28- A public private key system for exchanges of information between the LID and SLID could be used and internal keys built within the LID and SLID systems could allow users connecting to the SLID to not require a password.

[0128] This also allows use of an image as a digital certificate for use in secure sessions between terminals.

[0129] Verifying the Identity of a User by Authenticating a File [0130] Referring to Fig. 9a, there is illustrated a method 900 of verifying the identity of a user by authenticating a file 905. As a result of actions by the user, file 905 is provided to terminal 910 as an encoded file 915. Encoded file 915 includes file 905 and link information 920. The user may provide encoded file 915 to terminal 910 as a file that has been previously encoded, or alternatively, the user may provide file 905 and/or link information 920 to terminal 910 so that terminal 910 can encode file 905 and link information 920 to produce encoded file 915. Thus, encoded file 915 may be produced externally or internally with respect to terminal 910. Similarly, encoded file 915 may be produced, generated or obtained by a peripheral device (not illustrated) associated with terminal 910.

[0131] Encoded file 915 is transmitted by terminal 910 over network 925 to be received at processing system 930. Processing system 930 may be a server as hereinbefore discussed with reference to Fig. 1. Terminal 910 need not, but may, store a local copy of encoded file 915, file 905 and/or link information 920.

[0132] After processing system 930 has received encoded file 915, processing system 930 decodes, using software resident on processing system 930, encoded file 915 to obtain decoded file 905 and link information 920. Link information 920 is used to retrieve a registered file 935 from a storage device 940, for example from a database housed in a storage device. Link information 920 is a unique file location indicator so that registered file 935 is uniquely identified by link information 920. Storage device 940 may be local or remote to processing system 930. Registered file 935 is obtained by or received at -29processing system 930. In a particular example, storage device 940 may be part of processing system 930. Registered file 935 may, but need not, be stored on storage device 940 in an encoded format.

[0133] Processing system 930 performs a comparison 945 between decoded file 905 and registered file 935 to check if file 905 and registered file 935 are identical. Based on the result of comparison 945 an authentication response 950 is generated by processing system 930 and transmitted to terminal 910. Authentication response 950 indicates whether the decoded file 905 is identical or not to registered file 935. If the authentication response 950 is positive, that is decoded file 905 is the same as registered file 935, then this is indicative that file 905 provided by the user is authentic and the identity of the user is assumed to be verified. Terminal 910 may then proceed to perform certain actions as a result of authentication response 950 received from processing system 930. Authentication response 950 may be transmitted to terminal 910 via network 925, or via any other alternate network or means.

[0134] Referring to Fig. 9b, there is illustrated an alternate method 1000 of verifying the identity of a user 1010. Once encoded file 915 is obtained and passed to terminal 910 all subsequent steps can be the same as previously described in respect of Fig. 9a. However, in method 1000, memory device 1020 is utilised to provide encoded file 915 to terminal 910. Memory device 1020 stores link information 920. User 1010 causes file 905 to be received, obtained or generated by memory device 1020. In a preferred form, memory device 1020 is a portable memory device and is carried by user 1010. User 1010 can then associate memory device 1020 with terminal 910 to provide encoded file 915 to terminal 910.

[0135] Memory device 1020 may be associated with terminal 910 in a variety of ways, for example by attaching memory device 1020 to terminal 910, or associating memory device 1020 with terminal 910, for example if memory device 1020 and terminal 910 are provided with wireless communication means. Link information 920 may, but need not, be stored on memory device 1020 in an encoded format. Thus, encoded file 915 can be a variety of combinations of file 905 and link information 920 in encoded forms or otherwise.

[0136] File 905 can actually be produced by memory device 920. For example, user 1010 could interact with memory device 1020 to cause file 905 to be produced by memory device 1020. Alternatively, file 905 could be received by a peripheral device in communication with terminal 910 while link information 920 is stored on memory device 1020, so that encoded file 915 is produced at terminal 910 which combines link information 920 from memory device 1020 and file 905 from the peripheral device.

[0137] In another embodiment file 905 may be additionally encoded prior to further encoding together with link information 920, to provide a first reference file. Registered file 935 may also be encoded to provide a second reference file. Thus, at comparison step 945, the comparison is between the first reference file and the second reference file, that is, between the file 905 in encoded format and registered file 935 also in encoded format. For example, the first reference file and the second reference file may be image hash files.

[0138] The file and the registered file can be any type of file as hereinbefore discussed.

