GB2437761A

GB2437761A - Virtual identity and authentication employing a mobile device

Info

Publication number: GB2437761A
Application number: GB0608674A
Authority: GB
Inventors: Qusharat Hussain
Original assignee: Individual
Current assignee: Individual
Priority date: 2006-05-03
Filing date: 2006-05-03
Publication date: 2007-11-07
Also published as: WO2007129042A1; GB0608674D0

Abstract

Systems and methods for integrating personal identity authentication into a mobile device, for example, a mobile telephone, mobile communication enabled PDA or any computer system or apparatus connected to the cellular network. The invention provides an electronic virtual mobile identity authentication computer system that eliminates the need for an individual to possess and present any personalized man-made tokens, in order to authenticate an individual's identity. The invention verifies the individual's identity based upon one or more unique characteristics physically personal to the user either biometric or PIN based. The invention provides a cost-effective electronic authentication system that is practical, convenient, and easy use. The invention provides a system of secured access to a computer system that is highly resistant to fraudulent authentication attempts by unauthorized users. The mobile device comprises a secure non-volatile memory, a keypad, biometric and or fingerprint pad, and an output. The user mobile device has a non-volatile memory that stores specified personal identification information with different levels of nymity. The keypad, biometric and or fingerprint pad provides the inputs. The output provides the personal identification information after the keypad and or biometric receptor (i.e. fingerprint pad) provides a certain input. Likewise, similar or enhanced authorised version of mobile devices can be operated by Government statutory or non-statutory bodies, or commercial organisations seeking to authenticate an individual's personal identity.

Description

VIRTUAL IDENTITY ON MOBILE DEVICE AND AUTHENTICATION METHOD

BACKGROUND & DESCRIPTION OF THE INVENTION

[0001] Improvements in technology have made all our lives easier. Transactions such as paying a bill, which once took many minutes, are now done in seconds over the telephone and the Internet. But these advances also bring risks. Criminals are recognising that our identities are just as valuable, if not more so, than our material possessions. A few items stolen from a rubbish bin such as utility bills and credit card statements can lead to huge financial losses as well as distress and inconvenience for victims in putting their records straight.

[0002] We also gain enormous benefits from increased freedom of movement. Business and holidaymakers need to ensure that they can travel the globe with the minimum of inconvenience. Countries also benefit from inward travel -from tourism or those that come to study or to live and make an economic contribution. A secure way of identifying people staying for some time will ensure that borders remain open to new arrivals. Confidence can be had from knowing who is coming to the country, for what purpose and that when they are here they will abide by the terms and conditions of their entry.

[0003] Identity Authentication Schemes (lAS) can give people assurance that those using public services are entitled to do so and not abusing the system. It will also make access to public services for those entitled to them more straightforward and secure. The range of on-line services can be limited without a definitive, highly secure and reliable means of proving identity. Health services could be further improved if medical history could be available, especially in accident and emergency cases (i.e. in hospital), by identifying a victim and knowing their medication and allergies through biometric identification.

[0004] It could also be better protected from the activities of those using false identities -from people who hide their criminal past to avoid restrictions on working with children through to organised criminals and those who support terrorist activities. lAS can be an important weapon against crime and terrorism.

[0005] An lAS is more than just issuing a piece of plastic. It is about recording on central database pre-requisite personal information including name, address and date of birth etc, without limitation, securely. This data is then linked to biometric information -such as iris scan, fingerprints and facial image -which is unique to that individual. It is common practice to regulate access to territorial borders to authorized individuals. It is also common to control access to portions of business property such as research and development areas, controlled areas such as flight line access, airports, seaports, and vendor-only areas in trade shows.

Access to many other locations may also need to be controlled for various reasons. Typically, some form of identification card is used to identify individuals before they are allowed access.

[0006] The technological advances are now being adopted across the world to improve the security of travel documents and border controls: (I) following the 9/11 attacks the US introduced fingerprint biometric visas for those visiting the US who require a visa. Countries such as the UK, which are part of the US waiver scheme, must comply with the new International Civil Aviation Organisation (ICAO) standards and begin issuing biometric passports incorporating a facial image to remain in the scheme. The US also extends its fingerprint checks at major ports (the US-VISIT system) to visa waiver countries from the end of 2004; (ii) the European Union has gone even further and mandated both fingerprint and facial biometrics for Member States passports within the Schengen area.

Most EU Member states will be working to incorporate such features to keep in-line.

(iii) The EU is also moving towards the introduction of fingerprint and facial biometrics for residence permits and visas issued to Third Country Nationals (foreign nationals who are not citizens of countries within the European Economic Area) from 2008.

[0007] Various forms of identification cards have been used to help identify an individual including paper passports, visas, birth certificates, social security cards, driver's licenses and employee identification cards. Unfortunately each of the latter has been known to be forged thus reducing the acceptance of such identification cards as proof of positive identification.

More recently, biometric authentication systems have been introduced where an iris scanner, a fingerprint sensor on kiosk or contact-based smart card is used to help identify an individual or user. The latter generally require the user to stop or exit a vehicle to prove their identity.

Facial recognition systems have also been entertained to identify watch-listed persons, but the results have not been satisfactory.

j0008] Personal devices are known that allow a user store data in the device for the purpose of providing data to an external system. For example, an identification card having a magnetic strip allow personal information to be stored such as birth dates or social security numbers and the magnetic strip is used to provide the personal information to a magnetic stripe reader.

Unfortunately, if the personal device were stolen, an unauthorized user would be able to use the card.

[0009] To increase the security of such a system, often a personal identification number (PIN) is required, but an unauthorized user would be able to try various PIN numbers until one was found that worked.

