VERIFICATION SYSTEM AND METHOD
The invention relates to a verification system and a method of verification, for example for use in transaction systems.
Transaction systems typically involve the purchase of goods or services but also include systems which control access to physical or virtual locations (such as remote databases and the like) . In all these situations, there is a need to be able to confirm the identity of a person presenting himself to take part in the transaction. Many systems have been developed to assist in the identification process. In the most basic systems, the person carries an identity card or credit card or the like on which his signature is inscribed and he then signs a sales voucher or the like, the retailer comparing the two signatures to authorise the transaction. In other cases, the card may carry a photo image of the bearer. In more sophisticated approaches, other biometric features may be utilized such as an iris image. There are various problems with these approaches. For example, signatures can be copied by skilled fraudsters and there are ways in which photo images can be tampered with or replaced. More sophisticated biometric approaches require suitable processing technology to be available at each retailer which is prohibitive in terms of cost of equipment, distribution and maintenance of data, as well as data origination and enrolling costs for a single operator. Data is also replicated by extra enrolments at each non-connected system. WO-A-00/46770 describes a system for authorising an individual presenting a document for a transaction. It does not, however, deal with the initial registration of an individual's details.
US-A-5870723 describes a registration process. In accordance with a first aspect of the present invention, a verification system comprises a store for storing valid data representing biometric and/or identity
information for individuals within a population; and a controller for receiving in a first format valid biometric and/or identity information and for storing corresponding data in the store, and for receiving biometric and/or identity information in a second, different format relating to a person to be verified, for accessing the store to determine whether the received biometric and/or identity information is the same as or is sufficiently similar to previously stored associated, valid biometric and/or identity data, and for generating a suitable output signal corresponding to the result of the determination.
We have considered for the first time the relationship between the manner in which initial registration is carried out and the manner in which subsequent verification is performed. As a result, we have developed a new type of verification system in which data defining or derived from valid biometric information and/or linked identity information is stored, typically remotely, the store being accessed when necessary to check whether biometric and/or identity information provided by a consumer or other person involved in a transaction is valid. In order to reduce the risk of the information being tampered with or being supplied by a fraudster, when the valid data is initially stored, it is supplied in a first format different from the format used to supply the information during the transaction. Typically, this can be achieved by only allowing certain trusted agencies to provide the initial valid data, the ability to code that data in the first format being limited to those agencies. On the other hand, many retailers and other access points may be provided for obtaining the biometric and/or identity information during a transaction and for supplying this to the controller.
The store may be adapted to store the data in a variety of formats including the first format or the second format, the controller carrying out suitable conversions to enable the different sets of data to be compared.
Preferably, however, the store is adapted to store data in a third format, different from the first and second formats. This enables the first format to be relatively complex so as to enhance its security, the data being stored in a less complex form to which the initial raw data provided during a transaction can be relatively quickly converted.
Typically, the third format will represent a subset of the received information. This could be a selection from the supplied information which is unknown to the individual or a reduced resolution version of the information.
For added security, the controller may include means to decrypt the information prior to storage when the information received in the first format has been securely encrypted.
In preferred applications, the information includes at least biometric information. However, the invention is also applicable for use with non-biometric identity information such as an ID code. For example, on registration and proof of identity, a person may be given a unique ID code . He then shops on the web and provides his ID code as proof of identity. This code is then checked back at the controller to verify his ID. The codes may, of course, be encrypted in the same manner as the biometric data.
In accordance with a second aspect of the present invention, a transaction system comprises a plurality of transaction service providers, each transaction service provider having means to enable a person to provide identity and/or biometric information; and a verification system according to the first aspect of the invention which is connectable to the service providers to enable the service providers to verify the person by supplying the biometric and/or identity information in the second format and to authorise the transaction if the verification system confirms the person's identity is valid.
In some cases, at least one of the transaction service providers is a funds provider.
The manner in which the various components are connected together can be chosen as appropriate. Hard wired connections are possible but for additional flexibility, the transaction service providers and verification system may each include means to enable them to communicate with each other via one or more of the Internet, telephone, cable or satellite communication systems.
We also provide a method of verifying a person using a verification system according to the first aspect of the invention, the method comprising obtaining biometric and/or identity information relating to the person to be verified; supplying the biometric and/or identity information to the verification system controller in the second format; and determining the output signal from the controller.
Finally, we provide a method of providing verified data to a verification system according to the first aspect of the present invention, the method comprising obtaining valid biometric and/or identity information under controlled conditions; converting the obtained information into the first format and supplying the converted information to the verification system. An example of a transaction system according to the present invention will now be described with reference to the accompanying drawings, in which: -
Figure 1 is a schematic, partly conceptual drawing of the system; Figure 2 is a flow diagram illustrating the capture of valid information; and,
Figure 3 is a flow diagram illustrating a verification process .
