METHOD AND SYSTEM FOR ENABLING AN ELECTRONIC PAYMENT

Abstract

A method and a system comprise: at a hand imaging device (1, 1′, . . . ), capturing (S4) image data of a hand (91) of a current person (9), at a federation server (11), comparing (S5) a current feature vector determined from the captured image data with pre-stored feature vectors of enrolled persons, at a user device (92) of the current person (9), processing (S8) second factor information for enabling execution of an electronic payment In some embodiments, the electronic payment is initiated by a payment service server (21) and forwarded to a bank (5, 5′, . . . ) via a banking gateway (4) for adhering to payment protocols of the bank (5, 5′, . . . ).

Claims

1-14. (canceled)

15. A method comprising: at a hand imaging device, capturing image data of a hand of a current person; at a federation server, comparing a current feature vector determined from the captured image data with pre-stored feature vectors of enrolled persons; and at a user device of the current person, processing second factor information for enabling execution of an electronic payment.

16. The method according to claim 15, wherein the captured image data of the hand captured at the hand imaging device includes a palm print of the hand, a vein pattern of the hand, and three dimensional image data of the hand.

17. The method according to claim 15, wherein the captured image data of the hand captured at the hand imaging device is captured without physical contact between the hand and the hand imaging device.

18. The method according to claim 15, further comprising: at the hand imaging device determining at least partially the current feature vector.

19. The method according to claim 15, wherein the current feature vector is determined by processing at least one of the texture and the course of visible lines of the hand, the texture and the pattern and course of the veins and the geometry of the hand.

20. The method according to claim 15, wherein at least one of the captured image data and the current feature vector is transmitted from the hand imaging device via a first communication channel, and wherein the second factor information is processed at the user device upon receipt of information via a second communication channel which is separate from the first communication channel.

21. The method according to claim 15, further comprising: at a payment service server, receiving a payment request for goods and services the current person wishes to buy, and transmitting a hand verification request to the federation server, at the federation server, determining, after comparison of the current feature vector with pre-stored feature vectors, identification information of the current person and transmitting identification information to the payment service server, at the payment service server, transmitting a payment order from the payment service server to a banking gateway.

22. A system comprising: a plurality of hand imaging devices for capturing image data of a hand of a current person; a federation server for comparing a current feature vector determined from the captured image data with pre-stored feature vectors of enrolled persons; and a user device of the current person for processing second factor information for enabling execution of a financial transaction.

23. The system according to claim 22, wherein the hand imaging devices are further configured for capturing image data which includes: a palm print of the hand, a vein pattern of the hand, and three dimensional image data of the hand.

24. The system according to claim 22, wherein the hand imaging devices are further configured for capturing image data of the hand without physical contact between the hand and the hand imaging device.

25. The system according to claim 22, wherein the hand imaging devices are further configured for at least partially determining the current feature vector.

26. The system according to claim 22, wherein at least one of the hand imaging devices and the federation server are further configured for determining the current feature vector by processing one or more of: the texture and the course of visible lines of the hand, the texture and the pattern and course of the veins and the geometry of the hand.

27. The system according to claim 22, wherein the hand imaging devices are configured for transmitting at least one of the captured image data and the current feature vector via a first communication channel, and wherein the user device is further configured for processing the second factor information upon receipt of information via a second communication channel which is separate from the first communication channel.

28. The system according to claim 22, further comprising: a payment service server for receiving a payment request for goods and services the current person wishes to buy, and for transmitting a hand verification request to the federation server, wherein: the federation server is further configured for determining, after comparison of the current feature vector with pre-stored feature vectors, identification information of the current person and transmitting identification information to the payment service server, the payment service server is further configured for transmitting a payment order from the payment service server to a banking gateway.

Description

BRIEF EXPLANATION OF THE FIGURES

[0025] The invention is described in greater detail below with reference to embodiments that are illustrated in the figures. The figures show:

[0026] FIG. 1 illustrates schematically method and a system in accordance with some embodiments of the invention;

[0027] FIG. 1a illustrates a flow diagram of the steps of a method in accordance with some embodiments of the invention;

[0028] FIG. 2 illustrates schematically a method and a system for enrolling information stored in a database of a federation server;

[0029] FIG. 2a illustrates a flow diagram of the steps of a method for enrolling information stored in a database of a federation server;

[0030] FIG. 3 illustrates schematically a hand imaging device and a hand of a current person;

[0031] FIG. 4 illustrates schematically a palm of a hand of a current person;

[0032] FIG. 5 illustrates schematically a vein pattern of a hand of a current person.