[0010] The British Retail Consortiums' (BRC) Proof of Age Standards Scheme (PASS) standard ises the various proof of age card schemes that are available at present. Those which meet the standard for issuing will display a common holographic logo which will be easy for retailers to recognise and also make the cards difficult to counterfeit.

[0011] The BRC has long campaigned for a national proof of age card scheme to help retailers comply with the law on age related goods. The laws restricting the sales of age related products are increasingly complex and varied. For instance there are three age limits for most videos and some computer games. As no national proof of age card scheme exists and recognising that there are some very good quality schemes available at present, the PASS scheme allows them to continue but under a nationally recognised umbrella.

[0012] The BRC established a common standard for issuing the various proof of age cards that are available. Those cards with PASS accreditation will display a common holographic logo, which will be both easily recognisable to retailers, whatever card it is displayed on and also make cards difficult to counterfeit.

[0013] In an increasingly connected world and with the advances in mobile communication technology, business and individuals are nowadays able to communicate in almost all matters. One consequence of this revolution is that a new set of challenges has arisen to ensure the security and integrity of any transform of information as well as confidence that the connected individuals are who they say they are. In some cases the registered subscriber could well, legitimately, not be the user, i.e. Pay-As-You-Go customers, or young people and minors using phones/devices registered to an adult in the family for billing and consumer credit purposes.

[0014] Different authentication solutions have been designed to defend systems against these threats as well as protecting the user ID during communication between the user terminal and identification server. Authentication is the process that verifies that a user actually is who he or she claims to be. Access-control concerns determining level of functionality allowed for a specific user. Access control is typically preceded by authentication.

[0015] Working from remote locations using electronic networks requires means of identification and authentication prior to getting access. The most common way to authenticate users is by having the user enter a username and a static password and by entering the correct combination of username and password the end user gets the access. To be authenticated, users enter user ID and PIN and maybe some other access code.

Passwords and PINs keyed in are, however, vulnerable to be captured in a variety of ways including screen capture monitoring or direct observation, also known as shoulder surfing'.

An alternative would be the fingerprint pad that will provide access upon the recognition of a set of the user fingerprints.

[0016] Short messaging service (SMS) solutions are used in mobile phones to send mobile users onetime access codes for secure entry in the web-based applications. Using static passwords is not very secure and systems and applications protected only by such passwords are quite often vulnerable to attacks. There are however stronger forms of authentication available, such as using onetime password and challenge-respond techniques.

[0017] Strong authentication usually includes user security tokens. Using a mobile device as a security token for authentication is very useful. Some security services base their use on cryptography. Cryptography can be divided into two basic concepts; symmetric techniques that use secret keys and asymmetric ones that use pairs of public and private keys.

OBJECTIVES

[0018] Accordingly, it is the objective of the present invention to provide a new system and method of virtual mobile biometric and / or keypad input identity authentication.

[0019] Another objective of the invention is to provide an electronic system and method that eliminates the need for an individual to directly possess any personalized man-made token which is encoded or programmed with data personal to or customized for a single authorized user. Further, it is an objective of the invention to provide an electronic system that is capable of verifying a user's identity based on one or more unique characteristics physically personal to the user, as opposed to verifying mere possession of personalized objectives and information.

[00201 Another objective of the invention is to provide a method and electronic system that is practical, convenient, and easy to use, where individuals no longer need to remember personal identification numbers to access their personal accounts, if only biometric means are used.

[0021] Another objective of the invention is to provide increased security in a very cost-effective manner, by completely eliminating the need for the individual to directly use ever more complicated and expensive personalized tokens.

[0022] Another objective of the invention is to provide a method and electronic system that is highly resistant to fraudulent access attempts by unauthorized users.

[0023] Another objective of the invention is to authenticate the system to the individual once the electronic system is complete, so the individual can detect any attempt by criminals to steal their authentication information.

[0024] Another objective of the invention is that the individual be identified by an electronic third party identicator, wherein the individual's identification is verified. The individual would register with the electronic third party identicator personal identification data, which comprises, a personal hardware ID code, a personal phone number, a personal email address, a personal digital certificate code, a personal account number, personal biometric, or a personal biometric and PIN combination.

[0025] Still, another objective of the invention is to be added in a simple and cost-effective manner to existing terminals currently installed at points of sale and used over the Internet around the world.

[0026] Yet another objective of the invention is to be efficiently and effectively operative with existing personal transactions systems and protocols, specifically as these systems and protocols pertain to processing of electronic personal transactions.

SUMMARY OF THE INVENTION

[0027] The invention satisfies these needs by providing a method and device for virtual mobile authentication between an individual and an identifier using an electronic identicator with the ability to use at least one biometric sample. The method comprises a registration step, wherein the individual registers with an electronic identicator and/or at least one registration biometric sample. Preferably in one transmission step the individuals biometric sample is electronically forwarded to the electronic identicator. A comparator engine or the identification module of the identicator compares the bid biometric sample with at least one registered biometric sample for producing either a successful or failed identification of the individual.

Once the identicator successfully identifies the individual, the individuals previously registered data is retrieved and a biometric-based authentication of an electronic or pictorial form is displayed without presenting any personalized man-made tokens such as magnetic swipe cards or smart cards but on the user mobile screen or the identifiers screen.

[0028] The method may also optionally include a step in which the individuals previously registered data is electronically displayed to the identifier, or electronically forwarded to a transaction processor.

[0029] The individual registration step may optionally further comprise registering a personal identification number with the electronic identicator.

(0030] The authentication system alternatively further comprises an individual's determination step, wherein the individual can determine the level and type of nymity to display, for example, photo only, photo plus age only, or photo plus address.

[0031] The present invention is significantly advantageous over prior art in a number of ways.

First, it is extremely easy and efficient for people to use because it eliminates the need to directly possess any personalized tokens in order to access their authorized electronic stored data, either via their mobile device or the authenticators' device.

