Title of Invention	BIOMETRIC ASSISTED SYSTEM FOR SECURE OPERATION OF A SECONDARY SYSTEM AND METHOD THEREOF
Abstract	The present invention provides a system and a method to provide biometric solutions for authentication and authorization of security systems to execute secured transcations. The present invention also provides a method to authenticate and authorise the security systems for executing the secured transations using biometric solutions. The system and the method of the present invention is also integrated with the known security systems to implement the authentication and authorization of transactions.

Title of Invention

BIOMETRIC ASSISTED SYSTEM FOR SECURE OPERATION OF A SECONDARY SYSTEM AND METHOD THEREOF

Abstract

The present invention provides a system and a method to provide biometric solutions for authentication and authorization of security systems to execute secured transcations. The present invention also provides a method to authenticate and authorise the security systems for executing the secured transations using biometric solutions. The system and the method of the present invention is also integrated with the known security systems to implement the authentication and authorization of transactions.

Full Text	INTEGRATED SECURITY SYSTEM FOR BANKING SERVICES USING BIOMETRIC SOLUTION Technical Field The present invention relates to a field of security systems wherein Biometric Solutions are used in integration with the existing available security systems to enable both authentication and authorization which are needed to complete the transactions. The present system also provides a method to authenticate and authorise the security systems for completing the transactions. Background and Prior art Organisations have historically managed rapid organic growth by proliferating application systems to support new products or services. Inorganic growth compounds the situation. These applications mostly have custom built information security management layer. Accessing the system is via passwords, pin numbers, user identifications etc hereinafter referred to as access codes. In these cases an employee in a large organisation needs to remember between 5 and 30 access codes. These need to conform to complex security policies, making them difficult to remember/ recall, which often leads to such information being written down on sticky notes or stored in unencrypted text files on employees' workstations. These activities more often than not, compromise information security by using the same access codes on all machines/applications leading to defeating the very purpose for which such elaborate security measures were brought into place in the first place. More ever, in certain instances, the access codes are a combination of very easily available personal details as the birthdays, anniversaries, telephone numbers etc., which makes accessing such protected information very easy. Statistics reveal that on an average an employee spends as much as 44 hours a year supplying user credentials to access just four applications. Furthermore, the more number of access codes imply an increased expenditure of IT resources on security administration - issuing access codes to new employees, revokmg those of former employees, and replacing/resetting the lost or forgotten access codes of current employees - resulting in poor turnaround times and mounting overheads. Companies with multiple-access code secured systems often attribute 25% or more of help desk calls to access code related issues. For a 10,000-person organisation, that translates into millions of dollars annually. Further, the user is inactive till the administrator resolves the access code issue, causing avoidable employee downtime. Maintaining the information security layer within each of the applications also diverts significant resources into building and maintaining the same fimction many times over which results in spiraling costs. Existing security systems used in Banking Financial Services and Insurance Sector is the Intellect ARMOR, which is an integrated, modular and customizable suite of Security Services providing Single Sign-On (SSO) to applications across technologies. ARMOR can be deployed in a very short time frame. ARMOR makes it easier for end-users, to securely sign-on to multiple applications through a friendly, browser-based front-end. It is specially designed to allow the user to securely access any browser based, desktop, Client-Server Based, Unix-based or Character / Green screen applications by means of a single User-ID and password combination. User authentication is done by means of a configurable, static password or by a single-use, dynamic password generated by a hardware device. ARMOR further supports role-based access control where one can define the applications as well as the underlying menus or fijnctions that a user can access according to the role in the organisation. ARMOR provides a single-point administration tool for the security administrator to create and manage multiple applications and users. It allows the administrator to assign passwords used by the applications such as relational databases and Unix hosts, thereby reducing the workload. Furthermore, ARMOR generates audit reports and logs sensitive events such as unauthorized login attempts/failures. Different combinations of the ARMOR components described above can be deployed interchangeably giving greater flexibility. For example, in the use of an ATM card to withdraw fimds from a bank account the Functional Architecture of Intellect ARMOR would be that the access code namely the PIN number is entered and if that is correct then the correct access code identifies/ certifies the authenticity of the owner of the bank account i.e. authenticates the person and allows access to complete the transactions for which the said access codes were punched in i.e. authorizes the said person to complete the transactions also. In the event of the wrong access codes being entered, the ARMOR short circuits the transactions and the said transactions are terminated. Intellect ARMOR is an integrated, modular and customizable suite of Security Services providing Single Sign-On (SSO) to applications across technologies. INTELLECT ARMOR makes it easier for end-users, to securely sign-on to multiple applications through a friendly, browser-based front-end. It is specially designed to allow the user to securely access any browser based, desktop, Client-Server Based, Unix-based or Character / Green screen applications by means of a single User-ID and password combination. User authentication is done by means of a configurable, static password or by a single-use, dynamic password generated by a hardware device. INTELLECT ARMOR provides a single-point administration tool for the security administrator to create and manage fiinction entitlements for application users. Hence information about what system resources and which application functions will be available to users is stored and controlled by Armor. INTELLECT ARMOR further supports role-based access control where one can define the applications as well as the underlying menus or functions that a user can access accordmg to the role of the person in an organisation. Different combinations of the INTELLECT ARMOR components described above can be deployed interchangeably giving greater flexibility. The Advantages of Intellect ARMOR is four-fold namely the facilitation of multiple usage, the single point administration to manage multiple applications, the lower cost of maintenance and the flexibility of use. Ease of use - ARMOR is designed for the end-user. It satisfies today's single sign-on requirements, enabling users to access multiple applications through a single screen -reducing the drudgery and wastage of entering one's credentials into multiple logon screens. Smgle-point administration- Administrators can manage multiple applications based on different technologies through a single point, thus lowering administration cost and employee downtime. Cost efficiency - Being a web-based system; ARMOR brings down the cost of maintenance, licensmg, scaling and