EP4241478A1 - Device and method for registering a user - Google Patents

Device and method for registering a user

Info

Publication number
EP4241478A1
EP4241478A1 EP21802822.3A EP21802822A EP4241478A1 EP 4241478 A1 EP4241478 A1 EP 4241478A1 EP 21802822 A EP21802822 A EP 21802822A EP 4241478 A1 EP4241478 A1 EP 4241478A1
Authority
EP
European Patent Office
Prior art keywords
registration code
user
data
registration
identification data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21802822.3A
Other languages
German (de)
French (fr)
Inventor
Aleardo Furlani
Alessio GUGLIOTTA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aleardo Furlani Start Up Costituita A Norma Srl
Original Assignee
Aleardo Furlani Start Up Costituita A Norma Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aleardo Furlani Start Up Costituita A Norma Srl filed Critical Aleardo Furlani Start Up Costituita A Norma Srl
Publication of EP4241478A1 publication Critical patent/EP4241478A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/02Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people not involving the registering, indicating or recording of other data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Definitions

  • the present invention relates to the technical sector of systems for the certification/ authentication of the presence and identity, including by identifying biometric data, of a person at a given location and at a given time.
  • the present invention relates to a device and a method for registering the presence of an individual in a place and at a determined time.
  • the place in question may be any place in which it is necessary or of interest to register the identity of persons entering it, by way of example and without limiting the scope of the invention, such places of interest may comprise commercial premises, hospitals, museums, public offices and private homes.
  • the presence of an employee is usually verified by reading a badge which records the identity of the person carrying out the operation, also storing the time in which it is carried out.
  • the identity and the data of interest of the user are all pre-registered in a company database, in such a way as to be able to correctly associate each individual badge with a specific employee.
  • the recording is currently carried out by means of a manual entering, by an operator, of the information useful for identifying the user who accesses the place.
  • the technical purpose which forms the basis of this invention is to provide a registration device and method which obviate at least some of the above-mentioned drawbacks in the cited prior art.
  • the aim of the present invention is to provide a registration device and method which enable the registering of the accesses to be performed rapidly and with precision, that is to say, an event relative to a user in a given place and time, while at the same time protecting privacy.
  • the technical purpose indicated and the specified aims are substantially achieved by a registration device and a method comprising the technical features described in one or more of the appended claims.
  • the present invention describes a device for registering a user which comprises an acquisition module, a storage module, an encoding module and a transmission module.
  • the acquisition module is configured for acquiring a plurality of identification data of the user.
  • the storage module is configured for storing at least a part of the identification data acquired by means of the acquisition module, i.e. generating and storing a new identification code of the event.
  • the encoding module is configured for encrypting at least a part of the plurality of identification data and for generating a registration code representing the data and code.
  • the transmission module is configured for transmitting the registration code by means of a wireless communication protocol.
  • the device described herein makes it possible to generate and transmit, quickly and easily, a code that is such as to enable unique identification of an individual after having at least partly encrypted the data which identify him or her in respect of the privacy thereof.
  • This present invention also relates to a registration system which comprises a registration device and a receiver device.
  • the registration device is configured for acquiring, storing, encoding and transmitting identification data of a user.
  • the registration device is a device in accordance with the present invention.
  • the receiver device is configured to receive, by means of a wireless transmission protocol, the registration code transmitted by the registration device and to store the identification code.
  • this registration system allows the user's data to be quickly acquired without requiring a lengthy and laborious manual acquisition by an operator.
  • the invention also relates to a registration method which is carried out by acquiring a plurality of identification data of the user.
  • the collected data is then encrypted at least partly and used to generate a registration code.
  • the registration code can therefore be transmitted to a receiver device which stores it in order to register the user.
  • this method allows the presence of a user to be quickly recorded, while at the same time respecting the user’s privacy, since at least some of the data which identify him or her are encrypted.
  • FIG. 1 is a schematic view of a system which uses the device according to the present invention.
  • reference numeral 1 generically denotes a registration device, to which reference will hereinafter be made below simply as the device 1.