EMBODIMENTS OF THE INVENTION

[0033] FIG. 1 illustrates schematically a method and a system in accordance with some embodiments of the invention.

[0034] As illustrated in FIG. 1, a plurality of store areas S, S′, . . . is arranged. The store areas S, S′, . . . may relate to a plurality of individual stores such as grocery stores, clothing stores, bakeries, butcher's shops, pharmacies, etc., to a plurality of payment areas in a particular store, or to a combination thereof.

[0035] As illustrated in FIG. 1, each store area S, S′, . . . includes a cash desk 3, 3′, . . . and a hand imaging device 1, 1′, . . . . The cash desk 3 of a store area S of a store may be operated by a store clerk 8. The hand imaging device 1 supports the purpose of enabling execution of an electronic payment, i.e. a payment in exchange of goods and services a current person 9 wishes to buy from the store, as will be described in the following. In some embodiments, i.e. in case of a self-service checkout, the cash desk 3 may be operated by the current person 9. The cash desk 3 enables recording information about goods and services the current person 9 wishes to buy from the store. The cash desk 3 may include an optical scanner for scanning optical codes attached to goods and service descriptions the current person 9 wishes to buy from the store. In the future, the technology for providing a hand imaging device 1, 1′, . . . may be directly integrated into laptop computers or tablet computers or handheld devices, thereby enabling that the current person 9 may purchase goods and services from an online store, wherein the store area S, S′, . . . may relate to a home location of the current person 9 and the cash desk 3, 3′, . . . may relate to an online shopping cart.

[0036] In the following, communication channels are described which enable transmission of electronic data, electronic messages, etc. The communication channels may make use of wired technologies, such as Ethernet, and/or wireless technologies, such as WiFi, mobile network, etc. The communication channels may make use of cryptographic protocols that provide security and data integrity, such as SSL (SSL: secure socket layer), End-to-End Encryption (E2EE), etc.

[0037] As illustrated in FIG. 1, a store management server 31 is arranged for managing the stores and the store areas S, S′, . . . , in particular for managing store logistics, Point of Sales (PoS) in store areas S, S′, . . . , etc. The store management server 31 is connected to or includes a database 32, which enables storing and retrieving information for managing the stores and the store areas S, S′, . . . , such as a store identification number, a cash desk identification number, etc. The cash desks 3, 3′, . . . are connected via communication channels with the store management server 31. The cash desks 3, 3′, . . . are configured for recording information about goods and services the current person 9 wishes to buy from the store, and to transmit the recorded information to the store management server 31, e.g. upon a checkout request initiated by the store clerk 8 or the current person 9. For each good or service the current person 9 wishes to buy from the store, the recorded information may include a respective identification number, a respective price, a respective number of items, etc.

[0038] As illustrated in FIG. 1, a payment service server 21 is arranged for providing payment services. The payment service server 21 is connected to or includes a database 22, which enables storing and retrieving information related to payments, such as a total sum, payment information associated with the current person 9, etc. As illustrated in FIG. 1, a banking gateway 4 is arranged for transferring execution of electronic payments to banks 5, 5′, . . . . The store management system 31 is connected via a communication channel to the payment service server 21. The payment service server 21 is connected via a communication channel to the banking gateway 4. The banking gateway 4 is connected via communication channels to the banks 5, 5′, . . . . The payment service server 21 and/or the banks 5, 5′, . . . are connected via communication channels to a user device 92 of the current person 9. The user device 92 is configured for processing second factor information such as a TAN (TAN: transaction number), an SMS (SMS: short message service), etc. For the purpose of processing second factor information, the user device 92 may include a specifically designed app.

[0039] As illustrated in FIG. 1, a federation server 11 is arranged for processing information related to the hand imaging devices 1, 1′, . . . of the store areas S, S′, . . . , and the supervisor devices 2, 2′, . . . of the enrolment areas E, E′, . . . which will be described below. The federation server 11 is connected to or includes a database 12, which enables storing and retrieving pre-stored feature vectors associated with respective person identifications. The person identifications are unique and anonymized for reasons of security and compliance with GDPR. No personal data other than the feature vectors of a hand of the current person 9 and the unique, anonymized person identification are stored in the database 12. The link to other personal data, such as name, account number, etc., is provided in the payment server 21. Accordingly, compromising the system would require hacking the federation server 11 and its database 12 as well as hacking the payment service server 21 and its database 22. In some embodiments, the federation server 11 and the payment service server 21 are operated by different operators, and/or different security measures are implemented. The federation server 11 is connected via a communication channel to the payment service server 21. The hand imaging devices 1, 1′, . . . are connected via communication channels to the federation server 11. The hand imaging devices 1, 1′, . . . are configured to capture image data of a hand 91 of the current person 9. The hand imaging devices 1, 1′, . . . are configured to determine a current feature vector from the captured image data and to transmit the current feature vector to the federation server 11. The hand imaging devices 1, 1′, . . . may be configured to transmit captured image data at least partially to the federation server 11, wherein the federation server 11 may be configured to determine at least partially a current feature vector upon receipt of captured image data. Thus, a feature vector which has been determined at the hand imaging device 1 and/or at the federation server 11 from captured image data of the hand 91 of the current person 9 is available on the federation server 11.