For example, the files may be image, audio, video, text, executable, data and/or document types of files.

[0139] Preferably, but not necessarily, file 905 and registered file 935 are image files and the images are biometric images related to user 1010. For example, the biometric images may be wholly, part of, or related to, a fingerprint of user 1010, and eye or retina image of user 1010, and/or a facial image of user 1010. This can be achieved if memory device 1020 or another peripheral device associated with terminal 910 is provided with imaging hardware, for example a form of camera or video, able to obtain such biometric images from user 1010. For example, memory device 1020 may be a USB key provided with a fingerprint imaging component. Thus, when user 1010 associates memory device 1020 with terminal 910 user 1010 places a finger on memory device 1020 so that a fingerprint image is obtained as file 905.

[0140] Prior to using memory device 1020, user 1010 registers the memory device 1020 so as to submit registered file 935 and produce link information 920 to be stored on memory -31device 1020. For example, when initially being provided with memory device 1020, user 1010 may be required to submit a fingerprint image using memory device 1020 which is stored as registered file 935 on storage device 940. The location of registered file 935, being link information 920, is then securely, and possibly in an encrypted form, stored on memory device 1020.

[0141] After authentication response 950 has been received at terminal 910 a variety of actions can be taken. For example, if terminal 910 is a PC, then user 1010 may be provided with access to a digital wallet/safe via terminal 910, which will be discussed hereinafter. Access to the digital wallet/safe may only be provided if authentication response 950 indicates that user 1010 is verified. For example, if file 905 is a fingerprint image which matches registered file 935 also being a previously provided fingerprint image.

[0142] In other forms, terminal 910 may be an ATM or POS machine, which if the identity of the user is verified, can then allow user 1010 to proceed to conduct a transaction using the ATM or POS machine.

[0143] Software resident on processing system 930 is preferably provided to achieve steps performed by processing system 930. Steps performed at terminal 910 may also be provided by resident software, for example plug-in software for a web browser.

[0144] In a particular embodiment, use is made of: a memory storage device (for example a USB key or other portable memory storage device); a terminal; and file for authentication which indicates user verification, for example using biometric information, PIN, QR code, hologram, etc.. Additionally, in a particular form, a digital wallet/safe can be accessed after user verification.

[0145] In a further embodiment linked to a plug-in program, a user, for purposes of security, may seek to have details such as personal and financial information embedded in an encrypted "cyber space capsule". This secured capsule or "digital wallet/safe" can only be accessed after user verification.

1 32 [0146] User verification can rely on using a memory device containing, receiving, generating or obtaining a file which is to be authenticated. Preferably, this file is obtained by the owner submitting a fingerprint for scanning by an image capturing device associated with the memory device and/or a terminal with which the memory device associates. A fingerprint could be submitted by using a biometric USB secured flash device which employs a fingerprint sensor in the memory device. Additionally or alternatively, a specific PIN number known only to the user may be required. This PIN may also be encrypted using an image or as text for additional security.

[0147] A particular embodiment uses a file which is a specially created image which, although text only is possible, is authenticated using the methods/protocols discussed herein. Hence, although a person's PIN may have been discovered, it cannot be utilised without the actual memory device, and if so included, the required biometric fingerprint which is peculiar to the owner. This prevents unauthorised access to the digital wallet/safe or other services, such as an ATM or POS machine.

[0148] Referring to Fig. 10 there is illustrated an example USB key 1030 which may be utilised as memory device 1020. USB key 1030 includes fingerprint sensor 1035, finger metal static protector 1040 and protective sensor cover 1045. USB key 1030 can also include an LCD panel 1050 for displaying digits and pass/fail LEDs for fingerprint entry 1055. A status LED 1060 for fingerprint entry can also be provided. Button i065 can display digits on LCD panel 1050 when pressed. G-USB connector 1070 is also provided.

A protective cap 1075, possibly also with a logo plate 1080, may additionally be provided.

[0149] Referring to Fig. 11, a particular form of registration process 1100 is illustrated.

Upon receipt of USB key 1030 a user is required to submit a fingerprint image 1105 using USB key 1030. Fingerprint image 1105 is encoded using an encoder 1110, which may either be resident on USB key 1030, ifUSB key 1030 is provided with a form of processor, or encoder 1110 may be resident on a terminal associated with USB key 1030, or still furthermore, encoder 1110 may be resident on a remote server which receives fingerprint image file 1105 via the terminal. Fingerprint image 1105 is encoded by encoder 1110 to

I

33 produce second reference file 1115 which is stored on storage device 1120. Second reference file 1115 may be an image hash file of fingerprint image 1105. The location of second reference file 1115 is stored as link information 1125 on USB key 1030. Link information 1125 may be stored in encoded format.

