WO2002027668A1 - Verification system and method - Google Patents

Verification system and method Download PDF

Info

Publication number
WO2002027668A1
WO2002027668A1 PCT/GB2001/004342 GB0104342W WO0227668A1 WO 2002027668 A1 WO2002027668 A1 WO 2002027668A1 GB 0104342 W GB0104342 W GB 0104342W WO 0227668 A1 WO0227668 A1 WO 0227668A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
biometric
format
identity information
identity
Prior art date
Application number
PCT/GB2001/004342
Other languages
French (fr)
Inventor
Rodger Eric Prowen
Bryan James Christophersen
Original Assignee
De La Rue International Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by De La Rue International Limited filed Critical De La Rue International Limited
Priority to AU2001290140A priority Critical patent/AU2001290140A1/en
Publication of WO2002027668A1 publication Critical patent/WO2002027668A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A verification system comprises a store (5) for storing valid data representing biometric and identity information for individuals within a population. A controller (1) receives in a first format valid biometric and/or identity information and stores corresponding data in the store (5), and receives biometric and/or identity information in a second, different format relating to a person to be verified. The controller (1) accesses the store (5) to determine whether the received biometric and/or identity information is the same as or is sufficiently similar to previously stored associated, valid biometric and/or identity data, and generates a suitable output signal corresponding to the result of the determination.