[0040] Typical existing infrastructures include the cash desks 3, 3′, . . . and the store management server 31 and the banks 5, 5′, . . . and the user device 92. By adding the hand imaging devices 1, 1′, . . . the federation server 11, the payment service server 21 and the banking gateway 4, a method and a system for enabling execution of an electronic payment which improve security can be provided. Moreover, widespread deployment in existing infrastructures is enabled, as well as high user acceptance.

[0041] As illustrated in FIG. 1 and FIG. 1a, a method in accordance to the invention includes the following steps.

[0042] In step S1, at cash desk 3, goods and services the current person 9 wishes to buy are recorded, for example using an optical scanner, either by the store clerk 8 or by the current person 9. At the cash desk 3, a payment request is assembled. The payment request may include an identification of goods and services the current person 9 wishes to buy, a number of items, a price for each item, a total price, etc. The payment request is transmitted from the cash desk 3 to the store management server 31. The payment request may include for example an identification of the cash desk, of the store, etc.

[0043] In step S2, the payment request is received at the payment service server 21 from the store management server 31.

[0044] In step S3, a hand verification request is transmitted from the payment service server 21 to the federation server 11.

[0045] In step S4, the federation server 11 initiates and performs hand verification, which includes, at the hand imaging device 1, capturing image data of a hand 91 of the current person 9, and at the hand imaging device 1 and/or at the federation server 11, determining a current feature vector from the captured image data. Accordingly, the current feature vector is received in or is available on the federation server 11.

[0046] In step S5, the federation server 11 compares the current feature vector with pre-stored feature vectors of enrolled persons, which were stored in database 12 as will be described later on. If the current feature vector does not match one of the pre-stored feature vectors, the method aborts. Otherwise, identification information of the current person 9 is retrieved from database 12 of the federation server 11.

[0047] In step S6, the identification information of the current person 9 is transmitted from the federation server 11 to the payment service server 21.

[0048] In step S7, on the basis of the payment request received from the store management server 31 and the identification information received from the federation server 11, the payment service server 21 generates a payment order for execution by a respective bank 5, 5′, . . . . The payment order may include a total sum to be paid, bank account information of the store, bank account information of the current person 9, etc. The payment service server 21 transmits the payment order to the banking gateway 4. The banking gateway 4 adapts the payment order in accordance to a payment protocol of the respective bank 5, 5′, . . . and transmits the adapted payment order to the respective bank 5, 5′, . . . .

[0049] In step S8, second factor information, such as a TAN, an SMS, etc., is processed at the user device 92 of the current person 9. The second factor information may be established by the respective bank 5, 5′, . . . and/or by the payment service server 21, wherein respective information is transmitted to the user device 92 via the banking gateway 4 and/or the payment service server 21. Processing the second factor information enables execution of a financial transaction by the respective bank 5, 5′, . . . , which may involve transmitting information related to a result of processing the second factor information to the respective bank 5, 5′, . . . or to the payment service server 21 for execution of the electronic payment. For small payments, processing of the second factor information may be suppressed.

[0050] In step S9, a payment confirmation established by the respective bank 5, 5′, . . . and received in the payment service server 21 via the banking gateway 4 or established by the payment service server 21 is transmitted from the payment service server 21 to the store management server 31, and further transmitted from the store management server 31 to the cash desk 3, thereby authorizing the current person 9 to checkout respective goods and services.

