Biometric identification method.

The progressive biometric enrollment method addresses the inefficiency of multiple biometric enrollment by using a mobile device for initial enrollment and a biometric terminal for dual verification, reducing in-store time and maintaining high security through dual biometric verification.

FR3170050A1Pending Publication Date: 2026-06-19BANKS & ACQUIRERS INT HLDG SAS

Patent Information

Authority / Receiving Office
FR · FR
Patent Type
Applications
Current Assignee / Owner
BANKS & ACQUIRERS INT HLDG SAS
Filing Date
2024-12-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing biometric identification systems require lengthy enrollment processes, especially when multiple biometric options are involved, necessitating users to spend time registering reference data points in-store, which can be cumbersome and time-consuming.

Method used

A progressive biometric enrollment method that records a first biometric trait on a mobile device and a second biometric trait on a biometric terminal, allowing simultaneous acquisition and enrollment, with the second biometric trait being recorded during subsequent identification processes, thereby streamlining the enrollment process without sacrificing security.

Benefits of technology

This approach significantly reduces the time spent in-store for enrollment by allowing initial enrollment on a mobile device and completing the process with minimal in-store interaction, maintaining high security through dual biometric verification, ensuring efficient and secure user identification and transaction processing.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

The present invention relates to a method for identifying an individual in a system (1), characterized in that it comprises the implementation of the following steps: Biometric enrollment of said individual, including the recording of at least one personal data item and a first reference biometric data item acquired from a first biometric feature of the individual; Identification of said individual by comparing a first candidate biometric data item acquired from said first biometric feature of the individual with a plurality of first reference biometric data items, including the simultaneous acquisition of said first candidate biometric data item and a second candidate biometric data item acquired from a second biometric feature of the individual, different from the first biometric feature; Recording of the second candidate biometric data item as a second reference biometric data item, so as to complete the biometric enrollment of said individual. Fig. 1
Need to check novelty before this filing date? Find Prior Art

Description

Title of the invention: Biometric identification method.

[0001] GENERAL TECHNICAL FIELD

[0002] The present invention relates to the field of authentication / identification. In particular, it concerns a method for the biometric identification of an individual, having an enrollment component, in particular for the implementation of a transaction.

[0003] STATE OF THE ART

[0004] Traditionally, merchants have an electronic payment terminal (POS) on which payment can be made using a bank card, where appropriate after entering a PIN code.

[0005] Recently, fully biometric POS terminals have been proposed on which there is no longer any need to present a bank card: the user is identified by presenting their biometric feature directly on the POS terminal (equipped with a suitable sensor), and a dematerialized (tokenized) card is associated with their identity, which is used for payment.

[0006] To achieve maximum security, it was specifically chosen to use palm venous biometry, i.e., mapping the vascular patterns of the palm of the hand. The principle is as follows: 1. Enrollment: Customers register their palm veins and link them to their in-store payment methods. 2. Acquisition: During checkout, customers place their hand over a sensor integrated into the payment terminal. This sensor uses near-infrared light to capture the unique patterns of veins under the skin. 3. Verification: The captured vein pattern (candidate biometric data) is compared to reference biometric data associated with each already enrolled user. 4. Payment processing: In the event of a successful match, the payment is processed using the linked card information.

[0007] Generally, in biometric authentication, several biometrics, called "modalities," are used in order to increase security and, above all, to still allow the user to pay in case of technical difficulties with a biometric. Modalities can be ranked according to their level of security.

[0008] Thus, venous biometrics is typically rank 1, and a "visual" palm biometric, based simply on the shape of the palm and the lines of the hand, i.e., without the venous network, is generally added as rank 2, in a manner similar to facial recognition. This is referred to as a "palmar print." the image of the palm under visible light and a "vein print" to designate the venous pattern of the palm under infrared light.

[0009] Indeed, it is possible in a single acquisition of the palm of the hand to obtain the palmar impression and the venous impression by simply increasing the width of the spectrum.

[0010] And if the system fails to identify the user on the basis of his vein pattern for any reason, it attempts to do so on the basis of the palm print so as not to block the payment.

[0011] This method is entirely satisfactory, but enrollment could be improved, particularly if there are multiple options. Indeed, in-store, the user must spend time creating an account, entering the associated information, and registering a reference biometric data point for each option.

[0012] The present invention improves the situation. PRESENTATION OF THE INVENTION

[0013] The present invention therefore relates, in a first aspect, to a method for identifying an individual in a system, characterized in that it comprises the implementation of steps of: A. Biometric enrollment of said individual, comprising a substep (a1) of recording at least one personal data, and a substep (a2) of recording a first biometric reference data acquired on a first biometric trait of the individual with a first sensor of a biometric terminal of said system or of a mobile terminal of the individual; B. Identification of said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor of the biometric terminal with a plurality of first reference biometric data of accounts, including the simultaneous acquisition of said first candidate biometric data and a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with a second sensor of the biometric terminal; C. recording the second candidate biometric data as the second reference biometric data, so as to complete the biometric enrollment of said individual.

