EP2875467A1 - Systèmes et procédés permettant d'identifier un individu - Google Patents
Systèmes et procédés permettant d'identifier un individuInfo
- Publication number
- EP2875467A1 EP2875467A1 EP13745943.4A EP13745943A EP2875467A1 EP 2875467 A1 EP2875467 A1 EP 2875467A1 EP 13745943 A EP13745943 A EP 13745943A EP 2875467 A1 EP2875467 A1 EP 2875467A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- biometric data
- class
- individualized
- data
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Definitions
- the present application relates to systems and methods using biometric data of an individual for identifying the individual and/or verifying the identity of an individual. These systems and methods are useful for, amongst many applications, more secure identification of high-risk individuals at points of access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, funds, and the like.
- a system for determining an identity of an individual including a processor configured to: retrieve individualized identification information of the individual including an individualized biometric data of at least a first class and an individualized identification hash comprising the individualized biometric data of the first class and the individualized biometric data of the second class; connect to at least one interrogation database comprising a plurality of interrogation biometric data, wherein at least some of the interrogation biometric data arc incomplete; interrogate the at least one interrogation database wherein a method selected from fiizzy extraction and fuzzy matching is used to compare the interrogation database biometric data to either the individualized biometric data of at least a first class or the individualized identification hash; compare each of the plurality of interrogation database identification hashes to the individualized identification hash; and report whether a match of the database identification hash to the individualized identification has been found.
- the individualized biometric data of the at least a first class of the system may further include a third or more class of biometric data selected from the group consisting of a fingerprint scan data, iris scan data, retinal scan data, facial recognition scan data, and body geometry scan data and a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the system may include an identification card including the individualized identification information of the individual.
- the system may further include an enrollment database.
- the system may additionally include at least one interrogation database comprising a plurality of interrogation biometric data.
- a computer readable medium may be included in the system, where the computer readable medium includes computer readable instructions configured to instruct the processor to: retrieve individualized identification information of the individual comprising an individualized biometric data of at least a first class and an individualized identification hash comprising the individualized biometric data of the first class and the individualized biometric data of the second class; connect to the at least one interrogation database; interrogate the at least one interrogation database by instructing the processor to: identify interrogation biometric data of the second class; hash each of the plurality of interrogation biometric data of the second class together with individualized biometric data of the first class to form a plurality of
- interrogation database identification hashes identify interrogation biometric data of the at least first class; use a method selected from fuzzy extraction and fuzzy matching to compare (1) at least one of each of the plurality of interrogation database identification hashes to the individualized identification hash; (2) interrogation biometric data of the at least first class to the individualized biometric data of the at least first class; or (3) a combination of (1) and (2); and report whether a match of the database identification hash to the individualized identification has been found.
- the individualized biometric data of the first class may be stored separately from the individualized identification hash.
- the individualized identification information further may include at least one of the group selected from name, date of birth, physical description, nationality, and immigration status.
- the individualized biometric data of the first class may be a fingerprint data or a retinal scan data.
- the individualized biometric data of the first class may be an iris scan data, facial recognition scan data, or a body geometry scan data.
- the individualized biometric data of the second class may be a DNA data which is selected from the group consisting of a STR profile, a SNP profile, an 1NDEL profile, and an Alu element.
- a class of individualized biometric data is a DNA data
- the DNA biometric data may be present on the
- the individualized identification hash may be a barcode, alphanumerical or a graphical representation.
- the processor may be further configured to: read the first class of individualized biometric data at a point of contact; and confirm the first class of individualized biometric data at the point of contact.
- the processor may be further configured to connect to more than one interrogation database and to interrogate each of the more than one interrogation databases. Additionally, the processor may be further configured to: retrieve an enrollment verification certification; and interrogate an enrollment database to verify the authenticity of the identification card.
- the identification card may further include an enrollment verification certification.
- the system may further include a biometrics acquisition component configured to acquire individualized biometric data of the at least a first and the second class from the individual, where the processor may be further configured to: convert the biometric data of the first class into a digitized individualized biometric data; store a first instance of the digitized individualized biometric data of the first class on the identification card; convert the individualized biometric data of the second class into a digitized individualized biometric data; hash a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and store the individualized identification hash on an identification card.
- the processor may be further configured to: connect to an enrollment database; assign an enrollment verification certification; store the enrollment verification certification on the identification card; and optionally, store the enrollment verification certification in the enrollment database.
- the processor may be further configured to: read the third or more class of individualized biometric data at a point of contact; and optionally, confirm the third class of individualized biometric data at the point of contact.
- the processor may be configured to compare the individualized biometric data of the first class and/or the third or more class of biometric data with at least one interrogation biometric data of the at least one interrogation database.
- an identification card which includes individualized identification information of an individual comprising an individualized biometric data of at least a first class and an individualized identification hash comprising the individualized biometric data of the first class and the individualized biometric data of die second class.
- the identification card may further include an enrollment verification certification.
- the individualized biometric data of at least a first class of the identification card may further include a third or more class of biometric data selected from the group consisting of a fingerprint scan data, iris scan data, retinal scan data, facial recognition scan data, and body geometry scan data and a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the individualized biometric data of the first class may be a fingerprint data or a retinal scan data. In other embodiments of the identification card, the individualized biometric data of the first class may be an iris scan data. In various embodiments of the identification card, the individualized biometric data of the second class may be a DNA data, selected from the group consisting of a STR profile, a SNP profile, an INDEL profile, and an Alu element. In some embodiments, when the individualized biometric data of the second class is a DNA data, then the DNA data may be a STR profile. In various embodiments of the identification card, when a class of individualized biometric data is a DNA data, then the DNA biometric data may be present on the identification card in a hashed form. In some embodiments, the individualized
- identification hash may be formed using a one-way hash.
- the individualized identification information further comprises at least one of the group selected from name, date of birth, physical description, nationality, and immigration status.
- a method of identifying an individual including the steps of: retrieving an individualized identification hash stored on an identification card of the individual where the individualized identification hash may be formed from
- interrogating comprises the steps of: identifying interrogation biometric data of the second class; hashing each of the plurality of interrogation biometric data of the second class together with individualized biometric data of the first class to form a plurality of interrogation database identification hashes; identifying interrogation biometric data of the at least first class; using a method selected from fuzzy extraction and fuzzy matching to compare (1) at least one of each of the plurality of interrogation database identification hashes to the individualized
- the individualized biometric data may further include a third or more class of individualized biometric data selected from the group consisting of a fingerprint scan data, iris scan data, retinal scan data, facial recognition scan data, and body geometry scan data and a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the method may further include the steps of: reading the third class of
- the method may also further include the steps of: reading the first class of individualized biometric data at a point of contact; and confirming the first class of individualized biometric data at the point of contact.
- the individualized biometric data of the first class may be a fingerprint scan data or a retinal scan data. In other embodiments of the method, the individualized biometric data of the first class may be an iris scan data. In various embodiments of the method, the individualized biometric data of the second class may be a DNA data. In some embodiments, when the individualized biometric data of the second class is a DNA data, then the DNA data may be a STR profile. In various embodiments of the invention, when a class of individualized biometric data is a DNA data, then the DNA individualized biometric data may be present on the identification card in a hashed form. In some embodiments of the method, the hash may be a one way hash.
- the method may further include the steps of: retrieving an enrollment verification certification from the identification card; accessing an enrollment database; and determining whether the enrollment verification certification is valid.
- the method may also further include the steps of: retrieving individualized biometric data of the first class or of the third or more class; accessing at least one interrogation database comprising a plurality of interrogation biometric data of the first class or of the third or more class; comparing each of the plurality of interrogation database biometric data to the individualized biometric data; and reporting a match of the database biometric data to the individualized biometric data.
- a system for determining an identity of a person including an identification card which includes individualized identification information containing individualized biometric data of at least a first class and individualized biometric data of a second class, wherein the individualized biometric data of the first class and the individualized biometric data of the second class are hashed together to form a individualized identification hash; and a processor configured to: a) connect to at least one interrogation database comprising a plurality of interrogation biometric data of the second class wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier; b)interrogate the at least one
- each of the plurality of interrogation biometric data of the second class is hashed together with individualized biometric data of the first class to form a plurality of interrogation database identification hashes; c) compare each of the plurality of interrogation database identification hashes to the individualized identification hash; and d) report a match of the database identification hash to the individualized identification hash.
- the plurality of interrogation biometric data of the second class has at least one interrogation biometric data of the second class without a personal name associated with the data.
- the identification card of the system may also include the individualized biometric data of the first class stored separately from the individualized identification hash.
- the identification card may further include individualized identification information containing at least one of the group selected from name, date of birth, physical description, nationality, and immigration status.
- the individualized biometric data of the first class may be a fingerprint data or a retinal scan data.
- the individualized biometric data of the second class may be a DNA data.
- the DNA data may be a SNP profile.
- the DNA data may be an INDEL profile.
- the DNA data may be a polymorphic DNA sequence configured to be used for human identification.
- the individualized biometric data further includes a third class of individualized biometric data.
- the third class of individualized biometric data when the first class of individualized biometric data is a fingerprint data, then the third class of individualized biometric data may be a retinal scan data; or when the first class of individualized biometric data is a retinal scan data, then the third class of individualized biometric data may be a fingerprint data.
- the individualized biometric data of the first class may be a retinal scan data.
- the individualized biometric data of the first class is a retinal scan data
- the individualized biometric data of the second class may be a fingerprint data.
- the third class of individualized biometric data may be a DNA data.
- the DNA data may be a STR profile.
- the system may provide an identification card wherein when a class of individualized biometric data is a DNA data, then the DNA individualized biometric data is present on the identification card in a hashed form.
- the DNA individualized biometric data present as a hashed form may be a one way hash.
- the system may provide an identification card, where the first instance of the individualized biometric data of the first class is hashed in an invertible form prior to storage on the card.
- the individualized identification hash stored on the identification card is a graphical representation.
- the individualized identification hash graphical representation on the identification card may be a barcode.
- the individualized identification hash is an alphanumeric representation.
- the system may also provide an identification card, wherein the identification card includes an enrollment verification certification.
- the processor provided by the system may be further configured to issue a report to one or more agencies when a match when a match of the database identification hash to the individualized identification hash is identified.
- the processor may be further configured to notify a security agent when a match is the database identification hash to the individualized identification hash is identified.
- the processor is further configured to deny a request by the individual for access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds, when a match of the database identification hash to the individualized identification hash is identified.
- the processor is configured to connect to more than one interrogation database and to interrogate each of the more than one interrogation databases.
- the processor may be further configured to: a) read the first class of individualized biomctric data at a point of contact; and b) confirm the first class of individualized biometric data at the point of contact.
- the processor is further configured to read at least one of the first or second class of individualized biometric data at the point of contact; and confirm the least one of the first or second class of individualized biometric data at the point of contact.
- the processor is further configured to read the third class of individualized biometric data at the point of contact; and confirm the third class of individualized biometric data at the point of contact.
- the processor is further configured to retrieve an enrollment verification certification from the identification card; and interrogate an enrollment database to verify the authenticity of the identification card.
- the system may further includes a) a biometrics acquisition component configured to acquire individualized biometric data of at least a first and a second class from the individual; and b) a processor configured to i) convert the individualized biometric data of the first class into a digital electronic format; ii) store a first instance of the digitized individualized biometric data of the first class on the identification card; iii) convert the individualized biometric data of the second class into a digital electronic format; iv) hash a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and v) store the individualized identification hash on the identification card.
- the processor may be further configured to a) connect to an enrollment database; b) assign an enrollment verification certification; and c) store the enrollment verification certification on the identification card. Additionally, the processor may be further configured to store the enrollment verification certification in the enrollment database. In yet other embodiments, the processor may be further configured to a) store the individualized identification hash in the enrollment database; and b) associate the individual identification hash with the enrollment verification certification in the enrollment database.
- the processor may be further configured to a) store a second instance of the digitized biometric data of the first class in the enrollment database; and b) associate the second instance of the digitized individualized biometric data of the first class with the enrollment verification certification in the enrollment database.
- the system also includes at least one interrogation database. In other embodiments, the system includes an enrollment database.
- an identification card configured to operate in the system for determining an identity of a person.
- the identification card may include individualized biometric data of at least a first class and individualized biometric data of a second class, where the individualized biometric data of the first class and the individualized biometric data of the second class may be hashed together to form an individualized identification hash.
- the individualized identification hash may be formed using a one-way hash.
- the identification card may include the individualized biometric data of the first class stored separately from the individualized identification hash.
- the identification card may include individualized biometric data of the first class stored as an invertible hash.
- the identification card may further include
- individualized identification information including at least one of the group selected from name, date of birth, physical description, nationality, and immigration status.
- identification card may include individualized biometric data of the first class including a fingerprint data or a retinal scan data.
- the identification card may include individualized biometric data of the second class including a DNA data.
- the individualized biometric data of the second class may be a STR profile.
- the individualized biometric data of the second class may be a SNP profile.
- the individualized biometric data of the second class may be an INDEL profile.