[0032] The present invention eliminates all the inconveniences associated with carrying, safeguarding, and locating such tokens, thereby significantly reduces the amount of memorization and diligence increasingly traditionally required of people by providing protection and access to their data. The individual is now uniquely empowered, by means of this invention, to conveniently conduct their personal identity authentication at any time without dependence upon tokens that may be stolen, lost or damaged.

[0033] The invention is clearly advantageous from a convenience standpoint to individuals and authenticator institutions by making electronic authentication less cumbersome and more spontaneous. The paperwork of providing and authenticating is significantly reduced as compared to standard means wherein any copies of the identity form or recording of details from such provision can be stored in the individual or authenticator mobile device.

Alternatively or additionally, history records can be maintained in an individuals account provided via the Internet on the authenticators or other identity provider or issuer's web domain.

[0034] Overall, the method and system of this invention can be designed to provide an individual with simultaneous direct access to their authenticator or identity provider or issuer web account.

[0035] Further, the substantial manufacturing and distributing costs of issuing and reissuing all personalized tokens such as magnetic swipe cards and smart cards, thereby providing further economic savings to identity issuing authorities.

[0036] Moreover, the invention is markedly advantageous and superior to existing systems in being highly fraud resistant. As discussed above, present authorization systems are inherently unreliable because they base determination of a user's identity on the physical presentation of a manufactured personalized token along with, in some cases, information that the user knows. Unfortunately, both the token and information can be transferred to another person through loss, theft or by voluntary action of the authorized user.

[0037] Thus, unless the loss or unintended transfer of these items is realized and reported by the authorized user, anyone possessing such items can be recognized by existing authorization systems as the individual to whom that token is assigned. Even appending the need for presentation of a biometric in conjunction with such personalized tokens is severely flawed, since if the authorized user is unable to present the requisite token at the time of authentication, they will be unable to verify their identity. As such, these complex arrangements are ineffective, since the security they intend to provide can easily block an authorized user from using his own rightful resources by virtue of his personalized token having been lost, stolen or damaged.

[0038] By contrast, the present invention virtually eliminates the risk of denying access to rightful users while simultaneously protecting against granting access to unauthorized users.

By determining identity and authentication solely from an analysis of a user's unique biometric characteristics, this invention creates a highly secure system that maintains optimal convenience for both individual and authenticator to authenticate anytime, anywhere.

[0039] These and other advantages of the invention will become more fully apparent when the following detailed description of the invention is read in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0040] FIG. 1 shows the preferred embodiment of a Party Identification Device (PIA), for example a PDA or mobile telephone or any computer device with optional biometric sensor and keypad.

[0041] FIG. 2 shows the connection between the PIAs to a local router and a network 5' operations centre.

[0042] FIG. 3 shows an embodiment where the PIAs are connected to the Data Processing Centre (DPC) using a cellular digital packet data.

[0043] FIG. 4 shows a method by which the transaction processor determines a Biometric-PIN from the Biometric-PIN Identification subsystem is responsible for a given subdivision of the biometric database.

[0044] FIG. 5 is a preferred embodiment of the DPC showing the connections between its components [0045] FIG. 6 shows the overall preferred embodiment where a biometric sample and PIN are used by the virtual mobile system to authenticate identity.

DETAILED DESCRIPTION

[0046] The invention provides a virtual mobile identity electronically displayed or transacted via biometric and or PIN combination method for authenticating electronically an individual's identity. It is the essence of this invention that the individual not be required to directly use any man-made paper or card based personalized token in order to effect the transaction. A computer system is used to accomplish these goals.

[0047] The virtual mobile authorization system or the third party identicator comprises the following components: [0048] Party Identification Apparatus (PIA) [0049] Communication lines [0050] Data Processing Centre (DPC) [0051] These components together allow an individual to authenticate electronically their identity without requiring the individual to carry driver's licenses, credit cards, check guarantee cards, or other forms of identity.

[0052] Throughout this specification the terms "third party electronic identicator" and "electronic identicator" are used interchangeably; it is understood that the electronic identicator may be owned and/or operated by the authenticator, the individual, or by a third party, without loss of generality.

Party Identification Apparatus (PIA) [0053] The PIA is a device that gathers identity information for use in authentication, and includes mobile device and apparatus. It be should be appreciated that the mobile device could be any device that is connected to the cellular network -for example, a mobile telephone, mobile communication enabled PDA or any computer system or apparatus connected to the cellular network. Of course, if the network is not a mobile communications network, the device will be a device suitable for communication with whatever type of network is provided. Each PIA conducts one or more of the following operations: [0054] gather biometric input from an individual or authenticator [0055] gather a PIN code or password from an individual or authenticator [0056] secure communication between PIA and DPC using encryption [0057] secure storage of secret encryption keys [0058] store and retrieve a unique personal PIA hardware identification code [0059] secure enclosure & components from unauthorized tampering [0060] display information, allow parties to approve or cancel an electronic authentication [0061] scan a magnetic stripe card [0062] store, verify, and retrieve a personal digital identification code [0063] allow parties to select among choices, level and type of nymity and, optionally, the display type, for example, photo only, photo plus age only, photo plus address only etc.

] A preferred embodiment containing these components is shown in FIG. 1.

[0065] Biometric input is gathered using a biometric sensor located within the PIA. Biometric sensor, for example voice recognition or finger print image sensor can be incorporated.

However, it is understood that biometric sensors such as iris scan and other types can also be used.

[0066] For authenticator PIAs requiring a fingerprint sensor, the PIA has a biometric fraud detection unit (not shown) that will assure that any biometric input gathered from the biometric sensor is from a real physical person, instead of a copy or replica. Preferably for the finger image sensor there is a blood flow detector.

[0067] For systems employing a PIN, the input is preferably gathered using a keypad or PIN pad that is also located securely within the PIA.