Description

VERIFICATION SYSTEM AND METHOD
The invention relates to a verification system and a method of verification, for example for use in transaction systems.
Transaction systems typically involve the purchase of goods or services but also include systems which control access to physical or virtual locations (such as remote databases and the like) . In all these situations, there is a need to be able to confirm the identity of a person presenting himself to take part in the transaction. Many systems have been developed to assist in the identification process. In the most basic systems, the person carries an identity card or credit card or the like on which his signature is inscribed and he then signs a sales voucher or the like, the retailer comparing the two signatures to authorise the transaction. In other cases, the card may carry a photo image of the bearer. In more sophisticated approaches, other biometric features may be utilized such as an iris image. There are various problems with these approaches. For example, signatures can be copied by skilled fraudsters and there are ways in which photo images can be tampered with or replaced. More sophisticated biometric approaches require suitable processing technology to be available at each retailer which is prohibitive in terms of cost of equipment, distribution and maintenance of data, as well as data origination and enrolling costs for a single operator. Data is also replicated by extra enrolments at each non-connected system. WO-A-00/46770 describes a system for authorising an individual presenting a document for a transaction. It does not, however, deal with the initial registration of an individual's details.
US-A-5870723 describes a registration process. In accordance with a first aspect of the present invention, a verification system comprises a store for storing valid data representing biometric and/or identity information for individuals within a population; and a controller for receiving in a first format valid biometric and/or identity information and for storing corresponding data in the store, and for receiving biometric and/or identity information in a second, different format relating to a person to be verified, for accessing the store to determine whether the received biometric and/or identity information is the same as or is sufficiently similar to previously stored associated, valid biometric and/or identity data, and for generating a suitable output signal corresponding to the result of the determination.
We have considered for the first time the relationship between the manner in which initial registration is carried out and the manner in which subsequent verification is performed. As a result, we have developed a new type of verification system in which data defining or derived from valid biometric information and/or linked identity information is stored, typically remotely, the store being accessed when necessary to check whether biometric and/or identity information provided by a consumer or other person involved in a transaction is valid. In order to reduce the risk of the information being tampered with or being supplied by a fraudster, when the valid data is initially stored, it is supplied in a first format different from the format used to supply the information during the transaction. Typically, this can be achieved by only allowing certain trusted agencies to provide the initial valid data, the ability to code that data in the first format being limited to those agencies. On the other hand, many retailers and other access points may be provided for obtaining the biometric and/or identity information during a transaction and for supplying this to the controller.
The store may be adapted to store the data in a variety of formats including the first format or the second format, the controller carrying out suitable conversions to enable the different sets of data to be compared. Preferably, however, the store is adapted to store data in a third format, different from the first and second formats. This enables the first format to be relatively complex so as to enhance its security, the data being stored in a less complex form to which the initial raw data provided during a transaction can be relatively quickly converted.
Typically, the third format will represent a subset of the received information. This could be a selection from the supplied information which is unknown to the individual or a reduced resolution version of the information.
For added security, the controller may include means to decrypt the information prior to storage when the information received in the first format has been securely encrypted.
In preferred applications, the information includes at least biometric information. However, the invention is also applicable for use with non-biometric identity information such as an ID code. For example, on registration and proof of identity, a person may be given a unique ID code . He then shops on the web and provides his ID code as proof of identity. This code is then checked back at the controller to verify his ID. The codes may, of course, be encrypted in the same manner as the biometric data.
In accordance with a second aspect of the present invention, a transaction system comprises a plurality of transaction service providers, each transaction service provider having means to enable a person to provide identity and/or biometric information; and a verification system according to the first aspect of the invention which is connectable to the service providers to enable the service providers to verify the person by supplying the biometric and/or identity information in the second format and to authorise the transaction if the verification system confirms the person's identity is valid. In some cases, at least one of the transaction service providers is a funds provider.
The manner in which the various components are connected together can be chosen as appropriate. Hard wired connections are possible but for additional flexibility, the transaction service providers and verification system may each include means to enable them to communicate with each other via one or more of the Internet, telephone, cable or satellite communication systems.
We also provide a method of verifying a person using a verification system according to the first aspect of the invention, the method comprising obtaining biometric and/or identity information relating to the person to be verified; supplying the biometric and/or identity information to the verification system controller in the second format; and determining the output signal from the controller.
Finally, we provide a method of providing verified data to a verification system according to the first aspect of the present invention, the method comprising obtaining valid biometric and/or identity information under controlled conditions; converting the obtained information into the first format and supplying the converted information to the verification system. An example of a transaction system according to the present invention will now be described with reference to the accompanying drawings, in which: -
Figure 1 is a schematic, partly conceptual drawing of the system; Figure 2 is a flow diagram illustrating the capture of valid information; and,
Figure 3 is a flow diagram illustrating a verification process .
The system shown in Figure 1 comprises a controller 1 which includes a microprocessor 2, a memory 3 for storing software for converting received information in a first format into a secure ("third") format and a memory 4 for storing software for converting information received in a second format into the secure format. The microprocessor 2 is connected to a database 5 and also to a pair of information receiving modules 6,7. Information is sent to the verification system indicated generally at 8, firstly from a capture service 9 and secondly from a range of transaction service providers 10 including funds providers such as banks 11, post offices 12 and web companies or retailers 13. These information suppliers will typically be located geographically remote from the verification system 8 and in order to protect the system 8, a secure fire wall 14 is provided.
In order to enable people to use the verification system, it is necessary to store valid data on the database 5. This valid data is preferably provided by a secure and trusted capture service 9. This may be provided by banks, post offices and other trusted agencies. As shown in
Figure 2, when a person presents himself to the capture service 9, the capture service first has to confirm the identity of the person (step 20) in any conventional manner. Once the identity has been confirmed, the person provides biometric information (captured data) in step 21.
This can be of any conventional type including fingerprints, iris prints, voice prints, photo images and the like. Suitable capture equipment known in the art will be provided at the capture service 9 to enable this biometric information to be provided. The person's identity is also provided, for example in the form of a PIN code or the like. A microprocessor (not shown) at the capture service 9 then processes the received raw biometric and identity information and converts it (step 22) into a secure first format. In this format, all the information received is encoded typically in a different information space to the raw analogue/digital representation at capture. Types of different information space are the frequency domain, time domain, vector, different resolution or colour depth. The captured confirmation identification data could include the person's name, family details, address, proof of address (utility bill), passport details and the like.
In addition, the converted captured data may also be encrypted, for example using a public key encryption algorithm.
The fully converted and encrypted information is then transmitted (step 23) to the verification system 8 where it will be received and temporarily stored by the receiving module 6.
The microprocessor 2, using the software in the memory 3 , then decrypts the received captured data and either operates on all or part of the encoded data or decodes this to its raw form so as to extract unique features from the biometric information which are then converted into a secure code which is stored in the database 5 (step 24) at an address linked to the captured confirmed identification information (step 25) . The secure code is the data converted into the feature set describing the person. It is secure by virtue of it's determined location which cannot be directly accessed because access is only via module 6 and processor 2 or module 7 and processor 2. Security is further enhanced since the format of the stored data, the extracted data, is different to all data from the external operations and this format is not published.
Alternatively, the identity and biometric information could be encoded together and stored.
A typical transaction will now be described. As can be seen in Figure 1, each transaction service provider is connected to a respective input device such as an ATM 15, benefits counter 16 or PC 17. In the case of the ATM, this could be located with the bank 11 or remotely. Furthermore, a retailer could have the appropriate capture equipment which then transmits information to the receiving module 7. In a further alternative, where the use of funds is not required, the transaction service provider may communicate directly with the verification system 8 as in the case, for example, of an access control system.
In a first step (30, Figure 3) , identity and biometric information determined from, or about, the person undertaking the transaction is obtained. This can be obtained automatically, or totally or partially input manually. The obtained information is then supplied to the transaction service provider such as the bank 11 (step 31) which then supplies the information (biometric and identity) in a second, typically raw format (step 32) to the verification system 8. The information is received by the receiving system 7 where it is temporarily stored. The microprocessor 2, under the control of the software in the memory 4, then converts (step 33) the received information into the same secure code format used to store previously captured information in the database 5. This will involve extracting the same biometric features as were extracted during the initial set-up procedure.
The microprocessor 2 then compares the transaction secure code with the stored captured codes (step 34) . This comparison may be carried out in a variety of ways. For example, if as described above, the captured secure code is stored at an address corresponding to the person's identity, the received transaction identity can be used to obtain the code at the equivalent stored address and this code can then be compared with the received transaction code. If the two codes match to a predetermined level then it is assumed to be verified.
In other approaches, the captured identity information may be encoded along with the captured biometric information and simply stored at the next address in the database 5 during the initial set-up procedure. In that case, the incoming transaction secure code will be compared with all the codes in the store 5 so as to find the best match.
Following the comparison process, the microprocessor 2 outputs a signal (step 35) indicating whether or not a match was found and this is transmitted to the transaction service provider. If the transaction service provider receives a signal indicating a match then it will authorise the transaction (step 36) .
Typically, all communications between the verification system 8 and the transaction service provider will utilize a public key encryption.