[0150] Referring to Fig. 12, there is illustrated a user verification method 1200 which can be performed after registration process 1100. User holds USB key 1030 and when the user desires to use a terminal the user associates USB key 1030 with the terminal. Link information 1125 has previously been stored on USB key 1030. The user is required to submit a fingerprint image 1205 which can be provided using USB key 1030. Fingerprint image 1205 is encoded by encoder 1210 to produce a first reference file 1220. The first reference file 1220 and link information 1125 are then encoded again by encoder 1215 to produce cyphertext 1225. Encoders 1210 and 1215 may reside on USB key 1030 or the terminal. Cyphertext 1225 is transmitted via a network 1230 to a server 1235.

[0151] At server 1235 decoder 1240 decodes cyphertext 1225 to obtain first reference file 1220 and link information 1125. The decoded link information 1125 can then be used to retrieve the previously stored second reference file 1115 from a storage device 1120 which may or may not be local to server 1235. Comparison step 1245 is then performed by software resident on server 1235, or an associated server, to compare first reference file 1220 with second reference file 1115 from which an authentication response 1250 is produced. If first reference file 1220 is the same as second reference file 1115 authentication response 1250 can indicate a match which confirms that the fingerprint image 1205 submitted by the user is the same as the fingerprint image 1105 previously registered by the user during registration process 1100.

[0152] In the methods 1100 and 1200 a user's fingerprint image is only stored on a secure storage device 1120 in an encoded format as second reference file 1115, thereby avoiding concerns about a user's fingerprint image, or any other biometric information utilised, being freely available. Furthermore, a user's fingerprint image does not need to be stored at the terminal associated with the USB key 1030, for example which may be an ATM or

I

-34- POS machine, thereby avoiding concerns that a user's fingerprint image may be held or stored by a bank or financial institution.

[0153] Digital Wallet/Safe [0154] In a particular embodiment, the creation of a digital wallet, digital safe or a digital vault, which can house important documents such as bank PINs, bank statements, etc., provides a "digital haven" or "cyber virtual office". PINs provided by a bank or financial institution (card provider) should not need to be as closely guarded as presently required because an owner's fingerprint (or other type of file or biometric information) provides an additional safety net. The same PIN could thus be used for different purposes.

[0155] For example, as the digital wallet is accessed on a computer terminal it can show the existence of credit cards on the terminal screen which can later be used in a drag and drop function when making online purchases or transferring funds from one account to another. Another feature allows for all monthly statements to be delivered to an indicated email address (a special email address which only goes to a user's digital wallet/safe) and are available to be viewed with full personal security after opening the digital wallet/safe.

This feature also has the potential to eliminate massive postage costs to the multitude of global credit providers and banks who send out millions of invoices each month. This feature also allows a user to view daily balances, payments, receive prompts when payments are due, sort and view a statement many months old in files just like a normal office, or under headings or time periods. For example, various documents could be filed under government bodies, such as councils, car lease payments, power bills, Tax office records, etc..

[0156] To access the digital wallet/safe particular options may use a biometric information registration process and biometric information access. A biometric USB can be solely used to. access the digital wallet/safe, as hereinbefore discussed, or alternatively a usemame and/or PIN can also be required, which may have been sent to the user by email, mobile phone SMS and/or surface mail.

[0157] Following are presented some different digital wallet/safe login options. The options can be used singularly or in any combinations, eg. USB device with biometric pad for fingerprint and Security Access Module (SAM) with LCD screen for numerical access, either individually or in combination. Three alternate options of accessing and using the digital wallet/safe are presented, which are used together with the file authentication protection, where a file could be processed and encrypted into a hash, the hash and link then being encrypted into ciphertext and the ciphertext encoded into a file using a steganography process which is also encoded with a secret key. A hacker would need to decrypt each stage before the data could be used in the next stage. Then, after following the various steps of having any files confirmed (the hashed file is embedded in the memory device which can self erase if tampered with rendering the data useless and indecipherable) the user makes a secure connection to his/her digital wallet/safe. In one example this could require keying in a random generated number as an additional level of security on a session by session basis.