  • registration is used to mean in general any activities designed or entered in a special register for administrative, commercial, juridical or statistical use of one or more items of data which makes it possible to uniquely identify a user.
  • the registration makes it possible to identify the presence of the user inside a place at a given time.
  • the device 1 comprises an acquisition module 2, a storage module 3, an encoding module 4 and a transmission module 5.
  • the acquisition module 2 is configured for acquiring a plurality of identification data of the user.
  • the identification data may comprise any type of information such as to make it possible to uniquely identify the user, whether considered individually or in combination with other data.
  • the plurality of identification data may comprise information relating to the user belonging to one or more of the following categories: personal data (name, name, place of birth, date of birth), biometric data (a scan of a fingerprint, photographs, voice recordings), alphanumeric data associated with the user (tax code, identity card code or health card, codes associated with credit/debit cards or current accounts).
  • the acquisition module 2 comprises one or more devices configured for acquiring one or more respective data of interest.
  • the acquisition module 2 can comprise a biometric recognition system configured for acquisition thereof, such as, for example, a fingerprint reader, an audio acquisition device, a video acquisition device.
  • the acquisition module 2 may also comprise or be connectable to a user interface which allows the user to enter or edit data of a personal or alphanumeric type, such as, for example, a touch screen.
  • the acquisition device 2 is configured for acquiring a plurality of identification data of the user which comprise at least one sensitive item of data.
  • sensitive data is used to mean data the collection and processing of which is subject to the consent of the user to whom that data refers and/or to the prior authorisation of an authority which regulates and protects the user's privacy in accordance with the current regulations.
  • sensitive data is used to mean any data which the user does not wish to share openly with third parties.
  • the identification data collected by the acquisition module 2 can be completely or at least partly stored inside the storage module 3.
  • all the data acquired by the acquisition module 2 can be stored.
  • the storage module 3 can advantageously be edited to allow the user to enter and modify the identification data and/or to identify determined identification data as sensitive data.
  • the user has the right to select which identification data stored in the storage module 3 is to be considered as sensitive data and which is not.
  • the user could indicate that a predetermined identification data time containing medical information (such as, for example, the blood group of the user) must be considered as sensitive in a certain context (for example, for carrying out a registration in one commercial activity) but not in another (for example for registering an access to a hospital).
  • a predetermined identification data time containing medical information such as, for example, the blood group of the user
  • the storage module 3 comprises a legible and editable storage support, which allows the user to write, modify and read the information contained inside it.
  • some of the information contained in the identification data which has been acquired and stored by the respective modules may be of a sensitive personal nature or in any case the user might not wish to have it open to view, that is to say, it might not be desirable for them to be shared in a form immediately and easily interpreted or recognised by third parties.
  • At least a part of the plurality of identification data which is acquired and stored by the respective modules is encrypted by the encoding module 4.
  • the encoding operation may be performed on all the sensitive data acquired/representable and stored/stored by the respective modules, or only on a sub-set thereof.
  • the encoding may be performed only on the data identified as sensitive or on any other sub-set or group of identification data sub-sets according to the requirements of the user.
  • the storage module can be edited to allow the user to identify certain identification data or determined groups of identification data as the data which must be encrypted by the encoding module 4.
  • the encoding module 4 is further configured for generating a registration code representing the plurality of identification data.
  • the encoding module 4 processes the identification data of the user, encrypting what the user does not wish to share freely and at the same time generates a code representing all the user identification data (encrypted and not).
  • the registration code might only contain a contact address (for example, an electronic mail address or a telephone address) of the user in order to make it contactable by the establishment in which all further identification data has been recorded and kept encrypted, allowing it to be unambiguously identified (name, surname, address, data for execution and authorisation of payments).
  • a contact address for example, an electronic mail address or a telephone address
  • the registration code can therefore be transmitted by means of the transmission module 5 and shared by the user for recording its presence in a place or at a service establishment.
  • the transmission module 5 is configured for sharing the registration code in such a way as to rapidly and easily register the user.
