EP1552634A1 - Kryptographisch sichere personenidentifikation - Google Patents

Kryptographisch sichere personenidentifikation

Info

Publication number
EP1552634A1
EP1552634A1 EP03808968A EP03808968A EP1552634A1 EP 1552634 A1 EP1552634 A1 EP 1552634A1 EP 03808968 A EP03808968 A EP 03808968A EP 03808968 A EP03808968 A EP 03808968A EP 1552634 A1 EP1552634 A1 EP 1552634A1
Authority
EP
European Patent Office
Prior art keywords
person
face
recited
computer
distinguishing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP03808968A
Other languages
English (en)
French (fr)
Inventor
Darko Kirovski
Nebojsa Jojic
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of EP1552634A1 publication Critical patent/EP1552634A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This invention generally relates to a technology for facilitating authentication of person identification documents.
  • person identification document (ID) authentication refers to the confirmation that the presented ID is authentic, genuine, legitimate, valid, and/or unadulterated. This may also be called person ID certification. Examples of such personal IDs include immigration documents, passports, and driver's license.
  • person verification refers to the confirmation that the personal information on an ID corresponds to the person presenting the ID.
  • person ID authentication approaches There are many conventional person ID authentication approaches.
  • Sophisticated document production is the most common approach. Other common approaches include biometrics, smart cards, and watermarks.
  • issuing parties such as governments
  • issuing parties have implemented increasingly more sophisticated and presumptively more expensive production techniques.
  • issuing parties are using holograms, watermarks, micro- printing, special print paper and/or chemical coating, etc. Since the production of IDs is more complex, authentication has become correspondingly more complex, unreliable, and most importantly, expensive.
  • Biometrics has been defined as a process of automatically recognizing a person using distinguishing traits.
  • biometric approaches have been proposed via face, speech, fingerprint, handwriting, and/or iris and retina recognition. A survey of these techniques is provided by "The Biometric Consortium" at "http://www.biometrics.org.”
  • a biometric-based person identification system typically includes a human verifier who ensures the identification system is not fooled. This can happen when an adversary shows a realistic size photo of the face of an authorized person to the face detector or plays a voice recording to a speech detector.
  • biometric-based person identification such as retina scan or fingerprint detection
  • retina scan or fingerprint detection can be highly reliable, often they are intimidating (e.g., retina scan) and can be used maliciously to incriminate innocent users (e.g., fingerprint scan).
  • a malicious detector can record a person's fingerprint, create its physical copy, and then, incriminate this person at will. This renders fingerprint detection systems highly undesirable for most person identification scenarios.
  • some biometrics systems are commonly subjected complaints for invasion of privacy. For example, wide-spread face detection points can disclose at any time one's location to a party who gains control over such a system.
  • Smart cards represent a seemingly effective approach to person identification.
  • An advantage of smart cards that is often claimed is its all-digital communication with the authenticator.
  • a simple scenario is having a smart card, which contains a digital photo, personal description data, and a signed hash of this information using the private key of the issuer. Authentication is performed by hashing the photo and the personal description data and then authenticating this hash against the signature using the public key of the issuer. Finally, the authenticator must display the certified digital photo, so that a human can verify that the person being identified is on the photo. Personal IDs are frequently lost or damaged. Replacing a smart card involves purchase of another hardware device in addition to burning this device with the appropriate identification contents. This can be expensive.
  • smart cards may give an impression that they may be used for storing additional information, in particular, private information about the owner (e.g., private keys that are revoked if smart card is lost).
  • private information about the owner e.g., private keys that are revoked if smart card is lost.
  • smart cards cannot be considered a secure storage because it is relatively easy to extract the hidden information even without reverse engineering the smart card.
  • Exemplary attacks that have successfully identified encryption keys have been based on analyzing smart card's I/O behavior via differential power analysis or timing analysis. Thus, it cannot be expected that a smart card stores anything more than the public information about the user, which is in many ways equivalent to a photo ID.
  • Another technique for authenticating content is to hide imperceptible secret information, a watermark, in the digital photo.
  • ID authentication is the fact that in most watermarking systems, the secret hidden in the photo must be present in the authenticator. Hence, a single broken authenticating device renders the entire system broken.
  • Described herein is a technology for facilitating authentication of person identification documents.
  • One implementation, described herein, is a simple, inexpensive, and cryptographically secure personal ID architecture. With this implementation, one may efficiently create and authenticate secure photographic personal identification documents (ID) that thwarts tampering and counterfeiting attempts.
  • ID secure photographic personal identification documents
  • This ID employs a compact, cryptographically signed bar-code that is readable by an ordinary scanner.
  • FIG. 1 is an illustration of an example personal identification that may be employed in accordance with an implementation described herein.
  • Fig. 2 is broad graphical representation of an issuing party issuing a personal identification in accordance with an implementation described herein.
  • Fig. 3 is broad graphical representation of an authentication of a personal identification in accordance with an implementation described herein.
  • Fig. 4 is a functional flow diagram showing an implementation described herein...
  • Fig. 5 is an example of a computing operating environment capable of (wholly or partially) implementing at least one embodiment described herein.
  • An example of an embodiment of a Error! Reference source not found. may be referred to as an exemplary "Face Certification” or an “exemplary FACECERT” for short.
  • the one or more exemplary implementations, described herein, of the present claimed invention may be implemented (in whole or in part) by a FACECERT architecture 400 and/or by a computing environment like that shown in Fig. 5.