[0051] The method in accordance to the invention is highly secure, in particular because the method is based on an inherence element, namely the hand 91 of the current person 9, as well as based on a possession element, namely the user device 92 of the current person 9. The method is additionally highly secure, because a first communication channel 10 enables verification of the inherence element, and because a second communication channel 20 enables verification of the possession element (cf. FIG. 1), wherein the first communication channel 10 is independent from the second communication channel 20, e.g. physically separated, independent from each other, etc. The method is additionally highly secure, because determining a current feature vector from captured image data of a hand of a person enables a highly secure inherence element. Capturing image data of a hand of person is widely accepted, contrary to e.g. face recognition (as illustrated e.g. in https://epic.org/state-policy/facialrecognition/), in particular because capturing image data of a hand of a person, such as the palm, requires explicit consent by the person and explicit posing of the hand, in particular the palm of the hand, relative to the hand imaging device, while capturing image data of the face of a person may be performed without consent by the person. While acquiring fingerprints or iris images may also require explicit consent by the person, it is known that fingerprints and iris images may be copied for authentication, e.g. by copying a fingerprint of the current person 9 from a device the current person 9 has used elsewhere. Furthermore, the method according to the present invention, the current person 9 does not come into contact with the hand imaging device 1 and adhering to hygienic regulations is simplified. Furthermore, the method according to the present invention simplifies secure electronic storage of payment protocols, thereby reducing the need for paper documents and polluting plastic cards.

[0052] FIG. 2 illustrates schematically a method and a system for enrolling information stored in the database 12 of the federation server 11.

[0053] As illustrated in FIG. 2, enrolment areas E, E′, . . . are arranged. In some embodiments, one or more of the enrolment areas E, E′, . . . and one or more of the store areas S, S′, . . . correspond to each other. Each enrolment area E, E′, includes a supervisor device 2, 2′, . . . . In some embodiments, one or more of the supervisor devices 2 and one or more of the cash desks 3, 3′, . . . correspond to each other. The hand imaging devices 1, 1′, the federation server 11, the database 12 of the federation server, the payment service server 21, the database 22 of the payment service server 21 and the respective communication channels are arranged in accordance with FIG. 2. Furthermore, the supervisor devices 2, 2′, . . . are connected via communication channels with the payment service server 21.

[0054] As illustrated in FIG. 2 and FIG. 2a, a method for enrolling information stored in the database 12 of the federation server 11 includes the following steps.

[0055] In step E1, after verification of the identity of the current person 9 by the supervisor 7 of the current person 9, e.g. on the basis of a passport, identity card, etc., a user interface of the supervisor device 2 performs steps for recording user data of the current person 9 from the supervisor 7. The supervisor device 2 transmits user data of the current person 9 to the payment service server 21, for example to a user management service of the payment service server 21, which stores the user data of the current person 9 in the database 22 of the payment service server. User data may include name, surname, address, bank account information, etc.

[0056] In step E2, a hand verification request is transmitted from the payment service server 21 to the federation server 11.

[0057] In step E3, the federation server 11 initiates and performs hand verification, which includes, at the hand imaging device 1, capturing image data of a hand 91 of the current person 9, and at the hand imaging device 1 and/or at the federation server 11, determining a current feature vector from the captured image data. Accordingly, the current feature vector is received in or is available on the federation server 11.

[0058] In step E4, the federation server 11 stores the current feature vector associated with identification information of the current person 9 in the database 12 of the federation server 11. The identification information may include an identification number, an identification date, etc.

[0059] In step E5, the identification information is transmitted from the federation server 11 to the payment service server 21.

[0060] In step E6, the payment service server 21 associates the identification information with the user data of the current person 9 and stores the identification information associated with the user data of the current person 9 in the database 22 of the payment service server 21.

[0061] In step E7, confirmation information is transmitted from the payment service server 21 to the supervisor device 2 for confirming to the supervisor 7 that enrolment of the current person 9 has been completed.

[0062] In some embodiments, the supervisor device 2 is further configured for maintaining/deleting previously enrolled user data and identification information.

[0063] FIG. 3 illustrates schematically a hand imaging device 1 for capturing image data of a hand 91 of a current person 9. The hand imaging device 1 includes a visible light sensor 11 for capturing image data in the visible light spectrum, a near infrared light sensor 12 for capturing image data in the near infrared light spectrum, and a time of flight camera 13 for capturing three dimensional image data. One or more of the visible light sensor 11, the near infrared light sensor 12 and the time of flight camera 13 may be included into a single sensor. Furthermore, the hand imaging device includes light sources 14. The light sources 14 may include one or more light sources providing illumination in the visible light spectrum and enabling capturing image data with the visible light sensor 11 in the visible light spectrum. The light sources 14 may include one or more light sources providing illumination in the near infrared light and enabling capturing image data with the near infrared light sensor 12 in the near infrared light.