[0014] According to advantageous and non-limiting features:

[0015] Said system further comprises at least one server including data storage means storing an account database, the server being connected to the biometric terminal via a network, said at least one personal data, first biometric reference data and second biometric reference data being transmitted to said server for registration in the account database.

[0016] Enrollment (A) includes: a. Creation of an account of said individual on a mobile terminal of said individual, including said substep (a1) of recording at least one personal data, and said substep (a2) of recording a first biometric reference data acquired on a first biometric trait of the individual with a first sensor of said mobile terminal. b. Transmission of a request to finalize said account containing a unique identifier of said account from the mobile terminal to a biometric terminal of said system; c. Authentication of said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with a first sensor of the biometric terminal, with the first reference biometric data of the account associated with said unique identifier transmitted; d. Validation of said individual's account.

[0017] Said substep (al) further includes the registration of a means of payment of said individual, said account being for biometric payment in said system by means of said means of payment; said biometric terminal being preferably an electronic payment terminal.

[0018] The recording (C) of the second candidate biometric data is implemented only if none of a plurality of second reference account biometric data coincides with the second candidate biometric data.

[0019] The identification (B) of said individual includes first comparing the second candidate biometric data with said plurality of second reference biometric data from accounts, then if no second reference biometric data coincides with the second candidate biometric data, comparing the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor of the biometric terminal with a plurality of first reference biometric data from accounts, and recording (C) the second candidate biometric data.

[0020] Said first sensor and second sensor of the biometric terminal are confused.

[0021] Said first biometric feature is a palm print and the second biometric feature is a vein print.

[0022] According to a second aspect, the invention proposes a method for carrying out a transaction by an individual on a biometric terminal of a system, said biometric terminal being an electronic payment terminal, characterized in that it includes, following the implementation of the process according to the first aspect of identifying said individual in the system, the implementation of a step (D) of use by said biometric terminal of the data of a means of payment of the individual associated with the individual's account for the implementation of the transaction.

[0023] According to a third aspect, the invention proposes a biometric terminal of a system comprising a first sensor and a second sensor, characterized in that it comprises data processing means configured to, following the biometric enrollment of said individual with recording of at least one personal data point and a first reference biometric data point acquired on a first biometric trait of the individual: - Identify said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor with a plurality of first reference biometric data of accounts, including the simultaneous acquisition of said first candidate biometric data and a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor; - record the second candidate biometric data as the second reference biometric data, so as to complete the biometric enrollment of said individual.

[0024] According to a fourth and a fifth aspect, the invention relates to a computer program product comprising code instructions for executing a method according to one of the first aspects of identifying said individual in a system, or a method according to the second aspect for implementing a transaction by the individual, on a biometric terminal of the system; and a computer-readable storage means on which is recorded a computer program product comprising code instructions for executing a method according to the first aspect of identifying said individual in a system, or a method according to the second aspect for implementing a transaction by the individual, on a biometric terminal of the system. PRESENTATION OF THE FIGURES

[0025] Other features and advantages of the present invention will become apparent from the following description of a preferred embodiment. This description will be given with reference to the accompanying drawings in which:

[0026] [Fig.1] [Fig.1] is a diagram of a system for implementing the method according to the invention;

[0027] [Fig.2a] [Fig.2a] is a flowchart illustrating the steps of a first embodiment of the process according to the invention;

[0028] [Fig.2b] [Fig.2b] is a flowchart illustrating the steps of a second embodiment of the process according to the invention. DETAILED DESCRIPTION

[0029] Architecture

[0030] The present invention relates to methods: • biometric identification of an individual in a system 1 (which also constitutes a biometric enrollment process for said individual), and • for the implementation of a particular transaction on an electronic payment terminal (POS) of system 1 following the identification of the individual.

[0031] System 1 is thus typically the computer system of a store or, more generally, of a merchant, but the notion of transaction may be in a broad sense, beyond payment: for example, system 1 may be that of a secure building or of a company, and identification for the purpose of access control.

[0032] System 1 generally has a local network 30, i.e. a private network interconnecting the equipment that is part of this system 1, where appropriate through a VPN (the local network 30 may itself be composed of several subnets connected via a public wide area network 20 such as the internet - through said VPN).

[0033] In all cases, the processes are preferably implemented in an environment such as that shown in [Fig.1].

[0034] Biometric enrollment means the construction of an individual's account (also called a profile) allowing the subsequent identification of that user in the system in a purely biometric manner.