upgrading diverse applications' security, thereby bringing down the overall technology cost. Flexibility - ARMOR is a highly flexible product that allows complete configuration of the password rules defmed within an organisation. It has the ability to integrate with third party authentication providers. It also allows automated password administration with applications and has a complete set of APIs to integrate easily with client applications running on diverse platforms like UNIX, NT and AS400. Architecture Highlights & Technology Environment The limitations of the Intellect ARMOR is the inadequate security support of the access codes which can be lost, easily cracked, forgotten, stolen etc. Existing technology in security systems using Biometrics is the use of Fingerprint Scanners, Facial recognition systems and Iris recognition systems. The word "Biometric" has recently been adopted by the information technology sector to refer to a field of technology devoted to the identification of individuals using biological and behavioural traits. For example, Iris recognition is used around the world for physical access control namely at the Sydney Olympic Games and at London's Heathrow Airport and is now also used to control access to IT systems. The system can be used to identify individuals as they log into a system, and to control access to programs, folders, documents, VPNs, and Web sites or individual pages. Potential applications mclude kiosk access, customer identification for contact centres, and online payments etc. Unlike fingerprint or face recognition, accuracy is unaffected by dirt, cuts, gloves, masks and so on, nor do spectacles or contact lenses present any problems. This technology however has not been merged with the existing security services in the field of Banking Services and that is the invention disclosed in this application. US 5,787,186 deals with biometric security procedure for manufacturing an identity document, such as an identity card, credit card, visa or passport using facial recognition. This is basically done by providing a nucleus of the identity document, the nucleus including personal data of a holder of the identity document and a face image of the holder, the computer carrying out an analysis of basic face features of the face image, comparing the basic face features with master/pattern features m a data base, wherein each master/pattern feature has a specific number; obtaining by the analysis a derived set of master/pattern features that corresponds to a characteristic synthetic image of the holder, the derived set of master/pattern features corresponding to a specific numeric code determined by the number of each of the master/pattern features making up the derived set of master/pattern features; and printing the specific numeric code by a printer connected to the computer, on an area of the identity document defmed as a code window, whereby the specific numeric code univocally characterizes the holder of the identity document. US6393139 deals with a security access method and/or apparatus that verifies both the user*s fingerprints and the fmgerprint entering sequence to determme whether an access can be authorized. By using both the fingerprints and the entering sequence as the access criteria, a highly secured device can be created using low cost commercial available components. us 6314401 deals with an invention that generally includes three principal components; namely, (1) a hand held transceiver for transmitting a voice pattern while moving (e.g., driving) past an (2) infra-red receiver array which receives the transmitted voice pattern, and a (3) speech enhancement and voice verification algorithm for conducting a comparison between the transmitted voice pattern and the registered voice patterns stored in the computer's memory. The processing computer will first recognize the spoken phrase, and then perform speaker verification using speech processing and comparing algorithms consisting of a speech recognizer and a vector quantification software classifier, ultimately sending a "pass" or "fail" signal to a control center computer based upon whether the speaker's voice pattern matches one of the voice samples stored in the computer's memory, respectively. US 6715674 deals with the Biometric factor augmentation method for identification systems. The most preferred method of augmenting an existing token-based identification system is to splice into a data stream transmitted from a token reader to a control panel such that an acquired token factor from a user is intercepted by a biometric identification, or authentication, system that is wedged in series at a splice in the data stream. When the token reader transmits a data stream, such as a Wiegand interface, to the control panel, the data stream is used by the biometric identification system to prompt the user to present an anatomical feature to a biometric reader. The biometric reader creates a biometric inquiry template that is transmitted to a biometric search engine, along with the acquired token factor, such as a PIN or barcode, to perform data match analysis against one or more enrolbnent templates associated with the acquked token factor. The search engine will either match an authorized user or reject an unidentifiable user. If there is a match, then the data stream is allowed to pass from the biometric reader to the control panel of the existing token-based identification system. The existing system does not otherwise need to be modified. The security of an Access Control System (ACS) can be greatly enhanced by this method of augmentation that, preferably, wedges an automatic fmgerprint identification system (APIS) into the data stream of an established ACS. US 6799163 deals with a Biometric identification system as a method for identity verification using the voice of a person, comparing at least one first spoken voice print of a user speaking at least one piece of personal data against a first stored voice print of the user speaking said at least one piece of personal data, comparing at least one second spoken voice print of the user speaking at least one piece of travel data agamst a second stored voice print of the user speaking said piece of travel data and determining if the user is a given individual based the results of step first and the second. Fingerprint authentication: The U.are .U 4000 is a USB fingerprint reader designed to use with DigitalPersona Pro Server that contams an identity engine to store and authenticate fingerprints. The user simply places a finger on the glowing reader window, and the device quickly and automatically captures the fmgerprint image. On-board electronics calibrate the device and encrypt the image data before sending it over the USB interface. In all, the above cited prior art the whole idea behind the use of Biometrics is restricted to the field of identification or authentication. In other words, the technology so far has only used Biometric solutions to identify the person i.e. to authenticate and not to authorize the transactions. Object of the invention The main object of this invention is to provide for a security system and method to overcome the defects in the existing security system by providing for both authentication and authorization by combining the technologies of Intellect ARMOR and Biometrics. An object of the present invention is to provide a system and a method by integrating identity management using the fingerprinting technology of Digital Persona with the access control using Intellect Armor. Another object of the present invention is to provide a system and a method for implementing security systems for business transactions especially for banking systems where there is an extensive need for identity and access management tools. Summary of the invention The present invention provides a Biometric security solution system for both authentication and authorization of secured transactions. The present system also provides a method to authenticate and authorise the security transactions for executing the secured transactions. The system and the method of the present invention is also