- An identification card is provided that may also include individualized biometric data including a third class of individualized biometric data. In some embodiments, when the first class of individualized biometric data is a fingerprint data, then the third class of
- the individualized biometric data is a retinal scan data; or when the first class of individualized biometric data is a retinal scan data, then the third class of individualized biometric data is a fingerprint data.
- the individualized biometric data of the first class may include a retinal scan data.
- the individualized biometric data of the second class may include a fingerprint data.
- the individualized biometric data of the third class may include a DNA data.
- the individualized biometric data of the third class may include a STR profile.
- an identification card is provided where when a class of individualized biometric data is a DNA data, then the DNA biometric data is present on the identification card in a hashed form.
- the hash is a one way hash.
- the identification card includes more than three classes of individualized biometric data, which may include
- a method of producing the identification card configured to operate in the system for determining an identity of a person, which may include a) acquiring individualized biometric data of at least a first and a second class from the individual; b) converting the individualized biometric data of the first class into a digital electronic format; c) storing a firsl instance of the digitized individualized biometric data of the first class on the identification card; d) converting the individualized biometric data of the second class into a digital electronic format; e) hashing a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and f) storing the individualized identification hash on the identification card.
- the first instance of the individualized biometric data of the first class may be hashed in an invertible form prior to storage on the card.
- the individualized identification hash may be a one way hash.
- more than two classes of individualized biometric data may be acquired, converted to digital electronic formats, and stored on the identification card.
- an enrollment verification certification may be stored on the identification card.
- a method of identifying an individual including a) retrieving a individualized identification hash stored on an identification card of the individual wherein the individualized identification hash is formed from individualized biometric data of a first class and individualized biometric data of a second class; b) retrieving a individualized biometric data of the first class stored on the identification card; c) accessing at least one interrogation database comprising a plurality of interrogation biometric data of the second class wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier, d) hashing each of the plurality of interrogation biometric data of the second class together with individualized biometric data of the first class to form a plurality of interrogation database identification hashes; comparing each of the plurality of interrogation database identification hashes to the individualized identification hash; and e)reporting a match of the database identification hash to the individualized identification hash.
- the method may include the step of notifying a security agency when a match is identified.
- the processor when a match is identified between the database identification hash and the individualized identification hash, the processor may be further configured to deny a request by the individual for access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds.
- the at least one interrogation database may be more than one interrogation database, and the method may include the step of interrogating each of the more than one interrogation databases. In some of the embodiments, the more than one
- the method may include the steps of a) reading the first class of individualized biometric data at a point of contact; and b) confirming the first class of individualized biometric data at the point of contact. In other embodiments, the method may include the steps of a) reading at least one of the first or second class of individualized biometric data at the point of contact; and b) confirming the at least one of the first or second class of individualized biometric data at the point of contact.
- the step of confirming the at least one of the first or second class of individualized biometric data at the point of contact may include a) acquiring at least one of the first or second class of individualized biometric data; and b) matching the at least one of the individualized biometric data retrieved from the identification card. In some embodiments, when the at least one of the first or second class of
- the individualized biometric data acquired at the point of contact does not match the at least one of the individualized biometric data retrieved from the identification card, then a security agency may be notified.
- the plurality of interrogation biometric data of the second class has at least one interrogation biometric data of the second class without a personal name associated with the data.
- the individualized biometric data acquired at the point of contact does not match the at least one of the individualized biometric data retrieved from the identification card, then a security agency may be notified.
- the plurality of interrogation biometric data of the second class has at least one interrogation biometric data of the second class without a personal name associated with the data.
- the individualized biometric data acquired at the point of contact does not match the at least one of the individualized biometric data retrieved from the identification card, then a security agency may be notified.
- the plurality of interrogation biometric data of the second class has at least one interrogation biometric data of the second class without a personal name associated with the data.
- identification information stored on the identification card may further include at least one of the group selected from name, nationality, and immigration status.
- the individualized biometric data of the first class stored on the identification card may be a fingerprint data or a retinal scan data.
- the individualized biometric data of the second c lass may be a DN A data.
- the DNA data may be a STR profile.
- when a class of individualized biometric data is a DNA data then the DNA biometric data may be present on the identification card in a hashed form. In other embodiments, when the DNA biometric data is present on the identification card in a hashed form, it is a one way hash.
- the individualized biometric data of the first class may be a retinal scan data. In some embodiments, wherein the individualized biometric data of the first class is a retinal scan data, the individualized biometric data of the second class may be a fingerprint data. In some embodiments, the individualized biometric data may include a third class of individualized biometric data, wherein the third class of biometric data may be a DNA data. In some embodiments, the DNA data is a STR profile. The method according to the invention may also provide wherein the individualized biometric data may further include a third class of individualized biometric data.
- the individualized biometric data when the individualized biometric data includes three classes of individualized biometric data, when the first class of individualized biometric data is a fingerprint data, then the third class of individualized biometric data may be a retinal scan data; or when the first class of individualized biometric data is a retinal scan data, then the third class of individualized biometric data may be a fingerprint data.
- the processor may be further configured to a) read the third class of individualized biometric data at the point of contact; and b) confirm the third class of individualized biometric data at the point of contact
- the step of accessing at least one interrogation database comprising a plurality of interrogation biometric data of the second class may include determining whether a presentation order of each of the plurality of interrogation biometric data of the second class is the same as a presentation order of the individualized biometric data of the second class.
- the presentation order of each of the plurality of interrogation biometric data of the second class may be reordered to be the same as the presentation order of the individualized biometric data of the second class.
- the method according to the invention may also include the steps of a) retrieving an enrollment verification certification from the identification card; b) accessing an enrollment database; and c) determining whether the enrollment verification certification is valid.
- a security agency may be notified when the enrollment verification certification is determined not to be valid.
- a method of enrolling an individual in a system for identification including the steps of a) acquiring individualized biometric data of at least a first and a second class from the individual; b) converting the individualized biometric data of the first class into a digital electronic format; c) storing a first instance of the digitized individualized biometric data of the first class on an identification card; d) converting the individualized biometric data of the second class into a digital electronic format; e) hashing a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and f) storing the individualized identification hash on the identification card.
- the first instance of the individualized biometric data of the first class may be hashed in an invertible form prior to storage on the card.
- the individualized identification hash may be a one way hash.
- more than two classes of individualized biometric data may be acquired, converted to digital electronic formats, and stored on the identification card.
- the method may include the step of storing an enrollment verification certification on the identification card.
- tbere is provided a computer readable medium including computer readable instructions, which, when executed by a computer in communication with an identification card including an individualized biometric data of a first class and an individualized identification hash formed from the individualized biometric data of the first class and an individualized biometric data of a second class, is configured to a) connect with at least one interrogation database comprising a plurality of interrogation biometric data of the second class wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier; b) interrogate the at least one interrogation database wherein each of the plurality of interrogation biometric data of the second class is hashed together with the individualized biometric data of the first class to form a plurality of interrogation database identification hashes; c) compare each of the plurality of interrogation database identification hashes to the individualized identification hash; and d) report a match of the database identification hash
- the computer is instructed to notify a security agent when a match of the database identification hash to the individualized identification hash is identified. In some embodiments, the computer is instructed to deny a request by the individual for access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, and/or funds, when a match of the database identification hash to the individualized identification hash is identified.
- the plurality of interrogation biometric data of the second class may have at least one interrogation biometric data of the second class without a personal name associated with the data.
- the at least one interrogation database is more than one interrogation database, and the method may include the step of interrogating each of the more than one interrogation databases.
- the more than one interrogation databases have different classes of biometric data.
- the step of interrogating at least one interrogation database including a plurality of interrogation biometric data of the second class may include instructing the computer to determine whether a presentation order of each of the plurality of interrogation biometric data of the second class is the same as a presentation order of the individualized biometric data of the second class.
- the computer may be instructed to reorder the presentation order of each of the plurality of interrogation biometric data of the second class to be the same as the presentation order of the individualized biometric data of the second class.
- the computer may be configured to a) read the first class of individualized biometric data at a point of contact; and b) confirm the first class of individualized biometric data at the point of contact.
- individualized identification information stored on the identification card may include at least one of the group selected from name, nationality, and immigration status.
- the individualized biometric data of the first class may be a fingerprint data or a retinal scan data.
- the individualized biometric data of the second class may be a DNA data.
- the DNA individualized biometric data may be present on the identification card in a hashed form.
- the hash is a one way hash.
- the individualized biometric data of the second class may be a STR profile.
- the individualized biometric data of the first class may be a retinal scan data.
- the individualized biometric data of the second class is a fingerprint data.
- the individualized biometric data may include a third class of indi vidualized biometric data.
- the third class of individualized biometric data may be a DNA data. In some embodiments, the third class of individualized biometric data may be a STR profile. In some embodiments of the computer readable medium when the individualized biometric data includes a third class of biometric data, when the first class of individualized biometric data is a fingerprint data, then the third class of individualized biometric data may be a retinal scan data; or when the first class of individualized biometric data is a retinal scan data, then the third class of individualized biometric data may be a fingerprint data.
- the computer when the individualized biometric data includes a third class of individualized biometric data, the computer may be further instructed to a) read the third class of individualized biometric data at the point of contact; and b) confirm the third class of individualized biometric data at the point of contact.
- the computer readable medium of the invention may further instruct the computer to a) retrieve an enrollment verification certification stored on the identification card; and b) interrogate an enrollment database to determine whether the enrollment verification certification is valid.
- the computer readable medium of the invention may further instruct the computer to a) read at least one of the first or second class of individualized biometric data at the point of contact; and b) confirm the least one of the first or second class of individualized biometric data at the point of contact.
- an identification card configured to operate with a computer readable medium including computer readable instructions, which, when executed by a computer in
- an identification card including an individualized biometric data of a first class and an individualized identification hash formed from the individualized biometric data of the first class and an individualized biometric data of a second class
- an identification card including an individualized biometric data of a first class and an individualized identification hash formed from the individualized biometric data of the first class and an individualized biometric data of a second class
- a computer readable medium including computer readable instructions, which when executed by a computer in communication with a biometrics acquisition component, is configured to a) acquire individualized biometric data of at least a first and a second class from an individual; b) convert the individualized biometric data of the first class into a digital electronic format; c) store a first instance of the digitized individualized biometric data of the first class on an identification card; d) convert the individualized biometric data of the second class into a digital electronic format; e) hash a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and f) store the individualized identification hash on the identification card.
- the computer may be instructed to hash the first instance of the individualized biometric data of the first class in an invertible form prior to storage on the card.
- the individualized identification hash is a one-way hash.
- the computer may be instructed to acquire more than two classes of individualized biometric data, convert the two classes of individualized biometric data to digital electronic formats, and store the two classes of digitized individualized biometric data on the identification card.
- the computer readable medium is further configured to instruct the computer to assign an enrollment verification certification and store the enrollment verification certification on the identification card.
- a computer readable medium including computer readable instructions, which, when executed by a computer in communication with an identification card including an individualized biometric data of a first class and an individualized identification hash formed from the individualized biometric data of the first class and an individualized biometric data of a second class, is configured to a) connect with at least one interrogation database comprising a plurality of interrogation biometric data of the second class wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier; b) interrogate the at least one interrogation database wherein each of the plurality of interrogation biometric data of the second class is hashed together with the individualized biometric data of the first class to form a plurality of interrogation database identification hashes; c) compare each of the plurality of interrogation database identification hashes to the individualized identification hash; and d) report a match of the database identification hash to the
- an identification card configured to operate with a computer readable medium including computer readable instructions, which when executed by a computer in
- a biometrics acquisition component configured to a) acquire individualized biometric data of at least a first and a second class from an individual; b) convert the individualized biometric data of the first class into a digital electronic format; c) store a first instance of the digitized individualized biometric data of the first class on an identification card; d) convert the individualized biometric data of the second class into a digital electronic format; e) hash a second instance of the digitized individualized biometric data of the first class with the digitized individualized biometric data of the second class to form an individualized identification hash; and f) store the individualized identification hash on the identification card.
- the individualized identification hash may be formed using a one-way hash.
- the identification card may include the individualized biometric data of the first class stored separately from the individualized identification hash.
- the individualized biometric data of the first class may be stored as an invertible hash.
- the individualized identification information of the identification card may include at least one of the group selected from name, date of birth, physical description, nationality, and immigration status.
- the individualized biometric data of the first class may be a fingerprint data or a retina] scan data.
- individualized biometric data of the second class stored on the identification card may be a DNA data.
- the DNA individualized biometric data when a class of individualized biometric data is a DNA data, then the DNA individualized biometric data may be present on the identification card in an encrypted/encoded/hashed form.
- the hash is a one way hash.
- the DNA individualized biometric data of the second class may be a STR profile.
- the DNA individualized biometric data of the second class may be a SNP profile.
- the DNA individualized biometric data of the second class may be an INDEL profile.
- the individualized biometric data of the first class may be a retinal scan data.
- the individualized biometric data of the second class may be a fingerprint data.
- the identification card may include a third class of individualized biometric data, wherein the third class of individualized biometric data is a DNA data.
- the DNA data when the third class of individualized biometric data is a DNA data, the DNA data may be a STR profile.