  • the exemplary FACECERT is a simple, inexpensive, and cryptographically secure personal ID architecture. With the exemplary FACECERT, one may efficiently create and authenticate secure photographic personal identification documents (ID) that thwarts tampering and counterfeiting attempts. This ID employs a compact, cryptographically signed bar-code that is readable by an ordinary scanner. It provides an efficient, simple, inexpensive, and secure mechanism for authenticating a person's identification using IDs that are difficult to forge, but simply and inexpensively produced.
  • ID secure photographic personal identification documents
  • the authentication system i.e., an "authenticator" of a person's ID must connect to a remote database and retrieve a stored photograph for the comparison with the ID.
  • the exemplary FACECERT does not require sophisticated production, smart cards, biometrics, and/or massive, remote databases.
  • the IDs need not be printed by a trusted or high-end printer (as is typically the case with conventional approaches). Rather, the ID may be printed anywhere, anytime, and potentially by anyone.
  • the exemplary FACECERT is a simple, inexpensive, and cryptographically secure personal ID architecture. Instead of relying on the sophistication of the printing process to impose difficult forging, the exemplary FACECERT relies on public-key cryptography for provable security, while deploying a standard-quality low-cost color printing process.
  • a personal FACECERT ID 100 includes "person- distinguishing data" in a "human-readable” representation and a "computer- readable” representation.
  • the designation of "human-readable” does not exclude the possibility that a computer may read the representation.
  • a computing device does "read” the human-readable representation. Rather, the designation means that it is easily readable by human. Examples of such representations include photographs, images, symbols, and human-language (e.g., English) text.
  • person-distinguishing data includes information that reasonably distinguishes one person from another.
  • person-distinguishing data includes (but is not limited to) the following information about a specific person: one or more images of the person's face, a retina scan of the person, an iris scan of the person, the person's name, the person's social security number, the person's account number, the person's weight, the person's height, the person's hair color, the person's eye color, one or more of the person's fingerprints, information about the person's birthmarks, information about the person's tattoos, the person's personal human statistics, one or more distinguishing traits of that person, and the person's contact information.
  • the human-readable representation includes a human-readable printout of person's portrait photo 110 and any supplemental information 120 (typically, personal information).
  • the computer-readable readable representation includes a device readable 2-D color bar-code 130, which contains a cryptographically signed message.
  • That bar-coded message 130 includes compact versions of both the supplemental information 120 and a representation of the face (of the portrait photo).
  • the message is signed (e.g., using RSA) using the private key of the ID- issuing party (i.e., the issuer).
  • a primary example of an ID-issuer 200 is a department of government.
  • the issuer 200 officially issues the ID 100.
  • the human-readable person-distinguishing data that is certified on a FACECERT ID is both photographic and textual.
  • the photo 110 is a portrait of the owner of the FACECERT ID.
  • the photo may have any suitable resolution. Since the printout on the ID fits certain fixed area, this resolution may be constrained. The resolution needs to great enough to be effectively legible by humans and machine.
  • the supplemental information 120 is any suitable data. It is likely to vary depending on the specific application. As shown in Fig. 1, it will typically be personal statistical information such as name, age, weight, height, weight, eye color, other personal data, etc. This data is printed on the ID 100.
  • the computer-readable person-distinguishing data that is certified on a FACECERT ID is a 2D color bar code (e.g., bar-code 130). Alternatively, it may be a magnetic strip or some other suitable computer-readable medium.
  • the exemplary FACECERT employs a bar-code of about 3Kb that balances these factors.
  • other implementation may employ a bar-code that encodes more or less data.
  • each bin It is desirable for the print area of each bin should be such that scanning the bar-code results in an error that is less than certain desired minimal performance bound. It is realistic to assume that the longer dimension of the bar-code reaches an inch. If each bin is scanned with a 10 10 CCD matrix (1000 dpi 48-bit CCD sensor array is a standard equipment of most low-cost scanners), the data in the bar-code can be detected with high reliability.
  • the exemplary FACECERT compacts an image of a face 112 into only several thousand bits with preserved sharpness of the main facial characteristics.
  • the exemplary FACECERT employs eigenface-based compression methodologies and improved variants of principal component analysis, such bit-rates can be easily achieved even when the component analysis is trained on a small database of images. Loss of an ID can result in a potentially malicious reuse of the ID by an adversary if that adversary is a near-perfect look-a-like. To prevent this unlikely scenario, the ID may contain descriptive information of a certain unique mark of the ID owner.
  • Fig. 3 illustrates an example of FACECERT ID authentication. It is performed by an intelligent scanning device (such as FACECERT authenticator 300). As shown in Fig. 3, the authenticator 300 scans the photo, supplemental info, and bar-code of the ID 100. The authenticator 300 obtains the public key of the ID-issuing party. The key may be stored on-board the authenticator or on a locally connected data storage. Alternatively, the key may be retrievable via a remote (e.g., Internet) connection.
  • a remote e.g., Internet
  • the authenticator 300 scans the bar-code, decodes the cryptographic signature, and then performs signature authentication (e.g., public-key decryption of the decoded data) using the public key of the issuer 200. As a result, the authenticator 300 obtains the message signed with the private key of the issuer.
  • signature authentication e.g., public-key decryption of the decoded data
  • That message includes person-distinguishing data. More specifically, the message contains the supplemental information 120 and a compacted representation of the face 112 in the photo 110.
  • the authenticator scans the textual supplemental information 120 from the ID 100, performs character recognition, and compares the recognized text with the extracted supplemental information.