[0158] In a particular example, secondary authentication can be utilised which is described as follows: there is a process of two pass authentication used to provide a higher level of security between parties. In this process the first device identifies itself to the other party, who in return possesses a question/query to which only the two parties know the answer, provided the first party responds with the correct answer, the process progresses to the next phase. In two pass authentication a second message is transferred to further validate the link on the basis of there being a compromise to the first pass authentication process.

[0159] Typically, in a process of multiple pass authentication, in the first and second pass, the process passes a unique User Identification and a password, this is now being followed up a by a third process or authentication using the technical process of a Security Access Module (SAM). Here a solid state device embedded with a partial algorithm and keys generates a number which the user enters into the system for verification. This device is owned and distributed by the issuing authority and is tamper proof. It provides a second pass authentication process. This type of second pass authentication process could be utilised in an embodiment of the present invention.

-36- [0160] In a particular example, logging on uses a USB device with a biometric sensor and LCD screen. The process in the first step when using the USB storage device only opens the digital wallet/safe after authenticating the fingerprint using a sensor, which requires the additional verification of the fingerprint image on the USB device being matched with a reference fingerprint image, for example stored remotely in the digital wallet/safe of the bona fide user/owner.

[0161] Once the first steps are verified, the digital wallet/safe opens to reveal all of the various cards and/or bank account. A drop down menu can detail each account or card by its number with only the last 4 or 6 numbers shown. The user clicks on the relevant number which hyperlinks to the home-page/web-site of the bank/card processor. The website can then be authenticated by confirming that the visual image/logo of the bank presented at the web-site is in fact at the correct URL address using the authentication methods hereinbefore described. The user is then considered logged in and presses a button on a presented URL pad and a generated random number appears on screen, which is only valid for the current session. The user keys in the random number and is granted immediate access.

[0162] The following provides various non-limiting options for logging on: Option 1, uses USB biometric registration and the SAM numerical access described hereinbefore.

Option 2, uses the USB biometric registration alone where a fingerprint image is held.

Option 3, uses a SAM alone in which the user logs into a bank's web-site, a plug-in process allows verification of the URL address, the user enters a username and password, then the SAM, generates a number which the user enters into the system for verification.

This device can be owned and distributed by the issuing authority and is preferably tamper proof or resistant. It provides another authentication process.

Option 4, uses a username and PIN which has been sent by mobile or cellular phone and/or surface mail.

-37- [0163] Referring to figs. 13 19, various aspects of a user's interaction with a digital wallet/safe are now described. Fig. 13 illustrates certain functions of a plug-in for a web browser. Plug-in 1300 allows user 1305 to interact with a website 1310, for example via mouse pointer 1315. Website 1310 may contain images 1320 and 1325. Images 1320 and 1325 can be checked for authenticity using methods hereinbefore described which may be embodied as software resident on server 1330. For example, image 1320 is shown as an image which has not been authenticated but is still displayed to user 1305 via website 1310.

[0164] Fig. 14 illustrates various functions of a digital wallet/safe application provided as a plug-in 1300 and accessible after the identity of user 1305 has been verified so that user 1305 is logged in to digital wallet/safe 1300. Contents of digital wallet can be contained on server 1420, which may be the same as server 1330. When user 1305 signs-up to the service, user 1305 may be asked to provide a user name and mobile telephone number at step 1425. Digital wallet 1410 can interact with a bank's web-page 1430 provided by bank 1440.

[0165] Referring to Fig. 15, plug-in 1300 may also be utilised in the situation where server 1420 communicates directly with bank system 1440. Referring to Fig. 16, digital wallet 1600 can provide access to credit card accounts, for example Visa 1610, AMEX 1620 and MasterCard 1630 accounts. Server 1420 can communicate with Visa system 1640, MasterCard system 1650 and/or AMEX system 1660, for example via processing company system 1670.

[0166] Fig. 17 illustrates a further embodiment for fingerprint authentication for entry to the digital wallet plug-in 1300. Using USB key 1700 user 1305 can attempt to login to digital wallet 1300 with access confirmed or denied by server 1420. Server 1420 can provide an authentication response, for example being provided via a mobile service provider. Server 1420 may provide a alphanumerical key, for example a random number, which is provided to user 1305, for example via a mobile service provider as an SMS to the user's mobile or cellular phone. Additionally, this number could be required to be entered into a terminal for access to the digital wallet/safe 1300.