integrated with the known security systems to hnplement the authentication and authorization of transactions. Detailed description of the invention Accordingly, the system and the method of the present invention provides a security systems wherein Biometric Solutions are used in integration with the existing available security systems to enable both authentication and authorization which are needed to complete the transactions. The present system also provides a method to authenticate and authorise the security systems for completing the transactions. Authentication Authentication determines a user's identity. It is the process of identifying users before they are allowed access to computer systems or networks. In ne4w«ric systems, authentication refers to verifying that messages and documents came from the person indicated. Authentication of a user is generally based on something the user knows, is, or has. The process can take the following forms : a. The most common form of authentication is user name and password, although this also provides the lowest level of security. b. VPNs use digital certificates and digital signatures to more accurately identify the user. c. Biometrics - This refers to methods of authenticating or verifying an individual based upon a physical or behavioral characteristic of the individual eg fingerprint, eye pattern, palm print, DNA etc. Authorization Authorization is the process of determining, by evaluating applicable access control information, whether a user is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a subject is authenticated, it may be authorized to perform different types of access. In muhi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). For example, when someone has logged in to a computer operating system or application, the system or application will identify what resources the user can be given during this session. Intellect Armor has different kinds of authentication and authorization mechanisms to help organizations achieve information security and Smgle Sign On. Native Authentication achieved through in-built encrypted and signed ticket generation engines 1. Dynamic password authentication achieved through a defined set of plug and play API's that gets integrated seamlessly with third-party software or hardware like "Secure Computing Safe Word" (Dynamic Password Authentication) 2. Hardware token based authentication achieved through a defined set of plug and play api's that gets integrated seamlessly with third-party software or hardware like "Eracom Hardware Security Module" (HSM) 3. "Biometric Authentication" Intellect Armor is capable of integrating and operating with biometric solutions, specifically the biometric authentication mechanism that was adopted to integrate Intellect Armor with the "DigitalPersona Fingerprint Solutions". Intellect Armor is also capable of integrating with other biometric authentication systems that provide authentication through identifying the "Face", "Hand", Pahn Print", "Iris", "Speech" etc. The Intellect Armor when integrated with one of the worlds best fingerprint authentication systems "Digital Persona Fingerprint Solutions" has led to the present invention. This has been done by building unique plug-in software which allows the Digital Personal Fingerprint Reader to work with Armor. While other security software products may offer replacement of passwords authentication with fmgerprintmg technology, we are not only offering replacement of password but also providing management of user entitlements using Armor. Brief description of the drawings: FIG 1 is a graphical representation of a launching of Intellect Armor application from the web browser. (a) User. (b) ARMOR login page (c) Fingerprint Reader (d) ARMOR Bio-plug-in (e) DP Server (f) Fingerprmt and ticket store (g) ARMOR data store (h) User Profile (data) The present invention also provides a method of authentication and authorization by using the system of the present invention, said method comprising the steps of (1) launching of the Intellect Armor application from the web browser by a user (2) selecting authentication means by the user from the available modules which includes (a) Static Password authentication (b) Dynamic Password Authentication (c) Biometric Authentication (3) authentication of the user by his/her fingerprint by means of fmgerprint reader (4) scanning of the fingerprint, (5) performing an encryption and sending to the Intellect Armor biometric plug-in through the login page (6) processing the authentication request by Intellect Armor biometric plug-in and sending the authentication request to the DigitalPersona Server (7) authenticating the fingerprint image with fingerprint ticket store by means of an Identity engine and generating a unique ticket on matching the fingerprint of the user with the fingerprint ticket store, (6') & (7') communicating the authentication to the Intellect Armor biometric plug-in both authentication and refusal of access (8) using Intellect Armor Authentication and Authorization API by Intellect Armor Biometric plug-in to get the authorization information of the user (9) securing the authorization information fi-om the Intellect Armor Data Store by Intellect Armor Authentication and Authorization API (10) providing the authorization information to the user as a profile page (11) to enable the user to access any of the application that he/she is entitied to use (6') & (7') checking for the unmatched biometric data and communicating the same ARMOR bio plug-in to ARMOR login page (12) communicating the error message fi-om ARMOR biometric plug-m to ARMOR login page (13) communicating the error message fi"om ARMOR login page to the User. In an embodhnent of the present invention a method wherein the authentication module is selected fi'om Static Password Authentication, Dynamic Password Authentication, Biometric Authentication. According to another embodiment of the present invention, a method wherein a 128 character unique ticket is generated and stored, when authentication is granted. The Schematic Representation of the system and method of the present invention is as follows: WE CLAIM 1. Intellect ARMOR is an integrated, modular and customizable suite of Security Services providing Single Sign on to applications across technologies. 2. This will provide a security system and methods to overcome the defects in the existing security system by providing for both authentication and authorization by combining the technologies of intellect ARMOR and Biometrics. 3. It will provide a system and a method by integrating identity management using the finger printing technology of Digital persona with the access control using intellect ARMOR. 4. The present invention provides a Biometric Security solution system for both authentication and authorization of secured transactions. 5. Biometric Authentication intellect ARMOR is capable of integrating and operating with biometric solutions, specifically the biometric authentication mechanism that was adopted to integrate Intellect ARMOR with the "Digital Persona Fingerprint Solutions". 6. INTELLECT ARMOR makes it easier for end-users, to securely sign-on to multiple applications through a friendly, browser-based front-end. It is specially designed to allow the user to securely access any browser based, desktop, Client-Server Based, Unix-based or Character / Green screen applications by means of a single User-ID and password combination. 7. The present invention also provides a method of authentication and authorization by using the system of the present invention, said method comprising the steps of (1) launching of the Intellect Armor application from the web browser by a user (2) selecting authentication means by the user from the available modules which includes (a) Static Password authentication (b) Dynamic Password Authentication (c) Biometric Authentication (3) authentication of the user by his / her fingerprint by means of fingerprint reader (4) Scanning of the fingerprint, (5) performing an encryption and sending to the Intellect Armor biometric plug-in-through the login page (6) processing the