[0068] Communication security is provided by encryption using unique secret keys known only to that specific PIA and the DPC, and the DES encryption algorithm, preferably triple-encrypted. Triple encryption means successive encrypt/decrypt/encrypt operations using two distinct 56-bit DES keys. This provides significantly higher security than a single encryption operation with one 56-bit DES key. Alternately, a public/private key system may also be used to encrypt information that passes between PIA and DPC. Both DES and public key encryption is well known in the industry.

[0069] The PIA also has secure memory that can store and retrieve the unique secret encryption keys used to enable secure communications with the DPC.

[0070] To use encryption keys, a key management system must be employed to assure that both sender and receiver are using the same key. When using DES, a preferred key management system is DUKPT, which is well known in the industry. DUKPT is designed to provide a different DES key for each transaction, without leaving behind the trace of the initial secret key. The implications of this are that even successful capture and dissection of a PIA will not reveal messages that have previously been sent, a very important goal when the effective lifetime of the information transmitted is years. DUKPT is fully specified in ANSI X9.24. The DUKPT key table is stored in the secure memory.

[0071] Each PIA preferably has a hardware identification code that is registered with the DPC at the time of manufacture or registration. This makes the PIA uniquely identifiable to the DPC in all transmissions from that device. This hardware identification code is stored in write-once memory.

[0072] PIA physical security is assured by standard mechanisms. Authenticator PIA's comprise tamper-detect circuitry, an enclosure that cannot be easily opened without visibly injuring the enclosure, erasable memory for critical secrets such as encryption keys, write-once memory for hardware identification, tight integration of all components, and "potting" of exposed circuitry.

[0073] Information such as the identity of a payee, photo, address, age, date of birth (d.o.b) or biometric data is displayed using an integrated LCD screen. It is preferable that the LCD screen be connected securely to the other components in the PIA to maintain security.

[0074] Approval or cancellation of authentication can be done using the PIA keypad.

[0075] Optionally, the PIA also validates public key digital certificates. In one embodiment, public keys of a particular certifying authority are initially stored in the PIA at the time of registration or construction. This provides the mechanism to verify individual's digital certificates that are signed by the certifying authority.

[0076] The PIA also optionally displays a list of identity types on the LCD screen and provides for selection of choices using the keypad.

[0077] Although a preferred embodiment is described above, there are many different variations on specific PIA implementations. Fundamentally any device that is secure, can identify a person or entity with a high degree of certainty, and can connect to the DPC via some form of communication line can serve as a PIA.

[0078] The Subscriber Identity Module (SIM) inside GSM phones was originally designed as a secure way to connect individual subscribers to the network and works as a smart card that saves subscriber information about identity, subscription, subscriber environment, radio environment and other information. It can also hold security functions, such as RSA keys described later on.

Communication Lines [0079] Communications between the PIA and the DPC occur via many different communication methods. Most depend on the particular communication networks already deployed by the DPC or authenticator that deploys the authentication system.

[0080] In an embodiment shown in FIG. 2, the PlAs I are connected via Ethernet to a local router 2, which is itself connected to a network operations centre (NOC) 3 via frame relay lines. At least one DPC 4 is located at the NOC. Messages are sent from PIA to the DPC using TCP/IP over this network.

[0081] In another embodiment shown in FIG. 3, the PIAs 1 are connected via a cellular digital packet data (CDPD) modem to a CDPD provider 8, who provides TCP/IP connectivity from the PIA to an intranet to which at least one DPC 4 is attached.

[0082] In yet another embodiment, a PIA is connected via the Internet, as is at least one DPC.

TCP/IP is used to transmit messages from PIA to DPC. There are many different ways to connect PIA to DPC that are well understood in the art.

[0083] The Global System for Mobile Communication (GSM) is a-standard for digital wireless communications with services, such as voice telephony. GSM, together with other technologies, is part of an evolution of wireless mobile telecommunication that includes e.g. General Packet Radio System (GPRS), and Universal Mobile Telecommunications Service (UMTS).

[00841 UMTS is the third generation mobile communication system, which provides an enhanced range of multimedia services, such as video. UMTS has specified the use of the USIM (universal SIM) as the evolution of SIM. In GSM and UMTS networks, the (U) SIM card is central both for subscriber identification and for providing value added services. Usually referred toas a SIM card, the USIM (UMTS Subscriber Identity Module) is the user subscription to the UMTS mobile network. The USIM contains relevant information that enables access onto the subscribed operator's network. The International Mobile Equipment Identity (IMEI), being a unique code that corresponds to a specific GSM handset, uniquely identifies the mobile equipment.

Data Processing Centre [0085] Data Processing Centres (DPC) serve to register and identify the individual and perform the execution that will result in verification and authentication transaction and delivery for the electronic identity.

[0086] As seen in FIG. 5, the DPC 22 is connected to the Internet or intranet 2 using a firewall machine 24 that filters out all messages that are not from legitimate PIA devices. Messages are then sent to a Transaction Processor (TP) 26, which is responsible for overseeing the steps required to process the entire transaction.

[0087] In a preferred embodiment, the messages are decrypted. For this, the transaction processor uses the Decryption Module (DM) 28, which utilizes the hardware identification code of the PIA to identify the encryption codes that is required to decrypt the message from the PIA.

[0088] Once decrypted, the identity of both parties to the transaction is determined using the identification module (IM), or comparator engine 30. Once identified, the TP 26 determines the nymity level and identity type using the identity choice selector. This requires a DPC message back to the originating PIA if the individual has several personal identity accounts to choose from, for example those for husband, wife or children.

[0089] In a preferred embodiment, more than one DPC provides fault tolerance from either natural or man-made disasters. In this embodiment, each DPC uses a backup power generator, redundant hardware, mirrored databases, and other standard fault tolerant equipment known in the industry.