  • the authenticator 300 scans the photo of the ID 100. It detects the face in the photo and performs a statistical comparison with the de-compacted face extracted from the bar-coded message.
  • the authenticator 300 scans the photo of the ID 100. It detects the face in the photo and performs a statistical comparison with the de-compacted face extracted from the bar-coded message.
  • printed guides 114 on the ID one may achieve accurate scanning alignment, such as rotation and scaling.
  • the authenticator 300 concludes that the ID is authentic. Otherwise, the ID has been either forged or damaged, or an error occurred while scanning the ID. This indication may simply be a chromatic light (e.g., red or green light) and/or an audible tone (e.g., buzzer or beep).
  • a chromatic light e.g., red or green light
  • an audible tone e.g., buzzer or beep
  • the authenticator 300 performs authentication of a specific FACECERTS ID
  • an actual human verifies that the face on the ID corresponds to the person presenting the ID.
  • This human is called, herein, the verification official 305.
  • the human's role with the exemplary FACECERT is verifying that the face on the ID corresponds to the person presenting the ID. This is the same role that human verifiers often perform in typically security or person identification settings.
  • the role of the exemplary FACECERT is to authenticate the ID. It does this by confirming that the information on the ID (including the photo) has not been altered since it was issued by the ID- issuer. Instead of authorizing the ID, the role of the verification official 305 is to verify that the face on the ID (and other person-distinguishing data on the ID) corresponds to the person presenting the ID.
  • the human verifier 305 may confidently rely on the person-distinguishing data (including the photo) on the presented ID. Conversely, with a negative confirmation by the exemplary FACECERT, the human verifier 305 may have probable cause to suspect that the information on the presented ID has been modified.
  • the human verifier 305 may, if desired, have the face from the bar-code displayed on a video screen and double check that everything is in order. This scenario is particularly practical at border crossings, where the immigration officers are already sitting in front of a computer, so their scanning device can send all the information to a computer for display.
  • the exemplary FACECERT employs a public-key infrastructure (PKI) to cryptographically sign the data in the bar-code of the ID. More specifically, it employs RSA public-key cryptography. However, other implementations of the exemplary FACECERT may employ other cryptographically secure mechanism, especially those using private-public key structures.
  • PKI public-key infrastructure
  • each communicating party is assumed to have two keys: a public-key, which is available to everyone and used for signature authentication, and a private-key, which is securely stored with the signature issuer and used to sign messages.
  • the public-private key-pair is created in the following way: • Generate two large and distinct primes p and q .
  • the created key-pair is: private key is d , whereas the public-key is a set of two numbers (n,e) .
  • the public-key crypto-system e.g., the Secure Socket Layer - SSL
  • e 2 16 + 1
  • the authentication procedure shows that for a given message m , signature s has been obtained by signing m using d .
  • the private-key d is not used, rather the corresponding public-key n is typically used to perform the same task as follows:
  • the exemplary FACECERT does not dependant upon a single secret stored in a single protected location. Rather, it employs a secure storage techniques for the master secrets (e.g., private keys). For example, with one technique, the multiple private-public keys are used to chain the signatures (e.g., output of one RSA signing is sent as input to another
  • Each private key may be stored in geographically different but secure locations.
  • each private key is stored in k different locations such that each key can be retrieved only if n out of k (n ⁇ k) collude their information to create the key.
  • secret sharing With this technique, the issuing organization further disperses the pieces of the puzzle that need to be assembled by the adversary to break the system.
  • the secrets may be stored in tamperproof hardware .
  • the exemplary FACECERT may employ other suitable secure storage techniques.
  • Fig. 4 illustrates the functional components and one or more methodological implementations of the FACECERT architecture 400.
  • the top portion 410 of Fig. 4 illustrates the issuance of a FACECERT ID 100 while the lower portion 420 illustrates the authentication of that ID.
  • These one or more methodological implementations may be performed in software, hardware, or a combination thereof
  • the FACECERT ID issuer 200 creates the message m that is signed by RSA.
  • the exemplary FACECERT compacts the face in the photo 110 of the ID 100.
  • This compact face data (e.g., message /) is a succinct, but relatively complete, representation of the specific face in the specific photo 110.
  • n F k *n RSA ,k Z * , where n RSA is the length of an
  • the supplemental information 120 (e.g., textual data) is compressed using any suitable data compression technique.
  • the printed message can be compressed as pure text using LZ77 or semantically with optimal coding
  • the output of the text compression is denoted as a message t with n ⁇ bits.
  • the exemplary FACECERT reads the data from the FACECERT ID with an error-free assumption. Then it either compresses the data or it cryptographically hashs it before combining the digest, as in Equation (1.3). Since the output is always a fixed length, hashing is sometimes desirable over compression.
  • Exemplary hash functions are SHA1 and MD5.
  • operator 230 that encourages each bit of m to be dependent upon at least one bit from both / and t and there exists at least one bit in m which depends upon a given bit of / or t . This helps to increase the number of bits that need to be manipulated in a photo to create a certain message m .
  • An example of such an operator is:
  • m i , f n and t represent the i -th bit of message m , f , and t respectively.
  • message m is signed with the private-key 242 of the issuer of a FACECERT ID.
  • Each n RSA bits of m are signed separately.
  • the resulting signature s is printed as a 2D color bar-code
  • the FACECERT authenticator 300 that the cryptographically signed data in the bar-code corresponds with the supplemental data 120 and the face 112 in the photo 110 of a FACECERT
  • the authenticator 300 initially scans all three printed components of the ID: the photo 110, the supplemental textual information 120, and the bar-code 130. Those are represented by photo scan 310, OCR text scan 320, and bar-code scan