[0064] The visible light sensor 11 may include a visible light sensitive chip providing 2D image data (2D: two dimensional) in accordance to a visible light intensity distribution generated by a 3D scene (3D: three dimensional). The near infrared light sensor 10 may include a near infrared light sensitive chip providing 2D image data (2D: two dimensional) in accordance to a near infrared light intensity distribution generated by a 3D scene (3D: three dimensional). The visible light sensor 11 and the near infrared light sensor 12 may include lenses, buffers, controllers, processing electronics, etc. The visible light sensor 11 and the near infrared light sensor 12 may relate to commercially available sensors such as e2v semiconductors SAS EV76C570 CMOS image sensor, equipped with a blocking optical filter <500 nm wavelength for the visible light sensor 11 and with a blocking optical filter of >700 nm for the near infrared light sensor 12, or such as OmniVision OV4686 RGB-Ir sensor, with the visible light sensor 11 and the near infrared light sensor 12 combined in one chip and having included a RGB-Ir filter). The light sources 14 may include a visible light and/or near infrared light generator such as an LED (LED: light emitting diode). The light sources 14 may relate to commercially available light sources such as high power LEDs SMB1N series from Roithner Laser Technik GmbH, Vienna. The time of flight camera 13 may relate to a REAL3™ of the company Infineon™, and may include the specifications: direct measurement of depth and amplitude in every pixel; highest accuracy; lean computational load; active modulated infra-red light and patented Suppression of Background Illumination (SBI) circuitry in every pixel; full operation in any light condition: darkness and bright sunlight; monocular system architecture having no mechanical baseline; smallest size and high design flexibility; no limitation in close range operation; no special requirements on mechanical stability; no mechanical alignment and angle correction; no recalibration or risk of de-calibration due to drops, vibrations or thermal bending; easy and very fast once-in-a-lifetime calibration; cost efficient manufacturing.

[0065] As illustrated in FIG. 3, in some embodiments, the hand imaging device 1 is connected with a user interface 19, such as a graphical user interface of a tablet computer, etc. The user interface 19 includes a display 191 and optionally a physical or virtual keyboard 192. Because of hygienic reasons, a virtual keyboard of a touchscreen is preferred, which is easier to clean than a physical keyboard. In other embodiments, the hand imaging device 1 is configured to register finger gestures, thereby replacing the touchscreen and improving hygienic conditions further The hand imaging device 1 may be configured for displaying guidance information to the current person 9 on the display 191 of the user interface 19 for bringing the hand 91 into a desired position with respect to the hand imaging device 1.

[0066] FIG. 4 illustrates schematically the palm of the left hand 91 of a current person 9. The left hand 91 has a thumb t, an index finger i, a middle finger m, a ring finger r, and a little finger l. FIG. 4 illustrates schematically an image of the palm of the left hand 91 of the current person 9 which was captured with a visible light sensor (e.g. 400 nm to 600 nm). The hand 91 has a palm print P, which in particular includes lifelines, which can be identified in visible light. Additionally or alternatively, vein patterns of the hand 91 can be determined from image data captured in near infrared light (e.g. 700 nm to 900 nm). FIG. 4 does not illustrate vein patterns.

[0067] As is illustrated in FIG. 4, the palm print P, which in particular includes lifelines, of the hand 91 includes current features, which are derived from particular lengths, positions, curvatures, textures, etc. By comparison with pre-stored features of enrolled persons, determining identification information of the current person 9 is enabled, in particular in combination with features determined from respective vein patterns. Furthermore, current features may include geometric features such as length, width of fingers or hand, 3D-geometry, etc. Furthermore, current features may include features of the back of the hand determined from image data captured in visible light, in near infrared light, or a combination thereof.

[0068] FIG. 5 illustrates schematically the venous network of the back of the right hand 91 of the current person 9. The right hand 91 has a thumb t, an index finger i, a middle finger m, a ring finger r, and a little finger l. As illustrated in FIG. 5, the back of the hand 91 includes veins, which include the dorsal venous network 911 (rete venosum dorsale manus) and the dorsal metacarpal veins 912 (Vv. metacarpals dorsales). Vein patterns can be determined from image data captured with a near infrared light sensor, and individual biometric features can be determined form the image data captured in near infrared light. Respective vein patterns can be determined on the palm side of a hand.

REFERENCE SIGNS

[0069] 1,1′, . . . hand imaging devices [0070] 2, 2′, . . . supervisor device [0071] 3, 3′, . . . cash desks [0072] 4 banking gateway [0073] 5, 5′, . . . banks [0074] 7 supervisor [0075] 8 store clerk [0076] 9 current person [0077] 91 hand of current person [0078] P palm print of hand [0079] 911, 912 dorsal venous network, dorsal metacarpal veins of hand [0080] 11 federation server [0081] 12 database of federation server [0082] 21 payment service server [0083] 22 database of payment service server [0084] 31 store management server [0085] 32 database of store management server [0086] t,i,m,r,l thumb finger, index finger, middle finger, ring finger, little finger