Decryption Module (DM) [0090] In a preferred embodiment, all messages the DPC receives, with the exception of those not constructed by a PIA, contain a PIA hardware identification code, i.e. SIM, a sequence number, and a Message Authentication Code (MAC). (Message authentication codes, also known as cryptographic checksums, well known in the transaction industry, are used to assure that any changes to the content of the message will be detectable by the entity receiving the transmission). The DM validates the message's MAC and then checks the sequence number for that particular PIA. If the DM determines that both the MAC and the sequence number are valid, the DM uses the unique secret key for that particular PIA to decrypt the message. For the decryption to function properly, the DM must contain a copy of each PIA's DUKPT key table.

[0091] If the decryption operation fails, or if the MAC check fails, the message is considered an invalid message. The TP logs a warning to the Log Facility (LF), terminates processing for the message, and returns an error message to the originating PIA.

[0092] Each message TP receives preferably contains a response key stored in the encrypted section of the message. Before the TP replies to a message that includes a response key, it instructs the DM to encrypt the response message with that response key. The DM also generates a MAC for the response and appends it to the message.

[0093] Preferably, error messages are not encrypted although the DM does include a MAC for message authentication. Such messages never include confidential information. However, most response messages include a status or response codes that can indicate whether the request succeeded or not. For example, when the IM declines a transaction, it does not return an error message, it returns a normal transaction response message with a response code set to "failed".

Identification Module (IM) [0094] Party identification occurs in different ways, depending on the identification information that is provided by the PIA. The identification module has subsystems for each type of information that is provided, and each subsystem is highly optimised to provide rapid identification as outlined below.

[0095] In one embodiment, the ID module detects individuals that re-register with the system by conducting a re-registration check. Given a particular registration biometric sample submitted by a person attempting to register with the system, the ID module determines if that person has ever been registered previously by comparing the registration biometric sample with other biometric samples previously registered. If a match occurs, the registration is rejected.

[0096] In a preferred embodiment, identification module comprises subsystems that can identify parties from the following information: [0097] biometric data and PIN [0098] biometric or PIN data alone [0099] digital identification (digital certificates) [0100] PIA hardware identification code Biometric-PIN Identification Subsystem (BPID) [0101] In a preferred embodiment, the BPID subsystem comprises at least two BPID processors, each of which is capable of identifying parties from their biometric and or PIN codes.

[0102] Preferably, the database of parties identifiable from biometric-PIN combinations is distributed equally across all BPID processors. Each processor is then responsible for a subset of identifications.

[0103] In FIG. 4, TP 26 determines which Biometric-PIN from the BPID subsystem 44 is responsible for a given subdivision of the biometric database. In one embodiment, one BPID 46 is responsible for identifying people with PINs 1-20, another BPID 48 is responsible for identifying PINs 21-40, and a third BPID 50 is responsible for identifying PINs 41-60. For example, all messages from the PIA containing a PIN that equals the number 30 would be routed to BPID 48 for identification of the individual.

[0104] Once a BPID processor receives a bid biometric sample and PIN for identification, the processor searches through its database, retrieving all registered biometric samples that match or correspond to that particular bid PIN. Once all corresponding registered biometric samples are retrieved, the processor compares the bid biometric from the message to all retrieved registered biometric samples. If a match is found, the processor transmits the identity of the party back to TP 26. If no match is found, the processor transmits a "party not identified" message back to TP 26.

Biometric Identification Subsystem (BID) [0105] In another embodiment, the BID subsystem comprises at least two BID processors, each of which is capable of identifying parties only from their biometric sample.

[0106] In one embodiment, each BID processor contains the entire database of biometrics. To distribute the transactions evenly across processors without undue effort, the TP determines randomly which BID processor will be used for a given identity check request, and delegates the identification request to that BID processor. That BID processor then performs a search of its biometric sample database in order to find a matching registered biometric sample.

[0107] In one embodiment, other information is present that assists the BID processor in searching the database. For finger images, this includes information such as the classification of the image (whirl, arch, etc.), and other information about the finger ridge structure that is useful for selecting out biometrics that are not likely to match (or information on biometrics that are likely to match). Various methods of classification for rapid search of particular biometric databases are known in the art for example with regard to facial imaging, iris and voice recognition.

[0108] Biometric comparisons are often more accurate if multiple biometrics are used. In some embodiments, multiple biometrics are used to more rapidly and more accurately identify individuals.

Digital Identification Subsystem [0109] In a preferred embodiment, the digital identification subsystem comprises multiple processors, each of which is capable of identifying an individual from their digital certificates.

In this embodiment, digital certificates are used to perform digital identification of the individual. Preferably this includes corporate web site addresses and certifying authorities only. Where possible, people provide biometrics as a means of identification, while computers provide digital certificates.

[0110] A digital certificate uniquely identifies a party. The major difficulty is verifying that a particular digital certificate is valid. This requires a public key from the certifying authority that issued that particular digital certificate. This requires that the digital identification subsystem have a list of certifying authorities and the public keys used to validate the digital certificates they issue. This table must be secure, and the keys stored therein must be kept up to date.

These processes and others relating to the actual process for validating digital certificates are well understood in the industry.

PIA Hardware Identification Subsystem (PHI) [0111] In a preferred embodiment, PIA hardware, or SIM, identification codes are translated into the individual identification by the PHI subsystem. This subsystem maintains a list of all PIAs ever manufactured or registered. Preferably, when a particular individual purchases a PIA or any mobile device, that individual's identity is linked to that PIA. Any transactions that originate from that PIA are assumed to be destined for the party that purchased the PIA.