  • the scanned supplemental textual information is also converted into a text-string.
  • This text-string is compressed using the same compression technique (e.g., one based on Equation (0.2)) employed above by component 220. This results in message t v .
  • Generic optical character recognition (OCR) is not required for this
  • the authenticator 300 received the scanned bar-code data. It converts scanned bar-code into a authentication signature s v .
  • the authenticator obtains the issuer's public-key 334. It performs the RSA signature authentication on s v using issuer's public-key and obtains the signed message m v .
  • the authenticator has no direct access to a verifiable copy originally printed signature. Rather, it must authenticate that the authentication signature s v of the presented ID is, indeed, the
  • the ID remains in a pristine and unmodified condition, they will match. Otherwise, there will be no match.
  • message f v is computed from m v and t v .
  • the authenticator 300 applies a de-compaction technique to extract the digital facial-feature data from f v .
  • the authenticator compares the facial-feature data extracted from f v
  • the authenticator 300 reports the results of component 360. If the quantified level of correlation is above a threshold, then it reports that the ID is authentic. Otherwise, it reports that it is invalid.
  • the authenticator may report that the ID is valid, but provide an additional indication (e.g., flashing blue light and quick beeps) that this particular person should be detained. She may be wanted by the authorities as a person of interest, a suspect, an escapee, a criminal, etc.
  • an additional indication e.g., flashing blue light and quick beeps
  • the face authentication task does not involve face recognition in the typical setting of biometrics, but rather a more straightforward task of correlating two equivalent facial structures.
  • the authenticator 300 indicates that the ID is authentic, the human official verifier 305 confidently performs their typical duty of authenticating that the human-readable data (including the photo) on the ID corresponds with the person presenting the ID. If the authenticator 300 indicates that the ID is invalid, it gives the human official verifier 305 reasonable suspicion to investigate further.
  • the data on the ID may be forged and thus, the presenter is an imposter.
  • the data on the ID may be corrupted or simply read incorrectly.
  • a digital representation of the facial features of the face 112 in the photo 110 on the ID 100 is stored in the bar-code 130. If the balances of bar-code reading accuracy and space allowed it, then the entire unabridged photo may be encoded in the bar-code. Since key distinguishing information is found on the face of the person, then the balances of factors may allow for an unabridged portion of the photo that represents the face to be encoded in the bar-code.
  • the digital image 110 of the face is compacted with the exemplary FACECERT. While the image of the face may be compacted using traditional image compression techniques (e.g., JPEG, GIF, etc.), other techniques may be employed to reduce the storage requirements further while maintaining a fair representation of the face.
  • the digital facial-feature data in the bar-code should be a succinct, but reasonably complete, representation of the face in that photo. Unlike biometric face-recognition approaches, the digital facial-feature data does not need to represent the person's face viewed from multiple angles and conditions.
  • the digital facial-feature data on the FACECERT ID need only represent that specific face on that specific photograph. That is because the exemplary FACECERT is authenticating that the face in the photo on the ID matches the face represented by the digital facial-feature data in the bar-code.
  • the digital facial-feature data is indeed a succinct, but reasonably complete, representation of the face in that specific photo, it may be called “face compendium.”
  • This face compendium is “reasonably complete” in the sense that the compendium contains sufficient data to reconstruct an image of the face.
  • the compendium is “reasonably complete” enough so that enough facial-feature data is encoded therein to potentially distinguish the represented face from other similar faces.
  • other implementations may employ bar-codes that encode more or less data, but one implementation, described herein, employs a bar-code of about 3000 bits. This is found to be reasonable compromise of many factors, including (but not limited to) bar-code reading accuracy and space for the bar-code.
  • the exemplary FACECERT employs a compaction technique that identifies the object of interest (e.g., facial structure) and compacts its features, rather than compacting the entire image using standard image compression techniques such as JPEG.
  • the computer vision community has studied various models of faces over the last several years.
  • the exemplary FACECERT does not need to encode the face image to facilitate recognition of the person in differing images, but rather in the very same photograph from which the face code has been extracted.
  • the exemplary FACECERT does not face the difficult issue of over-training that is present in a typical biometric face-recognition application.
  • the exemplary FACECERT employs an efficient facial-features compaction technique. While generic DCT coefficients may be employed, the face images may be compacted better using subspace models learned from a large face database.
  • the problem of subspace learning can be elegantly defined in terms of a generative model that describes joint generation of the subspace coordinates, or factors, y and the image g by linearly combining image components in the so called factor loading matrix ⁇ :
  • constitutes the non-uniform image noise (i.e., the variability not captured in the subspace model).
  • is an n x k matrix used to expand from the k-dimensional subspace into a full n-dimensional one, where n is the number of pixels in the image g -
  • the parameters ⁇ , ⁇ , and ⁇ can be learned by maximizing the likelihood of a set of images g, ,
  • F factor analysis
  • TCA transformed component analysis
  • ⁇ (h,g,y) N(h;Tg, ⁇ )N(g; . + ⁇ y, ⁇ )N(y;0,I). (0.6)
  • the task of authentication performed by the exemplary FACECERT may be viewed as template matching.
  • a likelihood over the windows in the image can be used as a cost instead of the template differences, although even straightforward correlation technique would work.
  • the FACECERT ID is then created as a combination of text, photo and a bar- code containing the encoded face.
  • the bar-code is decoded and the face code, consisting of the factors y , threshold on likelihood (or encoding error) and the window size are decoded from the bar-code using a public key and the face store in the bar-code is compared to the one in the actual photograph in the FACECERT ID.
  • is the scanned n ⁇ -bin bar-code and ⁇ is the maximal likelihood for a
  • RGB: T
  • Bar-code read accuracy can be improved through error detection (e.g., parity check) and error correcting codes (e.g., Reed-Solomon codes), although typically good performance is achieved by printing the T colors at a known location on the ID to enable scanner fine-tuning.
  • error detection e.g., parity check
  • error correcting codes e.g., Reed-Solomon codes
  • Fig. 5 illustrates an example of a suitable computing environment 500 within which an exemplary FaceCert, as described herein, may be implemented (either fully or partially).
  • the computing environment 500 may be utilized in the computer and network architectures described herein.
  • the exemplary computing environment 500 is only one example of a computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the computer and network architectures. Neither should the computing environment 500 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary computing environment 500.
  • the exemplary FaceCert may be implemented with numerous other general purpose or special purpose computing system environments or configurations.
  • Examples of well known computing systems, environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers, server computers, thin clients, thick clients, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • the exemplary FaceCert may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • the exemplary FaceCert may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer storage media including memory storage devices.
  • the computing environment 500 includes a general-purpose computing device in the form of a computer 502.
  • the components of computer 502 may include, by are not limited to, one or more processors or processing units 504, a system memory 506, and a system bus 508 that couples various system components including the processor 504 to the system memory 506.
  • the system bus 508 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures.
  • bus architectures may include an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnects (PCI) bus also known as a Mezzanine bus.
  • Computer 502 typically includes a variety of computer readable media. Such media may be any available media that is accessible by computer 502 and includes both volatile and non- volatile media, removable and non-removable media.
  • the system memory 506 includes computer readable media in the form of volatile memory, such as random access memory (RAM) 510, and/or non- volatile memory, such as read only memory (ROM) 512.
  • RAM random access memory
  • ROM read only memory
  • BIOS basic routines that help to transfer information between elements within computer 502, such as during start-up, is stored in ROM 512.
  • RAM 510 typically contains data and/or program modules that are immediately accessible to and/or presently operated on by the processing unit 504.
  • Computer 502 may also include other removable/non-removable, volatile/non- volatile computer storage media.
  • Fig. 5 illustrates a hard disk drive 516 for reading from and writing to a non-removable, non- volatile magnetic media (not shown), a magnetic disk drive 518 for reading from and writing to a removable, non-volatile magnetic disk 520 (e.g., a "floppy disk"), and an optical disk drive 522 for reading from and/or writing to a removable, nonvolatile optical disk 524 such as a CD-ROM, DVD-ROM, or other optical media.
  • the hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 are each connected to the system bus 508 by one or more data media interfaces 526.
  • the hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 may be connected to the system bus 508 by one or more interfaces (not shown).
  • the disk drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules, and other data for computer 502.
  • a hard disk 516 a removable magnetic disk 520, and a removable optical disk 524
  • other types of computer readable media which may store data that is accessible by a computer, such as magnetic cassettes or other magnetic storage devices, flash memory cards, CD-ROM, digital versatile disks (DVD) or other optical storage, random access memories (RAM), read only memories (ROM), electrically erasable programmable read-only memory (EEPROM), and the like, may also be utilized to implement the exemplary computing system and environment.
  • RAM random access memories
  • ROM read only memories
  • EEPROM electrically erasable programmable read-only memory
  • Any number of program modules may be stored on the hard disk 516, magnetic disk 520, optical disk 524, ROM 512, and/or RAM 510, including by way of example, an operating system 526, one or more application programs 528, other program modules 530, and program data 532.
  • a user may enter commands and information into computer 502 via input devices such as a keyboard 534 and a pointing device 536 (e.g., a "mouse").
  • Other input devices 538 may include a microphone, joystick, game pad, satellite dish, serial port, scanner, and/or the like.
  • input/output interfaces 540 are coupled to the system bus 508, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB).
  • a monitor 542 or other type of display device may also be connected to the system bus 508 via an interface, such as a video adapter 544.
  • other output peripheral devices may include components such as speakers (not shown) and a printer 546 which may be connected to computer 502 via the input/output interfaces 540.
  • Computer 502 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computing device 548.
  • the remote computing device 548 may be a personal computer, portable computer, a server, a router, a network computer, a peer device or other common network node, and the like.
  • the remote computing device 548 is illustrated as a portable computer that may include many or all of the elements and features described herein relative to computer 502.
  • Logical connections between computer 502 and the remote computer 548 are depicted as a local area network (LAN) 550 and a general wide area network (WAN) 552.
  • LAN local area network
  • WAN wide area network
  • Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.
  • the computer 502 When implemented in a LAN networking environment, the computer 502 is connected to a local network 550 via a network interface or adapter 554. When implemented in a WAN networking environment, the computer 502 typically includes a modem 556 or other means for establishing communications over the wide network 552.
  • the modem 556 which may be internal or external to computer 502, may be connected to the system bus 508 via the input/output interfaces 540 or other appropriate mechanisms. It is to be appreciated that the illustrated network connections are exemplary and that other means of establishing communication link(s) between the computers 502 and 548 may be employed.