  • the registration code uniquely identifies the user without the need to acquire the data which identifies him or her one by one using a manual process. Further, at least part of the data is encoded in such a way as to respect the user's privacy, and the option of selecting which data is to be encrypted and which is not means that the device 1 can be rapidly adapted to any updates and modifications set by the legislator with respect to privacy regulations.
  • the transmission module 5 is configured to transmit the registration code by means of a wireless communication protocol.
  • the transmission module 5 can comprise a wireless antenna configured for transmitting the registration code via a Wi-Fi® or Bluetooth® protocol or via the mobile phone network.
  • the acquisition module 2 can comprise an input device which can be used by the user to activate the transmission module 5 in such a way as to start the transmission of the registration code.
  • the interaction of the user with the input device can allow the user to also activate different functions such as, for example, starting the acquisition or modification of determined identification data.
  • the input device comprises a fingerprint reader configured to detect a fingerprint of the user and to activate the transmission of the registration code only if the fingerprint detected corresponds with a reference fingerprint.
  • the reference digital impression may preferably be a fingerprint previously acquired and stored in the storage module 3.
  • the duration of the user's finger remaining on the fingerprint reader could be associated with the activation of different modules and processes of the device 1.
  • the acquisition module 2 can also comprise a position detector and/or a clock, which are configured to detect, respectively, a geographical position and a time in which a transmission of the registration code is carried out.
  • the device 1 is able not only to identify the user but also the geographical localisation and the time at which the registration procedures are carried out.
  • the encoding module is configured for generating a registration code also representing the geographical position and/or the time at which the transmission of the registration code is carried out.
  • the registration code which is transmitted by the transmission module 5 makes it possible to uniquely identify who caused the generation of the registration code, as well as the time and the place at the moment the registration code was sent.
  • This aspect is particularly advantageous if the device 1 is used to register the user at an online service (purchases in on-line shops or registration for courses, examinations, seminars and conferences), as the identification of the time and place where the procedure is carried out allows certification of the registration being carried out at the correct time and by the user to whom the identification data belong.
  • the registration code contains localisation data which indicates a particularly distant geographical position (for example, a different nation) an attempt to register might be under way by a person other than the user to whom the identification data belong.
  • This situation could, for example, trigger further authentication procedures using different means or lead to the unsuccessful termination of the registration procedure.
  • the registration code may also be stored inside the storage module 3 in such a way that the user can keep track of every time that he or she has shared the registration code, where it was located and the time at which the transmissions occurred.
  • the invention advantageously attains the preset aims, overcoming the drawbacks of the prior art by providing the user with a registration device 1 which is able to quickly and securely share the identification data of the user, while at the same time respecting privacy.
  • the present invention also relates to a registration system 100 which comprises a registration device 1 and a receiver device 6.
  • the registration device 1 is preferably made in accordance with one or more of the technical characteristics identified and analysed in the foregoing.
  • the device 1 is configured for generating and transmitting a registration code identifying at least one identification data of a user.
  • the receiver device 6 is configured to receive the registration code by means of a transmission performed via a wireless transmission protocol.
  • the receiver device 6 can be coupled to the device 1 to receive the registration code therefrom. Further, the receiver device 6 is configured for storing the identification code.
  • the receiver device 6 can store the registration code received by the device 1 locally and/or remotely.
  • the receiver device 6 may comprise an internal memory 7a which is readable and editable and in which the registration code is stored and/or which can be connected to a remote storage system 7b.
  • the remote storage system 7b may comprise a remote server, a cloud, a shared data structure (such as, for example, a blockchain) or any combination thereof.
  • the receiver device 6 can be installed or incorporated or can correspond with a management system of the place in which the entries of the various users who travel there for reasons of security, statistical analysis or public order are to be registered.
  • the registration of the users may be performed automatically without wasting the working time of an operator who would otherwise have to manually enter them in the management system.
  • the receiver device 6 may be connected or connectable to a certifying body which is able to check and certify the authenticity of the registration code.
  • the certifying body may be a public or private body which is required to authenticate the registration code, in particular to verify that the registration code is an authentic code that effectively contains data suitable for identifying a specific user.