[0035] Thus, in practical terms, each user account in system 1 is defined by a unique identifier and is associated with at least one piece of personal data (surname, first name, address, etc.), at least one initial biometric reference data point for the user, and at least one second biometric reference data point for the user. As will be seen, each account is also preferably associated with at least one piece of technical data point defining a use of the account, in particular the data of a payment method for said user (in the case of identification for the implementation of a transaction, for example, the data of a dematerialized bank card) or access rights (in the case of identification for secure access), etc.

[0036] The first biometric data is acquired on a first biometric trait of the individual (or simply "biometrics" of the individual) and the second biometric data is acquired on a second biometric trait of the individual, different from the first biometric trait.

[0037] The first and second biometric traits may be any known biometric trait used in authentication / identification, for example the face, a fingerprint, an iris, a palm print, a vein pattern, etc. The first biometric trait is preferably of rank 2 and the second biometric trait of rank 1.

[0038] Thus, preferably, the first biometric feature is the palm print and the second biometric feature is the vein pattern. It should be noted that both are palm biometrics, but the palm print is a simple visual biometric (similar to facial biometrics), whereas the vein pattern is a biometric of the venous network of the palm, i.e., under the skin, which is not visible in a simple image of the palm and requires a specific sensor. Furthermore, the enrollment of this latter biometric is more complex.

[0039] System 1 includes at least one biometric terminal 10 which is typically an enrollment and, where appropriate, identification terminal, for example a terminal at the store reception.

[0040] Alternatively, it could be directly an electronic payment terminal (EPT) in the store, i.e., at the checkout, or even a mobile terminal. In all cases, the system 1 can include a large number of terminals 10, possibly of various types. It is also possible that several terminals 10 of the same system 1 may be involved in turn (for example, a first biometric terminal 10 for enrollment, a second biometric terminal 10 for initial identification, a third biometric terminal 10 for subsequent identification, etc.).

[0041] By biometric terminal 10, we mean any terminal suitable for identification / authentication within system 1 and forming part of that system 1, i.e., a secure terminal and not an external terminal. It can be operated by a trusted person such as an employee to prevent fraud.

[0042] In the remainder of this description, we will refer to the enrollment terminal or the identification terminal, as appropriate, but again, either one or both of these roles can be assigned to any terminal 10 according to the invention. This terminal may be an existing terminal already adapted for traditional enrollment as described in the introduction to this application (in addition to the present method(s) that are the subject of the invention).

[0043] As will be seen, each terminal 10 comprises at least a first sensor 14 for acquiring the first biometric data on the first biometric feature, and a second sensor 15 for acquiring the second biometric data on the second biometric feature (i.e., biometric sensors). Preferably, and as shown in [Fig.1], the first and second sensors can in practice be confused, i.e. a single sensor 14, 15 can acquire both the first and second biometric data, either because this sensor "sees" both traits at the same time, or because it has an extended acquisition range.

[0044] Thus, preferably the sensor 14 is an optical sensor such as a camera, in particular with an extended spectrum, i.e. in visible light + Infrared.

[0045] This is particularly suitable in the case where the first and second biometric features are respectively the palm print and the vein print: a single sensor 14 can observe the palm of the hand (for example, placed on the upper surface of the terminal 10 or just next to it, pointing upwards) and produce the two biometric data on the basis of the two parts of the spectrum.

[0046] It will nevertheless be understood that the present method is not limited to any choice of biometrics or sensors, the latter even being, in practice, connected peripherals. For example, one can easily imagine that the first biometric feature is the palm print and the second biometric feature is the face, the two corresponding biometric data being acquired respectively by two distinct sensors (but of the same type – simple cameras) and positioned differently (for example, on the upper surface of terminal 10 to observe the palm, and on the ceiling to observe the face).

[0047] The terminal 10 may also conventionally include data processing means 11 (such as a processor), data storage means 12 (memory), an interface 13 for entering account data (for example a touch screen), wireless proximity communication means (for example NFC, see below), etc.

[0048] The system 1 advantageously includes a central server 3 for managing user accounts (particularly those created via terminal 10). It can be connected via the local network 30 of system 1 to the terminal(s) 10 and to any non-biometric POS terminals (it is entirely possible that the system includes "ordinary" POS terminals that are not capable of implementing enrollment). Alternatively, it can be used as a terminal 10, for example, in a case where there is a single secure terminal dedicated to enrollment at the store's reception desk. Generally, the server 3 also includes data processing means 31 and data storage means 32, the latter preferentially storing a database of user accounts, particularly in a secure manner (specifically encrypted for the protection of personal data).