Full Text

INTEGRATED SECURITY SYSTEM FOR BANKING SERVICES USING
BIOMETRIC SOLUTION
Technical Field
The present invention relates to a field of security systems wherein Biometric Solutions
are used in integration with the existing available security systems to enable both authentication and authorization which are needed to complete the transactions. The present system also provides a method to authenticate and authorise the security systems for completing the transactions. Background and Prior art
Organisations have historically managed rapid organic growth by proliferating application
systems to support new products or services. Inorganic growth compounds the situation.
These applications mostly have custom built information security management layer.
Accessing the system is via passwords, pin numbers, user identifications etc hereinafter
referred to as access codes. In these cases an employee in a large organisation needs to
remember between 5 and 30 access codes. These need to conform to complex security
policies, making them difficult to remember/ recall, which often leads to such information
being written down on sticky notes or stored in unencrypted text files on employees'
workstations. These activities more often than not, compromise information security by
using the same access codes on all machines/applications leading to defeating the very
purpose for which such elaborate security measures were brought into place in the first
place. More ever, in certain instances, the access codes are a combination of very easily
available personal details as the birthdays, anniversaries, telephone numbers etc., which
makes accessing such protected information very easy. Statistics reveal that on an
average an employee spends as much as 44 hours a year supplying user credentials to
access just four applications. Furthermore, the more number of access codes imply an
increased expenditure of IT resources on security administration - issuing access codes to
new employees, revokmg those of former employees, and replacing/resetting the lost or
forgotten access codes of current employees - resulting in poor turnaround times and
mounting overheads. Companies with multiple-access code secured systems often
attribute 25% or more of help desk calls to access code related issues. For a 10,000-person
organisation, that translates into millions of dollars annually. Further, the user is inactive
till the administrator resolves the access code issue, causing avoidable employee
downtime.
Maintaining the information security layer within each of the applications also diverts significant resources into building and maintaining the same fimction many times over which results in spiraling costs.