Claims

1. A verification system comprising a store for storing valid data representing biometric and identity information for individuals within a population; and a controller for receiving in a first format valid biometric and/or identity information and for storing corresponding data in the store, and for receiving biometric and/or identity information in a second, different format relating to a person to be verified, for accessing the store to determine whether the received biometric and/or identity information is the same as or is sufficiently similar to previously stored associated, valid biometric and/or identity data, and for generating a suitable output signal corresponding to the result of the determination.
2. A system according to claim 1, wherein the store is adapted to store data representing the biometric and/or identity information in a third format.
3. A system according to claim 2, wherein the controller includes means for converting at least some of the received information in the first format into the third format.
4. A system according to claim 2 or claim 3, wherein the third format constitutes a subset of the received information.
5. A system according to any of the preceding claims, wherein the first format comprises a different information space from a raw version of the information.
6. A system according to any of the preceding claims, wherein the second format comprises a raw version of the information.
7. A system according to any of the preceding claims, wherein the controller includes means to decrypt the information prior to storage when the information received in the first format has been securely encrypted.
8. A system according to claim 7, wherein the controller includes means for decrypting public key encrypted information.
9. A transaction system comprising a plurality of transaction service providers, each transaction service provider having means to enable a person to provide identity and/or biometric information; and a verification system according to any of the preceding claims which is connectable to the service provider to enable the service provider to verify the person by supplying the biometric and/or identity information in the second format and to authorise the transaction if the verification system confirms the person's identity is valid.
10. A system according to claim 9, wherein at least one of the transaction service providers is a funds provider.
11. A system according to claim 10, wherein the funds provider is a bank or credit card organisation.
12. A system according to any of claims 9 to 11, wherein the transaction service providers are located remote from the verification system.
13. A system according to any of claims 9 to 12, wherein the verification system and the transaction service providers each include means to enable them to communicate with each other via one or more of the Internet, telephone, cable or satellite communication systems.
14. A method of verifying a person using a verification system according to any of claims 1 to 8, the method comprising obtaining biometric and/or identity information relating to the person to be verified; supplying the biometric and/or identity information to the verification system controller in the second format; and determining the output signal from the controller.
15. A method according to claim 14, wherein the biometric and identity information is supplied to the verification system from a remote location.
16. A method according to claim 14 or claim 15, wherein the biometric and identity information is supplied to the verification system by one or more of the Internet, telephone, cable or satellite communication systems.
17. A method of providing verified data to a verification system according to any of claims 1 to 8, the method comprising obtaining valid biometric and/or identity information under controlled conditions; converting the obtained information into the first format and supplying the converted information to the verification system.
18. A method according to claim 17, wherein the conversion step includes converting the biometric and/or identity information out of the spatial domain.
19. A method according to claim 18, wherein the biometric information is converted into one of the frequency domain, and time domain or into a vector format.
20. A method according to any of claims 17 to 19, wherein the converting step includes encrypting the information, preferably in accordance with a public key encryption algorithm.
PCT/GB2001/004342 2000-09-29 2001-09-28 Verification system and method WO2002027668A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001290140A AU2001290140A1 (en) 2000-09-29 2001-09-28 Verification system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0023904.6 2000-09-29
GBGB0023904.6A GB0023904D0 (en) 2000-09-29 2000-09-29 Verification system and method

Publications (1)

Publication Number Publication Date
WO2002027668A1 true WO2002027668A1 (en) 2002-04-04

Family

ID=9900384

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/004342 WO2002027668A1 (en) 2000-09-29 2001-09-28 Verification system and method

Country Status (3)