-38- [0167] Referring to Fig. 18, various steps of an online purchase process are illustrated.

User 1305, having logged onto digital wallet 1300 may interact with merchant site 1800.

Merchant site 1800 can provide a "visual shopping certificate" 1810 which may be a form of file or image to be authenticated by the methods as hereinbefore described. If authenticated, the visual shopping certificate indicates to user 1305 the authenticity of merchant site 1800.

[0168] Referring to Fig. 19, when user 1305 desires to login to digital wallet/safe 1300, user 1305 may be required to insert a user name 1910 and a PIN 1920. User name 1910 and/or PIN 1920 can be provided to server 1420. Successful submission of user name 1910 and PIN 1920 together with file authentication, can allow user 1305 access to digital wallet/safe 1300.

[0169] In one form, the login steps are: 1. User logs in to digital wallet/safe (user opens wallet/safe after activating plug-in access). Biometric USB device inserted. Access provided or denied according to verification of user result.

2. Digital wallet/safe connects to Authentication/Verification server.

3. Logged in digital wallet/safe changes colour status OK.

3a. Digital wallet/safe opens with pre-authorised/updated credit cards shown.

3b. Digital wallet/safe requests cards up-date from A/V server.

3c. A/V server transmits updates or card status to processing company.

3d. Processing company links with individual cards.

3e. Processing company replies to AN server.

3f. A/V server up-dates digital wallet/safe.

4. Logged in digital wallet/safe changes colour or other audio/visual effect status OK. Digital wallet/safe opens with pre-authorized up-dated credit cards.

4a. Digital wallet/safe requests card up-date with A/V server.

4b. A/V server transmits up-dates or card status to processing company server.

-39- 4c. Processing company server links with individual cards.

4d. Processing company server replies to A/V server.

4e. AV server up-dates digital wallet/safe. Status of individual cards up-dated in the digital wallet/safe.

5. Merchant runs digital wallet/safe gateway.

Merchant server connects to A/V server.

Merchant server web-site) online for transaction.

[0170] The online purchase process steps can be summarised as: 1. User shops at merchant site (or at bank).

2. User selects to pay or transfer via digital wallet/safe.

3. User goes to check out/transfer.

4. Merchant server sends list of items, costs and merchant's ID to A/V server for shopping certificate.

5. A/V server receives request.

6. A/V server issues visual shopping certificate sends file or image).

7. Merchant site displays visual shopping certificate with notice, for example "Please drag and drop certificate onto your digital wallet/safe".

8. User drags and drops visual certificate onto part of digital wallet/safe, eg.

Visa icon.

9. Details of purchase items, vendor and amount displayed on the digital wallet/safe bar paying using Visa.

User verified.

11. A/V server verification user data and visual certificate sent to A/V server as intention to buy server receives BUY intention for merchant items.

12. Credit confirm A/V server request to processor server (eg. bank server) for payment confirmation.

13. Payment approval processor server replies APPROVED or NOT APPROVED to A/V server.

14. A/V server sends merchant notice that user has been approved and to confirm payment.

Purchase confirmation merchant user shops at merchant site clicks YES to confirm payment of $X from digital wallet/safe user selects YES or NO.

16. Purchase confirmation user user clicks YES payment confirmed.

17. Merchant approval merchant server transmits data to A/V server informing user confirmed on the purchase.

18. Processor deduction A/V server confirms purchase deduction provides merchant's record information.

19. A/V server sends user notice of payment.

Merchant receipt merchant issues receipt to user. Paid via digital wallet/safe.

[0171] In a further specific embodiment related to the logging in procedure, and to avoid the possibility of a person having acquired illegal documents, ID cards, etc., of Mr X, then going to a bank and saying "I have lost my PIN, but here are my ID details, I am Mr X, I would like a new PIN and USB key", certain confidential data known only to the original applicant and the bank could have been retained as part of the original application/registration process. This information can be exchanged from the source location by cryptographic methods, eg. secure quantum cryptography. However, it is to be understood that many other uses of quantum cryptography may be employed by other functions, features, methods and e-commerce procedures.

[0172] In a further embodiment, a "virtual office" may be created for commerce or peerto-peer exchanges of correspondence, whereby a company having accounts with many suppliers or contractors can have dedicated accounting or correspondence systems in place using the security systems/methods of embodiments of this invention, for example in company to company, government to government, accountant to client, and the like situations.

[0173] A company's accounts can be paid or invoices received at the digital wallet/safe.