Existing security systems used in Banking Financial Services and Insurance Sector is the Intellect ARMOR, which is an integrated, modular and customizable suite of Security Services providing Single Sign-On (SSO) to applications across technologies. ARMOR can be deployed in a very short time frame.
ARMOR makes it easier for end-users, to securely sign-on to multiple applications through a friendly, browser-based front-end. It is specially designed to allow the user to securely access any browser based, desktop, Client-Server Based, Unix-based or Character / Green screen applications by means of a single User-ID and password combination. User authentication is done by means of a configurable, static password or by a single-use, dynamic password generated by a hardware device.
ARMOR further supports role-based access control where one can define the applications as well as the underlying menus or fijnctions that a user can access according to the role in the organisation.
ARMOR provides a single-point administration tool for the security administrator to create and manage multiple applications and users. It allows the administrator to assign passwords used by the applications such as relational databases and Unix hosts, thereby reducing the workload. Furthermore, ARMOR generates audit reports and logs sensitive events such as unauthorized login attempts/failures.
Different combinations of the ARMOR components described above can be deployed interchangeably giving greater flexibility.
For example, in the use of an ATM card to withdraw fimds from a bank account the Functional Architecture of Intellect ARMOR would be that the access code namely the PIN number is entered and if that is correct then the correct access code identifies/ certifies the authenticity of the owner of the bank account i.e. authenticates the person and allows access to complete the transactions for which the said access codes were punched in i.e. authorizes the said person to complete the transactions also. In the event of the wrong access codes being entered, the ARMOR short circuits the transactions and the said transactions are terminated.

Intellect ARMOR is an integrated, modular and customizable suite of Security Services providing Single Sign-On (SSO) to applications across technologies. INTELLECT ARMOR makes it easier for end-users, to securely sign-on to multiple applications through a friendly, browser-based front-end. It is specially designed to allow the user to securely access any browser based, desktop, Client-Server Based, Unix-based or Character / Green screen applications by means of a single User-ID and password combination.
User authentication is done by means of a configurable, static password or by a single-use, dynamic password generated by a hardware device.
INTELLECT ARMOR provides a single-point administration tool for the security administrator to create and manage fiinction entitlements for application users. Hence information about what system resources and which application functions will be available to users is stored and controlled by Armor. INTELLECT ARMOR further supports role-based access control where one can define the applications as well as the underlying menus or functions that a user can access accordmg to the role of the person in an organisation.
Different combinations of the INTELLECT ARMOR components described above can be deployed interchangeably giving greater flexibility.
The Advantages of Intellect ARMOR is four-fold namely the facilitation of multiple usage, the single point administration to manage multiple applications, the lower cost of maintenance and the flexibility of use.

Ease of use - ARMOR is designed for the end-user. It satisfies today's single sign-on requirements, enabling users to access multiple applications through a single screen -reducing the drudgery and wastage of entering one's credentials into multiple logon
screens.
Smgle-point administration- Administrators can manage multiple applications based on
different technologies through a single point, thus lowering administration cost and
employee downtime.
Cost efficiency - Being a web-based system; ARMOR brings down the cost of
maintenance, licensmg, scaling and upgrading diverse applications' security, thereby
bringing down the overall technology cost.
Flexibility - ARMOR is a highly flexible product that allows complete configuration of the
password rules defmed within an organisation. It has the ability to integrate with third
party authentication providers. It also allows automated password administration with
applications and has a complete set of APIs to integrate easily with client applications
running on diverse platforms like UNIX, NT and AS400.
Architecture Highlights & Technology Environment