[0112] In one embodiment, there are many family members, i.e. wife or children in the care or responsibility of the mobile device PIA owner, and legally in possession the PIA while there is only one individual identity account linked to transactions issuing from a particular PIA. This could be accommodated for by creating a family or co-user tree identity. In another embodiment, the PIA hardware identification code does not serve to identify either the authenticator or the individual. This is the case in PIAs purchased for public terminals, Automated Teller Machines, or for home use.

Identity Selector Subsystem (lAS) [0113] The lAS process varies depending on the party being identified. Where the individual has registered photo, biometric and requisite identity information, then that identity account is automatically selected to default to photo plus identity reference display on LCD screen. The lAS will allow choices to select the type to include amongst others, photo plus age, photo plus address, photo plus driver license detail etc. [0114] In the cases where an individual has registered one or more co-user for the PIA, perhaps to include children or partner, the lAS processor retrieves a list of all designated individual identity accounts, and transmits them back to the PIA for selection by the individual.

[0115] In one embodiment, particular PIAs have identity account selection information associated with them.

[0116] In another embodiment, an individual or authenticator identifying them through biometrics has the option to pre-select the identity type from which to display the electronic identity, using an account index code. The account index code is optionally an alphanumeric, or a series of numbers and codes that act as an easy-to-remember shorthand for the identity type. These account index codes are correlated to particular identity types during registration.

Logging Facility (LF) [0117] In a preferred embodiment, the LF 36 logs all transactions to write-once media, so that a record is kept of each event and each error that has occurred during the operation of the virtual mobile authentication system.

Use-Sensitive DPC Configuration [0118] While each DPC has some or all of the above features, in some embodiments the system has use-sensitive data processing capabilities, wherein multiple DPCs exist, some of which store a subset of the total number of registered parties.

[0119] This system comprises at least one master DPC, which contains a large subset of all parties registered with the system. The system further comprises at least two local DPCs that (0 are physically apart from each other. Each local DPC contains a subset of the parties contained within the master DPC. Data communications lines allow messages to flow between each local DPC and the master DPC.

[0120] In this embodiment, identification request messages are first sent to the local DPC for processing. If a party cannot be identified by the local DPC, the message is forwarded to the master DPC. If the parties are identified properly by the master DPC, the message is processed appropriately. In addition, one or both party's identity information is transmitted from the master DPC to the local DPC, so that the next time parties will be successfully identified by the local DPC.

[0121] In another embodiment of a use-sensitive DPC system, the system further comprises a purge engine for deleting a party's identification information from the local DPC databases. In order to store only records for those parties who use the system more than a prescribed frequency and prevent the overload of databases with records from parties who use the system only occasionally, the record of a party is deleted from the local DPC databases if there has been no attempt to identify the party upon expiration of a predetermined time limit.

[0122] In order to make communications between the master DPC and the local DPCs secure, the system further comprises encryption and decryption means, wherein communications between the master DPC and local DPC are encrypted.

Registration [0123] Parties that wish to either originate or receive electronic identity (les) must first register with the virtual mobile authentication system. The identification and personal information registered with the system for a given party depends on the mode used to originate or receive identity. An individual must register at least one biometric or a biometric-PIN. Preferably, corporate entities must register at least one digital certificate, or must register their PIA hardware identification codes. All parties must also register the appropriate personal detail information by the ACH.

[0124] In FIG. 6, to register, an individual submits a registration PIN code into the PIA keypad.

The individual then optionally enters a biometric sample obtained from their physical person by the PIA's biometric sensor. The PIA determines that the biometric scan is non-fraudulent, and then translates and compresses that biometric scan into a format suitable for rapid transmission to the DPC.

[0125] Preferably, an authorised attendant verifies that the person actually owns the identity by comparing personal photo id (a driver's license, passport, id card, etc) to the name listed and obtains the biometric data.

[0126] Once the attendant verifies the registration data and individual's identity, the PIA transmits the registration data to the DPC. The DPC then inserts the biometric (or biometric-PIN) into the appropriate identification database, updates the identity account selector (lAS), and enables the person to originate identity authentication.

[0127] In one embodiment, the DPC validates the identity data submitted during registration.

This involves making certain that the identity being registered is valid. Preferably, an entity may either register at least one digital certificate, or use at least one PIA hardware identification code to identify itself to the DPC. Digital certificates are available from certifying authorities, and they provide the assurance that the entity with the certificate is the authentic owner of that identity. These certificates contain readable text and other information that describes the entity.

[0128] This digital certificate is then used to identify the receiving party.

[0129] In an embodiment, the personal identity of the entity is included in the digital certificate.

This is not a preferred embodiment, as the disclosure of the personal account is potentially injurious to the entity.

Authentication [0130] Authentication occurs either physically in person at a point of presence, or at home or public terminal via a remote network.

Point of Presence (PoP) [0131] PoPs are characterized by identifying the individual using their biometric sample or PIN on a PIA controlled by the individual (i.e. mobile device). The individual is thus identified through biometrics or PIN, while the individual is optionally identified through the PIA's hardware identification code.

[0132] In a preferred embodiment, a party at the PoP originates an electronic identity in the following manner. First, the individual submits a bid biometric sample obtained from their physical person by the PIA's biometric sensor. The PIA determines that the biometric sample is non-fraudulent, and then translates and compresses that biometric sample into a format suitable for rapid transmission to the DPC.

[0133] Next, the individual optionally enters a PIN code into the PIA keypad. At this point, the PIA transmits the biometric or biometric-PIN to the DPC for identification, optionally along with the PIA hardware identification code. The DPC identifies the individual using the biometric sample, and retrieves the list of lAS that the individual has previously registered with the system, and transmits this list back to the PIA. The DPC optionally identifies the individual using the SIM and or PIA hardware identification code that was previously registered by the individual.

[0134] The PIA displays the lAS to the individual, who can then selects one of the identity types as the default display identity.