- the individualized biometric data stored on the identification card may include a third class of biometric data.
- the identification card when three classes of individualized biometric data are stored on the identification card, when the first class of individualized biometric data is a fingerprint data, then the third class of individualized biometric data may be a retinal scan data; or when the first class of individualized biometric data is a retinal scan data, then the third class of individualized biometric data may be a fingerprint data.
- the identification card may include an enrollment verification certification.
- FIG. 1 is a schematic representation of one embodiment of the identification system of the present invention.
- FIG. 2A is a schematic representation of an embodiment of the identification system of the present invention.
- FIG. 2B is a schematic representation of an embodiment of the identification system of the present invention.
- FIG.3 is a schematic representation of an embodiment of an Enrollment component of the present invention depicting enrollment.
- FIG. 4A is a schematic representation of an embodiment of the database interrogation of the present invention.
- FIG.4B is a schematic representation of an embodiment of the database interrogation of the present invention.
- FIG.5A is a schematic representation of an embodiment of the verification component of the present invention.
- FIG. SB is a schematic representation of an embodiment of the verification component of the present invention.
- FIG. 6A is a schematic representation of an embodiment of an enrollment method according to the present invention.
- FIG. 6B is a schematic representation of an embodiment of an enrollment method according to the present invention.
- FIG. 7A is a schematic representation of an embodiment of another enrollment method according to the present invention.
- FIG. 7B is a schematic representation of an embodiment of another enrollment method according to the present invention.
- Access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, funds, and the like may include an entity such as a sovereign nation; restricted zone; an executive board; committee or governance body; private or public institution with controlled access, to name a few non- limiting examples.
- Information as used in this context refers to information which may have security, privacy or distribution controls placed upon it.
- Transport as referred to in this context, includes but is not limited to air, rail, automobile, or marine transportation modes.
- “Security organization” as referred to in this context refers to an intelligence community, an intelligence organization, and other threat sensitive organizations, both governmental and nongovernmental.
- "Law enforcement organization” as referred to in this context refers to local, state, federal, military or international police or investigative force. Access to law enforcement organization can include gaining authorized status as an employee or consultant. Access to law enforcement organization can also include detainee processing or arraignment testing as individuals suspected of being high risk are processed into a law enforcement or security organization.
- Transaction as referred to in this context, includes but is not limited to financial transactions, including but not limited to banking, purchase of airline tickets, exercise of voting franchise, and purchase of controlled access materials including firearms, alcohol, and medications.
- “Services” as referred to in this context includes but is not limited to banking services, healthcare services, governmental benefit services, and the like.
- Authorized status as referred to in this context, includes but is not limited to a high security position within intelligence, security, law enforcement, and other threat sensitive
- Biometric data refers to data related to physiological aspects of an individual and may include skin recognition, including but not limited to fingerprints and palmprints; body geometry features, including but not limited to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; signatures; blood typing; nucleic acid profiles, including deoxyribonucleotide (DNA) profiles and ribonucleic acid (RNA) profiles; protein assays; infrared identification, including but not limited to face, hand, and handvein; and the like. One or more of these may be used in any combination.
- biometric data may include gait recognition, which may be used alone or in any combination with other biometric data.
- DNA data include but are not limited to Short Tandem Repeat (STR); Single Nucleotide polymorphism (SNP); Insert and Deletion (INDEL) sequences; Alu elements and other non-STR repeat sequences.
- the DNA data is any polymorphic DNA sequence that can be used for human identification.
- STR profile Common sets of short tandem repeat (STR) markers or "core loci" permits equivalent genetic information to be shared and compared. These core STR loci occur in between genes where a high degree of variability is tolerated and are thus not directly responsible for physical traits or genetic diseases. The "core loci" are often used in human identity testing such as parentage testing and missing persons and mass disaster
- STR loci that may be tested include one of more of the following loci: DYS456, DYS389I, DSY390, DYS 389II, DYS458, DYS19, DSY385, DYS393, DYS391, DYS439, DYs635, DYS392, Y_GATA_H4, DYS437, DYS438.
- STR profile DYS627, D2ISI, PentaE, and Penta D.
- kits may be used to generate a STR profile from a biological sample, including but not limited to AmpFLSTR® kits (including any of Identifier®,
- SNP profile Single nucleotide variants in a DNA sequence may be in coding, non coding or intergenic regions of genes, differing between members of a biological species or between paired chromosomes of an individual. Some SNP sequences may be related to phenotypic characteristics of an individual. This data may be of particular use if attempting to interrogate data where there is incomplete personal information for a biometric data set.
- Insertion and deletion sequences include the following types of insertion/deletions: insertions or deletions of single base pairs; expansions by only one base pair (monomelic base pair expansions); multi-base pair expansions of about 2 to about 15 repeats; transposon insertions (insertions of mobile elements); and random DNA sequence insertions or deletions.
- Alu elements are mobile and repetitive elements in the human genome. Alu elements are generally about 300 bp and are considered as a short interspersed element (SINE) within the broad class of repetitive DNA elements. Derived from the small cytoplasmic 7SL RNA, these inserted elements are interspersed throughout the genome. About 7, 000 Alu elements are unique to humans, and some may result in disease. Alu elements are useful in human identification as Alu element insertion events have
- Biometric Acquisition There are numerous vendors of biometric acquisition instrumentation that may be used for the enrollment, verification and authentication aspects of the identification system and methods of the invention. Vendors include but are not limited to Biometric Information Management, Biometric4all, Cogent Systems, Inc., CrossMatch Technologies, Inc., Dataworks Plus, First Advantage, Fulcrum Biometrics LLC, Futronic Technology Co. Ltd., Identix Incorporated, innovative Biometric Systems., Logitech, Morphotrak Biometric Solutions, NEC, Sagcm, Telos ID, and the like.
- Biometric Digitization A wide variety of conversion algorithms to provide a digitized representation of each type of biometric data is possible. Many of the biometric acquisition vendors include software development kits (SDKs) with instrumentation and other SDKs may be available from sources other than the instrumentation manufacturer.
- SDKs software development kits
- a non-limiting example of fingerprint acquisition and digitization may utilize a fingerprint scanner such as are provided by Futronic Technology Co. Ltd and one possible fingerprint extraction SDK is Verifinger SDK 6.4 from Neurotechnology, where the SDK includes Source Code, Documentation, and Demo Applications.
- the digitized fingerprint scan data conforms to the ANSI/NIST digitization standard.
- the digitization may also conform to the FBI/AFIS standards.
- Iris scanning and digitization includes but is not limited to an 1 SCANTM 2, a dual iris capture scanner from Crossmatch Technologies, which includes SDK software to enable image finding and stabilization, pupil segmentation and produces an iris image meeting format specifications of the ANSI INCITS 379-2004 and ISO/LEC 19794-6 standards.
- Facial recognition scanning may be accomplished by a number of devices including but not limited to QuickCam Orbit AF from Logitech. Either the iris scan data or the facial recognition scan data may be extracted using Verifinger SDK 6.4 from Neurotechnology.
- Hashed refers to data transformation which converts variable sized data to another representation.
- Hashing refers to data transformation which converts variable sized data to another representation.
- “Hash” as used herein includes usage as both verb and noun forms.
- a hash can be the representation resulting from the data transformation.
- the representation may be of fixed data size, same data size, different data size or variable data size.
- the representation may be of the same data type or another data type, including but not limited to numerical, alphabetical, graphical, or audio.
- the graphical representation may be pictorial or schematic, including but not limited to a barcode representation.
- the representation may be encrypted.
- the encrypted representation may be invertible with or without a key, or the encrypted representation may be encrypted one-way.
- the hashing produces the same end value for a given input data every time the hash is produced.
- the hashing also provides unique values for unique input, thus providing uniform distribution of the hash values within a potential range, and preventing differing input biometric data from mapping to the same hash value.
- One of skill can determine other data manipulation that may be useful for storage of the hash values as enrollment databases enlarge.
- Some useful cryptographic hash functions include BLAKE-256, BLAKE- 512, ECOH, FSB, GOST, Gr ⁇ stl, HAS-160, HAVAL, JH, Keccak, MD2, MD4, MD5, MD6, RadioGatun, RIPEMD-64, RIPEMD-160, RIPEMD-320, SHA-0, SHA-I, SHA-224, SHA- 256, SHA-384, SHA-512, Skein, Snefru, Spectral Hash, SWIFFT, Tiger, and Whirlpool.
- HMAC Hash- based Message Authentication Code
- H( . ) is a cryptographic hash function
- K is a secret key, for example, padded to the right with extra zeros to the input block size of the hash function, or the hash of the original key if it is longer than that block size;
- m is the message to be authenticated
- opad is the outer padding (0x5c5c5c..5c5c, one-block-long hexadecimal constant) ;
- ipad is the inner padding (0x363636...3636, one-block-long hexadecimal constant);
- the cryptographic strength of the HMAC depends upon the size of the secret key that is used. The most common attack against HMACs is brute force to uncover the secret key. HMACs are substantially less affected by independent values mapping to the same hash values, i.e. collisions, than their underlying hashing algorithms alone. Therefore, HMAC-MD5 does not suffer from the same weaknesses that have been found in MD5, for example.
- Hashing methods allowing some degree of dissimilarity while still finding identity between two substantially similar files are widely available and are often referred to as fuzzy hash functions.
- Context triggered piecewise hashing is one method of matching not quite identical sets of bits of information.
- An example of such a method combines a rolling hash with a piecewise hash, as devised by Kornblum (Kornblum, Digital Investigation 3S (2006), pp S91-S97).
- Other fuzzy hashing tools include ssdeep and deeptoad.
- fuzzy hash algorithms are disclosed in U.S. Patent Application Publications 2011/0093426 and 2011/0067108 (Hoglund), for classifying data objects including DNA sequences.
- hashing methods are used that allow a predetermined degree of dissimilarity when comparing two hashes for identity. Even a small change, for example, in orientation of a fingerprint scan, may provide a digitized form that yields a different hash from a different fingerprint scan taken from the same finger at a different time, location or after a degree of physiological modification. These hashing methods can be useful when differences in the source or target biometric data do not provide an exact match but do possess a degree of similarity high enough for a positive identification. Therefore, the processor may be instructed to not require perfect identity to signal a match.
- DNA profiles may also demonstrate some dissimilarity upon hashing, but still be capable of being detected by the processor as representing a reasonable match. Allowing some degree of dissimilarity while still determining that a match has been identified, can initiate a further inquiry into the identity of the individual presenting the identification card.
- 'Identification card includes but is not limited to documents, magnetic disks, magnetically encoded cards, credit cards, bank cards, phone cards, stored value cards, prepaid cards, smart cards (e.g., cards that include one more semiconductor chips, such as memory devices, microprocessors, and microcontrollers), contact cards, contactless cards, proximity cards (e.g., radio frequency (RFID) cards), passports, driver's licenses, network access cards, employee badges, debit cards, security cards, visas, immigration documentation, national ID cards, citizenship cards, social security cards, security badges, certificates, including but not limited to explosives certification, hazardous chemical transport, radioactive materials handing and/or transport), voter registration and/or
- RFID radio frequency
- identification cards police ID cards, border crossing cards, security clearance badges and cards, legal instruments, gun permits, badges, gift certificates or cards, membership cards or badges, and tags.
- the identification card may alternatively be incorporated into another device such as a cell phone, pager, wrist watch, computer, thumb drive, tablet device (e.g., iPadTM or ), personal digital assistant such as a BlackberryTM, key fob, or other commonly available electronic device.
- Such cards can include technology to prevent counterfeiting such as incorporation of holograms, fluorescent inks, quantum dots, or other techniques.
- an identification card may also include a near field communication (NFC) card.
- NFC near field communication
- the identification card may have the physical form of a card or may be an electronic representation.
- the card when it is an electronic representation, does not have to have a physical form separate from the device carrying the information comprising the identification card as described in the following sections.
- the identification card When the identification card is an electronic representation, it may be accessed by a password or other electronic entry permission granting procedure.
- Biometric data has been used to verify an individual's identity, including systems where an individual is previously enrolled by submitting biometric data for incorporation into a central database, for comparison, upon presentation of an identification card issued therefrom at a later date, to validate that individual's identity as that of the enrolled individual.
- This process falls short of identifying persons, who may be known to other organizations as individuals previously implicated in violence or terrorism.
- Simple comparison of the biometric data incorporated in the identification card to the database does not prevent the use of stolen or faked biometric data combined with true personal identification such as a photograph as there is no real time crosscheck of the match between the person presenting the card and the information incorporated in the identification card.
- biometric data are useful personal identifiers, it is also desirable to prevent unauthorized access or theft of such data. Unlike passwords and the like, individualized biometric data cannot be revoked and reissued after a breach of security.
- the hashing process may be inverted to retrieve the untrans formed data.
- the first class of individualized biometric data is also stored separately on the card.
- the first class of individualized biometric data may be stored in an invertible form.
- the first class of individualized biometric data may be stored as a graphical individualized biometric data or a digitized individualized biometric data.
- the first class of individualized biometric data is stored as both as a graphical individualized biometric data or a digitized individualized biometric data.