The limitations of the Intellect ARMOR is the inadequate security support of the access
codes which can be lost, easily cracked, forgotten, stolen etc.
Existing technology in security systems using Biometrics is the use of Fingerprint
Scanners, Facial recognition systems and Iris recognition systems.
The word "Biometric" has recently been adopted by the information technology sector to
refer to a field of technology devoted to the identification of individuals using biological
and behavioural traits.
For example, Iris recognition is used around the world for physical access control namely
at the Sydney Olympic Games and at London's Heathrow Airport and is now also used to
control access to IT systems.
The system can be used to identify individuals as they log into a system, and to control
access to programs, folders, documents, VPNs, and Web sites or individual pages.
Potential applications mclude kiosk access, customer identification for contact centres, and
online payments etc.
Unlike fingerprint or face recognition, accuracy is unaffected by dirt, cuts, gloves, masks
and so on, nor do spectacles or contact lenses present any problems.
This technology however has not been merged with the existing security services in the
field of Banking Services and that is the invention disclosed in this application.
US 5,787,186 deals with biometric security procedure for manufacturing an identity
document, such as an identity card, credit card, visa or passport using facial recognition.
This is basically done by providing a nucleus of the identity document, the nucleus
including personal data of a holder of the identity document and a face image of the
holder, the computer carrying out an analysis of basic face features of the face image,
comparing the basic face features with master/pattern features m a data base, wherein each
master/pattern feature has a specific number; obtaining by the analysis a derived set of
master/pattern features that corresponds to a characteristic synthetic image of the holder,
the derived set of master/pattern features corresponding to a specific numeric code
determined by the number of each of the master/pattern features making up the derived set
of master/pattern features; and printing the specific numeric code by a printer connected to
the computer, on an area of the identity document defmed as a code window, whereby the
specific numeric code univocally characterizes the holder of the identity document.
US6393139 deals with a security access method and/or apparatus that verifies both the
user*s fingerprints and the fmgerprint entering sequence to determme whether an access
can be authorized. By using both the fingerprints and the entering sequence as the access
criteria, a highly secured device can be created using low cost commercial available
components.

us 6314401 deals with an invention that generally includes three principal components; namely, (1) a hand held transceiver for transmitting a voice pattern while moving (e.g., driving) past an (2) infra-red receiver array which receives the transmitted voice pattern, and a (3) speech enhancement and voice verification algorithm for conducting a comparison between the transmitted voice pattern and the registered voice patterns stored in the computer's memory. The processing computer will first recognize the spoken phrase, and then perform speaker verification using speech processing and comparing algorithms consisting of a speech recognizer and a vector quantification software classifier, ultimately sending a "pass" or "fail" signal to a control center computer based upon whether the speaker's voice pattern matches one of the voice samples stored in the computer's memory, respectively.
US 6715674 deals with the Biometric factor augmentation method for identification
systems. The most preferred method of augmenting an existing token-based identification
system is to splice into a data stream transmitted from a token reader to a control panel
such that an acquired token factor from a user is intercepted by a biometric identification,
or authentication, system that is wedged in series at a splice in the data stream.
When the token reader transmits a data stream, such as a Wiegand interface, to the control
panel, the data stream is used by the biometric identification system to prompt the user to
present an anatomical feature to a biometric reader. The biometric reader creates a
biometric inquiry template that is transmitted to a biometric search engine, along with the
acquired token factor, such as a PIN or barcode, to perform data match analysis against
one or more enrolbnent templates associated with the acquked token factor. The search
engine will either match an authorized user or reject an unidentifiable user. If there is a
match, then the data stream is allowed to pass from the biometric reader to the control
panel of the existing token-based identification system. The existing system does not
otherwise need to be modified. The security of an Access Control System (ACS) can be
greatly enhanced by this method of augmentation that, preferably, wedges an automatic
fmgerprint identification system (APIS) into the data stream of an established ACS.
US 6799163 deals with a Biometric identification system as a method for identity
verification using the voice of a person, comparing at least one first spoken voice print of
a user speaking at least one piece of personal data against a first stored voice print of the
user speaking said at least one piece of personal data, comparing at least one second
spoken voice print of the user speaking at least one piece of travel data agamst a second
stored voice print of the user speaking said piece of travel data and determining if the user
is a given individual based the results of step first and the second.
Fingerprint authentication:

The U.are .U 4000 is a USB fingerprint reader designed to use with DigitalPersona Pro
Server that contams an identity engine to store and authenticate fingerprints. The user
simply places a finger on the glowing reader window, and the device quickly and
automatically captures the fmgerprint image. On-board electronics calibrate the device and
encrypt the image data before sending it over the USB interface.
In all, the above cited prior art the whole idea behind the use of Biometrics is restricted to
the field of identification or authentication. In other words, the technology so far has only
used Biometric solutions to identify the person i.e. to authenticate and not to authorize the
transactions.
Object of the invention
The main object of this invention is to provide for a security system and method to
overcome the defects in the existing security system by providing for both authentication
and authorization by combining the technologies of Intellect ARMOR and Biometrics.
An object of the present invention is to provide a system and a method by integrating
identity management using the fingerprinting technology of Digital Persona with the
access control using Intellect Armor.
Another object of the present invention is to provide a system and a method for
implementing security systems for business transactions especially for banking systems
where there is an extensive need for identity and access management tools.
Summary of the invention
The present invention provides a Biometric security solution system for both
authentication and authorization of secured transactions. The present system also provides
a method to authenticate and authorise the security transactions for executing the secured
transactions. The system and the method of the present invention is also integrated with
the known security systems to hnplement the authentication and authorization of
transactions.
Detailed description of the invention
Accordingly, the system and the method of the present invention provides a security
systems wherein Biometric Solutions are used in integration with the existing available
security systems to enable both authentication and authorization which are needed to
complete the transactions. The present system also provides a method to authenticate and
authorise the security systems for completing the transactions.
Authentication
Authentication determines a user's identity. It is the process of identifying users before
they are allowed access to computer systems or networks. In ne4w«ric systems,