  • remote application programs 558 reside on a memory device of remote computer 548.
  • application programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computing device 502, and are executed by the data processor(s) of the computer.
  • FaceCert An implementation of an exemplary FaceCert may be described in the general context of computer-executable instructions, such as program modules, executed by one or more computers or other devices.
  • program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
  • functionality of the program modules may be combined or distributed as desired in various embodiments.
  • Fig. 5 illustrates an example of a suitable operating environment 500 in which an exemplary FaceCert may be implemented.
  • the exemplary FaceCert(s) described herein may be implemented (wholly or in part) by any program modules 528-530 and/or operating system 526 in Fig. 5 or a portion thereof.
  • the operating environment is only an example of a suitable operating environment and is not intended to suggest any limitation as to the scope or use of functionality of the exemplary FaceCert(s) described herein.
  • PCs personal computers
  • server computers hand- held or laptop devices
  • multiprocessor systems microprocessor-based systems
  • programmable consumer electronics wireless phones and equipments
  • general- and special-purpose appliances application-specific integrated circuits (ASICs)
  • network PCs minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • ASICs application-specific integrated circuits
  • Computer readable media may be any available media that may be accessed by a computer.
  • Computer readable media may comprise "computer storage media” and "communications media.”
  • Computer storage media include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which may be used to store the desired information and which may be accessed by a computer.
  • Communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as carrier wave or other transport mechanism.
  • Communication media also includes any information delivery media.
  • modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above are also included within the scope of computer readable media. Comparison with Existing Approaches
  • the exemplary FACECERT does not require smart cards or expensive biometric approaches to authenticating a person's identity. It does not rely on the sophistication of ID production to help authenticate a person's identity by reducing the likelihood of counterfeits.
  • issuing parties are using holograms, watermarks, micro- printing, special print paper and/or chemical coating, etc. Since the production of IDs is more complex, authentication has become correspondingly more complex, unreliable, and most importantly, expensive.
  • the exemplary FACECERT With the exemplary FACECERT, these issuing parties can end this escalating cycle of increasingly more expensive and sophisticated production techniques and increasingly more complex, unreliable, and expensive authentication techniques. In contrast to the conventional approaches, the exemplary FACECERT does not rely on the sophistication of ID production to increase the confidence level that the presented ID is not counterfeit.
  • the FACECERT ID does not need to be printed by a trusted or high-end printer. It does not need to be produced using sophisticated production techniques to make it more difficult and expensive for a devious scoundrel to manufacture a counterfeit ID. Rather, the FACECERT ID may be printed anywhere, anytime, and potentially by anyone using basic, inexpensive printers. That is because the exemplary
  • FACECERT relies on the cryptographically signed data in the bar-code to make it more difficult and expensive for an adversary to manufacture a counterfeit ID; rather than rely on the sophistication of production.
  • the Department of Motor Vehicles may, for example, e-mail a driver's license ID (in its digital format) to a customer, who can print it on her own printer creating as many copies as she wants.
  • loss of the ID with the exemplary FACECERT incurs minimal cost to the customer.
  • biometrics With biometrics, a computer may automatically recognize a person using distinguishing traits of that person.
  • biometric-based person identification approaches have been proposed. Some of these include based upon automatic recognition of the distinguishing traits of a person's face, speech, fingerprints, handwriting, and/or iris and retina.
  • biometric-based person identification can be reliable, often they are intimidating (e.g., retina scan) and can be used maliciously to incriminate innocent users (e.g., fingerprint scan).
  • a malicious detector can record a person's fingerprint, create its physical copy, and then, incriminate this person at will. This renders fingerprint detection systems highly undesirable for most person identification scenarios.
  • a biometric-based person identification system typically includes a human verifier who ensures the identification system is not fooled. This can happen when an adversary shows a realistic size photo of the face of an authorized person to the face detector or plays a voice recording to a speech detector.
  • biometric-based approaches are generally considered to be inconvenient, costly, and most importantly, unreliable.
  • a digitally stored image of the person's face must be displayed so that the human verifier can confirm that the face in the image stored on the card corresponds to the face of the presenter of the smart card.
  • the typical display will be a LCD or other flat panel display.
  • the exemplary FACECERT does not need to display any image.
  • an optical scanner e.g., a charge-coupled device (CCD) to scan the photo, supplemental information, and bar-code.
  • CCD charge-coupled device
  • the human verifier confirms that the face of the printed image corresponds to the face of the presenter of the
  • a mass-produced scanner of the authenticator of the exemplary FACECERT should not cost more than US$15, as opposed to a smart card authenticator, which should encompass at least US$50 only for the LCD display. Consequently, the cost of the authenticating infrastructure of the exemplary FACECERT is significantly less than that of a smart-card based approach.
  • personal IDs are frequently lost or damaged. Replacing a FACECERT ID involves only a simple reprint. However, replacing a smart card involves purchase of another hardware device in addition to burning this device with the appropriate identification contents.
  • the data stored on smart cards are not secure. Using various techniques, the data in the smart card can be extracted. More importantly, it can be replaced with new data. This reduces the overall confidence level in the security of smart cards.
  • smart cards may give an impression that they may be used for storing additional information, in particular, private information about the owner (e.g. private keys that are revoked if smart card is lost).