- One non-limiting example includes an embodiment where fingerprint scan data is stored on the identification card in a graphical form, i.e., a pictorial or photographic presentation of the fingerprint, or is stored as a digitized fingerprint data string, and in some embodiments, both types of representations are stored on the identification card.
- Comparison of interrogation database biometric data includes retrieval of each interrogation database biometric data of the same class as the second type of individualized biometric data (e.g., the second class of individualized biometric data is a DNA data and the interrogation database contains n DNA data), hashing of each of the interrogation database biometric data with the first class of individualized biometric data to form a set of interrogation database hashes, and comparison of each of the set of interrogation database hashes to the
- the second class of individualized biometric data is not retrieved or compared unhashed, a higher level of privacy and security of the individualized biometric data of the second type is obtained.
- An individual would have decreased risk of improper access or use of their biometric information.
- This additional level of privacy is provided even while providing for identification of high risk individuals who may only be known by biometric data left at a scene of attempted violence or terrorism.
- a DNA data may have been obtained from a DNA sample taken from a surface or an object analyzed by investigators.
- a fingerprint may have been obtained from an object under investigation by law enforcement or other agencies.
- the system may identify such a high risk individual without having that individual's name. Once such a match is reported, further investigation can be made to determine whether the individual may not be granted access to the entity, transport, information, location, transaction, services, authorized status, and/or funds requested.
- the invention may also provide for a confirmation of at least one of the individualized biometric data at the point of contact. This provides verification that the individual presenting an identification card is indeed the individual from which the biometric data has been obtained.
- a biometric scan taken of an individual at a first time and a biometric scan taken of the same individual at a second timepoint may not be identical due to variability of lighting, pressure of an impression of a digit, angle of the scanning device, orientation of the biometric scan, partial nature of a scan, etc.
- confirmation that the individual who is presenting the card is the individual who is enrolled may require acquisition of a second scan of the individualized biometric of the first class, where the matching between the first instance of the biometric scan retrieved from the identification card and the newly acquired scan may not be precisely identical.
- Imprecise matching algorithms for comparison of the biometric scans or methods to digitize slightly variable biometric scans to yield identical digitized templates or representations may be utilized.
- a wide variety of imprecise matching algorithms may be envisioned for use in the systems and methods of the invention.
- fingerprint scans may vary sufficiently to prevent precise matching.
- matching scans usually relies upon matching minutiae recorded in the fingerprint scan data.
- the minutiae of each fingerprint scan are used to create an image map for each fingerprint
- the distance between maps created for the first scan and the second scan of the same finger can be determined to identify the best set of minutiae to compare.
- the match between the first scan and the second scan can then be made using only the set of minutiae having the best distance criteria.
- Yet another matching algorithm for non-identical biometric scans from the same individual uses image matching, which is texture based, to identify areas of similarity in the two scans. Once similar areas are identified, then minutiae of the corresponding areas of each scan can be compared.
- pre-processing nmering can be applied to obtain a relatively good comparison set. Additionally, any of the preceding approaches can be combined to increase the robust nature of the comparison.
- the imprecisely reproducible biometric scans yielding "noisy” or imprecisely identical digitized data may be converted into reliably reproducible, uniformly random digitized data, referred to herein as "fuzzy extraction”.
- Fuzzy extractors may be used to extract a uniformly random digitized data string A from noisy (imprecise) non-uniform input digitized data string B in a noise-tolerant way.
- noise tolerance is meant that if the input changes to some string B* but remains "close" to B, the string A can be reproduced exactly.
- a digitized data string B which conforms to NIST conventions, is encoded from a fingerprint through some device.
- any digitized data string encoded biometric reading (like a fingerprint) will be considered a noisy non-uniform input string.
- a fuzzy extractor then converts digitized data string B into a uniformly random digitized data string A.
- the encoded digitized data string can be thought of as a set of minutiae.
- S is the set of minutiae of B
- S * is the set of minutiae of B * , where B and B * is as described in the preceding paragraph.
- B and B * is as described in the preceding paragraph.
- a metric is needed to define the distance from B to B * which can be defined to be the number of minutiae in either S or S * but not in both. This is mathematically the number of minutiae in the "symmetric difference" of S and S * and is given by the formula
- a system of identification is described, therefore, for determining an identity of a person, which includes a processor that retrieves and compares individualized biometric data with interrogation biometric data in at least one interrogation database, wherein the processor reports whether a match has been found.
- the system may also include an identification card containing individualized identification information and a processor.
- the identification system is configured to connect to at least one interrogation database.
- the system is configured to connect to more than one interrogation database.
- the system further includes at least one interrogation database.
- the system may also include one or more output components and/or one or more input components.
- the system may additionally include a verification component.
- the verification component may include one or more biometric data acquisition and data processing components.
- the invention provides an enrollment component.
- the enrollment component may include one or more biometric data acquisition components and one or more data processing components.
- the identification system includes the enrollment component. Exemplary systems of the invention are shown in FIGS. 1-3, and the individual components described in the following sections below.
- FIG. 1 shows one embodiment 100 of the identification system 110 of the invention.
- the identification system 110 includes an identification card 120 configured to be read by the input component 160, which relays individualized information comprising individualized biometric data to the processor 140.
- the processor 140 communicates via the communication component 130 to interrogation databases 170. to 170,, to retrieve a plurality of interrogation database biometric data.
- the processor 140 interrogates the plurality of interrogation database biometric data and compares it to the individualized identification hash. A report is made by the processor 140 regarding whether or not a match is found via the output component 150.
- FIG. 2A shows another embodiment 200A of the identification system 210 of the invention.
- the identification system 210 includes an identification card 220 configured to be read by the input component 260, which relays individualized information comprising individualized biometric data to the processor 240.
- the processor 240 communicates via the communication component 230 to interrogation databases 270 1 to 270 n , to retrieve a plurality of interrogation database biometric data.
- the processor 240 interrogates the plurality of interrogation database biometric data and compares it to the individualized identification hash. Additionally, the processor receives individualized biometric data obtained at the point of contact by individualized biometric data confirmation components 280 1 to 280 m and compares the data so obtained to individualized biometric data retrieved from the
- identification card 220 to verify that the individual who presents the identification card is the individual whose biometric data is stored on the identification card 220.
- a report is made by the processor 240 via the output component 250 regarding 1) whether or not a match is found to a biometric data entry in interrogation databases 270 1 to 270 n and 2) whether or not a match is found between biometric data obtained at the point of contact from biometric data confirmation components 280 1 to 280 m and the individualized biometric data retrieved from the identification card 220.
- the processor may further report to another system and/or authority if a match is found in any of the interrogation databases 270 1 to 270 n and/or the biometric data obtained at the point of contact does not match the individualized biometric data retrieved from the identification card 220.
- the processor may further initiate an action to stop any further processing of the request for access made by the individual upon presentation of the identification card 220, if a match is found in any of the interrogation databases 270 1 to 270 n and/or the biometric data obtained at the point of contact does not match the
- the processor may additionally initiate an alarm to prevent the individual from leaving the point of contact without further investigation if a match is found in any of the interrogation databases 270 1 to 270 n and/or the biometric data obtained at the point of contact does not match the
- FIG. 2B shows yet another embodiment 200B of the identification system 210 of the invention.
- the identification system 210 includes an identification card 220 configured to be read by the input component 260, which relays individualized information comprising individualized biometric data to the processor 240.
- the processor 240 communicates via the communication component 230 to interrogation databases 270 1 to 270 m , to retrieve a plurality of interrogation database biometric data.
- the processor 240 interrogates the plurality of interrogation database biometric data and compares it to the individualized identification hash. Additionally, the processor receives individualized biometric data obtained at the point of contact by individualized biometric data confirmation components 280 1 to 280 m and compares the data so obtained to individualized biometric data retrieved from the
- identification card 220 to verify that the individual who presents the identification card is the individual whose biometric data is stored on the identification card 220. Further, the processor retrieves an enrollment verification certification from the identification card 220, which was assigned at the time of enrollment and issuance of the identification card. The processor interrogates the enrollment database 275 to verify the authenticity of the identification card. This can be performed in several ways, one of which is to search for a matching enrollment verification certification, whereupon the processor further determines whether the other information present on the identification card accompanying the enrollment verification certification matches the record of what was recorded to the card at the time of enrollment.
- the processor can search for the individual to whom the card was issued and determine whether the enrollment verification certification retrieved from the identification card 220 matches the enrollment verification certification assigned to the card at the time of issuance to the individual.
- a report is made by the processor 240 via the output component 250 regarding: 1) whether or not the enrollment verification certification is confirmed for the card presented by the individual; 2) whether or not a match is found between biometric data obtained at the point of contact from biometric data confirmation components 280 1 to 280 m ; and 3) whether or not a match is found to a biometric data entry in interrogation databases 270 1 to 270 n .
- the processor may further report to another system and/or authority if a match is found in any of the interrogation databases 270 1 to 270 n ; and/or the biometric data obtained at the point of contact does not match the individualized biometric data retrieved from the identification card 220; and/or the enrollment verification certification is not confirmed for the identification card 220 presented by the individual.
- the processor may further initiate an action to stop any further processing of the request for access made by the individual upon presentation of the identification card 220, if a match is found in any of the interrogation databases 270 1 to 270 n ; and/or the biometric data obtained at the point of contact does not match the individualized biometric data retrieved from the identification card 220; and/or the enrollment verification certification is not confirmed for the identification card 220 presented by the individual.
- the processor may additionally initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority if a match is found in any of the interrogation databases 270 1 to 270 n ; and/or the biometric data obtained at the point of contact does not match the individualized biometric data retrieved from the identification card 220; and/or the enrollment verification certification is not confirmed for the identification card 220 presented by the individual.
- FIG.3 shows one embodiment of an Enrollment component of the invention.
- An individual desiring to be enrolled would permit biometric data to be obtained by biometric data acquisition components 390 ( to 390p.
- the individualized biometric data so obtained would be further processed by the processor as described below and stored to the
- identification card 320 The input component may be used to add other individualized information that is stored on the identification card 320.
- the fully loaded identification card 320 is issued to the individual for use in the identification and verification components of the identification system.
- the identification system includes the
- the Enrollment component is a stand alone system.
- the identification card containing individualized identification information.
- an identification card is issued to an individual after the individual has submitted at least a first and a second class of biometric data.
- the card may also contain other identifying information such as name, physical description, national origin and address, and the like.
- the identification card is presented by the individual at a point of contact with an agency granting access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds.
- the individualized identification information includes individualized biometric data of at least a first class and a second class, where the individualized biometric data of the first class and the individualized biometric data of the second class has been stored on the card as an individualized identification hash formed from the individualized biometric data of the first and second class, which may be a one-way hash.
- the identification card further includes at least one additional instance of the individualized biometric data of the first class which is stored on the card as either a graphical individualized biometric data or a digitized individualized biometric data.
- the identification card includes two instances of the individualized biometric data of the first class which may be a graphical individualized biometric data and a digitized individualized biometric data.
- the individualized identification information may further include a third or more class of individualized biometric data or more.
- individualized biometric data may be present on the identification card in a hashed form, and may be invertible.
- the third and additional classes of individualized biometric data may be present on the identification card in a non-invertible hashed form.
- the biometric data of the first class is selected from the group consisting of a fingerprint scan data, a palmprint scan data, a retinal scan data, an iris scan data, and a handvein scan data of the individual.
- the biometric data of the first class is selected from the group consisting of a fingerprint scan data, a retinal scan data, an iris scan data, a facial recognition scan data, and a body geometry scan data.
- the biometric data of the second class is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, a non-STR DNA profile, or a fingerprint scan of the individual.
- the biometric data of the second class is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile of the individual.
- the biometric data of the first and second class is not of the same class.
- the biometric data of the first class is a fingerprint scan data
- the biometric data of the second class is a DNA data.
- the biometric data of the first class is a retinal scan data and the biometric data of the second class is a DNA data.
- the biometric data of the first class is an iris scan data
- the biometric data of the second class is a DNA data.
- the biometric data of the first class may also be a facial recognition scan data and the biometric data of the second class is a DNA data. Additionally, the biometric data of the first class may be a body geometry scan data and the biometric data of the second class is a DNA data. In a further embodiment, the biometric data of the first class is a retinal or iris scan data and the biometric data of the second class is a fingerprint scan data. In another embodiment, the biometric data of the first class is selected from the group of a fingerprint scan data, iris scan data, a retinal scan data, and the biometric data of the second class is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile of the individual.
- the biometric data of the first class is one or more members of the group of a fingerprint scan data, iris scan data, and a retinal scan data.
- the biometric data of the first class is selected from the group consisting of a fingerprint scan data, iris scan data, retinal scan data, facial recognition scan data, and body geometry scan data and the biometric data of the second class is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- any suitable biometric data may be used as the biometric data of the first class, including fingerprints and palmprints; body geometry features, including but not limiled to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; signatures; blood typing; protein assays; infrared identification, including but not limited to face, hand, and handvein, and gait recognition, and the biometric data of the second class is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the individualized identification card when the individualized biometric data of the second class is a DNA data, for example, an STR profile, contains additional individualized identification hashes formed from the individualized biometric of the first class hashed with subunits of the STR profile.
- the digitized fingerprint scan may be hashed with each of the US core STR loci (CSF1PO; FGA; TH01; TPOX; VWA; D3S1358; D5S818; D7S820; D8S1179; D13S317; D16S539; D18S51; D2S11; and Amelogenin), as well as the digitized complete set of US core STR loci, and these additional 14 individualized identification hashes may be used for comparison with the at least one interrogation database.
- subsets of the complete set of STR loci may be used to form additional individualized identification hashes for comparison with interrogation databases having degraded or incomplete DNA STR profiles.
- an additional individualized information hash is formed combining the biometric data of the first class with the set of the following loci: CSIPO, D7820, D13S317, D16SS39, D18S51, D21S11, FGA, D2S1338, and amelogenin, which may be useful for identification of a degraded DNA sample.
- the biometric data may be of any type of biometric data.
- the biometric data of a third class is a different class of biometric data from that of the first and second class of biometric data.
- the third class of biometric data is a retinal scan data.
- the second class of biometric data may be a DNA data, including a STR profile, a SNP profile, an 1NDEL profile, an Alu element, or a non-STR DNA profile.
- the third class of biometric data is a fingerprint data.
- the second class of biometric data may be a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the invention also provides embodiments where the first class of biometric data is an iris scan, the third class of biometric data is a fingerprint scan data, and the second class of biometric data may be a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the first class of biometric data is a fingerprint scan data
- the third class of biometric scan data is a facial recognition scan data or a body geometry scan data
- the second class of biometric data is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- biometric data of the first class is an iris scan data, retina scan data, a facial recognition scan data, or a body geometry scan data
- biometric data of the second class is a fingerprint scan data
- the third class of biometric data is a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, or a non-STR DNA profile.
- the DNA data is present only as biometric data of the third class, it is present hashed together with biometric data of either the first or the second class in a non- invertible form, and may be used to in the comparison with an interrogation database in order to determine whether the individual's DNA data is present in the database.
- the biometric data of a third class is of the same class of biometric data as the second class of biometric data, but is a different type of the same class of biometric data.
- biometric data of a second class is a DNA STR profile
- biometric data of a third class is an INDEL profile.
- the biometric data of a second class is a DNA STR profile
- the biometric data of a third class is a SNP profile.
- the biometric data of a second class is a DNA STR profile and the biometric data of a third class is an Alu element
- each of the biometric data is hashed with the biometric data of the first class prior to storage as individualized identification hashes on the identification card.
- the hash is one-way and is not invertible.
- the third class of biometric data may be used in comparison with the at least one interrogation database.
- more than three classes of individualized biometric data are present on the identification card.
- the more than three classes of individualized biometric data includes more than one type of DNA data selected from a STR profile, a SNP profile, an INDEL profile, an Alu element, and a non-STR DNA profile.
- any of the more than three classes of individualized biometric data includes a DNA data, including a STR profile, a SNP profile, an INDEL profile, an Alu element, and a non-STR DNA profile
- the DNA data is hashed non-invertibly with an individualized biometric data that is not a DNA data, prior to storage on the identification card.
- each of the classes of biometric may be used in comparison with the at least one interrogation database.
- the identification card may include descriptors of the types of biometric data or subtypes of biometric data stored on the card; to be read by the processor in order to determine what interrogation databases may have suitable entries for interrogation.
- individualized identification information may be present on the identification card, including but not limited to parametric data such as name; age; physical description, including but not limited to hair color, height, weight, eye color, skin color description, and other individualized descriptors such as tattoos and the like; social security number; mother's maiden name; health information; health insurance information; marital status; dependent children status; financial or credit card information; address; nationality; citizenship status; visa status; voter registry status; driver license number; and the like.
- parametric data such as name; age; physical description, including but not limited to hair color, height, weight, eye color, skin color description, and other individualized descriptors such as tattoos and the like
- social security number mother's maiden name
- health information health insurance information
- marital status dependent children status
- financial or credit card information address; nationality; citizenship status; visa status; voter registry status; driver license number; and the like.
- the at least one interrogation database containing a plurality of interrogation biometric data.
- the at least one interrogation database includes information associated with identification of individuals.
- the at least one interrogation database can be governmental (Federal, state, regional and/or local) data store(s) related to, for example, the Social Security Administration, Drivers' license agencies (e.g., Bureau/Department of Motor Vehicles), state identification card issuing agencies, the Selective Service system, the military, voter registration, birth certificates issuing authorities, the Immigration and Naturalization Service, Homeland Security, the Justice Department, the Bureau of Alcohol, Tobacco and Firearms, the Federal Bureau of Investigation and/or the Central Intelligence Agency.
- governmental Federal, state, regional and/or local
- data store(s) related to, for example, the Social Security Administration, Drivers' license agencies (e.g., Bureau/Department of Motor Vehicles), state identification card issuing agencies, the Selective Service system, the military, voter registration, birth certificates issuing authorities, the Immigration and Naturalization
- the at least one database may be maintained by extraterritorial governmental and nongovernmental organizations (e.g., European Union, the United Kingdom, including but not limited to antiterrorism databases maintained by organizations such as MIS, Germany, and Interpol).
- the at least one interrogation database can also include private, non-governmental, databases that can include, for example, a periodically updated copy of governmental data and/or a new set of data about an individual. Other nongovernmental groups maintaining databases may include kinship databases or genealogy-related databases.
- the at least one interrogation database can include DNA data (e.g., collected by governmental and/or private entities) and/or other biometric data.
- Information can be stored in the at least one interrogation database in a variety of format(s) including, but not limited to, hierarchical database(s) and/or relational databases). Information can be stored in the at least one interrogation database in a variety of data structure(s) including, but not limited to, lists, arrays, databases and/or data cubes. For example, information stored in the at least one interrogation database can be text (e.g., alphanumeric), graphical, audio, video and/or digitally stored DNA data. In some databases, the information does not have individualized identification associated with the record, i.e. for the biometric data there is no personal name available as an identifier.
- the interrogation biometric data is associated with an interrogation database identifier.
- the at least one interrogation database includes DNA profile data that is not complete or is degraded. This incomplete or degraded DNA profile data may be a partial or degraded STR profile data, SNP profile, INDEL profile, Alu element data, non-STR profile, or a combination of one of more of these profile types.
- the at least one interrogation database may include a DNA STR profile for which the data for some of the core loci is not available due to degradation of the initially obtained sample.
- the interrogation biometric data may be a fingerprint scan data, iris scan data, retinal scan data, facial recognition scan data, body geometry scan data, or gait analysis data.
- biometric data in each database may be only one type of biometric data in each database or there may be more than one type of biometric data.
- the biometric data in each database may also have a personal name associated with the data.
- the biometric data in each database may only be identified by an interrogation database identifier, and may have no personal name associated with the data.
- the interrogation biometric data of the second class is a DNA data.
- the DNA data may be a STR profile, a SNP profile, an INDEL profile, an Alu element data, a non-STR profile, or a combination of one of more of these profile types.
- the interrogation biometric data of the second class is a fingerprint scan data.
- the interrogation biometric data of the second class is partial or degraded DNA data, including a partial or degraded STR profile, SNP profile, INDEL profile, Alu element data, non-STR profile, or a combination of one of more of these profile types[
- the processor may be a single processor or may be more than one processor as may be required to perform the methods of the inventions.
- the processor is configured to read and retrieve the identification information contained on the identification card presented by the individual.
- the individualized biometric data of the first class and the individualized identification hash is retrieved by the processor from the identification card.
- the processor is configured to read and retrieve the identification information contained on the identification card presented by the individual.
- the individualized biometric data of the first class and the individualized identification hash is retrieved by the processor from the identification card.
- individualized biometric data is read by an input component which includes but is not limited to a card reader, a magnetic card reader, keyboard, a touch screen device, computer, a pointing device, such as a mouse, a microphone, an IR remote control, a joystick, a game pad, a personal digital assistant (PDA), a smart card reader, or the like.
- the processor is configured to determine what classes of biometric data have been stored on the identification card and how the biometric data is presented on the card, including any preprocessing.
- the processor is configured to communicate with the at least one interrogation database. Upon reading the identification information from the identification card, the processor is configured to determine what classes of biometric data are present in the individualized identification hash. The processor is configured to determine which interrogation database contains at least some records containing biometric data of the same class as the individualized biometric data of the second class present in the individualized identification hash. The processor is further configured to instruct the communications component to connect to the at least one database.
- the processor may be configured to retrieve the individualized biometric data from a remote database upon entry of a password or other electronic entry permission granting procedure.
- the remote database may be the enrollment database.
- the processor connects to the at least one interrogation and/or remote database via a communications component.
- the communications component may be one or more communications components. Communication by the communications component may be achieved via many types of connections, including but not limited to network connection, an extranet, an intranet, the Internet, wireless communication, direct serial communication, and/or direct parallel communication.
- Information exchanged between the processor and the at least one database can utilized a variety of formats, and in a variety of secure and/ or encrypted manners, a non-limiting example being a high-speed secure Internet connection.
- the processor is configured to interrogate the interrogation database.
- the processor is configured to retrieve biometric data of the second class from the at least one interrogation database.
- the processor is configured to reorder data, particularly DNA or RNA data so that the data in an interrogation database is ordered in the same manner as the data on the identification card.
- a non-limiting example includes reordering a list of STR profile data so that the loci of the STR data are listed in the same order as that of STR profile data listed on the identification card.
- the data may be reorganized to present an interrogation database biomctric data similarly to that of the biometric data used in the individualized information hash to provide interrogation database hashes having an equivalent precursor structure, and allow the greatest probability of finding a match.
- a non-limiting example of reorganizing data of an interrogation database is re-processing graphic representations of fingerprint scans via the same algorithm as used to enroll a fingerprint scan for the individual.
- the processor is configured to hash each of the plurality of interrogation biometric data of the second class together with the individualized biometric data of the first class to form a plurality of interrogation database identification hashes.
- the individualized biometric data of the first class may be used as stored in the identification card.
- the digitized individualized biometric data of the first class is retrieved from the identification card and hashed together with each of the plurality of the interrogation biometric data of the second class to form a plurality of interrogation database hashes for use in the comparison to the individualized identification hash.
- the individualized biometric data of the first class may be retrieved as a hashed form and inverted prior to being hashed together with each of the plurality of interrogation biometric data of the second class to form a plurality of interrogation database hashes for use in the comparison to the individualized identification hash.
- the individualized biometric data of the first class may be retrieved as a hashed form and the hashed form is hashed together with each of the plurality of interrogation biometric data of the second class to form a plurality of interrogation database hashes for use in the comparison to the individualized identification hash.
- the individualized biometric data of the first class is retrieved as a graphical individualized biometric data and converted to a digitized individualized biometric data as part of the process of forming the plurality of interrogation database hashes in combination with each of the plurality of the interrogation biometric data of the second class.
- the processor is configured to compare each interrogation database identification hash to the individualized identification hash stored on the identification card of the individual. By comparing identification hashes combining an individualized biometric data of the first class retrieved from the identification card with an interrogation biometric data of the second class to the individualized identification hash presented by the individual, the individualized biometric data of the second class, i.e., a DNA data of the individual may be protected from unauthorized access or use.
- the processor interrogates databases having additional classes of biometric data. While the individualized identification hash may be used to identify matches formed with the interrogation identification hashes which contain biometric data of the second class, the individualized biometric data of the first class, or the individualized biometric data of the third class may be used to interrogate other databases without being hashed together with individualized biometric data of the second class.
- a non-limiting example includes an identification card containing fingerprint scan data as biometric data of the first class and DNA data as biometric data of the second class, where the individualized identification hash is formed using both fingerprint scan data and DNA data.
- databases containing DNA data can be interrogated by forming interrogation identification hashes from the individual biometric data of the first class and each of the individual DNA entries in the interrogation database to find a match
- the instances of the first class of individualized biometric data i.e., fingerprint scan data
- that of the third or more class of individualized biometric data i.e. iris scan data, retina scan data, facial feature scan data, or body geometry scan data
- a database containing a fingerprint having limited or no identification information such as name or other parametric data may be reported as forming a match with biometric data enrolled on the identification card, thus providing an identification permitting further action as required by the specific request for access.
- the processor may also be configured to compare each interrogation database hash to an individualized identification hash formed from a third class of biometric data, when such one-way combined hash is formed from a DNA data.
- a third class or more class of biometric data of the third class is a DNA data stored as a combined one-way individualized hash with non-DNA biometric data on the identification card
- the processor may interrogate at least one interrogation having DNA data by retrieving the instance of individualized non- DNA biometric data that had been used to generate the combined oneway hash, and forming a plurality of interrogation database identification hashes with each of the plurality of interrogation biometric data of the interrogation database.
- the processor may compare each interrogation database identification hash to the individualized identification hash stored on the identification card of the individual, and determine whether a match is identified.
- the processor is configured to recognize that the
- identification card includes an individualized identification hash where the DNA data used to form the hash is a partial DNA profile.
- the processor may be configured to communicate to at least one interrogation database having partial DNA profile, determine what subtype of partial DNA profile data is present, determine whether an individualized identification hash on the identification card was formed from a matching subtype, and if one is present, then is configured to form interrogation database hashes with the biometric of the first class extracted from the identification card.
- the processor may be further configured to calculate whether any identified match has a predetermined probability of representing a match for the individual or is too fragmentary to be significant.
- the processor may be further configured to attempt matching other biometric data or parametric data present on the identification card with equivalent data in the interrogation database entry to determine significance of the match.
- the processor is configured to report if a match is found between an interrogation database identification hash and the individualized identification hash.
- reporting a match includes notifying a security agency.
- the processor may also report that no match is found, thereby permitting the individual to gain access to the entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds requested.
- Reporting a match may include an electronic report to an external authority, such as for instance a law enforcement agency, immigration control agency, airport security personnel, and licensing authority, and the like.
- the security agency is a governmental agency.
- the processor is further configured to deny a request by the individual for access to an entity, transport, information, location, transaction, services, authorized status, or funds.
- the system includes an output component that is configured to communicate the report in any suitable manner.
- Output devices include but are not limited to a touch screen device, a computer monitor, a television screen, a printer, a personal digital assistant, a wireless or wired telephone display or message, a speakers), a computerized messaging unit, and the like.
- the processor is configured to confirm the identity of the individual presenting the identification card.
- the processor may be configured to read at least a first class of individualized biometric data at a point of contact; and confirm the at least first class of individualized biometric data at the point of contact to verify the identity of the individual presenting the identification card, thus providing a verification component to the systems and methods of the invention.
- more than one class of individualized biometric data is obtained by individualized biometric data confirmation components at the point of contact to compare with the biometric data stored on the identification card.
- the more than one class of individualized biometric obtained at the point of contact includes, but is not limited to fingerprint scan data, retinal scan data, iris scan data, and the like.
- the individual may be required to submit to a scan of one or more biometric data types at the point of contact.
- the processor is configured to communicate with the biometric data acquisition and data processing components to obtain and process the locally acquired biometric data.
- the locally acquired biometric data may be used in its undigitized form or may be converted into a digital format.
- the locally acquired biometric data is compared to the individualized biometric data stored on the identification card.
- identification card may be inverted from a hashed form or the locally acquired biometric data may be subjected to the same hashing processes used to convert the individualized biometric data for storage on the identification card at the time of enrollment.
- This component of the identification system determines that the individual presenting the identification card is the individual whose biometric data are recorded on the identification card. If a match is not found, a report may be made. The report may include a report to the local security agency. The report may include a report to a government agency. If a match is not found, the processor may be configured to deny the individual access to the entity, transport,
- the processor is configured to confirm the authenticity of the identification card.
- the processor is configured to retrieve an enrollment verification certification from the identification card, and interrogates the enrollment database. This can be performed in several ways, one non-limiting example being to search for a matching enrollment verification certification, whereupon the processor further determines whether the other information present on the identification card accompanying the enrollment verification certification matches the record of what was recorded to the card at the time of enrollment.
- the processor may be configured to search for the individual to whom the card was issued and determine whether the enrollment verification certification retrieved from the identification card matches the enrollment verification certification assigned to the card at the time of issuance to the individual. If a match is found, the method of identifying the individual continues.
- the processor is configured to report that no match has been found and the access request process is halted for further investigation.
- the report may include notifying another system and/or authority.
- the processor may be configured additionally to initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- the invention provides a system for identifying a person, including: an identification card comprising individualized identification information including at least one of a fingerprint data and a retinal scan data, and a DNA data, where one of the fingerprint data and the retinal scan data is hashed together with the DNA data to form a individualized identification hash; and a processor configured to: connect to at least one interrogation database comprising a plurality of interrogation DNA data; interrogate the at least one database wherein each of the plurality of interrogation DNA data is hashed together with the at least one of the fingerprint data and the retinal scan data of the individual to form a plurality of interrogation database identification hashes; compare each of the plurality of interrogation database identification hashes to the personal identification hash; report a match of the database identification hash to the individualized identification hash, if found; and optionally, where the processor is configured to read at least one of the fingerprint data and the retinal scan data at a point of contact, wherein the at least
- the processor may be configured to enroll the individual and produce the identification card of the system.
- the processor may be configured to acquire at least a first class and a second class of individualized biometric data.
- the processor is configured to convert biometric data of the first class to a digital electronic format, and to store one instance of the biometric data of the first class on the identification card, in the digitized electronic format.
- the biometric data of the first class is hashed in an invertible form prior to storage on the card.
- the biometric data of the first class is hashed in a non-invertible form prior to storage on the card.
- other post processing of the electronically digitized biometric data of the fust class is performed.
- biometric data of the first class is stored with no further processing after the initial acquisition, i.e. as a raw image of a biometric data, including but not limited to a fingerprint scan data, a retinal scan data and an iris scan data, thus provide individualized biometric data as a graphical individualized biometric data.
- the second class of biometric data is nucleic acid, i.e. either DNA or RNA
- a sample of the individual's DNA is collected and analyzed.
- the processor is configured to convert the DNA or RNA data to a digital electronic format.
- the digitized electronic DNA results are hashed with electronically digitized first class of biometric data of the individual.
- the hashing process is invertible. In other embodiments, the hashing process is noninvertible.
- subsets of the DNA, or other biometric data can be hashed and stored on the card. This can be useful in situations where the database information may be incomplete yet still capable of providing identifying an individual. In some embodiments, only the resulting individualized identification hash is stored on the identification card.
- the processor may be configured to acquire a third or more classes of biometric data, and convert the data to a digital electronic format.
- the third or more classes of biometric data may be hashed before storage on the identification card.
- the hash of the third or more classes of biometric data is invertible.
- the hash of the third or more classes of biometric data is non-invertible.
- other post processing of the electronically digitized biometric data of the third or more class is performed.
- no post processing of the electronically digitized biometric data of the third or more class is performed.
- the processor may be configured to hash the DNA or RNA biometric data of the third or more class with the electronically digitized biometric data of the first class, prior to storage on the identification card.
- the hashing of the DNA or RNA containing third class of biometric data and the first class of biometric data is non-invertible.
- the hashing of the DNA or RNA biometric data of the third class and the first class of biometric data is invertible.
- the processor may be configured to assign each newly issued card with an enrollment verification certification.
- the certification may be used to authenticate the identification card as a card issued by the enrollment authority.
- the biometric data in its hashed form, may be stored in an enrollment database. This may provide another mode of verification at the point of contact when the identification card is used to request access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds.
- the enrollment component may include one or more biometric data acquisition and data processing components.
- Biometric data acquisition components include instruments configured to scan biometrics including, but not limited to, fingerprints and palmprints; body geometry features, including but not limited to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; infrared identification, including but not limited to face, hand, and handvein; and the like, and may be present at the point of contact.
- Data processing components may be incorporated in the local verification component to digitize and further process the raw biometric data.
- the processing includes hashing the biometric data.
- the processing includes hashing two classes of biometric data together.
- the verification component may include one or more individualized biometric data confirmation components which may each include biometric data acquisition and data processing components.
- Biometric data acquisition components include instruments configured to scan biometrics including, but not limited to, fingerprints and palmprints; body geometry features, including but not limited to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; infrared identification, including but not limited to face, hand, and handvein; and the like, and may be present at the point of contact.
- Data processing components may be incorporated in the individualized biometric data confirmation component to digitize and further process the raw biometric data.
- the processing includes hashing the biometric data.
- the processing includes hashing two classes of biometric data together.
- the computer readable medium is a computer program that instructs a computer which is in or connected to the identification card reader.
- the computer program instructs the processor to determine what classes of biometric data are stored on an identification card.
- the computer program instructs the processor to retrieve at least a first class of individualized biometric data and an individualized information hash from the identification card.
- the identification card is an electronic representation and does not carry the individualized biometric data locally
- the computer program instructs the processor to retrieve the individualized biometric data from a central database, which may be an enrollment database.
- the computer program instructs the processor to connect, using the communications component(s), to the at least one database and to retrieve appropriate class(es) of biometric data.
- the computer program instructs the processor to retrieve the plurality of interrogation biometric data of the second class and, if necessary, reorder and/or reorganize each of the plurality of interrogation biometric data of the second class to be presented in the same order and manner as that of the individualized biometric data of the second class.
- the computer program instructs the processor to hash the first class of individualized biometric data in combination with each of the plurality of the interrogation biometric data to form a plurality of interrogation identification hashes.
- a third class or more class of individualized biometric data of the third class is a DNA data stored as a combined one-way individualized identification hash with non-DNA biometric data on the identification card
- the computer instructs the processor to interrogate at least one interrogation database having DNA data by retrieving the instance of individualized non- DNA biometric data that had been used to generate the combined one-way hash, and to form a plurality of interrogation database identification hashes using each of the plurality of interrogation biometric data of the interrogation database.
- the computer program further instructs the processor to compare each of the interrogation database identification hashes with the individualized identification hash.
- the computer program instructs the processor to compare other individualized biometric data of the first or third or more classes with interrogation database data of the same type.
- the computer program instructs the processor to report a match, if found.
- the report can be a local report or a report to an external authority.
- the computer program may instruct the processor to deny the request of the individual to access the entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds as requested by the individual.
- the computer program may further prevent the individual from leaving the point of contact if a match is found with an instance of interrogation biometric data.
- the computer readable medium may instruct a computer that is in or connected to biometric acquisition and processing components used in the enrollment module and/or verification module.
- the program may provide instructions to control the instrumentation to obtain the raw biometric data/images and to process according to the methods described above to form appropriate digitized electronically formatted biometric data of the first class for storage on the identification card.
- the program may also provide instructions to store the raw biometric data/images as graphical biometric data on the identification card.
- the program may control the biometric acquisition and processing components to obtain and process the first and second classes of individualized biometric data to form the individualized
- the program may control the biometric acquisition and processing components to obtain and process the third and more classes of individualized biometric data and stare it to the identification card.
- the program may instruct the processor to form an individualized identification hash for each instance of individualized DNA biometric data.
- the program may further instruct the computer to store any or all of the individualized biometric data and/or individualized identification hashes to the identification card or a central database, where the central database may include the enrollment database.
- the program may instruct the instrumentation to also obtain additional classes of biometric data and likewise process for storage on the identification card. In some embodiments, the instructions control the instrumentation to use undigitized data for comparison.
- the computer program may instruct the processor to retrieve one or more classes of individualized biometric data from the
- the computer program instructs the processor to determine what class(es) of individualized biometric data are retrieved.
- the computer program instructs the processor to connect to individualized biometric data confirmation components, to acquire biometric data from the individual at the point of contact.
- the computer readable medium may instruct a computer that is in or connected to biometric acquisition and processing components used in the verification module.
- the program may provide instructions to control the instrumentation to obtain the raw biometric data/images and to process according to the methods described above to form data useful for comparison with the biometric data of the first class to verify the identity of the individual.
- the program may instruct the instrumentation to also obtain additional classes of biometric data.
- the computer program may instruct the processor to extract each feature and process each feature to present the processed locally acquired biometric data in the same format as the individualized biometric data of class retrieved from the identification card. .
- the instructions control the instrumentation to use undigitized data for comparison.
- the computer program may instruct the processor to compare each locally acquired biometric data to the individualized biometric data of the same type, as retrieved from the identification card.
- the computer program may instruct the processor to perform a comparison with partial data, and additionally, to provide a weighting function to determine significance of a match found using partial data, such as partial DNA profiles.
- the computer program may instruct the processor to identify whether the at least one interrogation database contains interrogation biometric data which is incomplete, degraded, or has portions of the biometric data obscured by contaminants.
- the computer program may instruct the processor to determine what portions of interrogation biometric data are available for comparison with individualized biometric data.
- the computer program may then instruct the processor to retrieve respective partial individualized biometric data sets that may be stored on the identification card. In some embodiments, a plurality of partial individualized biometric data sets may be stored on the identification card.
- the identification card contains a first individualized identification hash formed from a fingerprint scan data and a complete DNA STR profile.
- the identification card may also include additional individual identification hashes formed from the fingerprint scan and each STR loci of the STR panel, from the fingerprint scan and at least one subset of all the STR loci of the STR panel, or every possible combination of the fingerprint scan data and subsets of the STR loci.
- identification card may include descriptors of these partial individualized identification hashes for comparison against equivalent interrogation biometric data.
- the computer program may instruct the processor to form respective partial interrogation identification data hashes using the fingerprint scan data from the identification card.
- the computer program may instruct the processor to assign probabilities that the comparisons between the partial individualized identification hashes and the partial interrogation data hashes represent a significant likelihood of a match.
- the computer program may instruct the processor to report a match when these conditions are met.
- the computer program may instruct the processor to report if the one or more locally acquired biometric data is found to match the one or more individualized biometric data stored on the identification card, and verify the identity of the individual as the individual whose biometric data is stored on the identification card.
- the computer program then may instruct the processor to initiate a method of identification of the invention, as shown any of the non-limiting examples described herein.
