Biometric enrolment method

The progressive biometric enrollment method streamlines the enrollment process by initiating account creation on a mobile device and validating at a biometric terminal, enhancing security with dual biometric authentication.

WO2026131647A1PCT designated stage Publication Date: 2026-06-25BANKS & ACQUIRERS INT HLDG SAS

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
BANKS & ACQUIRERS INT HLDG SAS
Filing Date
2025-12-15
Publication Date
2026-06-25

Smart Images

  • Figure EP2025087108_25062026_PF_FP_ABST
    Figure EP2025087108_25062026_PF_FP_ABST
Patent Text Reader

Abstract

The present invention relates to a method for biometrically enrolling an individual in order to identify the individual in a system (1), the method being characterized in that the method comprises implementing the steps of: (a) creating an account of the individual on a mobile terminal (2) of the individual, the creation step comprising a sub-step (a1) of recording at least one personal datum, and a sub-step (a2) of recording a first reference biometric datum acquired from a first biometric trait of the individual using a first sensor (24) of the mobile terminal (2); (b) transmitting a request to finalize the account containing a unique identifier for the account from the mobile terminal (2) to a biometric terminal (10) of the system (1); (c) authenticating the individual by comparing a first candidate biometric datum acquired from the first biometric trait of the individual using a first sensor (14) of the biometric terminal (10) with the first reference biometric datum of the account associated with the transmitted unique identifier; (d) validating the account of the individual.
Need to check novelty before this filing date? Find Prior Art

Description

[0001] Description

[0002] Title of the invention: Biometric enrollment method.

[0003] GENERAL TECHNICAL FIELD

[0004] The present invention relates to the field of authentication / identification. In particular, it concerns a biometric enrollment method, notably for the identification of an individual, especially for the implementation of a transaction.

[0005] STATE OF THE ART

[0006] Traditionally, merchants have an electronic payment terminal (POS) on which payment can be made using a bank card, possibly after entering a PIN code.

[0007] Recently, fully biometric POS terminals have been proposed on which there is no longer any need to present a bank card: the user is identified by presenting their biometric feature directly on the POS terminal (equipped with a suitable sensor), and a dematerialized (tokenized) card is associated with their identity, which is used for payment.

[0008] To ensure maximum security, the use of palm venous biometry, i.e., mapping the vascular patterns of the palm of the hand, was specifically chosen. The principle is as follows:

[0009] 1. Enrollment: Customers register their palm veins and link them to their in-store payment methods.

[0010] 2. Acquisition: At checkout, customers place their hand over a sensor integrated into the payment terminal. This sensor uses near-infrared light to capture the unique vein patterns under the skin. 3. Verification: The captured vein pattern (candidate biometric data) is compared to reference biometric data associated with each already enrolled user.

[0011] 4. Payment processing: In the event of a successful match, the payment is processed using the linked card information.

[0012] Generally, biometric authentication uses several biometric methods, referred to as "modalities," to increase security and, more importantly, to still allow the user to pay in case of technical difficulties with a particular biometric. Modalities can be ranked according to their security level.

[0013] Thus, vein biometrics is typically the first-order biometric, and a second-order biometric is generally "visual" palm biometrics based simply on the shape of the palm and the lines of the hand, i.e., without the vein network, similarly to facial recognition. The term "palmar print" refers to the image of the palm under visible light, and "vein print" refers to the vein pattern of the palm under infrared light.

[0014] Indeed, it is possible in a single acquisition of the palm of the hand to obtain the palmar impression and the venous impression by simply increasing the width of the spectrum.

[0015] And if the system fails to identify the user based on their vein pattern for any reason, it attempts to do so based on the palm print so as not to block the payment.

[0016] This method is entirely satisfactory, but the enrollment process could be improved, especially if there are multiple options. Currently, the user must spend time in-store creating an account, entering the associated information, and registering a reference biometric data point for each option.

[0017] The present invention improves the situation.

[0018] PRESENTATION OF THE INVENTION The present invention relates, in its first aspect, to a method for the biometric enrollment of an individual for the purpose of identifying said individual in a system, characterized in that it comprises the implementation of the following steps:

[0019] (a) Creation of an account of said individual on a mobile terminal of said individual, comprising a substep (a1) of recording at least one personal data, and a substep (a2) of recording a first biometric reference data acquired on a first biometric trait of the individual with a first sensor of said mobile terminal;

[0020] (b) Transmission of a request to finalize said account containing a unique identifier of said account from the mobile terminal to a biometric terminal of said system;

[0021] (c) Authentication of said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with a first sensor of the biometric terminal, with the first reference biometric data of the account associated with said unique identifier transmitted;

[0022] (d) Validation of said individual's account.

[0023] According to advantageous and non-limiting characteristics:

[0024] The said system further comprises at least one server including data storage means storing an account database, the server being connected to the mobile terminal by a network, said at least one personal data and first biometric reference data being transmitted to said server for registration in the account database.

[0025] Step (c) includes obtaining said first biometric reference data in said account database based on said unique identifier transmitted.

[0026] The account completion request is transmitted to step (b) via a proximity communication channel, in particular an optical channel or a near-field radio channel. The method includes a step (e) of recording a second reference biometric data acquired from a second biometric feature of the individual, different from the first biometric feature, with a second sensor of the biometric terminal.

[0027] Step (c) includes the simultaneous acquisition of said first candidate biometric data and the second reference biometric data, on the biometric terminal.