Country Link
AU (1) AU2001290140A1 (en)
GB (1) GB0023904D0 (en)
WO (1) WO2002027668A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996003821A1 (en) * 1994-07-26 1996-02-08 International Data Matrix, Inc. Methods and systems for creating and authenticating unalterable self-verifying articles
US5790668A (en) * 1995-12-19 1998-08-04 Mytec Technologies Inc. Method and apparatus for securely handling data in a database of biometrics and associated data
DE19715644A1 (en) * 1997-04-15 1998-10-22 Iks Gmbh Information Kommunika Identity verification procedures
US5870723A (en) 1994-11-28 1999-02-09 Pare, Jr.; David Ferrin Tokenless biometric transaction authorization method and system
US5909501A (en) * 1996-09-09 1999-06-01 Arete Associates Systems and methods with identity verification by comparison and interpretation of skin patterns such as fingerprints
DE19811332A1 (en) * 1998-03-16 1999-09-23 Giesecke & Devrient Gmbh Method of checking a biometric characteristic satisfies very high safety standard and can be implemented at supportable cost
US6024287A (en) * 1996-11-28 2000-02-15 Nec Corporation Card recording medium, certifying method and apparatus for the recording medium, forming system for recording medium, enciphering system, decoder therefor, and recording medium
WO2000046770A1 (en) 1999-02-08 2000-08-10 Pulse Systems, Inc. System and method for evaluating a document and creating a record of the evaluation process and an associated transaction

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996003821A1 (en) * 1994-07-26 1996-02-08 International Data Matrix, Inc. Methods and systems for creating and authenticating unalterable self-verifying articles
US5870723A (en) 1994-11-28 1999-02-09 Pare, Jr.; David Ferrin Tokenless biometric transaction authorization method and system
US5790668A (en) * 1995-12-19 1998-08-04 Mytec Technologies Inc. Method and apparatus for securely handling data in a database of biometrics and associated data
US5909501A (en) * 1996-09-09 1999-06-01 Arete Associates Systems and methods with identity verification by comparison and interpretation of skin patterns such as fingerprints
US6024287A (en) * 1996-11-28 2000-02-15 Nec Corporation Card recording medium, certifying method and apparatus for the recording medium, forming system for recording medium, enciphering system, decoder therefor, and recording medium
DE19715644A1 (en) * 1997-04-15 1998-10-22 Iks Gmbh Information Kommunika Identity verification procedures
DE19811332A1 (en) * 1998-03-16 1999-09-23 Giesecke & Devrient Gmbh Method of checking a biometric characteristic satisfies very high safety standard and can be implemented at supportable cost
WO2000046770A1 (en) 1999-02-08 2000-08-10 Pulse Systems, Inc. System and method for evaluating a document and creating a record of the evaluation process and an associated transaction

Also Published As

Publication number Publication date
AU2001290140A1 (en) 2002-04-08
GB0023904D0 (en) 2000-11-15

Similar Documents

Publication Publication Date Title
US7107454B2 (en) Signature system presenting user signature information
US4993068A (en) Unforgeable personal identification system
US6270011B1 (en) Remote credit card authentication system
US6202055B1 (en) Positive identification display device and scanner for low cost collection and display of graphic and text data in a secure manner
KR100486062B1 (en) Biometric certificates
US6934849B2 (en) Method and system for authorizing a commercial transaction
US7319987B1 (en) Tokenless financial access system
EP0730243B1 (en) Identification card verification system and method
US5832464A (en) System and method for efficiently processing payments via check and electronic funds transfer
US7024563B2 (en) Apparatus, system and method for authenticating personal identity, computer readable medium having personal identity authenticating program recorded thereon method of registering personal identity authenticating information, method of verifying personal identity authenticating information, and recording medium having personal identity authenticating information recorded thereon
US20030012374A1 (en) Electronic signing of documents
US20020174345A1 (en) Remote authenticating biometric apparatus and method for networks and the like
US20060229988A1 (en) Card settlement method using portable electronic device having fingerprint sensor
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
US7624441B2 (en) CA in a card
AU9422298A (en) Personal identification authenticating with fingerprint identification
JP2003525478A (en) Biometric electronic check trading without tokens
EP2040228A1 (en) System, method and device for enabling secure and user-friendly interaction
JP2005063077A (en) Method and device for personal authentication and connector
WO1999031621A1 (en) Tokenless financial access system
EP1280098A1 (en) Electronic signing of documents
JP2008103949A (en) Signature authentication terminal, signature authentication system, signature confirmation system, signature authentication program, signature confirmation program, signature authentication method, and signature confirmation method
WO2003009217A1 (en) Electronic signing of documents
US5261000A (en) On-line terminal unit
CN114297672A (en) Anti-counterfeit verification method and system for anti-counterfeit label and storage medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP