VERIFICATION SYSTEM
THIS INVENTION relates to a verification system. It relates in particular to a verification system for verifying that an identifying card or document carried or presented by a holder of the card or document in fact belongs to or was validly issued to that holder. The identifying card may be of a variety of types and may for example be in the form of a credit card, charge card, debit card, medical aid card, driver's licence card, access card, club membership card, social security card, and the like or any personal identification card or passport. Typical examples of documents associated with a holder of the document include a cheque, promissory note, airline ticket, insurance policy, traveller's visa, and so on. A card or document of this type and any similar card or document is, for the sake of brevity, hereinafter simply referred to as an identifying card.
In accordance with the invention a method of verifying that an identifying card presented by a holder at a particular location in fact is validly associated with that holder, includes storing in a database at at least one central location a unique image representative of a true holder of the card, accessing the database from the particular location, retrieving the unique image from the database and transmitting it to a display device at the particular location, thereby to permit comparison of the unique image with that of the holder presenting the identifying card.
The unique image may be in the form of a photograph, e.g a facial image of the holder, but the unique image may also include or instead be in the form of a finger print or the like. The unique image may be stored in the database by scanning the image and converting the scanned image into digital form.
The method may include the step of encrypting data representative of the unique image prior to storing it in the database and decrypting the encrypted unique image when transmitting it to the particular location.
The method may also include initiating security measures when storing the unique image in the database. For example, a control system may be operative to control access to the database by an operator. The control system may also require the operator to enter a password or unique key and be operable to store identification data representative of the operator together with or associated with the image and date and time details of when the image was stored. When storing the unique image in the database, the method may further include the step of checking existing images in the database to minimise the risk of duplicate images being stored possibly relating to different identifying cards and thereby to prevent a card holder having a plurality of aliases stored in the system.
The database at the central location may be stored on at least one computer server. If desired, a number of separate linked servers may be provided at the central location or at a number of separate central locations. The servers may each hold mirror images of the database. Access to the servers from the particular location may be
via a secure channel that is not available to the general public. Typically, access may be obtained via a land line, via a cellular telephone network, via a digital satellite network, via an internet service provider, or combinations of these.
Security measures may also be implemented at the particular location to allow access to the database by authorised operators only.
The method may include logging access requests from particular locations to the central location. The logging may include full details of date and time of access, the identity of the particular location and the particular image which is being accessed. If the operator at the particular location finds that the image transmitted is unacceptable and does not agree with the holder presenting or associated with the identifying card, a trigger signal may be sent to the central location. The control system may be responsive to the trigger signal and set a flag in the database indicating the possible fraudulent use of the card thereby to prevent future use of the card. The system may also allow details to be captured by the operator of why the trigger signal was activated.
The invention extends also to a central storage system for use in the method as above described, the system including storage means for storing unique images associated with holders of identifying cards, an access control system operable to control access by authorised persons only to the unique images in the storage means, capturing control means operable to control storage of the unique images by authorised persons only, transmitting means for transmitting a particular unique image, once accessed, to a remote location, and flag setting
means triggerable to set a warning signal that an identifying card associated with a particular image has been presented at the remote location in a possibly fraudulent manner.
The central storage system may include encryption and decryption means for encrypting the unique images before storage in the storage means and for decrypting the unique images before transmitting them to the remote location.
The central storage system may also include logging means operable to log details of requests for a particular image.
The invention extends also to remote location interrogation system for use in the method as above described, the interrogation system including access control means for controlling access to the interrogation system by an operator, interrogating means for accessing a central storage system as above described to retrieve a unique image stored in the central storage system, display means operable to receive the unique image and to display the image to the operator, and trigger means operable to trigger a flag in the central storage system indicating possible fraudulent use of an identifying card presented to the operator.
An embodiment of the invention is now described by way of example with reference to the accompanying drawing in which a schematic representation of a verification system in accordance with the invention is shown.
Referring to the drawing, reference numeral 10 generally indicates a verification system which includes a central storage system
12 which can be accessed in a variety of ways from a plurality of remote location interrogation system 14 (only one of which is shown).
The central storage system 12, in this embodiment, includes three servers 1 6.1 , 1 6.2 and 16.3, all of which contain a mirror image of a database containing unique images associated with holders of identifying cards. A fourth server 16.4 serves as a backup server in case any of the servers 16.1 , 16.2 and 16.3 should fail. The server 16.4 also contains a mirror image of the unique images.
A power supply backup 18 is provided so that the servers can be supplied with power in the event of a mains power failure.