Internal security personnel are engaged to handle the payments etc. and the knowledge of bank balances and cash movement is performed at one point because the wallet/safe is opened only by the nominated officers. An index of suppliers or contractors can be detailed -41or indexed, for example in alphabetical order or by a logo visual image or other means of ID, and accessed by a mouse click. There is no need to log onto several banks or client web-sites to attend to different accounting matters.

[0174] Each supplier/contractor would have its own unique identity. At the registration/formation stage, each company, lawyer, accountant, etc., is provided with an email address to which all invoices and notices are sent. Any of the security technologies detailed herein may be utilised. This provides companies the ability to reduce accounting and postal costs whilst enjoying high level security and a user friendly system of mail exchange.

[0175] ATM POS Applications [0176] There is much concern with fake credit and debit cards, and people stealing ID details of cardholders at ATM's or other locations. To address these significant problems USB ports, or other similar types of memory device ports, are post-installed into, or provided with, ATM's and/or POS terminals in retail and other outlets. This technology is readily available to the person skilled in the art and ATM or POS manufacturers could install ports on all new terminals.

[0177] In this application, a user desires to use an ATM or POS terminal. Previously, a rogue having obtained a user's PIN number, and either the user's own card or a specially created card, could key in the PIN and obtain money or goods pretending to be the authorised user because the processor or processing procedure checks the PIN and nothing else is required.

[0178] In this embodiment, when the card is provided, the computer recognises the card but requires some other means of identification. Moreover, the user need not provide a card at all. The user engages a portable memory device, for example a USB device with the ability to read certain biometric information such as a user's fingerprint, with the ATM or POS terminal and the biometric encrypted data, which may be under-laid/hidden on the device, is subsequently used to verify the identify the user. In one form, the user provides a -42fingerprint to the USB device which seeks to verify the fingerprint by comparison with a remotely stored reference fingerprint image. If verified, the transaction can proceed, if not verified the transaction is rejected.

[0179] Preferably, the biometric data, for example the fingerprint data, is stored only on the USB device for file authentication purposes, or may not be stored on the USB device at all, but merely transmitted to the remote server as an encoded file. Thus, the user is not required to lodge his/her fingerprint with a bank/processor, thereby allaying fears of his/her fingerprint being in open circulation, stored in various databases or used in another unintended manner.

[0180] To create a reference file, the user places his/her fingerprint on a fingerprint sensor pad of the memory storage device when it is received (or similarly provides some other biometric information such as a retina image), in effect being the same as signing a credit card immediately upon its receipt. It is suggested that two fingerprints be entered onto the sensor pad, one from each hand. The bank can be provided with information to make a satisfactory link to a user's stored fingerprint image. Thus, it does not matter if someone obtains a user's PIN, they cannot secure a fingerprint easily.

[0181] In a further embodiment, the user verification and file authentication can be used on Internet phones, standard household landlines, mobile digital devices such as PDAs, cellular phones, etc., which are Internet enabled or able to be used for phone or Internet banking.

[0182] The invention may also be said to broadly consist in the parts, elements and features referred to or indicated herein, individually or collectively, in any or all combinations of two or more of the parts, elements or features, and wherein specific integers are mentioned herein which have known equivalents in the art to which the invention relates, such known equivalents are deemed to be incorporated herein as if individually set forth.

-43- [0183] Although a preferred embodiment has been described in detail, it should be understood that various changes, substitutions, and alterations can be made by one of ordinary skill in the art without departing from the scope of the present invention.

Claims (24)

1. A method for providing a digital wallet, the method including, in a processing system: receiving and processing authentication data using at least one first server to verify the identity of a user; if the user is verified, transmitting data from the at least one first server to an application residing on a terminal to enable a representation of contents of the digital wallet to be displayed to the user; and, communicating with at least one second server to update the contents of the digital wallet.

2. The method as claimed in claim 1, wherein the authentication data includes one or more of: biometric data; a PIN; a username; and a password.

3. The method as claimed in either claim 1 or 2, wherein at least part of the authentication data is stored in or generated by a portable memory device.

4. The method as claimed in any one of the claims 1 to 3, wherein verification of the identity of the user requires the user to further use a Security Access Module to obtain a generated number which the user then causes to be transmitted to the at least one first server. The method as claimed in any one of the claims 1 to 4, wherein two pass authentication is used to verify the identity of the user.