[0049] With reference to [Fig. 1], we also advantageously have a mobile terminal 2 of the individual wishing to enroll (i.e., create and activate their account to be able to identify themselves biometrically with system 1). This is typically a terminal smartphone-type personal device. Mobile terminal 2 is itself, like terminal 10, a biometric terminal, but it is not part of system 1 (i.e., it is outside the local network 30).

[0050] Terminal 2 is only connected to system 1 via network 20 (a public wide area network such as intermet), in particular to server 3, and where appropriate indirectly to terminal 10.

[0051] It itself has at least one first sensor 24 for acquiring the first biometric data on the first biometric trait (typically a camera), but preferably said first biometric sensor 24 of the mobile terminal 2 is not capable of acquiring biometric data on said second biometric trait of the individual (i.e., second biometric data). In general, said mobile terminal 2 preferably does not include any sensor capable of acquiring biometric data on said second biometric trait of the individual. Put another way, it can be said that preferably the first and second biometric traits are chosen such that the terminal 2 (and generally ordinary mobile terminals) only have sensors for acquiring the first biometric data on the first trait, i.e., rank 2 but not rank 1.

[0052] It should be noted that this is the case with smartphones and palm biometrics: every smartphone has a 24-camera type sensor capable of acquiring a visible image of the palm (palm print), but not of observing the vein pattern (vein print). This configuration offers a maximum level of security, as will be seen later.

[0053] Furthermore, it remains entirely possible that terminal 2 may have at least one other sensor, possibly a biometric sensor, particularly for acquiring other biometric data on a different biometric feature (different from the first and second features), but not used by the present method. For example, many smartphones may have a fingerprint sensor, which will not be used in the case of palm biometrics. In all cases, sensor 24 is referred to here as the first sensor (even if there is no other sensor) by analogy with the first sensor 14 of the biometric terminal 10, since they both target the first biometric feature.

[0054] In a conventional manner, the terminal 2 also most often has data processing means 21 (typically a processor), data storage means 22 (memory, for example flash), an interface 23 (for example a touch screen), wireless proximity communication means (for example NFC), etc., which are common for any mobile terminal such as a smartphone.

[0055] Progressive enrollment identification method

[0056] The present method advantageously proposes to significantly limit the time spent in store in front of terminal 10 for enrollment, by allowing the individual to complete their enrollment in a manner without sacrificing security.

[0057] With reference to figures 2a and 2b, which represent two embodiments thereof, the invention thus relates, according to a first aspect, to a method of identifying said individual in the system 1 beginning with a step (A) of biometric enrollment of said individual.

[0058] This enrollment includes at least one substep (a1) of recording at least one personal data, and a substep (a2) of recording a first biometric reference data acquired on a first biometric trait of the individual with a first sensor 14, 24 of a biometric terminal 10 of said system 1 or of a mobile terminal 2 of the individual, which will be described later.

[0059] This enrollment can be done in any known way, and in particular in store directly on a terminal 10 dedicated to enrollment, for example at the reception.

[0060] It should be noted that, generally, steps (a1) and (a2) can be performed in any order and in any known manner. For example, (a1) may include the entry of said personal data on an interface 13, 23 of the biometric terminal 10 of said system 1 or of the individual's mobile terminal 2, or its automatic retrieval from an identity document. Similarly, any payment data may be entered manually (bank card numbers) or obtained directly from a bank server.

[0061] With regard to (a2), in practice, several initial reference biometric data sets can be acquired and, where appropriate, recorded to increase robustness. The objective is to create a biometric "template" that will be used in future identifications, as opposed to what is called a candidate biometric data set, i.e., a fresh data set. For example, in the case of a palm print, the individual can be asked to photograph their palm several times while moving it slightly. In addition, the terminal 10, 2 can be configured to ask the individual to restart the acquisition of an initial biometric data set if it is of insufficient quality.

[0062] In the case where system 1 further includes a central server 3 storing an account database, said at least one personal data and first biometric reference data (and where applicable said means of payment data and / or second biometric reference data) are transmitted to said server 3 for registration in the account database (so as to be associated with said account of the individual being created).

[0063] It should be noted that although the second biometric will be required for identification, enrollment (A) does not generally include the recording of a second Given the reference biometric data acquired on a second biometric trait of the individual, or at least not enough for biometric identification to be implemented based on the second biometric. Indeed, first-order biometrics are generally much more complex to enroll than second-order biometrics; for example, while one acquisition is usually sufficient for a palm print, many will be required for a vein print.

[0064] The present method simply enrolls the first biometric at this stage, which is therefore quick and easy for the individual, and the second biometric will be enrolled later, as will be seen, naturally and potentially without the individual even realizing it. This is referred to as "progressive" enrollment because it takes place in several phases.

[0065] To rephrase, it is understood that upon completion of enrollment (A), the individual's account is validated, i.e., the account creation is considered finalized, but only with regard to the initial biometric data. Account validation with regard to biometric data will take place later.