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Collating Specific Patterns (AREA)
  • Image Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Credit Cards Or The Like (AREA)
EP03808968A 2002-10-16 2003-09-04 Kryptographisch sichere personenidentifikation Withdrawn EP1552634A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US27207302A 2002-10-16 2002-10-16
US272073 2002-10-16
PCT/US2003/027614 WO2004036802A1 (en) 2002-10-16 2003-09-04 Cryptographically secure person identification

Publications (1)

Publication Number Publication Date
EP1552634A1 true EP1552634A1 (de) 2005-07-13

Family

ID=32106425

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03808968A Withdrawn EP1552634A1 (de) 2002-10-16 2003-09-04 Kryptographisch sichere personenidentifikation

Country Status (11)

Country Link
EP (1) EP1552634A1 (de)
JP (1) JP2006503374A (de)
KR (1) KR20060074912A (de)
CN (1) CN1682478A (de)
AU (1) AU2003276864B2 (de)
BR (1) BR0314376A (de)
CA (1) CA2497737A1 (de)
MX (1) MXPA05002945A (de)
RU (1) RU2346395C2 (de)
TW (1) TW200408251A (de)
WO (1) WO2004036802A1 (de)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7758422B2 (en) * 2005-04-13 2010-07-20 Microsoft Corporation Hard drive authentication
EP2237519A1 (de) * 2009-03-31 2010-10-06 France Telecom Verfahren und System zur sicheren Verknüpfung von digitalen Benutzerdaten an eine NFC-Anwendung, die auf einem Endgerät läuft
FR2945650B1 (fr) * 2009-05-13 2011-05-06 Groupe Ecoles Telecomm Procede de securisation de documents par application d'un numero d'identification propre et appareil pour l'authentification dudit numero.
TW201211900A (en) * 2010-09-14 2012-03-16 rui-jin Li Method of verifying trueness of object interactively by using colored 2D variable barcode and system thereof
CN102075547B (zh) * 2011-02-18 2014-03-26 天地融科技股份有限公司 动态口令生成方法及装置、认证方法及系统
WO2013100825A1 (ru) * 2011-12-29 2013-07-04 Bilyukin Evgeniy Yakovlevich Кассовый аппарат для системы мобильных платежей
WO2014175780A1 (ru) * 2013-04-24 2014-10-30 Mochkin Aleksandr Gennadyevich Способ и устройство для определения подлинности документов
RU2536367C1 (ru) * 2013-04-24 2014-12-20 Александр Геннадьевич Мочкин Способ определения подлинности документов, денежных знаков, ценных предметов
RU2542886C1 (ru) * 2013-12-30 2015-02-27 Федеральное государственное бюджетное образовательное учреждение высшего профессионального образования "Санкт-Петербургский государственный электротехнический университет "ЛЭТИ" им. В.И. Ульянова (Ленина)" Способ формирования штрихкода по изображениям лиц и устройство для его осуществления
DE102014002207A1 (de) * 2014-02-20 2015-08-20 Friedrich Kisters Verfahren und Vorrichtung zur Identifikation oder Authentifikation einer Person und/oder eines Gegenstandes durch dynamische akustische Sicherheitsinformationen
EP3213258A4 (de) 2014-10-30 2018-10-03 Hewlett-Packard Development Company, L.P. Authentifizierung einer digitalen signatur
US10136310B2 (en) 2015-04-24 2018-11-20 Microsoft Technology Licensing, Llc Secure data transmission
US10210527B2 (en) 2015-06-04 2019-02-19 Chronicled, Inc. Open registry for identity of things including social record feature
CA2988318A1 (en) 2015-06-04 2016-12-08 Chronicled, Inc. Open registry for identity of things
KR20170073342A (ko) 2015-12-18 2017-06-28 에스프린팅솔루션 주식회사 화상형성장치 및 그 화상처리방법
US11107088B2 (en) 2016-05-27 2021-08-31 Chronicled, Inc. Open registry for internet of things
WO2018067974A1 (en) * 2016-10-07 2018-04-12 Chronicled, Inc. Open registry for human identification
WO2018235975A1 (ko) * 2017-06-22 2018-12-27 조민환 단말 장치 및 이의 원격 제어 방법
TWI651626B (zh) * 2017-11-30 2019-02-21 大陸商北京集創北方科技股份有限公司 生物特徵資料加密方法及利用其之資訊處理裝置
WO2020057582A1 (en) 2018-09-20 2020-03-26 Gmkw Technology Wuxi Co., Ltd. A system and method for binding information to a tangible object
JP7112320B2 (ja) * 2018-11-27 2022-08-03 株式会社日立製作所 検証装置及び検証方法
WO2022097982A1 (ko) * 2020-11-06 2022-05-12 주식회사 아이온커뮤니케이션즈 안면인식 기반 전자서명 서비스 제공 방법 및 서버
IT202100030338A1 (it) * 2021-11-30 2023-05-30 Bluenet S R L Verifica documenti tramite confronto immagini con codice di verifica