[0028] The aforementioned first and second sensors of the biometric terminal are confused.

[0029] The said mobile terminal does not include a sensor capable of acquiring biometric data on the said second biometric trait of the individual.

[0030] The first biometric feature is a palm print and the second biometric feature is a vein print.

[0031] The said substep (a1) further includes the registration of a means of payment of said individual, said account being for biometric payment in said system by means of said means of payment; said biometric terminal being preferably an electronic payment terminal.

[0032] According to a second aspect, the invention proposes a method for identifying an individual in a system, characterized in that it comprises, following the implementation of the method according to the first aspect of biometric enrollment of said individual, a step (f) of identifying said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor of the biometric terminal with a plurality of first biometric reference data of accounts; and / or by comparing a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with a second sensor of the biometric terminal, with a plurality of second biometric reference data of accounts.

[0033] According to advantageous and non-limiting characteristics:

[0034] Step (f) of identifying said individual includes comparing the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor of the biometric terminal with the plurality of second reference biometric data of accounts, and then if no second reference biometric data coincides with the second candidate biometric data, comparing the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor of the biometric terminal with a plurality of first reference biometric data of accounts.

[0035] Step (e) is implemented in step (f) using the second candidate biometric data as the second reference biometric data.

[0036] Step (f) includes the simultaneous acquisition of said first candidate biometric data and second candidate data, on the biometric terminal.

[0037] According to a third aspect, the invention proposes a method for the implementation of a transaction by an individual, on a biometric terminal of a system, said biometric terminal being an electronic payment terminal, characterized in that it comprises, following the implementation of the method according to the second aspect of identifying said individual in the system, the implementation of a step (g) of using by said biometric terminal the data of a means of payment of the individual associated with the individual's account for the implementation of the transaction.

[0038] According to a fourth aspect, the invention relates to a biometric terminal of a system, comprising a first sensor, characterized in that it comprises data processing means configured to, when an individual's account is created on a mobile terminal of said individual, with recording of at least one personal data and a first reference biometric data acquired on a first biometric trait of the individual with a first sensor of said mobile terminal:

[0039] - Receive a request to finalize said account containing a unique identifier of said account from the mobile terminal; - Authenticate said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor, with the first reference biometric data of the account associated with said unique identifier transmitted;

[0040] - Validate the said individual's account.

[0041] According to a fifth aspect, the invention relates to an assembly of the biometric terminal according to the fourth aspect and said mobile terminal comprising a sensor, the mobile terminal comprising data processing means configured to, when creating the account of said individual on the mobile terminal:

[0042] - Acquire initial biometric reference data on a first biometric trait of the individual with the first sensor;

[0043] - record at least the said personal data and the first biometric reference data.

[0044] According to a sixth and a seventh aspect, the invention relates to a computer program product comprising code instructions for executing a method according to the first aspect of biometric enrollment of an individual, a method according to the second aspect of identifying said individual in a system, or a method according to the third aspect for implementing a transaction by the individual, on a biometric terminal of the system; and a computer-readable storage means on which is stored a computer program product comprising code instructions for executing a method according to the first aspect of biometric enrollment of an individual, a method according to the second aspect of identifying said individual in a system, or a method according to the third aspect for implementing a transaction by the individual, on a biometric terminal of the system.

[0045] PRESENTATION OF THE FIGURES Other features and advantages of the present invention will become apparent from the following description of a preferred embodiment. This description will be given with reference to the accompanying drawings in which:

[0046] [Fig. 1] Figure 1 is a diagram of a system for implementing the process according to the invention;

[0047] [Fig. 2a] Figure 2a is a flowchart illustrating the steps of a first embodiment of the process according to the invention;

[0048] [Fig. 2b] Figure 2b is a flowchart illustrating the steps of a second embodiment of the process according to the invention.

[0049] DETAILED DESCRIPTION

[0050] Architecture

[0051] The present invention relates to methods:

[0052] - biometric enrollment of an individual for identification of said individual in a system 1,

[0053] - identification of said individual (following enrollment), and

[0054] - for the implementation of a particular transaction on an electronic payment terminal (POS) of system 1 following the identification of the individual.

[0055] System 1 is thus typically the computer system of a store or, more generally, of a merchant, but the notion of transaction can be in a broad sense, beyond payment: for example, system 1 could be that of a secure building or of a company, and identification for the purpose of access control.

[0056] System 1 generally has a local network 30, i.e. a private network interconnecting the equipment that is part of this system 1, possibly through a VPN (the local network 30 may itself be composed of several subnets connected via a public wide area network 20 such as the internet - thanks to said VPN).

[0057] In all cases, the processes are preferentially implemented in an environment such as that shown in Figure 1.

[0058] Biometric enrollment refers to the construction of an individual's account (also called a profile) allowing for the subsequent identification of that user in the system in a purely biometric manner.

[0059] Thus, in practical terms, each user account in System 1 is defined by a unique identifier and is associated with at least one piece of personal data (surname, first name, address, etc.) and at least one initial biometric identifier. As we will see, each account is also preferably associated with at least one piece of technical data defining a use of the account, in particular the details of a payment method for the user (in the case of identification for processing a transaction, for example, the details of a digital bank card) or access rights (in the case of identification for secure access), etc.

[0060] In a preferred embodiment which will be described in detail later, each account is preferentially also associated with at least one second biometric reference data of the user.