[0066] In summary, this first validation allows the first biometric to be used for user identification, but not yet the second biometric.

[0067] According to a preferred embodiment, the time spent in store in front of terminal 10 for enrollment can be further limited by allowing the individual to proceed on their own mobile terminal 2, for example from home, without sacrificing security.

[0068] To this end, enrollment (A) advantageously begins with step (a) of creating an account for the individual on the mobile terminal 2. It should be understood that while this step (a) allows for the creation of the account, it is not yet finalized and, in particular, not yet usable for identification. To rephrase, step (a) can be seen as a step for creating a "provisional" account, subject to confirmation. Again, this is a progressive enrollment process insofar as it is carried out in several phases.

[0069] In particular, step (a) may begin by obtaining a unique identifier for the individual, for example either by generating it directly, in particular randomly, or by transforming that of an existing ordinary customer account but devoid of any biometrics.

[0070] Step (a) comprises said substeps (a1) of recording at least one personal data item, and advantageously any other technical data such as the data of a means of payment of said individual, for example the data of a dematerialized bank card of the individual; and (a2) of recording a first biometric reference data item acquired on the first biometric trait of the individual with the first sensor 24 of said mobile terminal 2. This data is associated with said individual's account.

[0071] As explained, in the case where system 1 further includes a central server 3 storing an account database, said at least one personal data item and first biometric reference data item (and where applicable said payment method data and / or second biometric reference data item) are transmitted to said server 3 for registration in the account database (so as to be associated with said individual's account being created). A marker may be associated with said account in the database to indicate that it is being created and is not yet usable for identification.

[0072] In all cases, it is assumed that at the end of step (a) there is a "provisional" account for the individual comprising a unique identifier, at least one personal data item, and a reference biometric data item. Up to this point, the individual has been able to do everything on their terminal 2, without needing to go to a store.

[0073] To finalize account creation, it is still necessary to use the biometric terminal 10 of system 1, but in a particularly streamlined manner. In other words, the level of security afforded by the requirement for an in-store procedure on a secure terminal is maintained, but most of the cumbersome actions (manual data entry, recording of the reference biometric data) can be performed beforehand, in a more convenient way for the individual. The time spent at terminal 10 can be very brief.

[0074] Indeed, it is sufficient, in a step (b), to transmit a finalization request for said account containing said unique identifier of said account from the mobile terminal 2 to the enrollment terminal 10.

[0075] Preferably, this step (b) is implemented via a proximity communication channel, in particular an optical channel or a near-field radio channel, which ensures that the individual is nearby (in the store) and has terminal 2: this is a first authentication factor.

[0076] Advantageously, the request is in the form of a QR code displayed by interface 23 of terminal 2, encoding the identifier. Any existing cryptographic technique may be used for this step.

[0077] The said QR code is then read by the terminal 10, advantageously directly by the first biometric sensor 14 (which, it should be recalled, is advantageously a camera).

[0078] It should be noted that terminal 10 can be a payment terminal, i.e., the individual can implement step (b) and finalize the creation of their account simply by going through the checkout. Subsequent checkout transactions can be made simply by presenting biometrics, without even needing the mobile terminal 2 beforehand (since the account will then be operational, see further).

[0079] In this embodiment, the remainder of the enrollment process can be implemented automatically without further intervention from the individual. Thus, in a step (c), said individual is authenticated by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the terminal 10, with the first reference biometric data of the account associated with said unique identifier transmitted.

[0080] Biometrics is thus a second authentication factor, which allows for total security for this enrollment.

[0081] This typically involves accessing server 3 to obtain the first reference biometric data based on the transmitted unique identifier. For example, terminal 10 sends an authentication request to server 3, including the identifier and the first candidate biometric data. Server 3 accesses the first reference biometric data corresponding to the "provisional" account identified by the transmitted unique identifier and checks whether it matches the received candidate biometric data (according to a known metric, for example, Euclidean distance), and returns the result: • If the said unique identifier does not exist, or is not that of an account being created, a comparison cannot be made. The individual will be offered the opportunity to create a new account directly on terminal 10, preventing fraud as it will require presentation of an identity document. • if the unique identifier is correct but the individual has for example stolen terminal 2 from a third party, biometric authentication will be rejected and an alert will be issued.

[0082] If authentication is successful, in step (d) the individual's account is validated, i.e., the account creation is considered finalized, for example by changing a marker in the database from "provisional" to "validated". Note that step (d) may include, if necessary, obtaining any missing personal (or other) data.

[0083] As explained, this validation only allows the first biometric to be used for user identification (and generally only that one). The optional marker may reflect whether the account is valid only for the first biometric, or also for the second.