  • the certifying body is designed to autonomously and automatically decrypt the registration code received for a verification, but simply means that it is able to do so and recognise that the code satisfies certain authenticity standards defined, for example, on the basis of determined markers present in the code and/or in respect of predetermined rules of composition and encryption of the code. In this way, should it be necessary for the needs of public order, access to all the identification data encrypted in the registration code would have the option of interfacing with the certifying body to obtain the data.
  • the device 1 is shown as divided into separate functional modules (acquisition module 2 or storage module 3, and so on) for the sole purpose of describing the functionality in a clear and complete manner.
  • the device 1 may, in one case, consist of a single electronic device, suitably programmed to perform the functions described and the various modules can correspond to hardware units and/or software routines forming part of the programmed device 1.
  • the functions can be performed by a plurality of electronic devices on which the above-mentioned functional modules can be distributed.
  • the processing unit may also be equipped with one or more processors for carrying out the instructions which are advantageously contained in the storage module 3 and in such a way as to carry out a registration method as described below.
  • the above-mentioned functional modules may also be distributed on different computers, either locally or remotely, on the basis of the architecture of the network on which they are housed.
  • the present invention also relates to a registration method which allows the identity of a user to be recorded and certified in a fast and efficient manner.
  • the method described here can be performed in a particularly high-performing manner by using a device 1 and a registration system 100 characterised by one or more of the technical features described in the foregoing.
  • the method is performed by acquiring a plurality of identification data of the user.
  • This acquisition may be performed only once after which the identification data is stored or can be acquired any number of times both for the addition of further identification data and for their updating, or for performing a verification that one or more item of identification data is consistent with and compliant with the previously stored data.
  • At least a part of the identification data acquired is then encrypted so as to protect the user's privacy.
  • the selection of which data is encrypted and which is not encrypted can be set by the user according to his requirements and the type of registration operation he wishes to carry out.
  • the method comprises identifying as sensitive data at least one item of user identification data and the encoding of the identification data is performed by encrypting only the sensitive data.
  • the plurality of data (both encrypted and accessible if present) is therefore used to generate a registration code which represents them and which is transferred to a receiver device 6.
  • the receiver device 6 stores the registration code in such a way as to register the user, which is uniquely identified by the information contained in the registration code.
  • the storage of the registration code can advantageously be performed by storing the registration code in a blockchain.
  • the registration of the user may also be accompanied by a verification of the authenticity of the code, preferably by subjecting the code to a control by a certifying body.
  • the identity of the user can also be checked, for example, by also subjecting the registration code to a check by a certifying body.
  • the certifying body can perform a double control aimed at authenticating not only the code itself, but also the identity of the person who requested the registration.
  • the method may comprise the acquisition of an item of biometric data of the user and the above-mentioned verification steps can be performed by comparing the biometric data acquired with a corresponding reference data stored in a database of the certifying body.
  • Both the biometric data and the reference data may be data encrypted in such a way as not to allow access to them by unauthorised third parties.
  • biometric data may also be used to activate/authorise the transmission of the reference code.
  • the step of transmitting the registration code may be carried out only after a positive compliance verification between the biometric data and the reference data.
  • the reference data may also be an item of data stored locally in a registration device 1 such as the one described here.
  • the generation of the registration code can preferably also be performed by taking into account the place and time in which the registration procedure is performed, that is to say, the transmission of the registration code.
  • the method described here advantageously overcomes the drawbacks of the prior art since it enables the data of the user to be quickly shared while at the same time encoding the data which the user does not wish to be accessible to all.

Abstract

A device is described for registering a user comprising an acquisition module (2), a storage module (3), an encoding module (4) and a transmission module (5). The acquisition module (2) is configured for acquiring a plurality of identification data, which can be stored using the storage module (3). The encoding module (4) is configured for encoding at least a part of the plurality of identification data and for generating a registration code representing them and which can be transmitted by means of a wireless transmission protocol by the transmission module (5).

Description

DESCRIPTION
DEVICE AND METHOD FOR REGISTERING A USER
The present invention relates to the technical sector of systems for the certification/ authentication of the presence and identity, including by identifying biometric data, of a person at a given location and at a given time.