The system shown in Figure 1 comprises a controller 1 which includes a microprocessor 2, a memory 3 for storing software for converting received information in a first format into a secure ("third") format and a memory 4 for
storing software for converting information received in a second format into the secure format. The microprocessor 2 is connected to a database 5 and also to a pair of information receiving modules 6,7. Information is sent to the verification system indicated generally at 8, firstly from a capture service 9 and secondly from a range of transaction service providers 10 including funds providers such as banks 11, post offices 12 and web companies or retailers 13. These information suppliers will typically be located geographically remote from the verification system 8 and in order to protect the system 8, a secure fire wall 14 is provided.
In order to enable people to use the verification system, it is necessary to store valid data on the database 5. This valid data is preferably provided by a secure and trusted capture service 9. This may be provided by banks, post offices and other trusted agencies. As shown in
Figure 2, when a person presents himself to the capture service 9, the capture service first has to confirm the identity of the person (step 20) in any conventional manner. Once the identity has been confirmed, the person provides biometric information (captured data) in step 21.
This can be of any conventional type including fingerprints, iris prints, voice prints, photo images and the like. Suitable capture equipment known in the art will be provided at the capture service 9 to enable this biometric information to be provided. The person's identity is also provided, for example in the form of a PIN code or the like. A microprocessor (not shown) at the capture service 9 then processes the received raw biometric and identity information and converts it (step 22) into a secure first format. In this format, all the information received is encoded typically in a different information space to the raw analogue/digital representation at capture. Types of different information space are the frequency domain, time domain, vector, different resolution or colour depth.
The captured confirmation identification data could include the person's name, family details, address, proof of address (utility bill), passport details and the like.
In addition, the converted captured data may also be encrypted, for example using a public key encryption algorithm.
The fully converted and encrypted information is then transmitted (step 23) to the verification system 8 where it will be received and temporarily stored by the receiving module 6.
The microprocessor 2, using the software in the memory 3 , then decrypts the received captured data and either operates on all or part of the encoded data or decodes this to its raw form so as to extract unique features from the biometric information which are then converted into a secure code which is stored in the database 5 (step 24) at an address linked to the captured confirmed identification information (step 25) . The secure code is the data converted into the feature set describing the person. It is secure by virtue of it's determined location which cannot be directly accessed because access is only via module 6 and processor 2 or module 7 and processor 2. Security is further enhanced since the format of the stored data, the extracted data, is different to all data from the external operations and this format is not published.
Alternatively, the identity and biometric information could be encoded together and stored.
A typical transaction will now be described. As can be seen in Figure 1, each transaction service provider is connected to a respective input device such as an ATM 15, benefits counter 16 or PC 17. In the case of the ATM, this could be located with the bank 11 or remotely. Furthermore, a retailer could have the appropriate capture equipment which then transmits information to the receiving module 7. In a further alternative, where the use of funds is not required, the transaction service provider may
communicate directly with the verification system 8 as in the case, for example, of an access control system.
In a first step (30, Figure 3) , identity and biometric information determined from, or about, the person undertaking the transaction is obtained. This can be obtained automatically, or totally or partially input manually. The obtained information is then supplied to the transaction service provider such as the bank 11 (step 31) which then supplies the information (biometric and identity) in a second, typically raw format (step 32) to the verification system 8. The information is received by the receiving system 7 where it is temporarily stored. The microprocessor 2, under the control of the software in the memory 4, then converts (step 33) the received information into the same secure code format used to store previously captured information in the database 5. This will involve extracting the same biometric features as were extracted during the initial set-up procedure.
The microprocessor 2 then compares the transaction secure code with the stored captured codes (step 34) . This comparison may be carried out in a variety of ways. For example, if as described above, the captured secure code is stored at an address corresponding to the person's identity, the received transaction identity can be used to obtain the code at the equivalent stored address and this code can then be compared with the received transaction code. If the two codes match to a predetermined level then it is assumed to be verified.
In other approaches, the captured identity information may be encoded along with the captured biometric information and simply stored at the next address in the database 5 during the initial set-up procedure. In that case, the incoming transaction secure code will be compared with all the codes in the store 5 so as to find the best match.
Following the comparison process, the microprocessor 2 outputs a signal (step 35) indicating whether or not a
match was found and this is transmitted to the transaction service provider. If the transaction service provider receives a signal indicating a match then it will authorise the transaction (step 36) .
Typically, all communications between the verification system 8 and the transaction service provider will utilize a public key encryption.