[0084] It is noted that said mobile terminal 2 does not generally include a sensor capable of acquiring biometric data on said second biometric trait of the individual, hence the fact that it is impossible to record in advance The second biometric reference data point is different from the first. This is what makes the second biometric significantly more secure. The current process, which enrolls it separately, is therefore all the more suitable.

[0085] Continuation of the progressive enrollment identification process

[0086] Once the account creation is finalized, it can be used for individual identification, and in particular for payment.

[0087] As explained, and in particular if the first biometric is of rank two (this is the case of the palm print) it is necessary to continue the enrollment to add a second biometric of rank 1, and the present process will very cleverly allow this to be done during one or more identifications.

[0088] Generally, an identification of said individual is carried out by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first reference biometric data of accounts (validated, themselves obtained by the enrollment process as described) and / or by comparing a second candidate biometric data acquired on said first biometric trait of the individual with the second sensor 15 of the biometric terminal 10 with a plurality of second reference biometric data of accounts (validated).

[0089] The objective is to determine the unique identifier of the individual's account, as being that of the account associated with the first reference biometric data coinciding with the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10, and / or that of the account associated with the second reference biometric data coinciding with the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor 15 of the biometric terminal 10.

[0090] In this case, due to the lack of a second biometric currently being registered, the individual can only be identified on the basis of the first biometric.

[0091] The method thus includes a step (B) of comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first reference biometric data of accounts.

[0092] However, the present method nevertheless proposes that step (B) include the simultaneous acquisition of the first candidate biometric data and the second candidate biometric data, particularly when the same sensor 14, 15 of the terminal 10 allows the acquisition of both biometric data at the same time (first and second sensors combined).

[0093] More specifically, considering that the first biometric is of rank 2 (secondary biometric) and the second biometric is of rank 1 (primary biometric), in a way Preferably, step (B) begins by comparing the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor 15 of the biometric terminal 10 with the plurality of second reference biometric data of accounts.

[0094] If no second biometric reference data is found coinciding with the second candidate biometric data, one can proceed to compare the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first biometric reference data of accounts.

[0095] The idea is to use the first biometric method as a fallback (in second position), so as to still allow for identification. It should be noted that since security is lower, the rights associated with this "degraded" identification may be more limited (for example, a transaction may only be authorized below a threshold amount such as €50). Alternatively or in addition, fees may be imposed to account for the risk of a less secure transaction.

[0096] But cleverly, the invention further proposes a step (C) of recording the second candidate biometric data as a second reference biometric data, so as to complete the biometric enrollment of said individual, and this if necessary until enough second reference biometric data are available to be able to identify the individual directly on the basis of the second biometric.

[0097] Indeed, it is recalled that step (B) directly includes the simultaneous acquisition of the first candidate biometric data and the second candidate biometric data on the biometric terminal 10, so that we already have the two biometric data, and we are sure that they are from the same individual.

[0098] Step (B) is therefore original because it performs both identification and enrollment: terminal 10 simply acquires the second candidate biometric data by default, and its role varies: • either the second biometric is validated, and then the second candidate biometric data is used for identification; • If the second biometric is not validated, then the second candidate biometric data is used for enrollment.

[0099] The recording (C) of the second candidate biometric data is advantageously implemented only if none of a plurality of second reference account biometric data coincides with the second candidate biometric data. In other words, this is the mode in which an automatic attempt is made to begin with identification based on the second biometric, and if this fails on the second biometric but succeeds on the first biometrics, the system deduces that the second biometric is not enrolled for the individual (or at least there is not enough second biometric reference data), and proceeds to registration (C).

[0100] Note that alternatively, as explained, we can have an account marker indicating that the individual's account is not enrolled for the second biometric, so as to avoid recording the second candidate data if there was already at least one second reference biometric data that should have coincided with the second candidate biometric data, and that an error is adjusted for example due to the quality of the acquisition.

[0101] The recording (C) may be done as in step (a2), where appropriate by transmission to server 3 so as to complete the account database.

[0102] This identification-enrollment is particularly interesting in the case where terminal 10 is an electronic payment terminal, for two reasons: - we can achieve the dual biometric level (maximum security) without even going through reception; - we repeatedly pass over an electronic payment terminal, which in practice allows the acquisition of several second reference data points if necessary, as explained.

[0103] Preferably, the method includes a new account validation, similar to step (d), thus allowing full use of the second biometric for individual identification. The account marker, if any, can be updated.

[0104] Naturally, step (B) can be repeated as many times as the individual needs to be identified, for example to implement various transactions (checkouts in the store), if necessary without step (C) (since there will be a matching based on the second biometric data).

[0105] Note that at each occurrence of step (B) the terminal 10 may be a different terminal from system 1, and where appropriate itself a different terminal from the one on which the enrollment (A) was carried out.

[0106] Note that in all cases it can be provided, during subsequent identifications (B), that even if the individual is identified by comparing the second candidate biometric data acquired on said second biometric feature of the individual with the second sensor 14 of the biometric terminal 10 with the plurality of second reference biometric data of accounts, the comparison of the first candidate biometric data acquired on said first biometric feature of the individual with the first sensor 14 of the biometric terminal 10 with the plurality of first reference biometric data of accounts will still be implemented.

[0107] This allows for "strong" identification (2 factors) which may be desirable, for example, in a situation where maximum security is required (for example, for a transaction exceeding a threshold amount such as €500).

[0108] According to a preferred embodiment and in accordance with [Fig.2b], in the case where enrollment (A) includes an authentication step (c), this can, like identification (B), itself include the simultaneous acquisition of said first candidate biometric data and the second reference biometric data, on the enrollment terminal 10, again particularly when the same sensor 14, 15 of the terminal 10 allows the acquisition of both biometric data at the same time (first and second sensors combined).

[0109] Thus, even while the first candidate data for individual authentication is being acquired (step (c)), the second reference data is being acquired in advance, so that the individual is contacted minimally. This is an original step because it performs both authentication and enrollment (and of course, the same biometric terminal 10 performs both tasks).

[0110] In summary: - We have a first simultaneous acquisition of said first candidate biometric data and of the second reference biometric data, during step (c) of enrollment (A); - The other second biometric data required during subsequent identifications (B). [YES] Procedure for implementing a transaction

[0112] According to a second aspect, the invention relates to a method for implementing a transaction on the biometric terminal 10, the latter being an electronic payment terminal (EPT), following the identification process according to the second aspect, i.e., it is assumed that the individual has been identified, that is, that the unique identifier of that individual's account has been determined at the end of step (B). This third aspect further implies that the data of an individual's means of payment, for example, the data of an individual's dematerialized bank card, have been associated with said individual's account, i.e., that substep (a1a) of the enrollment process typically also included the registration of said individual's means of payment. In other words, the account created is for biometric payment in said system 1 by means of said means of payment.

[0113] The method then includes a step (D) of using said terminal 10 the data of an individual's means of payment associated with the individual's account (recorded in their account) to carry out the transaction. It is understood that the biometric terminal 10 is here the same terminal as that on which Identification has been obtained, and in practice steps (B) to (D) are linked and are not distinguishable by the individual.

[0114] Thus, the transaction is implemented automatically using the electronic payment method associated with his account, so that he does not need to do anything and in particular does not need to present any means of payment.

[0115] Thus, preferably, step (D) does not include the use of any means of payment other than the dematerialized one (the one whose data is associated with his account).

[0116] In summary, we have an optimal user experience, while maintaining the maximum level of security and greatly streamlining the enrollment process.

[0117] Note that we will not be limited to the context of a process for implementing a transaction, and that identification can be used for any useful purpose, for example in an access control process: the individual is for example authorized to pass through a secure door or open an application if his account is associated with data representing an access authorization.

[0118] Terminals

[0119] According to a third aspect, the invention relates to the biometric terminal 10 of a system 1 for the implementation of one or more of the processes according to the first and second aspects, i.e. an enrollment, identification and / or transaction terminal.

[0120] Thus, this terminal 10 includes, as explained, at least data processing means 11 and a memory 12, at least a first biometric sensor 14 and a second biometric sensor 15, possibly combined with the first sensor 14, and advantageously an interface 13 and / or near field communication means.

[0121] It is advantageously connected via network 20 and / or 30 to a server 3 of system 1.

[0122] The data processing means 31 are at least configured to, following the biometric enrollment of said individual with recording of at least one personal data recording of a first reference biometric data acquired on a first biometric trait of the individual, implement the steps of: - Identifying said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 with a plurality of first reference biometric data of accounts, including the simultaneous acquisition of said first candidate biometric data and a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor 15; - record the second candidate biometric data as the second reference biometric data, so as to complete the biometric enrollment of said individual.

[0123] In the case of a transaction terminal 10, i.e., an POS terminal, the data processing means 11 can be further configured to: - to use data from an individual's payment method associated with the individual's account for the implementation of the transaction.

[0124] According to another aspect, the invention proposes an assembly comprising the terminal 10 according to the fourth aspect, and a mobile terminal 2. It is naturally possible to have several terminals 10, 2.

[0125] This or these mobile terminals 2 also include, as explained, at least data processing means 21, a memory 22, and a biometric sensor 24, and advantageously an interface 23 and / or near field communication means.

[0126] The assembly may further include a server 3.

[0127] The data processing means 21 of the mobile terminal 2 are configured to, when the account of said individual is created on the mobile terminal 2: - Acquire a first biometric reference data on a first biometric trait of the individual with the first sensor 24; - record at least the said personal data and the first biometric reference data.