authentication refers to verifying that messages and documents came from the person
indicated.
Authentication of a user is generally based on something the user knows, is, or has. The
process can take the following forms :
a. The most common form of authentication is user name and password, although this
also provides the lowest level of security.
b. VPNs use digital certificates and digital signatures to more accurately identify the
user.
c. Biometrics - This refers to methods of authenticating or verifying an individual
based upon a physical or behavioral characteristic of the individual eg fingerprint,
eye pattern, palm print, DNA etc.
Authorization
Authorization is the process of determining, by evaluating applicable access control
information, whether a user is allowed to have the specified types of access to a particular
resource. Usually, authorization is in the context of authentication. Once a subject is
authenticated, it may be authorized to perform different types of access.
In muhi-user computer systems, a system administrator defines for the system which users
are allowed access to the system and what privileges of use (such as access to which file
directories, hours of access, amount of allocated storage space, and so forth). For example,
when someone has logged in to a computer operating system or application, the system or
application will identify what resources the user can be given during this session.
Intellect Armor has different kinds of authentication and authorization mechanisms to help
organizations achieve information security and Smgle Sign On.
Native Authentication achieved through in-built encrypted and signed ticket generation
engines
1. Dynamic password authentication achieved through a defined set of plug and play API's that gets integrated seamlessly with third-party software or hardware like "Secure Computing Safe Word" (Dynamic Password Authentication)
2. Hardware token based authentication achieved through a defined set of plug and play api's that gets integrated seamlessly with third-party software or hardware like "Eracom Hardware Security Module" (HSM)
3. "Biometric Authentication" Intellect Armor is capable of integrating and operating with biometric solutions, specifically the biometric authentication mechanism that was adopted to integrate Intellect Armor with the "DigitalPersona Fingerprint Solutions". Intellect Armor is also capable of integrating with other

biometric authentication systems that provide authentication through identifying
the "Face", "Hand", Pahn Print", "Iris", "Speech" etc.
The Intellect Armor when integrated with one of the worlds best fingerprint authentication
systems "Digital Persona Fingerprint Solutions" has led to the present invention. This has
been done by building unique plug-in software which allows the Digital Personal
Fingerprint Reader to work with Armor. While other security software products may offer
replacement of passwords authentication with fmgerprintmg technology, we are not only
offering replacement of password but also providing management of user entitlements
using Armor.
Brief description of the drawings:
FIG 1 is a graphical representation of a launching of Intellect Armor application from the web browser.
(a) User.
(b) ARMOR login page
(c) Fingerprint Reader
(d) ARMOR Bio-plug-in
(e) DP Server
(f) Fingerprmt and ticket store
(g) ARMOR data store (h) User Profile (data)
The present invention also provides a method of authentication and authorization by using the system of the present invention, said method comprising the steps of
(1) launching of the Intellect Armor application from the web browser by a user
(2) selecting authentication means by the user from the available modules which includes

(a) Static Password authentication
(b) Dynamic Password Authentication
(c) Biometric Authentication

(3) authentication of the user by his/her fingerprint by means of fmgerprint reader
(4) scanning of the fingerprint,
(5) performing an encryption and sending to the Intellect Armor biometric plug-in through the login page
(6) processing the authentication request by Intellect Armor biometric plug-in and sending the authentication request to the DigitalPersona Server

(7) authenticating the fingerprint image with fingerprint ticket store by means of an
Identity engine and generating a unique ticket on matching the fingerprint of the
user with the fingerprint ticket store,
(6') & (7') communicating the authentication to the Intellect Armor biometric plug-in both authentication and refusal of access
(8) using Intellect Armor Authentication and Authorization API by Intellect Armor Biometric plug-in to get the authorization information of the user
(9) securing the authorization information fi-om the Intellect Armor Data Store by Intellect Armor Authentication and Authorization API