6. The method as claimed in any one of the claims 1 to 5, wherein at least part of the contents of the digital wallet are updated using data in an email received by the at least one first server.

7. The method as claimed in any one of the claims 1 to 6, wherein the contents of the digital wallet include at least one of: a bank statement; a bank account details; a credit card account details; a bill; an invoice; and a reminder.

8. The method as claimed in any one of the claims 1 to 7, wherein'at least part of the contents of the digital wallet are displayed as visual icons that can be dragged and dropped to initiate at least one of: a payment; a transfer of funds; and a purchase.

9. The method as claimed in any one of the claims 1 to 8, wherein the display of the contents of the digital wallet by the application can be ordered by at least one of: date; alphabetically; organisation name; and category. The method as claimed in any one of the claims 1 to 9, wherein the application is a web browser plug-in.

11. The method as claimed in any one of the claims 1 to 10, wherein the contents of the digital wallet are stored on a storage device associated with the at least one first server.

12. The method as claimed in any one of the claims 1 to 11, wherein the at least one second server is a bank server, merchant server, financial processing company server or the like.

13. The method as claimed in any one of the claims 1 to 12, wherein the application allows the user to selectively access a web-site using a hyperlink contained within the digital wallet.

14. The method as claimed in claim 13, wherein an image on the web-site is subjected to an authentication process. 46 The method as claimed in any one of the claims 1 to 14, wherein a visual shopping certificate displayed on a merchant web-site is able to be dropped on an interface of the application to effect a payment using the digital wallet.

16. The method as claimed in claim 15, wherein the visual shopping certificate is subjected to an authentication process.

17. The method as claimed in any one of the claims 1 to 16, wherein a random number is generated and displayed to the user and the user is required to input and transmit the displayed random number as part of the authentication data before the user is verified.

18. The method as claimed in claim 1, wherein verification of the identity of the user includes the user having caused a file to be provided to the terminal and the file having been encoded together with link information to produce an encoded file, the method further including the steps of, in the processing system: receiving the encoded file; decoding the encoded file to obtain the file and the link information; retrieving a registered file identified by the link information; comparing the file to the registered file and generating an authentication response based on the comparison; and, transmitting the authentication response to the terminal, the authentication response indicating whether the identity of the user is verified or not.

19. The method as claimed in claim 18, wherein the link information is obtained from a portable memory device in communication with the terminal, the portable memory device storing the link information. The method as claimed in claim 19, wherein the file is produced by the portable memory device. 47

21. The method as claimed in any one of the claims 18 to 20, wherein the file and the registered file are image files and the images are biometric images related to the user.

22. The method as claimed in claim 21, wherein the biometric images are of at least part of one or more of the group of: a fingerprint of the user; an eye of the user; a handprint of the user; DNA of the user; and the face of the user.

23. The method as claimed in claim 20, wherein the portable memory device is a USB key provided with a fingerprint imaging component.

24. The method as claimed in claim 1, wherein verification of the identity of the user is by authenticating a file, the method further including the steps of: receiving the file at the terminal; encoding the file together with link information to produce an encoded file; transmitting the encoded file to a server, the encoded file being decoded at the server to obtain the file, the file being compared to a registered file identified by the link information, and the server providing an authentication response as a result of the comparison between the file and the registered file; and, receiving the authentication response at the terminal which indicates whether the identity of the user is verified or not. A computer readable medium of instructions for providing a digital wallet, adapted to: receive and process authentication data using at least one first server to authenticate a user; if the user is verified, transmit data from the at least one first server to an application residing on a terminal to enable a representation of contents of the digital wallet to be displayed to the user; and, communicate with at least one second server to update the contents of the digital wallet. I -48-

26. A computer readable medium of instructions for providing an interface to a digital wallet as claimed in claim 25, and adapted to: transmit authentication data to at least one first server to authenticate a user; and, if the user is verified, receive data from the at least one first server to enable a representation of contents of the digital wallet to be displayed to the user.

27. The computer readable medium of instructions as claimed in claim 25 or 26 and adapted to provide the method of any one of the claims 1 to 24.

28. A method for providing a digital wallet, substantially as hereinbefore described with reference to the accompanying figures.

29. A computer readable medium of instructions for providing a digital wallet, substantially as hereinbefore described with reference to the accompanying figures. DATED this 16 th day of February, 2006 RONALD NEVILLE LANGFORD By His Patent Attorneys DAVIES COLLISON CAVE