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2056262T3 (es) * 1989-04-06 1994-10-01 Nestle Sa Una sonda dna para lactobacillus delbrueckii.
US5864622A (en) * 1992-11-20 1999-01-26 Pitney Bowes Inc. Secure identification card and method and apparatus for producing and authenticating same
US5384846A (en) * 1993-04-26 1995-01-24 Pitney Bowes Inc. System and apparatus for controlled production of a secure identification card
US5420924A (en) * 1993-04-26 1995-05-30 Pitney Bowes Inc. Secure identification card and method and apparatus for producing and authenticating same by comparison of a portion of an image to the whole

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2004036802A1 *

Also Published As

Publication number Publication date
AU2003276864A1 (en) 2004-05-04
WO2004036802A1 (en) 2004-04-29
RU2005105948A (ru) 2005-09-20
RU2346395C2 (ru) 2009-02-10
TW200408251A (en) 2004-05-16
BR0314376A (pt) 2005-07-19
MXPA05002945A (es) 2005-05-27
KR20060074912A (ko) 2006-07-03
AU2003276864B2 (en) 2009-06-04
CN1682478A (zh) 2005-10-12
CA2497737A1 (en) 2004-04-29
JP2006503374A (ja) 2006-01-26
AU2003276864A2 (en) 2004-05-04

Similar Documents

Publication Publication Date Title
AU2003276864B2 (en) Cryptographically secure person identification
US9946865B2 (en) Document authentication based on expected wear
US6748533B1 (en) Method and apparatus for protecting the legitimacy of an article
US7656559B2 (en) System and method for generating a signed hardcopy document and authentication thereof
US9729326B2 (en) Document certification and authentication system
US5426700A (en) Method and apparatus for verification of classes of documents
US11431704B2 (en) Method of authentication, server and electronic identity device
EP0612040A2 (de) Verfahren und Vorrichtung zur Kreditkartenechtheitsprüfung
JP2004127297A (ja) 拡張された視認品質を有するバーコード、および、そのシステムおよび方法
JP2003527778A (ja) 電子文書及びその印刷コピーの正当性保護
CN103106413A (zh) 一种签名二维码表示与认证的方法
Komninos et al. Protecting biometric templates with image watermarking techniques
JP2001126046A (ja) Icカード、icカード認証システム、及びその認証方法
EP1280098A1 (de) Elektronische Unterzeichnung von Dokumenten
Paulus et al. Tamper-resistant biometric IDs
KR20070109130A (ko) Id카드와 그 id카드의 인증 시스템 및 방법
Kirovski et al. Cryptographically secure identity certificates
JPH117506A (ja) 電子認証カードシステム
JP2004202766A (ja) 印刷物製造装置、印刷物認証装置、印刷物、印刷物製造方法、印刷物認証方法
Chow et al. Forgery and tamper-proof identification document
JP2003060879A (ja) 文書の電子署名
JP2003060879A5 (de)
Blackledge et al. Covert Encryption and Document Authentication using Texture Coding
JP2002032755A (ja) 本人認証システム、本人認証装置、および、本人認証方法
Khan Securing the Transmission of Biometric Data for Network-based Authentication

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20050407

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1080639

Country of ref document: HK

RIN1 Information on inventor provided before grant (corrected)

Inventor name: JOJIC, NEBOJSA

Inventor name: KIROVSKI, DARKOC/O MICROSOFT CORPORATION

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100401

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1080639

Country of ref document: HK