The system 1 2 is preferably a stand alone system with no direct use of the system 12 being possible except by authorized operators, e.g. via a virtual private network (VPN). Security measures are also present in the system to prevent access except under strict security control.
As illustrated, the interrogation system 14 can access the servers 1 6.1 , 16.2 and 16.3 in a variety of ways. Firstly, there is a normal telephone land line 20. Additionally, access may be via the internet 22 or by a digital satellite network 24. Access may also be via a cellular telephone network. The access is typically initiated by an operator having a computer terminal, point of sale (POS) terminal, cash till, or the like, capable of being loaded with appropriate software.
The interrogation system 14 could for example be located at a point of sale to which a card, such as a credit card, would be presented by a holder.
In use, each card holder, when the card is issued by a card issuer, would be required to submit an identifying photograph such as a facial image and this is scanned by an operator in the employ of the card issuer and the scanned photograph is linked to a unique number, such as the credit card number. The operator is assigned a password or unique key and is required to validate the use of the scanning and submission system by using a biometric value such as a fingerprint. The information relating to the operator as well as the unique image of the card holder and of the credit card number is then encrypted together with date and time details when the unique image was stored in the database on the servers 1 6.1 to 1 6.3. The central storage system incorporates software operable to check that the unique image is, in fact, unique in the database to prevent the use of multiple aliases by a person. In a preferred form, this software is known under the trade mark Optasia available from Image Metrics pic of Regent House," Heaton Lane, Stockport, Cheshire SK4 1 BS, England. This software uses a prestored model of a human face and compares the image received with the prestored model. It then determines deviations between the model and the image and stores the differences as a record of the image. This allows the stored data to be small, of the order of 75 bytes per image, and also allows the image to be recreated from the stored data by generating an image of the model adjusted by the deviation data.
Data relating to similar images can be stored in a particular area of the database, e.g. all dark skinned faces with spectacles can be
stored in the same area of the database allowing rapid searching of the database.
Once the encrypted image is stored on the system, the card holder can then tender the card at the point of sale to an operator at the interrogation system 14. The card can be swiped through a card terminal or the unique number of the card can be entered into a computer by the operator. Software then controls the accessing of the central storage system 1 2. The software also includes security measures to ensure that only an authorised operator can access the system 1 2.
Preferably, the system 1 2 is accessible only via a hidden address stored in software on each system 14 so that the general public cannot obtain access to the system 1 2.
Once accessed, the unique image relating to the identifying card is transmitted back to the system 14 and displayed in a suitable display device, such as a computer screen. Because each remote location interrogation system is loaded with uniquely compiled software, date and time logging, together with the location of the remote station 14 can be logged in the system 12. The software at the central storage system can also detect abuse of any remote interrogation system and, if necessary, can de-activate the remote system 14.
The operator can then either accept the image as correct and continue with a transaction requested by the cardholder or reject the identifying card as being possibly fraudulent. If the operator decides that the use is possibly fraudulent, software allows the operator to enter
details as to why the transaction was not approved and this information is logged in the system 12.
The system can also be used in a variety of other ways, e.g. fraudulent medical aid claims can be detected by comparing transactions requested from a dispensing pharmacist and that of a patient's doctor via the system. The system may allow logging of details of a doctor prescribing medicines in order to track possible fraudulent prescriptions by a doctor. Repeated use by the same card holder at different dispensing pharmacies within a short period can also be investigated or highlighted by software in the system.
As soon as any form of fraud is suspected, the system sets a flag associated with a particular image to prevent further use of the card.
If desired, the system can also be modified for use in conjunction with a cellular telephone network, e.g. by using a short message service for communicating between the systems 14 and 12.
The system can also be used in banks, by police at roadblocks, at pension pay out points, and so on. In banks, a computer system of the bank can be linked to the servers 16.1 , 16.2 and 16.3 via a secure SSL channel in order to communicate logging details and blocked card details to the bank's computer system. When a holder presents a document such as a cheque to a bank, an insurance policy for encashment, an airline ticket at a boarding station, a visa at a passport control station, the system can be used to verify that the holder is the true holder and validly holds that document. The system can be used as
a static verification system or, by setting up a video camera at a particular location, e.g at an air terminal, polling station, or the like, can be used to verify the identity of a string of persons. The system can also be used for controlling access to premises, e.g. facial images of employees can be stored and verified against the database rather than using access cards to allow access to a place of employment.
The invention illustrated provides a simple yet it is believed secure system for verifying that the holder of a card or document indeed is the true holder of that card or document.