[0061] The first biometric data is acquired on a first biometric trait of the individual (or simply "biometrics" of the individual) and the second biometric data is acquired on a second biometric trait of the individual, different from the first biometric trait.

[0062] The first and second biometric traits can be any known biometric trait used in authentication / identification, for example the face, a fingerprint, an iris, a palm print, a vein pattern, etc. The first biometric trait is preferably of rank 2 and the second biometric trait of rank 1.

[0063] Therefore, the preferred biometric feature is the palm print, and the preferred biometric feature is the vein pattern. Both are palm biometrics, but the palm print is a simple visual biometric (similar to facial biometrics), whereas the vein pattern is a biometric of the palm's venous network, i.e., under the skin, which is not visible in a simple palm image and requires a specific sensor. Furthermore, enrollment of this latter biometric is more complex.

[0064] System 1 includes at least one biometric terminal 10 which is typically an enrollment and, where appropriate, identification terminal, for example, a terminal at the store reception.

[0065] Alternatively, it could be a store electronic payment terminal (POS), i.e., at the checkout, or even a mobile terminal. In all cases, system 1 can include a large number of terminals 10, possibly of various types. It is also possible that several terminals 10 from the same system 1 may be involved in turn (for example, a first biometric terminal 10 for enrollment, a second biometric terminal 10 for initial identification, a third biometric terminal 10 for a second identification, etc.).

[0066] A biometric terminal 10 is defined as any terminal suitable for identification / authentication within system 1 and forming part of that system 1, i.e., a secure terminal and not an external terminal. It can be operated by a trusted person, such as an employee, to prevent fraud.

[0067] In the remainder of this description, we will refer to it as an enrollment terminal or an identification terminal, as appropriate, but again, either one or both of these roles can be assigned to any terminal 10 according to the invention. This terminal may be an existing terminal already adapted for traditional enrollment as described in the introduction to this application (in addition to the present method(s) that are the subject of the invention).

[0068] As will be seen, each terminal 10 includes at least one first sensor 14 for acquiring the first biometric data on the first biometric feature, and potentially a second sensor 15 for acquiring the second biometric data on the second biometric feature (i.e., biometric sensors). Preferably, and as shown in Figure 1, the first and second sensors can in practice be combined, i.e., the same sensor 14, 15 can acquire both the first and second biometric data, either because this sensor "sees" both features simultaneously, or because it has an extended acquisition range.

[0069] Thus, preferably the sensor 14 is an optical sensor such as a camera, especially with an extended spectrum, i.e. in visible light + Infrared.

[0070] This is particularly suitable in the case where the first and second biometric traits are respectively the palm print and the vein print: a single sensor 14 can observe the palm of the hand (for example placed on the upper surface of the terminal 10 or just next to it, pointing upwards) and produce the two biometric data based on the two parts of the spectrum.

[0071] It should be understood, however, that the present process is not limited to any particular choice of biometrics or sensors, the latter even being, in practice, connected peripherals. For example, one can easily imagine that the first biometric feature is the palm print and the second biometric feature is the face, the two corresponding biometric data points being acquired respectively by two distinct sensors (but of the same type – simple cameras) and positioned differently (for example, on the upper surface of the terminal 10 to observe the palm, and on the ceiling to observe the face).

[0072] The terminal 10 may also conventionally include data processing means 11 (such as a processor), data storage means 12 (memory), an interface 13 for entering account data (for example a touch screen), wireless proximity communication means (for example NFC, see below), etc.

[0073] System 1 advantageously includes a central server 3 for managing user accounts (particularly those created via terminal 10). It can be connected via the local network 30 of system 1 to the terminal(s) 10 and to any non-biometric POS terminals (it is entirely possible that the system includes "ordinary" POS terminals that are not capable of implementing enrollment). Alternatively, it can be used as a terminal 10, for example, in a case where there is a single secure terminal dedicated to enrollment at the store's reception desk. Generally, the server 3 also includes data processing means 31 and data storage means 32, the latter preferentially storing a user account database, particularly in a secure manner (specifically encrypted for the protection of personal data).

[0074] Referring to Figure 1, we also have a mobile device 2 belonging to the individual wishing to enroll (i.e., create and activate their account to be able to authenticate themselves biometrically with system 1). This is typically a personal device such as a smartphone. Mobile device 2, like device 10, is itself a biometric device, but it is not part of system 1 (i.e., it is outside the local network 30).

[0075] Terminal 2 is only connected to system 1 via network 20 (a public wide area network such as the internet), specifically to server 3, and possibly indirectly to terminal 10.

[0076] It itself has at least one first sensor 24 for acquiring the first biometric data on the first biometric trait (typically a camera), but preferably said first biometric sensor 24 of the mobile terminal 2 is not capable of acquiring biometric data on said second biometric trait of the individual (i.e., second biometric data). In general, said mobile terminal 2 preferably does not include any sensor capable of acquiring biometric data on said second biometric trait of the individual. Put another way, we can say that preferably the first and second biometric traits are chosen such that terminal 2 (and generally ordinary mobile terminals) only have sensors for acquiring the first biometric data on the first trait, i.e., rank 2 but not rank 1.

[0077] It is worth noting that this is the case with smartphones and palm biometrics: every smartphone has a camera-type sensor capable of acquiring a visible image of the palm (palm print), but not of observing the vein pattern (vein print). This configuration offers the highest level of security, as we will see later. Furthermore, it remains entirely possible that terminal 2 may have at least one other sensor, possibly a biometric one, particularly for acquiring other biometric data on a different biometric feature (different from the first and second features), but not used by this method. For example, many smartphones may have a fingerprint sensor, which will not be used in the case of palm biometrics.In all cases, sensor 24 is referred to here as the first sensor (even if there is no other sensor) by analogy with the first sensor 14 of the biometric terminal 10 because they both target the first biometric trait.

[0078] Typically, terminal 2 also usually has data processing means 21 (typically a processor), data storage means 22 (memory, for example flash), an interface 23 (for example a touch screen), wireless proximity communication means (for example NFC), etc., which are common for any mobile terminal such as a smartphone.

[0079] Progressive enrollment method 1

[0080] The present method proposes to significantly limit the time spent in store in front of terminal 10 for enrollment, by allowing the individual to proceed on their own mobile terminal 2, for example from home, without sacrificing security.

[0081] With reference to Figures 2a and 2b, which depict two embodiments, the invention relates, in its first aspect, to a biometric enrollment method for identifying an individual within system 1, beginning with step (a) of creating an account for that individual on the mobile terminal 2. It will be understood that while this step (a) enables the creation of the account, it is not yet finalized and, in particular, not yet usable for identification. To rephrase, step (a) can be seen as a step for creating a "provisional" account, subject to confirmation. This is referred to as "progressive" enrollment, as it is carried out in several phases. Specifically, step (a) can begin by obtaining a unique identifier for the individual, for example, either by generating it directly, notably randomly, or by converting the identifier of an existing ordinary customer account that lacks any biometric data.

[0082] Step (a) includes substeps (a1) of recording at least one personal data, and advantageously any other technical data such as the data of a means of payment of said individual, for example the data of a dematerialized bank card of the individual; and (a2) of recording a first biometric reference data acquired on the first biometric trait of the individual with the first sensor 24 of said mobile terminal 2. This data is associated with said account of the individual.

[0083] Note that steps (a1) and (a2) can be performed in any order and in any known manner. For example, (a1) may involve entering at least one piece of personal data on interface 23 or obtaining it automatically from an identity document. Similarly, any payment data may be entered manually (bank card numbers) or obtained directly from a bank server.

[0084] Regarding (a2), in practice, several initial reference biometric data sets can be acquired and, if necessary, recorded to increase robustness. The goal is to create a biometric template that will be used in future identifications, as opposed to what is called a candidate biometric data set, i.e., a fresh data set. For example, in the case of a palm print, the individual can be asked to photograph their palm several times while slightly moving it. Additionally, terminal 2 can be configured to ask the individual to reacquire the initial biometric data set if it is of insufficient quality.

[0085] In the event that system 1 also includes a central server 3 storing an account database, said at least one personal data item and first biometric reference data item (and where applicable said payment method data item and / or second biometric reference data item) are transmitted to said server 3 for registration in the account database (so as to be associated with said individual's account being created). A marker may be associated with said account in the database to indicate that it is being created and is not yet usable for identification.

[0086] In all cases, it is assumed that at the end of step (a) there is a "provisional" account for the individual comprising a unique identifier, at least one piece of personal data, and a reference biometric data point. Up to this point, the individual has been able to do everything on their terminal 2, without needing to go to a store.

[0087] To finalize account creation, a visit to biometric terminal 10 of system 1 is still required, but in a significantly streamlined manner. In other words, the security level afforded by the in-store procedure on a secure terminal is maintained, but most of the more cumbersome tasks (manual data entry, recording of the reference biometric data) can be completed beforehand, in a more convenient environment. The visit to terminal 10 can be very brief.

[0088] Indeed, it is sufficient, in a step (b), to transmit a request to finalize said account containing said unique identifier of said account from mobile terminal 2 to enrollment terminal 10.

[0089] Preferably, this step (b) is implemented via a proximity communication channel, in particular an optical channel or a near-field radio channel, which ensures that the individual is nearby (in the store) and has terminal 2: this is a first authentication factor.

[0090] Advantageously, the request is in the form of a QR code displayed by interface 23 of terminal 2, encoding the identifier. Any existing cryptographic technique can be used for this step.

[0091] The said QR code is then read by terminal 10, advantageously directly by the first biometric sensor 14 (which, it should be remembered, is advantageously a camera).

[0092] It should be noted that terminal 10 can be a payment terminal, i.e., the individual can complete step (b) and finalize the creation of their account simply by checking out. Subsequent checkouts can be made by presenting biometrics, without even needing mobile terminal 2 beforehand (since the account will then be operational, see below).

[0093] The remainder of the enrollment process can be implemented automatically without further intervention from the individual. Thus, in a main step (c), the individual is authenticated by comparing a first candidate biometric data acquired on the first biometric feature of the individual with the first sensor 14 of the terminal 10, with the first reference biometric data of the account associated with the transmitted unique identifier.

[0094] Biometrics is therefore a second authentication factor, which allows for total security for this enrollment.

[0095] This typically involves accessing server 3 to obtain the first reference biometric data based on the transmitted unique identifier. For example, terminal 10 sends an authentication request to server 3, including the identifier and the first candidate biometric data. Server 3 accesses the first reference biometric data corresponding to the "provisional" account identified by the transmitted unique identifier and checks if it matches the received candidate biometric data (according to a known metric, such as Euclidean distance), and returns the result:

[0096] - If the said unique identifier does not exist, or is not that of an account currently being created, a comparison cannot be made. The individual will be offered the opportunity to create a new account directly on terminal 10, preventing fraud as it will require presentation of an identity document.

[0097] - if the unique identifier is correct but the individual has for example stolen terminal 2 from a third party, biometric authentication will be rejected and an alert will be issued.

[0098] If authentication is successful, in step (d) the individual's account is validated, i.e., the account creation is considered finalized, for example, by changing a marker in the database from "provisional" to "validated". Note that step (d) may include, if necessary, obtaining any missing personal (or other) data.

[0099] This validation allows at least the use of the first biometric for user identification (and generally only that one). The optional marker may reflect whether the account is valid only for the first biometric, or also for the second.

[0100] Progressive enrollment method 2

[0101] Once the account creation is finalized, it can be used for individual identification, and in particular for payment.

[0102] Preferably, and especially if the first biometric is of rank two (this is the case of the palm print), it is desirable to continue the enrollment to add a second biometric of rank 1, if the user wishes.

[0103] To rephrase, the account is validated with respect to the first biometric, but it is not validated with respect to the second biometric.

[0104] Thus, the process may further include a subsequent step (e) (which may be confused with step (d) or later - see below) of recording a second biometric reference data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor 15 of the biometric terminal 10 (which we recall may be confused with the first sensor 14 - this is the case in Figure 1).

[0105] Indeed, as explained, mobile terminal 2 generally does not include a sensor capable of acquiring biometric data on the individual's second biometric trait, unlike enrollment terminal 10. Therefore, the second reference biometric data cannot be recorded in advance, unlike the first reference biometric data. This is precisely what makes the second biometric significantly more secure.

[0106] Again, this is a progressive enrollment insofar as the two biometrics are enrolled separately, although it remains entirely possible alternatively for the two reference biometric data to be directly recorded during step (a) if the sensor(s) 24 of the mobile terminal 2 are capable of doing so.Where appropriate, we could already have double biometric authentication during step (c), i.e. up to three factors with the possession of terminal 2 (comparison of a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with the first reference biometric data of the account associated with said unique identifier transmitted; and / or comparison of a second candidate biometric data acquired on said first biometric trait of the individual with the second sensor 15 of the biometric terminal 10 with the second reference biometric data of the account associated with said unique identifier transmitted - see the identification process for more details).

[0107] We will now consider only the preferred case in which we have so far only enrolled the first biometric and we now want to enroll the second biometric (by choice or because the sensors 24 of terminal 2 do not allow it).

[0108] In the first mode, the user's account activation is confirmed (step (d)), and they are then offered the option to add the second biometric data to their account, i.e., to re-validate their account with regard to the second biometric. At this stage, the user may simply be asked to present their second biometric feature (for example, to look at a camera in the case of facial recognition), and to provide biometric data if the individual consents.

[0109] In other words, step (e) includes the acquisition of the second reference biometric data on the second biometric trait of the individual with the second sensor 15 of the biometric terminal 10.

[0110] Again, in practice, several second sets of reference biometric data can be acquired if necessary, and if necessary, asked to repeat the process.

[0111] Registration can be done as in step (a2), if necessary by transmission to server 3 in order to complete the account database. This server is advantageously in the first mode at the same time as step (d), so that enrollment is fully completed upon account activation.

[0112] According to a second mode, the individual announced from the outset (during step (a) in particular) that he consented to the dual biometric level and therefore to the acquisition of biometric data on his second trait, but this could not be done at step (a).

[0113] Thus, and in a particularly preferred manner and in accordance with Figure 2a, step (c) may include the simultaneous acquisition of said first candidate biometric data and the second reference biometric data, on the enrollment terminal 10, particularly when the same sensor 14, 15 of the terminal 10 allows the acquisition of both biometric data at the same time (first and second sensors combined).

[0114] Thus, even as the first candidate data for individual authentication is acquired (step (c)), the second reference data is acquired in advance, so that the individual is contacted minimally. This is an original step because it performs both authentication and enrollment (and of course, the same biometric terminal 10 performs both tasks).

[0115] If the individual is successfully authenticated and their account validated, the recording of this second biometric data is implemented. Otherwise, if the account is not validated, the second reference biometric data is destroyed.

[0116] It remains possible that several second sets of reference biometric data will be acquired (quickly in succession), and where possible, enrollment is attempted to be completed at step (d), but it is entirely possible that further acquisitions will still be necessary, particularly in cases of insufficient quality. In such cases, the process can be reverted to the first method (explicitly requesting the individual to provide their second biometric characteristic again).

[0117] According to a third mode, which is in practice a special case of the first mode and corresponds to what is represented by Figure 2b, step (e) is implemented during a subsequent identification step (f) of the individual, for example, a checkout. Indeed, it is reiterated that the account is already validated and therefore usable (at least provisionally at a "degraded" security level because there is only one biometric level, see below). In this mode, there is thus an overlap of enrollment and identification (and of course, it is then the same biometric terminal 10 that performs both tasks).

[0118] So it is step (e) which includes the simultaneous acquisition of said first candidate biometric data and the second reference biometric data, on the enrollment terminal 10, particularly when the same sensor 14, 15 of the terminal 10 allows the acquisition of both biometric data at the same time (first and second sensors combined).

[0119] Compared to step (c), this is an identification insofar as we do not have the unique identifier of the individual, and therefore we find a first biometric reference data coinciding with said first candidate data to determine in which account we will record the second data as reference data to complete the enrollment.

[0120] These second and third modes are particularly interesting when terminal 10 is an electronic payment terminal, for two reasons:

[0121] - we can achieve the dual biometric level (maximum security) without even going through reception;

[0122] - we repeatedly pass over an electronic payment terminal, which in practice allows the acquisition of several second reference data points if necessary, as explained.

[0123] Note that the second and third modes can be combined in practice:

[0124] - We have a first simultaneous acquisition of said first candidate biometric data and the second reference biometric data, during step (c)

[0125] - Either this is sufficient and enrollment is completed at step (d), or more second reference data is needed and the third mode is implemented (rather than the first mode, to maintain the best user experience) in order to acquire the missing biometric data during subsequent identifications.

[0126] Identification method

[0127] According to a second aspect, the invention relates to an identification method following the enrollment method according to the first aspect.

[0128] The process includes a step (f) of identifying said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first reference biometric data of accounts (validated, themselves obtained by the enrollment process according to the first aspect); and / or by comparing a second candidate biometric data acquired on said first biometric trait of the individual with the second sensor 15 of the biometric terminal 10 with a plurality of second reference biometric data of accounts (validated).

[0129] The objective is to determine the unique identifier of the individual's account, as being that of the account associated with the first reference biometric data coinciding with the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10, and / or that of the account associated with the second reference biometric data coinciding with the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor 15 of the biometric terminal 10.

[0130] Naturally step (f) can be repeated as many times as the individual needs to be identified, for example to implement various transactions (checkout in the store).

[0131] Note that at each occurrence of step (f), terminal 10 may be a different terminal from system 1, and if so, it may itself be a different terminal from the one on which enrollment was performed, except in the case where step (e) is implemented during step (f), see above. In an embodiment with only the first biometric, step (f) only includes the comparison of a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first reference biometric data from accounts.

[0132] If no first biometric reference data coinciding with the first candidate biometric data can be found in the account database, the individual may be offered the acquisition of a new first candidate data, and then, if necessary, the identification may be considered to have failed and either another means of identification (for example, identity card) or proceed differently (classic payment, for example, with a bank card).

[0133] In an embodiment with two biometrics, considering that the first biometric is rank 2 (secondary biometric) and the second biometric is rank 1 (primary biometric), preferably, step (f) can start by comparing a second candidate biometric data acquired on said second biometric trait of the individual with the second sensor 14 of the biometric terminal 10 with a plurality of second reference biometric data of accounts, which works if the second biometric has already been enrolled as in the case of Figure 2a.

[0134] Otherwise, if no second biometric reference data is found that coincides with the second candidate biometric data, we can proceed to compare a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first biometric reference data of accounts (as in the first embodiment above).

[0135] The idea is to use the first biometric method as a fallback (second-tier), so that identification is still possible. It should be noted that since security is lower, the rights associated with this "degraded" identification may be more limited (for example, a transaction may only be authorized below a threshold amount such as €50). Alternatively, or in addition, fees may be implemented to compensate for the risk of a less secure transaction.

[0136] This fallback to the first biometric occurs either if the second candidate data acquired is of insufficient quality, or if the second biometric data has not been acquired (no second reference biometric data associated with the individual's account). In the second case, the second candidate biometric data can be recorded as the second reference biometric data, in accordance with the third mode of the progressive enrollment process section 2, represented by Figure 2b.

[0137] In this respect, preferably step (f) directly includes the simultaneous acquisition of the first candidate biometric data and the second candidate biometric data on the biometric terminal 10, again particularly when the same sensor 14, 15 of the terminal 10 allows the acquisition of both biometric data at the same time (first and second sensors combined), in a manner similar to what is preferably done in step (c), the only difference being that the second acquired biometric data is initially considered as potentially a candidate data.

[0138] And as explained, if the individual is successfully authenticated only on the basis of the first candidate biometric data due to the lack of a second reference biometric data, then step (e) can be implemented within step (f), using said second candidate biometric data already acquired as the second reference biometric data, and this until enough second reference biometric data is available to be able to identify the individual directly on the basis of the second biometric.

[0139] Indeed, due to the simultaneous acquisition of the first candidate biometric data and the second candidate biometric data on the biometric terminal 10, we already have both biometric data, and we are sure that they are from the same individual.

[0140] Terminal 10 simply acquires the second candidate biometric data by default, and its role varies: - either the second biometric is validated, and then the second candidate biometric data is used for identification;

[0141] - either the second biometric is not validated, and then the second candidate biometric data is used for enrollment.

[0142] The registration (e) of the second candidate biometric data is advantageously implemented only if none of a plurality of second reference biometric data sets from accounts coincides with the second candidate biometric data set. In other words, this is the mode in which an automatic attempt is made to begin identification based on the second biometric data set, and if the second biometric data set fails but the first biometric data set succeeds, the system infers that the second biometric data set is not enrolled for the individual (or at least there are not enough second reference biometric data sets), and proceeds with the registration.

[0143] Note that alternatively, as explained, we can have an account marker indicating that the individual's account is not enrolled for the second biometric, so as to avoid recording the second candidate data if there was already at least one second reference biometric data that should have coincided with the second candidate biometric data, and we just have an error for example due to the quality of the acquisition.

[0144] Note that in all cases it can be foreseen that even if we manage to identify the individual by comparing the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor 14 of the biometric terminal 10 with the plurality of second reference biometric data of accounts, we will still implement the comparison of the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with the plurality of first reference biometric data of accounts.

[0145] This allows for "strong" identification (2 factors) which may be desirable, for example, in a situation where maximum security is required (for example, for a transaction exceeding a threshold amount such as €500).

[0146] Procedure for implementing a transaction

[0147] According to a third aspect, the invention relates to a method for implementing a transaction on the biometric terminal 10, the latter being an electronic payment terminal (EPT), following the identification process according to the second aspect, i.e., it is assumed that the individual has been identified, that is to say, that the unique identifier of this individual's account has been determined at the end of the step

[0148] (f) This third aspect further implies that the individual's payment method data, for example, the data of the individual's dematerialized bank card, has been associated with that individual's account, i.e., that substep (a1) of the enrollment process typically also included the registration of that individual's payment method. In other words, the account created is for biometric payment in said system 1 using that payment method.

[0149] The process then includes a step (g) in which said terminal 10 uses the individual's payment method data associated with the individual's account (recorded in their account) to carry out the transaction. It is understood that the biometric terminal 10 is here the same terminal on which the identification was obtained, and in practice steps (f) and

[0150] (g) are linked and are not distinguishable by the individual.

[0151] Thus, the transaction is implemented automatically using the electronic payment method associated with his account, so that he does not need to do anything and in particular does not need to present any means of payment.

[0152] Thus, preferably, step (g) does not include the use of any means of payment other than the electronic one (the one whose data is associated with his / her account).

[0153] In summary, we have an optimal user experience, while maintaining maximum security and significantly streamlining the enrollment process. It's worth noting that we won't be limited to the context of a transaction implementation process, and that identification can be used for any useful purpose, for example, in an access control process: an individual is authorized to pass through a secure door or open an application if their account is associated with data representing an access authorization.

[0154] Terminals

[0155] According to a fourth aspect, the invention relates to the biometric terminal 10 of a system (1) for the implementation of one or more of the processes according to the first, second and third aspects, i.e. an enrollment, identification and / or transaction terminal.

[0156] Thus, this terminal 10 includes, as explained, at least data processing means 11 and a memory 12, at least a first biometric sensor 14 and potentially a second biometric sensor 15, possibly combined with the first sensor 14, and advantageously an interface 13 and / or near field communication means.

[0157] It is advantageously connected via network 20 and / or 30 to a server 3 of system 1.

[0158] The data processing means 31 are at least configured to, when an individual's account is created on a mobile terminal 2 of said individual, with the recording of at least one personal data item, of a first biometric reference data item acquired on a first biometric trait of the individual with a first sensor 24 of said mobile terminal 2, implement the steps consisting of:

[0159] - Receive a request to finalize said account containing a unique identifier of said account from mobile terminal 2 (in particular via a proximity communication channel, in particular an optical channel or a near field radio channel, i.e. QR code or NFC);

[0160] - Authenticate said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14, with the first reference biometric data of the account associated with said unique identifier transmitted;

[0161] - Validate the said individual's account;

[0162] - Preferably record a second biometric reference data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor 15.

[0163] In the case of an identification terminal 10, the data processing means 11 can also be configured to:

[0164] - identify said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor 14 of the biometric terminal 10 with a plurality of first reference biometric data of accounts; and / or by comparing a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with the second sensor 15 of the biometric terminal 10, with a plurality of second reference biometric data of accounts.

[0165] In the case of a transaction terminal 10, i.e., an POS terminal, the data processing means 11 can also be configured to:

[0166] - to use data from an individual's payment method associated with the individual's account for the implementation of the transaction.

[0167] According to a fifth aspect, the invention proposes an assembly comprising the terminal 10 according to the fourth aspect, and said mobile terminal 2. It is possible to have several terminals 10, 2.

[0168] This mobile terminal(s) 2 also include, as explained above, at least data processing means 21, memory 22, and a biometric sensor 24, and advantageously an interface 23 and / or near-field communication means. The assembly may further include a server 3

[0169] The data processing means 21 of mobile terminal 2 are configured to, when the account of said individual is created on mobile terminal 2:

[0170] - Acquire a first biometric reference data on a first biometric trait of the individual with the first sensor 24;

[0171] - record at least the said personal data and the first biometric reference data

[0172] computer program product

[0173] According to a sixth and a seventh aspect, the invention relates to a computer program product comprising code instructions for the execution (on the data processing means 11, 21 of the terminals 10 and 2) of a method according to the first aspect of biometric enrollment of an individual, of a method according to the second aspect of identification of said individual in a system 1, or of a method according to the third aspect for the implementation of a transaction by the individual, on a biometric terminal 10 of the system 1; as well as computer-readable storage means (for example the data storage means 12, 22 of the terminals 10 and 2) on which this computer program product is found.

Claims

DEMANDS 1. A method for the biometric enrollment of an individual for the purpose of identifying said individual in a system (1), characterized in that it comprises the implementation of the following steps: (a) Creation of an account of said individual on a mobile terminal (2) of said individual, comprising a sub-step (a1) of recording at least one personal data, and a sub-step (a2) of recording a first biometric reference data acquired on a first biometric trait of the individual with a first sensor (24) of said mobile terminal (2), the personal data and the first biometric reference data being associated with said account of the individual; (b) Transmission of a request to finalize said account containing a unique identifier of said account from the mobile terminal (2) to a biometric terminal (10) of said system (1); (c) Authentication of said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with a first sensor (14) of the biometric terminal (10), with the first reference biometric data of the account associated with said unique identifier transmitted; (d) If authentication is successful, validation of said individual's account.

2. A method according to claim 1, wherein said system (1) further comprises at least one server (3) comprising data storage means (32) storing an account database, the server (3) being connected to the mobile terminal (2) by a network (20), said at least one personal data and first biometric reference data being transmitted to said server for recording in the account database.

3. A method according to claim 2, wherein step (c) comprises obtaining said first biometric reference data in said account database based on said transmitted unique identifier.

4. A method according to any one of claims 1 to 3, wherein said account finalization request is transmitted to step (b) via a proximity communication channel, in particular an optical channel or a near-field radio channel.

5. Method according to any one of claims 1 to 4, comprising a step (e) of recording a second biometric reference data acquired on a second biometric trait of the individual, different from the first biometric trait, with a second sensor (15) of the biometric terminal (10).

6. Method according to claim 5, wherein step (c) comprises the simultaneous acquisition of said first candidate biometric data and second reference biometric data, on the biometric terminal (10).

7. Method according to any one of claims 5 and 6, wherein said first sensor (14) and second sensor (15) of the biometric terminal (10) are combined.

8. A method according to any one of claims 5 to 7, wherein said mobile terminal (2) does not include a sensor capable of acquiring biometric data on said second biometric trait of the individual.

9. A method according to any one of claims 5 to 8, wherein said first biometric feature is a palm print and the second biometric feature is a vein print.

10. A method according to any one of claims 1 to 9, wherein said substep (a1) further comprises the registration of a means of payment of said individual, said account being for biometric payment in said system (1) by means of said means of payment; said biometric terminal (10) being preferably an electronic payment terminal.

11. A method for identifying an individual in a system (1), characterized in that it comprises, following the implementation of the biometric enrollment method of said individual according to any one of claims 1 to 10, a step (f) of identifying said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14) of the biometric terminal (10) with a plurality of first biometric reference data of accounts; and / or by comparing a second candidate biometric data acquired on a second biometric trait of the individual, different from the first biometric trait, with a second sensor (15) of the biometric terminal (10), with a plurality of second biometric reference data of accounts.

12. A method according to claim 11, wherein the identification step (f) of said individual comprises comparing the second candidate biometric data acquired on said second biometric trait of the individual with the second sensor (15) of the biometric terminal (10) with the plurality of second reference biometric data from accounts, and then if no second reference biometric data coincides with the second candidate biometric data, comparing the first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14) of the biometric terminal (10) with a plurality of first reference biometric data from accounts.

13. Method according to claim 12, wherein the biometric enrollment method is according to claim 5, step (e) being implemented in step (f) using the second candidate biometric data as the second reference biometric data.

14. A method according to any one of claims 12 and 13, wherein step (f) comprises the simultaneous acquisition of said first candidate biometric data and the second candidate data, on the biometric terminal (10) 15. Method for implementing a transaction by an individual, on a biometric terminal (10) of a system (1), said biometric terminal (10) being an electronic payment terminal, characterized in that it comprises, following the implementation of the method of identifying said individual in the system (1) according to any one of claims 11 to 14, the implementation of a step (g) of using by said biometric terminal (10) the data of a means of payment of the individual associated with the individual's account for the implementation of the transaction.

16. Biometric terminal (10) of a system (1), comprising a first sensor (14), characterized in that it comprises data processing means (11) configured to, when an individual's account is created on a mobile terminal (2) of said individual, with recording of at least one personal data item and a first reference biometric data item acquired on a first biometric trait of the individual with a first sensor (24) of said mobile terminal (2), the personal data item and the first reference biometric data item being associated with said individual's account: - Receive a request to finalize said account containing a unique identifier of said account from the mobile terminal (2); - Authenticate said individual by comparing a first candidate biometric data acquired on said first biometric trait of the individual with the first sensor (14), with the first reference biometric data of the account associated with said unique identifier transmitted; - If authentication is successful, validate the account of the individual in question.

17. The biometric terminal (10) according to claim 16 and said mobile terminal (2) comprising the biometric sensor (24), the mobile terminal (2) comprising data processing means (21) configured to, upon creation of the account of said individual on the mobile terminal (2): - Acquire initial biometric reference data on a first biometric trait of the individual with the first biometric sensor; - record at least the said personal data and the first biometric reference data.

18. Product computer program comprising code instructions for the execution of a method according to any one of claims 1 to 10 of biometric enrollment of an individual, of a method according to any one of claims 11 to 14 of identification of said individual in a system (1), or a method according to claim 15 for the implementation of a transaction by the individual, on a biometric terminal (10) of the system (1), when said program is executed on a computer.

19. Computer-readable storage means on which is recorded a computer program product comprising code instructions for the execution of a method according to any one of claims 1 to 10 of biometric enrollment of an individual, of a method according to any one of claims 11 to 14 of identification of said individual in a system (1), or a method according to claim 15 for the implementation of a transaction by the individual, on a biometric terminal (10) of the system (1).