More specifically, the present invention relates to a device and a method for registering the presence of an individual in a place and at a determined time.
The place in question may be any place in which it is necessary or of interest to register the identity of persons entering it, by way of example and without limiting the scope of the invention, such places of interest may comprise commercial premises, hospitals, museums, public offices and private homes.
There is a wide variety of situations in which it may be necessary to register the presence of a person inside a place at a given time.
For example, a commercial business might need to register customers who have used their services, both for security and for tax reasons.
Similarly, in offices it is important to be able to monitor the presence of the employees, recording in particular the times of entry and exit.
However, prior art registering systems are highly inefficient and rigid, since they are not very adaptable to real situation that are different to the ones for which they were originally designed.
For example, in work contexts, the presence of an employee is usually verified by reading a badge which records the identity of the person carrying out the operation, also storing the time in which it is carried out.
However, in this context, the identity and the data of interest of the user are all pre-registered in a company database, in such a way as to be able to correctly associate each individual badge with a specific employee.
This system is therefore rigidly applicable only in this context, since it is evident that it is impossible for a commercial business to have a database which contains the data of all the potential customers present and and future who might request the services. The above also applies to museums, hospitals and other public places, in which it is obviously not possible to know in advance the identity of each potential user.
For this reason, in these places, the recording is currently carried out by means of a manual entering, by an operator, of the information useful for identifying the user who accesses the place.
Manual insertion, whether it is performed using technological rather than digital tools, is extremely inefficient and laborious because it requires an operator to be kept busy for the entire duration of the procedure or to trust an entry made by the user, thus reducing the possibility of ascertaining that the information supplied is accurate and true.
Further, the sharing of the information using the prior art systems presents significant problems from the point of view of privacy, the problems being difficult to deal with and in particular in the light of the frequent modifications that are necessarily carried out to deal with issues of such a sensitive and complex nature.
The need is therefore strongly felt in the sector to develop new solutions which are able to optimise the process for collecting the data of interest, without there being risks for the privacy of the owners of the data in all those acts - including authorised - in which the convergence of data referring to positioning, time and digital identification of the person assumes a particular importance and economic value.
In this context, the technical purpose which forms the basis of this invention is to provide a registration device and method which obviate at least some of the above-mentioned drawbacks in the cited prior art.
More specifically, the aim of the present invention is to provide a registration device and method which enable the registering of the accesses to be performed rapidly and with precision, that is to say, an event relative to a user in a given place and time, while at the same time protecting privacy.
The technical purpose indicated and the specified aims are substantially achieved by a registration device and a method comprising the technical features described in one or more of the appended claims. The present invention describes a device for registering a user which comprises an acquisition module, a storage module, an encoding module and a transmission module.
The acquisition module is configured for acquiring a plurality of identification data of the user.
The storage module is configured for storing at least a part of the identification data acquired by means of the acquisition module, i.e. generating and storing a new identification code of the event.
In effect, the encoding module is configured for encrypting at least a part of the plurality of identification data and for generating a registration code representing the data and code.
The transmission module is configured for transmitting the registration code by means of a wireless communication protocol.
Advantageously, the device described herein makes it possible to generate and transmit, quickly and easily, a code that is such as to enable unique identification of an individual after having at least partly encrypted the data which identify him or her in respect of the privacy thereof.
This present invention also relates to a registration system which comprises a registration device and a receiver device. The registration device is configured for acquiring, storing, encoding and transmitting identification data of a user.
Preferably, the registration device is a device in accordance with the present invention.
The receiver device is configured to receive, by means of a wireless transmission protocol, the registration code transmitted by the registration device and to store the identification code.
Advantageously, this registration system allows the user's data to be quickly acquired without requiring a lengthy and laborious manual acquisition by an operator.
The invention also relates to a registration method which is carried out by acquiring a plurality of identification data of the user.
The collected data is then encrypted at least partly and used to generate a registration code.
The registration code can therefore be transmitted to a receiver device which stores it in order to register the user.
Advantageously, this method allows the presence of a user to be quickly recorded, while at the same time respecting the user’s privacy, since at least some of the data which identify him or her are encrypted.