[0135] Execution by the DPC may result in a declined transaction due to data error, suspect fraud or other problem. If the transaction is declined, the DPC transmits the decline notification back to the PIA, either the individual or authenticator PIA, and the individual may re-attempt or provide another identity type or cancel the transaction.

[0136] In another embodiment, instead of the DPC transmitting the list of possible Identity types (via lAS) back to the PIA for individual selection, the individual instead indicates which type to select by entering a type index code or letter. This code can be selected by the individual during or post account registration and linked to a particular identity type.

Network Point of Security Transactions [0137] Network point of security transactions are characterized by identifying the individual using the individual's bid biometric sample or PIN submitted through the individual's personal PIA, or through a public PIA attached to a public terminal or statutory or government body PIA. The authenticator is a registered user for such purposes, and is preferably identified through a digital certificate. Thus the individual is identified through biometrics and or PIN, while the authenticator is optionally identified through the verification of a digital certificate issued by an authorized certifying authority.

[0138] In a preferred embodiment, the individual first lodges the authenticators user code and or transaction reference number, something that is provided by the authenticator, or using the network address of the authenticator on the authenticators PIA. If using the web network, the individual downloads the authenticators' digital certificate to the PIA that the individual is using. The PIA verifies that the digital certificate provided by the authenticator is a valid certificate.

[0139] The individual then submits a bid biometric sample obtained from their physical person using the PIA's biometric sensor. The PIA determines that the biometric scan is non-fraudulent, and then translates and compresses that biometric scan into a format suitable for rapid transmission to the DPC. The individual then optionally enters a PIN code into the PIA keypad.

[0140] The PIA transmits the biometric or biometric-PIN to the DPC for identification, along with the authenticators' digital certificate and or transaction or user code. The DPC identifies the individual, and retrieves the list of identity type that the individual has previously registered with the system, and transmits this list back to the PIA.

[0141] In another embodiment, the transaction code or reference can be transmitted to the authenticators PIA by the individual. The authenticator then either approves or cancels the transaction using the PIA's keypad. Once the transaction is approved, the PIA transmits the electronic identity to authenticators PIA for verification.

[0142] Execution by the DPC may result in a declined transaction due to error or the identity is a closed account, or some other immediately detectable problem condition. If the transaction is declined, the DPC transmits the decline notification back to the PIA, and the individual or authenticator may either re-attempt or select another identity type or cancel the transaction.

[0143] In one embodiment, a private code, which is distinct from a personal identification number (PIN) and not used in an individual identification step, and is preferably chosen by the user, is transmitted to the PIA from the DPC, and presented to either the individual or authenticator subsequent to a successful identification using biometrics. This private code identifies the authentication to the individual or authenticator users. The private code is selected by the individual or authenticator during registration with the third party identicator, and is never entered into the PIA during authentication. Additionally, the PIA and DPC always transmit the private code in an encrypted form. As a result, only the authentic DPC and PIA can provide a person's private code after a successful identification. The private code is displayed to the individual to validate that the authentic electronic third party identicator has processed the transaction.

[0144] The authentication system alternatively further comprises a virtual mobile authentication system that communicates with one or more external computers during the individual determination step and the transaction step.

[0145] The transaction code data comprises authenticators and individuals information including: identity type displayed, individuals name, a date or time, a location, or a reference number.

[0146] Preferably, in a individual re-registration step, the user's registration biometric samples are compared against previously designated biometric samples wherein if a match occurs, the computer system is alerted to the fact that the individual has re-registered with the virtual mobile authentication system.

[0147] Also preferably, in a biometric theft resolution step, where the individual uses a Biometric-PIN identification subsystem, the individual's personal identification number is changed whenever the individual's biometric sample is determined to have been fraudulently duplicated.

[0148] Optionally, during the individual registration step, the individual registers at least one individual identity type and assigns an account index code to each individual types, and during the acceptance step the user adds the account index code to the personal transaction, wherein the account index code further comprises one or more alphanumeric characters.

[0149] In one embodiment, the PIA is actually built-in and/or integrated with a personal computer. These personal computer PIA hardware identification codes are not used to identify either party in a transaction.

[0150] In another embodiment, the individual can be a representative of a family minors or children that has permission to access the minor or children's identity accounts to authenticate, for instance their age when visiting the cinema or for proof of age purchases including on the network.

[0151] In one embodiment, a network transaction over the internet requires an internet merchant code or user or reference number, which is then entered into the individual PIA to generate a transaction code which, along with the identity reference number, is to be entered for the transaction to complete. The transaction code can be a randomly generated security number to enhance the authentication for Internet and remote identity authentication.

[0152] From the foregoing, it will be appreciated how the objectives and features of the invention are met. First, the invention provides an electronic virtual mobile identity authentication computer system that eliminates the need for an individual to possess and present any personalized man-made tokens, in order to authenticate an individual's identity.

[0153] Second, the invention provides an electronic authentication system that is capable of verifying an individual's unique personal identity, as opposed to verifying possession of personalized objects and information.

[0154] Third, the invention verifies the individual's identity based upon one or more unique characteristics physically personal to the user.

[0155] Fourth, the invention provides a cost-effective electronic authentication system that is practical, convenient, and easy use.

[0156] Fifth, the invention provides a system of secured access to a computer system that is highly resistant to fraudulent authentication attempts by unauthorized users.

[0157] Although the invention has been described with respect to a particular virtual mobile authentication system and method for its use, it will be appreciated that various modifications of the apparatus and method are possible without departing from the invention, which is defined by the claims set forth below.

[0158] It will be apparent to those in the art having the benefit of this disclosure that the present invention contemplates a layered virtual identity system with authentication and method in which personal information may be detached from the identity server. It is understood that the form the invention shown and described in the detailed description and the drawings are to be taken merely as presently preferred examples. It is intended that the following claims be interpreted broadly to embrace all the variations of the preferred embodiments disclosed.