(10) providing the authorization information to the user as a profile page
(11) to enable the user to access any of the application that he/she is entitied to use
(6') & (7') checking for the unmatched biometric data and communicating the same ARMOR bio plug-in to ARMOR login page
(12) communicating the error message fi-om ARMOR biometric plug-m to ARMOR login page
(13) communicating the error message fi"om ARMOR login page to the User.
In an embodhnent of the present invention a method wherein the authentication module is
selected fi'om Static Password Authentication, Dynamic Password Authentication,
Biometric Authentication.
According to another embodiment of the present invention, a method wherein a 128
character unique ticket is generated and stored, when authentication is granted.
The Schematic Representation of the system and method of the present invention is as
follows:

WE CLAIM
1. Intellect ARMOR is an integrated, modular and customizable suite of Security
Services providing Single Sign on to applications across technologies.
2. This will provide a security system and methods to overcome the defects in the
existing security system by providing for both authentication and authorization
by combining the technologies of intellect ARMOR and Biometrics.
3. It will provide a system and a method by integrating identity management
using the finger printing technology of Digital persona with the access control
using intellect ARMOR.
4. The present invention provides a Biometric Security solution system for both
authentication and authorization of secured transactions.
5. Biometric Authentication intellect ARMOR is capable of integrating and
operating with biometric solutions, specifically the biometric authentication
mechanism that was adopted to integrate Intellect ARMOR with the "Digital
Persona Fingerprint Solutions".
6. INTELLECT ARMOR makes it easier for end-users, to securely sign-on to
multiple applications through a friendly, browser-based front-end. It is
specially designed to allow the user to securely access any browser based,
desktop, Client-Server Based, Unix-based or Character / Green screen
applications by means of a single User-ID and password combination.
7. The present invention also provides a method of authentication and
authorization by using the system of the present invention, said method
comprising the steps of (1) launching of the Intellect Armor application from
the web browser by a user (2) selecting authentication means by the user from
the available modules which includes (a) Static Password authentication (b)
Dynamic Password Authentication (c) Biometric Authentication (3)
authentication of the user by his / her fingerprint by means of fingerprint reader
(4) Scanning of the fingerprint, (5) performing an encryption and sending to the
Intellect Armor biometric plug-in-through the login page (6) processing the

Documents:

1315-CHE-2004 ASSIGNMENT 11-10-2012.pdf

1315-CHE-2004 EXAMINATION REPORT REPLY FRECEIVED 11-10-2012.pdf

1315-CHE-2004 FORM-1 11-10-2012.pdf

1315-CHE-2004 OTHER PATENT DOCUMENT 11-10-2012.pdf

1315-CHE-2004 POWER OF ATTORNEY 11-10-2012.pdf

1315-CHE-2004 AMENDED CLAIMS 17-09-2012.pdf

1315-CHE-2004 AMENDED PAGES OF SPECIFICATION 17-09-2012.pdf

1315-CHE-2004 CORRESPONDENCE OTHERS 17-09-2012.pdf

1315-CHE-2004 EXAMINATION REPORT REPLY RECEIVED 17-09-2012.pdf

1315-CHE-2004 FORM-1 17-09-2012.pdf

1315-che-2004 form-13 24-05-2007.pdf

1315-CHE-2004 FORM-13 17-09-2012.pdf

1315-CHE-2004 FORM-13-1 17-09-2012.pdf

1315-CHE-2004 FORM-13-2 17-09-2012.pdf

1315-CHE-2004 FORM-3 17-09-2012.pdf

1315-CHE-2004 FORM-5 17-09-2012.pdf

1315-che-2004 power of attorney 24-05-2007.pdf

1315-CHE-2004 POWER OF ATTORNEY 17-09-2012.pdf

1315-CHE-2004 CORRESPONDENCE OTHERS 15-06-2012.pdf

1315-CHE-2004 POWER OF ATTORNEY 15-06-2012.pdf

1315-che-2004-abstract.pdf

1315-che-2004-claims.pdf

1315-che-2004-correspondnece-others.pdf

1315-che-2004-description(complete).pdf

1315-che-2004-description(provisional).pdf

1315-che-2004-drawings.pdf

1315-che-2004-form 1.pdf

1315-che-2004-form 13.pdf

« Previous Patent

Next Patent »

Patent Number

254284

Indian Patent Application Number

1315/CHE/2004

PG Journal Number

42/2012

Publication Date

19-Oct-2012

Grant Date

16-Oct-2012

Date of Filing

03-Dec-2004

Name of Patentee

POLARIS FINANCIAL TECHNOLOGY LIMITED

Applicant Address

POLARIS HOUSE 244 ANNA SALAI CHENNAI 600 006

Inventors:

#	Inventor's Name	Inventor's Address
1	JAIN, ARUN	POLARIS SOFTWARE LAB LIMITED, POLARIS HOUSE, 244, ANNA SALI, CHENNAI 600 006

PCT International Classification Number

G06F 21/00

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1			NA