The dependent claims, incorporated herein for reference, relate to different embodiments of the invention.
Further characteristics and advantages of the invention will become more apparent from the non-limiting description that follows of a preferred but non-limiting embodiment of a device and a registration method, as illustrated in the accompanying drawings, in which:
- figure 1 is a schematic view of a system which uses the device according to the present invention.
In the accompanying drawings, reference numeral 1 generically denotes a registration device, to which reference will hereinafter be made below simply as the device 1.
The term “registration" is used to mean in general any activities designed or entered in a special register for administrative, commercial, juridical or statistical use of one or more items of data which makes it possible to uniquely identify a user.
More specifically, the registration makes it possible to identify the presence of the user inside a place at a given time.
From a structural point of view, the device 1 comprises an acquisition module 2, a storage module 3, an encoding module 4 and a transmission module 5.
The acquisition module 2 is configured for acquiring a plurality of identification data of the user.
The identification data may comprise any type of information such as to make it possible to uniquely identify the user, whether considered individually or in combination with other data.
By way of non-limiting example, the plurality of identification data may comprise information relating to the user belonging to one or more of the following categories: personal data (name, name, place of birth, date of birth), biometric data (a scan of a fingerprint, photographs, voice recordings), alphanumeric data associated with the user (tax code, identity card code or health card, codes associated with credit/debit cards or current accounts).
In detail, therefore, the acquisition module 2 comprises one or more devices configured for acquiring one or more respective data of interest.
For example, when the identification data comprises biometric data, the acquisition module 2 can comprise a biometric recognition system configured for acquisition thereof, such as, for example, a fingerprint reader, an audio acquisition device, a video acquisition device.
The acquisition module 2 may also comprise or be connectable to a user interface which allows the user to enter or edit data of a personal or alphanumeric type, such as, for example, a touch screen.
Generally speaking, the acquisition device 2 is configured for acquiring a plurality of identification data of the user which comprise at least one sensitive item of data.
The term "sensitive data" is used to mean data the collection and processing of which is subject to the consent of the user to whom that data refers and/or to the prior authorisation of an authority which regulates and protects the user's privacy in accordance with the current regulations.
Alternatively, the term "sensitive data" is used to mean any data which the user does not wish to share openly with third parties.
The identification data collected by the acquisition module 2 can be completely or at least partly stored inside the storage module 3.
For example, it is possible to store the data the acquisition of which requires longer times, for example the data of the personal or alphanumeric type while not storing, for example, data of the biometric type the acquisition of which can be performed more quickly.
Alternatively, all the data acquired by the acquisition module 2 can be stored.
The storage module 3 can advantageously be edited to allow the user to enter and modify the identification data and/or to identify determined identification data as sensitive data.
In other words, the user has the right to select which identification data stored in the storage module 3 is to be considered as sensitive data and which is not.
These distinctions may also be performed in a conditioned manner to the context of use of the device 1.
For example, the user could indicate that a predetermined identification data time containing medical information (such as, for example, the blood group of the user) must be considered as sensitive in a certain context (for example, for carrying out a registration in one commercial activity) but not in another (for example for registering an access to a hospital).
In more detail, the storage module 3 comprises a legible and editable storage support, which allows the user to write, modify and read the information contained inside it.
As indicated above, some of the information contained in the identification data which has been acquired and stored by the respective modules may be of a sensitive personal nature or in any case the user might not wish to have it open to view, that is to say, it might not be desirable for them to be shared in a form immediately and easily interpreted or recognised by third parties.
In order to guarantee the user's privacy, at least a part of the plurality of identification data which is acquired and stored by the respective modules is encrypted by the encoding module 4.
The encoding operation may be performed on all the sensitive data acquired/representable and stored/stored by the respective modules, or only on a sub-set thereof.
For example, the encoding may be performed only on the data identified as sensitive or on any other sub-set or group of identification data sub-sets according to the requirements of the user.