[0128] Computer program product

[0129] According to a fourth and a fifth aspect, the invention relates to a computer program product comprising code instructions for the execution (on the data processing means 11,21 of the terminals 10 and 2) of a method according to the first aspect of identifying said individual in a system 1, or a method according to the second aspect for carrying out a transaction by the individual, on a biometric terminal 10 of the system 1; as well as computer-readable storage means (for example the data storage means 12, 22 of the terminals 10 and 2) on which this computer program product is found.

Claims

Demands

1. A method for identifying an individual in a system (1), characterized in that it comprises the implementation of steps of: A. Biometric enrollment of said individual, comprising a substep (a1) of recording at least one personal data item, and a substep (a2) of recording a first reference biometric data item acquired on a first biometric trait of the individual with a first sensor (14, 24) of a biometric terminal (10) of said system (1) or of a mobile terminal (2) of the individual; B.Identification of said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14) of the biometric terminal (10) with a plurality of first reference biometric data of accounts, including the simultaneous acquisition of said first candidate biometric data and a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with a second sensor (15) of the biometric terminal (10); C. recording of the second candidate biometric data as second reference biometric data, so as to complete the biometric enrollment of said individual.

2. A method according to claim 1, wherein said system (1) further comprises at least one server (3) comprising data storage means (32) storing an account database, the server (3) being connected to the biometric terminal (2) by a network (20, 30), said at least one personal data, first biometric reference data and second biometric reference data being transmitted to said server for recording in the account database.

3. A method according to any one of claims 1 and 2, wherein the enrollment (A) comprises: a. Creation of an account for said individual on a mobile terminal (2) of said individual, comprising said substep (a1) of recording at least one personal data item, and said substep (a2) of recording a first biometric reference data item acquired from a first biometric feature of the individual with a first sensor (24) of said mobile terminal (2). b. Transmission of a finalization request for said account containing a unique identifier for said account from the mobile terminal (2) to a biometric terminal (10) of said system (1); c. Authentication of said individual by comparing a first candidate biometric data item acquired from said first biometric feature of the individual with a first sensor (14) of the biometric terminal (10), with the first biometric reference data item of the account associated with said transmitted unique identifier; d. Validation of said account for said individual.

4. A method according to any one of claims 1 to 3, wherein said substep (a1a) further comprises the registration of a means of payment of said individual, said account being for biometric payment in said system (1) by means of said means of payment; said biometric terminal (10) preferably being an electronic payment terminal.

5. A method according to any one of claims 1 to 4, wherein the recording (C) of the second candidate biometric data is implemented only if none of a plurality of second reference account biometric data coincides with the second candidate biometric data.

6. A method according to claim 5, wherein the identification (B) of said individual first comprises comparing the second candidate biometric data with said plurality of second reference biometric data from accounts, and then, if no second reference biometric data coincides with the second candidate biometric data, comparing the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14) of the biometric terminal (10) with a plurality of first biometric reference account data, and the record (C) of the second candidate biometric data.

7. A method according to any one of claims 1 to 6, wherein said first sensor (14) and second sensor (15) of the biometric terminal (10) are combined.

8. A method according to any one of claims 1 to 7, wherein said first biometric feature is a palm print and the second biometric feature is a vein print.

9. A method for carrying out a transaction by an individual, on a biometric terminal (10) of a system (1), said biometric terminal (10) being an electronic payment terminal, characterized in that it comprises, following the implementation of the method of identifying said individual in the system (1) according to any one of claims 1 to 8, the implementation of a step (D) of using said biometric terminal (10) the data of a means of payment of the individual associated with the individual's account for the implementation of the transaction.

10. Biometric terminal (10) of a system (1) comprising a first sensor (14) and a second sensor (15), characterized in that it comprises data processing means (11) configured to, following the biometric enrollment of said individual with recording of at least one personal data and a first biometric reference data acquired on a first biometric trait of the individual: - Identify said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14) with a plurality of first biometric reference data of accounts, comprising the simultaneous acquisition of said first candidate biometric data and a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor (15);- record the second candidate biometric data as the second reference biometric data, so as to complete the biometric enrollment of said individual.;

11. Product computer program comprising code instructions for the execution of a method according to any one of claims 1 to 8 of identifying said individual in a system (1), or a method according to claim 9 for the implementation of a transaction by the individual, on a biometric terminal (10) of the system (1), when said program is executed on a computer.

12. Computer-readable storage means on which is recorded a computer program product comprising code instructions for the execution of a method according to any one of claims 1 to 8 of identifying said individual in a system (1), or a method according to claim 9 for the implementation of a transaction by the individual, on a biometric terminal (10) of the system (1).