[0159] The embodiments described herein are not intended to, and should not be taken to, limit the scope of the invention that extends to any suitable arrangement for virtual and tokenless identification on a mobile device and encrypted delivery of such authentication.

[0160] While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications, and other live applications of the invention can be made within the scope of the appended claims. "4-

Claims

VIRTUAL IDENTITY ON MOBILE DEVICE AND AUTHENTICATION METHOD

CLAIMS OF INVENTION

1. A method for virtual mobile electronic authentication of personal identity between an individual and an authenticator using an electronic identicator (PIN) and or at least one individual bid biometric sample, said method comprising the steps of: a. an individual registration step, wherein the individual registers with an electronic identicator PIN and or at least one registration biometric sample; b. a transaction formation step, wherein an electronic personal authentication is formed between the individual and the authenticator, comprising at least one individual bid biometric sample, wherein the bid biometric sample is obtained from the individual's person; c. at least one transmission step, wherein the individual bid biometric sample is electronically forwarded to the electronic identicator; d. an individual identification step, wherein the electronic identicator compares the individual bid biometric sample with at least one registered biometric sample for producing either a successful or failed identification of the individual; e. an account retrieval step, wherein the individual's previously registered lAS data is retrieved; wherein upon successful identification of the individual, a biometric-based authentication is authorized using the individual's previously registered personal details without the individual presenting any personalized man-made tokens such as identity cards or magnetic swipe cards to verify the individual.

2. The method of claim I further comprising the inclusion of a transaction code in the transaction formation step.

3. The method of claim I further comprising a display step, in which the individual's previously registered lAS data is electronically displayed to the individual.

4. The method of claim I further comprising a forwarding step, in which the individual's previously registered personal identity data is electronically forwarded to a personal transaction processor.

5. The method of claim I in which the electronic identicator is operated by a third party.

6. The method of claim I wherein the individual registration step further comprises registering an individual personal identification number with the electronic identicator.

7. The method of claim 2 further comprising an individual determination step, wherein it is determined if the individual's account is live or dormant, in case of deceased individual, for the transaction code to identify error or fraud of any kind.

8. The method of claim I further comprising an individual account selection step, wherein after the individual has been successfully identified in the individual identification step, the virtual mobile authentication system presents at least one identity type with the virtual mobile authentication system for selection and display.

9. The method of claim 2 further comprising a transaction step, wherein a transaction code from the individual's lAS account is stored and raised.

10. The method of claim 9, wherein the transaction code is registered to the individual's personal account on third party system.

II. The method of claim 1 wherein the registration step further comprises registering an individual private code with the electronic identicator, which is distinct from a personal identification number and not used in the individual identification step, wherein the private code is displayed to the individual to validate that the authentic electronic identicator has processed the transaction.

12. The method of claim 7 wherein the individual determination step further comprises the virtual mobile authentication system communicating with at least one external computer system.

13. The method of claim 9 wherein the transaction step further comprises the virtual mobile authentication system communicating with at least one external computer system.

14. The method of claim 2 wherein the transaction code comprises authenticators and individuals information including: identity type displayed, individuals name, a date or time, a location, or a reference number.

15. The method of claim I further comprising a transaction acceptance step in which the individual approves the transaction. (S

16. The method of claim I further comprising a individual re-registration step, wherein a user's registration biometric samples are compared against previously designated biometric samples wherein if a match occurs, the computer system is alerted to the fact that the individual has re-registered with the virtual mobile authentication system.

17. The method of claim 1 wherein the biometric sample comprises of one of the following: a fingerprint, a facial scan, a retinal image, an iris scan, and a voice print.

18. The method of claim 6 further comprising a biometric theft resolution step, wherein the individual's personal identification number is changed whenever the individual's biometric sample is determined to have been fraudulent'y duplicated.

19. A virtual mobile electronic authentication device for personal identity verification, said device comprising: a. a computer data processing centre further comprising data bases wherein the individual registers a registration biometric sample; b. a party identification apparatus having a biometric sensor for input of a biometric sample; c. communication lines for transmission of a registration and bid biometric sample obtained by the party identification apparatus from the individual's person to the data processing centre; d. a comparator engine for comparing a bid biometric sample to at least one registration biometric sample; and e. an execution module for authenticating via means of a transaction code from the individual lAS account upon successful identification of the individual, wherein no man made tokens such as a identity card, driver license, credit/debit card or a paper based identity form is used by the individual to conduct the personal authentication.

20. The authentication device of claim 19 wherein the individual registration biometric sample is associated with a personal identification number.

21. The authentication device of claim 19 wherein the execution module determines if the individual's live or dormant for the transaction code.

22. The authentication device of claim 19 further comprising an identity selector module, wherein after the individual has been successfully identified, the authentication device presents at least one identity type for selection to display.

23. The authentication device of claim 19 wherein a subset of the individual registration biometric samples are stored in a individual re-registration database, which the comparator engine compares an individual's registration biometric samples to, wherein if a match occurs, the authentication system is alerted to the fact that the individual has re-registered with the virtual mobile authentication system.

24. The authentication device of claim 19 further comprising a display means for displaying information to the individual.

25. The authentication device of claim 29 wherein the display means is a LCD screen on a mobile device.

26. The authentication device of claim 25 wherein the display means is a party identification apparatus.

27. The authentication device of claim 19 wherein the execution module is not co-located with the electronic identicator.

28. The authentication device of claim 19 wherein the execution module is operated by a third party and communicates with the electronic identicator via communication lines.

29. The authentication device of claim 19 wherein the execution module consists of communicating with a personal transaction processor.

30. The authentication device of claim 19 wherein the electronic identicator is operated by a third party.