- the computer program may instruct the processor to stop processing the request, and a report is sent. Further investigation may be required before any further step of the identification system is taken.
- the report may include notifying another system and/or authority.
- the computer program may additionally instruct the processor to initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- the computer readable medium may additionally be a computer program that instructs a computer which is in or connected to the identification card reader and an enrollment database.
- the identification card may contain an enrollment verification certification (EVC), wherein the computer program may instruct the processor to retrieve the enrollment verification certification and interrogates an enrollment database to verify the authenticity of issuance of the identification card.
- EMC enrollment verification certification
- the processor may instruct the processor to search for the individual to whom the card was issued and determine whether the enrollment verification certification retrieved from die identification card matches the enrollment verification certification assigned to the card at the time of issuance to the individual. If a match is found, the computer program may instruct the processor to continue the method of identifying the individual. If no match is found, the computer program may instruct the processor to report that no match has been found and the access request process is halted for further investigation. The report may include notifying another system and/or authority.
- the computer program may instruct the processor to initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- the computer readable medium may additionally be a computer program that instructs a computer which is in or connected to an identification card read/write component and an enrollment database.
- the computer program may instruct the processor to assign and deposit a unique enrollment verification certification (EVC) into the enrollment database and stores a copy of the unique enrollment verification certification (EVC) in the identification card, at the time of enrollment.
- EEC unique enrollment verification certification
- a suitable computer program for performing the various methods and steps described herein could be written in various languages, such an assembly language or a high- level language such as C, C++, Java, etc., and a person of ordinary skill in the art, given the benefit of the foregoing description describing the steps to be performed, could implement such a program.
- the identification systems which may or may not include verification components and/or enrollment components, may be used in many methods of identification of an individual.
- FIG.4A One embodiment of a method 400A of identification of an individual is shown in FIG.4A.
- An individual presents an identification card 420 when requesting access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds.
- An individualized identification hash IIH,
- the processor retrieves the individualized identification hash and the individualized biometric data of the first class from the
- the processor may optionally include the step of converting the individualized biometric data of the first class to a digitized individualized biometric data, if it had been stored as a graphical individualized biometric data on the identification card.
- the processor accesses at least one interrogation database (470t to 470 folk) which contains a plurality of interrogation biometric data of the second wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier class (NDB 1 to NDB r and NDB r+1 to NDB r+s , and so on (404 1 to 404 r and 404 r+s to 404 r+s , and so on)).
- the processor retrieves the plurality of interrogation biometric data of the second class and, if necessary, reorders each of the plurality of interrogation biometric data of the second class to be presented in the same order and manner as that of the individualized biometric data of the second class.
- the processor hashes each of the plurality of interrogation biometric data of the second class together with individualized biometric data of the first class to form a plurality of interrogation database identification hashes; comparing (406) each of the plurality of interrogation database identification hashes IDIH 1 to IDIH r and IDIH r+1 to IDIH r+s and so on, (405 1 to 405 r and 405 r+1 to 405 r+s , and so on)) to the individualized identification hash (IDH, 402); and reporting a match of the database identification hash to the individualized identification hash (409). If no match is found, the individual may continue the process towards access to the entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds (408).
- FIG.4B Other embodiments of methods, 400B, of identification of an individual are shown in FIG.4B.
- An individual presents an identification card 420 when requesting access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds.
- the processor retrieves an enrollment verification certification 411 from the identification card, and interrogates the enrollment database 475. This can be performed in several ways, one of which is to search for a matching enrollment verification certification, whereupon the processor further determines whether the other information present on the identification card 420 accompanying the enrollment verification certification 41 matches (412) the record of what was recorded to the card 420 at the time of enrollment.
- the processor can search for the individual to whom the card 420 was issued and determine whether the enrollment verification certification 411 retrieved from the identification card 420 matches (412) the enrollment verification certification assigned to the card at the time of issuance to the individual. If a match is found, the method of identifying the individual continues. If no match is found, the processor reports (414) that no match has been found and the access request process is halted for further investigation.
- the report (414) may include notifying another system and or authority.
- the processor may additionally initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- An individualized identification hash (11H, 402), formed from an individualized biometric data of a first class and an individualized biometric data of a second class, and an individualized biometric data of the first class (IDBI, 403) are retrieved from the
- the processor accesses at least one interrogation database (470i to 470 flick) which contains a plurality of interrogation biometric data of the second wherein each of the plurality of interrogation biometric data of the second class has an interrogation database identifier class (NDB1 to NDB r and NDB r+ ⁇ to NDBr+s, and so on (404i to 404r and 404r+1 to 404,- , and so on).
- interrogation database identifier class
- the processor hashes each of the plurality of interrogation biometric data of the second class together with individualized biometric data of the first class to form a plurality of interrogation database identification hashes; comparing (406) each of the plurality of interrogation database identification hashes (IDIH 1 to IDIH r and IDIH r + 1 to IDIH r+s and so on, (405 1 to 40S r and 405r+1 to 405 r+s , and so on)) to the individualized identification hash (IDH, 402); and reporting (409) a match of the database identification hash to the individualized identification hash.
- the access request process is halted for further investigation.
- the report (414) may include notifying another system and/or authority.
- the processor may additionally initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- the individual may continue the process towards access to the entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds (408).
- the processor retrieves the individualized biometric data of the first class, which is compared directly to interrogation database entries of the same class. This may be performed either independently or along with the comparison of interrogation database hashes formed from biometric data of the second class, as described above.
- the individualized biometric data of the third or more class is retrieved from the identification card and matched with interrogation database biometric data of the equivalent class. If the individualized biometric data of the third or more class is a DNA data and is present as a second or more individualized identification hash, it is compared with interrogation database hashes formed as described above for the individualized biometric data of the second class.
- the identification of an individual is performed using partial DNA profiles. This may occur when the at least one interrogation database has incomplete or degraded DNA profile entries.
- the identification card presented by the individual may have a plurality of individualized identification hashes of the individualized biometric data of the first class with partial DNA profiles, along with the first individualized identification hash form from the individualized biometric data of the first class and the individualized biometric data of the second which is a complete DNA profile.
- the plurality of individualized identification hashes may be formed from each of the individual DNA profile components contributing to a complete DNA profile.
- a plurality of individualized identification hashes may be formed using each DNA STR locus separately, or every combination of subsets, or any selection of such grouping of DNA STR loci.
- each of the interrogation database hashes formed from the individualized biometric data of the first class and a subset of DNA STR data is compared to the each of the plurality of individualized identification hashes retrieved from the
- a weighting assessment may be included as part of the method when comparing, for example, hashes of individual STR loci to determine if a threshold proportion of the hashes match overall, in order to report that a match has been identified.
- a verification component is performed at the same time or prior to the identification methods.
- the verification method steps are shown schematically in FIGS.5A and 5B.
- a first class, or more, of individualized biometric data is retrieved from the identification card 520 presented by an individual at a point of contact.
- the processor determines what classes) of individualized biometric data are retrieved (517).
- the processor connects to individualized biometric data confirmation components 1- m (580 1 -580 m ), and acquires each of 1-m biometric data from the individual at the point of contact.
- the processor extracts each feature F 1 to F m (515) and processes each feature (516) to present each F 1 to F m in the same format, digitized or undigitized, hashed or not hashed, and with any further processing necessary to present the processed locally acquired biometric data PF 1 to PF m in the same format as the individualized biometric data of class I to class M.
- Each locally acquired biometric data is compared (518) to the individualized biometric data of the same type, as retrieved from the identification card 520.
- a report may be sent verifying the identity of the individual as the individual whose biometric data is stored on the identification card. The method of identification of the invention is then initiated, as shown any of the non-limiting examples described herein.
- FIG. SB shows another embodiment of verification methods, which, in addition to the steps discussed above for FIG. 5A, adds the steps of retrieving (523) an enrollment verification certification (EVC) from the identification card.
- the enrollment database 575 is interrogated. This can be performed in several ways, one of which is to search for a matching enrollment verification certification, whereupon the processor further determines whether the other information present on the identification card 520 accompanying the enrollment verification certification EVC matches (525) the record of what was recorded to the card 520 at the time of enrollment. Alternatively, the processor can search for the individual to whom the card 520 was issued and determine whether the enrollment verification certification EVC retrieved from the identification card 520 matches (525) the enrollment verification certification assigned to the card at the time of issuance to the individual.
- the method of verifying the identity of the individual at the point of contact continues, as described in the equivalent steps of the method of FIG. 5A. If no match is found, the processor reports (526) that no match has been found and the access request process is halted for further investigation.
- the report (526) may include notifying another system and/or authority.
- the processor may additionally initiate an alarm to prevent the individual from leaving the point of contact without further investigation by an authority.
- biometric data of the first class is collected by biometric data acquisition component I (690 1 ) and converted to a digital electronic format (627).
- biometric data acquisition component I (690 1 )
- suitable biometric data of the first class include, but are not limited to fingerprints and palmprints; body geometry features, including but not limited to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; infrared identification, including but not limited to face, hand, and handvein; and the like.
- one instance of the biometric data of the first class (IBDI) is stored on the identification card, in the digitized electronic format (628).
- the biometric data of the first class (IBDI) is hashed in an invertible form prior to storage on the card (633).
- the biometric data of the first class (IBDI) is hashed in a non-invertible form prior to storage on the card (633).
- other post processing of the electronically digitized biometric data of the first class (IBDI) is performed.
- no post processing of the electronically digitized biometric data of the first class (IBDI) is performed.
- the biometric data of the first class is stored with no further processing after the initial acquisition, i.e. as a raw image of a biometric data, including but not limited to a fingerprint scan data, a retinal scan data and an iris scan data.
- a second instance of the biometric data of the first class is stored on the identification card, where the second instance is stored in a different format than the first instance.
- a fingerprint scan data may be stored in both a graphical representation and additionally, in a digitized representation.
- the second class of biometric data is obtained by biometric data acquisition component II (690 2 ), and may be one of any class of biometric data.
- the second class of biometric data is nucleic acid, i.e. either DNA or RNA
- a sample of the individual's DNA is collected and analyzed (693 ⁇ 4).
- the results are converted to a digital electronic format (629).
- the digitized individualized biometric data of the second class (IBD11) is hashed with the electronically digitized first class of biometric data (IBDI) of the individual (631) to produce an individualized identification hash ( ⁇ ).
- the hashing process is invertible. In other embodiments, the hashing process is noninvertible. Only the individualized identification hash ( ⁇ , 632) is stored on the identification card (620).
- an additional process is added to the enrollment methods.
- the processor at the time of enrollment, additionally assigns (634) and deposits a unique enrollment verification certification (EVC, 611) into the enrollment database and stores a copy of the unique enrollment verification certification (EVC) in the identification card 620.
- ECC unique enrollment verification certification
- the enrollment verification certification can be retrieved at the point of contact when the individual requests access to an entity, transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds to assure that the card was issued from the enrollment database, as discussed above.
- Additional classes of biometric data may also be obtained from the individual (FIGS.7A and 7B), for example, fingerprints and palmprints; body geometry features, including but not limited to ear, hand, finger, and the like; facial features; face images; voice; voice prints; optical recognition, including but not limited to iris scans and retinal scans; infrared identification, including but not limited to face, hand, and handvein; and the like.
- the additional classes of biometric data include nucleic acids data.
- the biometric data of the first class is collected by biometric data acquisition component I (790i) and converted to a digital electronic format (735), as discussed above for the embodiments of FIG. 6A and 6B t and including the same classes of biometric data.
- the biometric data of the first class is stored on the identification card, in the digitized electronic format.
- the digitized electronic biometric data of the first class (IBDI) may have been further processed (744) as discussed for the embodiments of FIGS. 6A and 6B, prior to storage on the identification card 720.
- the second class of biometric data is obtained by biometric data acquisition component II (790 2 ), and may be one of any class of biometric data.
- the second class of biometric data is nucleic acid, i.e. either DNA or RNA
- a sample of the individual's ON A is collected and analyzed (790i).
- the second class of biometric data is processed (737) as in the embodiments of FIG.6A and 6B.
- the digitized individualized biometric data of the second class is hashed with electronically digitized first class of biometric data (IBDI) of the individual (739) to produce an individualized identification hash ( ⁇ ).
- IBDI electronically digitized first class of biometric data
- ⁇ individualized identification hash
- the hashing process is invertibie. In other embodiments, the hashing process is noninvertible. Only the individualized identification hash (IIH, 739) is stored on the identification card (720).
- the third or more classes of biometric data are acquired by biometric acquisition component III (79 3 ), and so forth.
- the third or more classes of biometric data may be converted to a digital electronic format (IBDIII, 741).
- the third or more classes of biometric data may be hashed before storage on the identification card (743).
- the hash of the third or more classes of biometric data is invertibie.
- the hash of the third or more classes of biometric data is non-invertible.
- other post processing of the electronically digitized biometric data of the third or more class is performed.
- no post processing of the electronically digitized biometric data of the third or more class is performed.
- a biometric data including a nucleic acids profile either D A or RNA
- it may also be hashed with the electronically digitized biometric data of the first class, prior to storage on the identification card.
- the hashing of the DNA or RNA containing third class of biometric data and the first class of biometric data is invertibie.
- the hashing of the DNA or RNA containing third class of biometric data and the first class of biometric data is non-invertible.
- the individualized biometric data of the first class (IBDI), individualized information hash (IIH) and the individualized biometric data of the third class (IBDIII) are stored on the identification card 7Z0, and so on for any additional classes of individualized biometric data.
- the individualized biometric data of the third class may be of the form of an individualized identification hash.
- an additional process is added to the enrollment methods.
- the processor at the time of enrollment, additionally assigns (745) and deposits a unique enrollment verification certification (EVC) into the enrollment database and stores a copy of the unique enrollment verification certification (EVC) in the identification card 720.
- ECC unique enrollment verification certification
- the enrollment verification certification can be retrieved at the point of contact when the individual requests access to an entity', transport, information, location, security organization, law enforcement organization, transaction, services, authorized status, or funds to assure that the card was issued from the enrollment database, as discussed above.
- biometric data for storage on the identification card and for comparison between individualized biometric data and interrogation biometric data.
- Many modes of digitizing and processing biometric data can be incorporated into the systems and methods of the invention.
- fingerprint data many approaches are available or in development to convert fingerprint scans to digitized forms and create searchable templates.
- Two major categories include minutia bases templates or pattern based templates.
- Pattern based templates are graphical images that are compressed for storage but are compared graphically.
- Minutiae based approaches while also derived from a graphical image, can be used to create mathematical representations of such data for comparison.
- the M40 algorithm, utilized by the FBI, is one such mathematical representation.
- fingerprint scans are processed in similarly to those stored in the Integrated Automated Fingerprint
- IAFIS Identification System
- DNA or RNA profiles can be converted into numerical representations by any suitable coding method.
- the profile from a nucleic acids analysis can be represented in terms of a gene identifier along with a locus identifier, which can be converted using ASCII encoding, in one nonlimiting example.
- Reordering nucleic acid profiles to present the same relative order of gene identifier and locus identifier may be necessary in order to obtain hashes that are comparable.
- the order of presentation may be the same as the order of presentation as used in CODIS, managed by the FBI.
- the first class of individualized biometric data obtained from an individual may be a fingerprint scan data.
- the digitized fingerprint scan of the individual may be converted to alphanumerical, numerical or matrixed values by any of the methods known in the art, as discussed above.
- a first instance of the converted digitized fingerprint data is stored on the identification card.
- the second class of biometric data may be a DNA or RNA profile, which has been converted into an
- a second instance of the converted digitized fingerprint data is hashed together with the converted digitized DNA or RNA profile data of the individual, using, for example, a fuzzy hashing tool, to create a hashed value, which is stored on the identification card, as the individual information hash.
- this hashed value is a barcode.
- the hashing is a one-way hashing which provides a collision-free mechanism, and provides a product hash having a fixed Length.
- the processor retrieves the converted fingerprint data of the individual; accesses at least one interrogation database; and retrieves the plurality of interrogation biometric data of the second class, for example, DNA or RNA profiles of high risk individuals.
- the processor reorders each of the plurality of interrogation biometric data of the second class, if necessary; and converts each of the plurality of interrogation biometric data of the second class to an alphanumeric, numerical, or matrixed value of the same format as the individualized biometric data of the second class.
- the processor hashes the converted fingerprint data of the individual with each converted, digitized DNA or RNA data of the interrogation database, using the same hashing tools as used in the enrollment of the individual.
- the hashing tool is a fuzzy hashing tool.
- Each of the plurality of interrogation hashes is compared to the individualized information hash retrieved from the identification card. The comparison may be made by a fuzzy hashing algorithm, seeking substantial identity but not requiring perfect identity. If substantial identity is found, a match is reported and further investigation of the individual as a high risk individual may follow.
- the processor performs comparison between the individualized biometric data of the first or third or more class and interrogation databases having biometric data of the respective classes.
- the method may include the steps of reordering or reorganizing the biometric data in the interrogation databases to be in the same order or presented in the same manner as that of the individualized biometric data.
- the method may also include the steps of processing the biometric data of the interrogation databases to be represented, encoded or mathematically manipulated in the same way as that of the individualized biometric data.
- the method includes steps for retrieving an instance of the individualized biometric data of the class other than the DNA data, and forming a plurality of interrogation hashes with DNA data of the interrogation database; comparing the plurality of interrogation hashes with the individualized identification hash; and reporting whether a match has been found.
- the processor performs a comparison between partial or degraded DNA profiles in an interrogation database and a plurality of individualized identification hashes containing partial DNA profile data stored on the identification card.
- the processor may perform a weighting analysis to determine if a threshold probability has been attained to permit reporting a match.
- An identification card is produced by acquiring individualized biometric data of at least a first and a second class from the individual.
- the individualized biometric data of the first class is converted Into a digitized biometric data.
- At least a first instance of the digitized biometric data of the first class is stored on the identification card.
- a second instance of the biometric data of the first class is stored on the card.
- the second instance of the biometric data may be stored on the identification card in a different format than the first instance of the biometric data of the first class.
- the identification card may include a fingerprint data scan stored as a digitized data string and may also have a graphical representation of the fingerprint scan stored on the identification card.
- the individualized biometric data of the second class may be converted into a digitized biometric data and is hashed with another instance of the digitized individualized biometric data of the first class to form an individualized identification hash.
- the individualized identification hash is stored on the identification card.
- the individualized identification hash is a oneway hash.
- the first instance of the individualized biometric data of the first class is hashed in an invertible form prior to storage on the card.
- more than two classes of individualized biometric data are acquired, converted to digital electronic formats, and stored on the identification card.
- any third or more class of individualized biometric data is a DNA data
- it is hashed with a non- DNA individualized biometric data prior to storage on the identification card.
- the hashing may be one- way.
- an enrollment verification certification is stored on the card.
- the storing of any of the biometric data on the identification may be accomplished by any suitable method, including but not limited to graphical, text, pictorial, barcode, alphanumeric or two dimensional marking.
- the marking may be magnetic, visually readable, or electronic.
- the identification card may further comprise parametic identification embedded or printed on it.
- Example 1 Enrollment of an individual using fingerprint scan data and DNA data.
- the individual's biological sample is processed to extract the crude DNA, the DNA is amplified using primers and a DNA STR profile is determined by analysis using an Identifiler® STR kit (Life Technologies).
- the results are presented as a string of digits, representing the number of alleles found for each loci, ordering the loci as AMEL, CSF1PO , D13S317 , D16S539 , D18S51 , D19S433, D21S11, D2S1338, D3S1358, D5S81, D7S820, D8S1179, FGA, TH01, TPOX, vWA, and can be written as data string 001:
- VeriFinger SDK 6.4 (NeuroTechnology), represented here as data string 002:
- the individualized identification hash is obtained by encryption of the combined strings using MessageDigestClass from Java Encryption API, which includes a revised Secure Hash Algorithm (SHA-1, developed by NSA, and published by NIST) algorithm.
- SHA-1 Secure Hash Algorithm
- the result can be written in a 160 bit data string as individualized identification hash 003:
- An identification card is produced for the individual, having the fingerprint template data string 002 and the individualized identification hash 003 present on the card.
- the identification card also includes descriptors for the biometric data string 002 and individualized identification hash data string 003 that identifies what type of data (i.e., fingerprint scan template and hashed fingerprint template/DNA profile) is represented by these data strings. Parametric information such as name, age, address, citizenship, residency status, and the like is also included.
- Example 2 Method of accessing information and interrogating databases containing DNA data.
- the individual presents the identification card of Example 1, and the processor reads the data string 002 and data string 003, along with the descriptors identifying the types of biometric data included in the data strings and also identifies the method of organizing/reordering biometric data used.
- the processor communicates to a database containing DNA STR data, including, for example, 158 individual STR profiles comprising the same loci as used in Example 1. For each DNA profile in the database, the processor first reorders the DNA loci of the STRs to be represented in same order and digitized manner as used in Example 1.
- the processor forms an interrogation database hash by extracting the data string 002 from the identification card of the individual, and encrypts the combined strings using
- MessageDigestClass from Java Encryption API, to provide an interrogation database hash for each of the DNA profiles in the database (interrogation database hash 005-1 to 005-158).
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Credit Cards Or The Like (AREA)
- Collating Specific Patterns (AREA)
Abstract
L'invention concerne des systèmes et des procédés utilisant les données biométriques d'un individu pour identifier l'individu et/ou vérifier l'identité d'un individu. Ces systèmes et ces procédés permettent, dans de nombreuses applications, une identification plus sûre des individus à haut risque tentant d'accéder à une entité, à un transport, à des informations, à un emplacement, à une organisation de sécurité, à une organisation d'application de la loi, à une transaction, à des services, à un statut autorisé et/ou à des fonds.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261674243P | 2012-07-20 | 2012-07-20 | |
PCT/US2013/051536 WO2014015346A1 (fr) | 2012-07-20 | 2013-07-22 | Systèmes et procédés permettant d'identifier un individu |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2875467A1 true EP2875467A1 (fr) | 2015-05-27 |
Family
ID=48948506
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP13745943.4A Withdrawn EP2875467A1 (fr) | 2012-07-20 | 2013-07-22 | Systèmes et procédés permettant d'identifier un individu |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP2875467A1 (fr) |
WO (1) | WO2014015346A1 (fr) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013032869A1 (fr) | 2011-08-26 | 2013-03-07 | Life Technologies Corporation | Systèmes et procédés d'identification d'un individu |
US20160342996A1 (en) | 2014-11-06 | 2016-11-24 | Toc S.A. | Two-factor authentication method |
US9646216B2 (en) * | 2014-12-08 | 2017-05-09 | Intel Corporation | Multiple user biometric for authentication to secured resources |
KR101758575B1 (ko) | 2016-11-14 | 2017-07-26 | 이선관 | 모바일 디바이스를 이용한 금융 결제 방법 및 결제 시스템 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4993068A (en) * | 1989-11-27 | 1991-02-12 | Motorola, Inc. | Unforgeable personal identification system |
DE19715644A1 (de) * | 1997-04-15 | 1998-10-22 | Iks Gmbh Information Kommunika | Verfahren zur Identitätsprüfung |
EP1385118B1 (fr) * | 2002-05-30 | 2009-10-07 | Activcard Ireland Limited | Procédé et appareil pour faciliter un enregistrement biométrique effectué sur une carte |
US20080209227A1 (en) * | 2007-02-28 | 2008-08-28 | Microsoft Corporation | User Authentication Via Biometric Hashing |
WO2009055303A1 (fr) * | 2007-10-24 | 2009-04-30 | Simon Rodolphe J | Carte de transaction sécurisée biométrique |
JP5056981B2 (ja) * | 2009-04-09 | 2012-10-24 | 富士通株式会社 | 指紋認証サーバ装置、指紋認証クライアント装置および指紋認証方法 |
JP5309088B2 (ja) * | 2010-06-21 | 2013-10-09 | 株式会社日立製作所 | 生体認証システムにおける、生体情報の登録方法、テンプレートの利用申請の方法、および、認証方法 |
-
2013
- 2013-07-22 EP EP13745943.4A patent/EP2875467A1/fr not_active Withdrawn
- 2013-07-22 WO PCT/US2013/051536 patent/WO2014015346A1/fr active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO2014015346A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2014015346A1 (fr) | 2014-01-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11636190B2 (en) | Systems and methods for identifying an individual | |
US20150363586A1 (en) | Systems and methods for identifying an individual | |
US20210334571A1 (en) | System for multiple algorithm processing of biometric data | |
US8275995B2 (en) | Identity authentication and secured access systems, components, and methods | |
US7454624B2 (en) | Match template protection within biometric security systems | |
US20100174914A1 (en) | System and method for traceless biometric identification with user selection | |
US10291611B2 (en) | Confidential information storing method, information processing terminal, and computer-readable recording medium | |
US20040123114A1 (en) | Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication | |
JP2009543176A (ja) | トレースレス生体認証識別システム及び方法 | |
US11207004B2 (en) | Apparatus for collecting fingerprints and buccal swabs | |
JP2007282281A (ja) | 安全に身分を証明し、特権を与えるシステム | |
KR20190038938A (ko) | 이종 통신 네트워크 환경에서 검증가능하게 인증가능한 엔터티로의 원 엔터티의 변환을 구현하기 위한 시스템, 방법 및 서버 컴퓨터 시스템 | |
EP2875467A1 (fr) | Systèmes et procédés permettant d'identifier un individu | |
AU2005308697B2 (en) | Method for identifying a user by means of modified biometric characteristics and a database for carrying out said method | |
JP2014519083A (ja) | 生体登録および生体照合のための方法、ならびに関連するシステムおよびデバイス | |
US20240022404A1 (en) | Non-hackable digital identity | |
CN114021096A (zh) | 一种防伪证卡及其验证系统和验证方法 | |
Busch | Facing the future of biometrics: Demand for safety and security in the public and private sectors is driving research in this rapidly growing field |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20150219 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20151020 |