Advantageously, the storage module can be edited to allow the user to identify certain identification data or determined groups of identification data as the data which must be encrypted by the encoding module 4. The encoding module 4 is further configured for generating a registration code representing the plurality of identification data.
Therefore, the encoding module 4 processes the identification data of the user, encrypting what the user does not wish to share freely and at the same time generates a code representing all the user identification data (encrypted and not).
For example, the registration code might only contain a contact address (for example, an electronic mail address or a telephone address) of the user in order to make it contactable by the establishment in which all further identification data has been recorded and kept encrypted, allowing it to be unambiguously identified (name, surname, address, data for execution and authorisation of payments...).
The registration code can therefore be transmitted by means of the transmission module 5 and shared by the user for recording its presence in a place or at a service establishment.
In other words, the transmission module 5 is configured for sharing the registration code in such a way as to rapidly and easily register the user.
In effect, the registration code uniquely identifies the user without the need to acquire the data which identifies him or her one by one using a manual process. Further, at least part of the data is encoded in such a way as to respect the user's privacy, and the option of selecting which data is to be encrypted and which is not means that the device 1 can be rapidly adapted to any updates and modifications set by the legislator with respect to privacy regulations.
More specifically, the transmission module 5 is configured to transmit the registration code by means of a wireless communication protocol.
In this way, the exchange of the registration code is particularly fast and efficient without requiring the implementation and installation of dedicated cabling.
For example, the transmission module 5 can comprise a wireless antenna configured for transmitting the registration code via a Wi-Fi® or Bluetooth® protocol or via the mobile phone network.
Moreover, the acquisition module 2 can comprise an input device which can be used by the user to activate the transmission module 5 in such a way as to start the transmission of the registration code. Advantageously, the interaction of the user with the input device can allow the user to also activate different functions such as, for example, starting the acquisition or modification of determined identification data.
In an aspect of the present invention, the input device comprises a fingerprint reader configured to detect a fingerprint of the user and to activate the transmission of the registration code only if the fingerprint detected corresponds with a reference fingerprint.
In this way it is possible to guarantee that the device 1 has been used and activated by the user whose identification data is being transmitted.
In other words, if the device 1 were to be lost or stolen a third party would not in any way be enabled to carry out a registration procedure by illegally exploiting the user identification data, since it would not be able to activate the transmission of the registration code.
The reference digital impression may preferably be a fingerprint previously acquired and stored in the storage module 3.
In this context, the duration of the user's finger remaining on the fingerprint reader could be associated with the activation of different modules and processes of the device 1.
The acquisition module 2 can also comprise a position detector and/or a clock, which are configured to detect, respectively, a geographical position and a time in which a transmission of the registration code is carried out.
In this way, the device 1 is able not only to identify the user but also the geographical localisation and the time at which the registration procedures are carried out.
In this context, the encoding module is configured for generating a registration code also representing the geographical position and/or the time at which the transmission of the registration code is carried out.
In other words, the registration code which is transmitted by the transmission module 5 makes it possible to uniquely identify who caused the generation of the registration code, as well as the time and the place at the moment the registration code was sent. This aspect is particularly advantageous if the device 1 is used to register the user at an online service (purchases in on-line shops or registration for courses, examinations, seminars and conferences), as the identification of the time and place where the procedure is carried out allows certification of the registration being carried out at the correct time and by the user to whom the identification data belong.
In effect, if a user is domiciled in one place and the registration code contains localisation data which indicates a particularly distant geographical position (for example, a different nation) an attempt to register might be under way by a person other than the user to whom the identification data belong.
This situation could, for example, trigger further authentication procedures using different means or lead to the unsuccessful termination of the registration procedure.
As well as being transmitted, the registration code may also be stored inside the storage module 3 in such a way that the user can keep track of every time that he or she has shared the registration code, where it was located and the time at which the transmissions occurred.
The invention advantageously attains the preset aims, overcoming the drawbacks of the prior art by providing the user with a registration device 1 which is able to quickly and securely share the identification data of the user, while at the same time respecting privacy.
The present invention also relates to a registration system 100 which comprises a registration device 1 and a receiver device 6.
The registration device 1 is preferably made in accordance with one or more of the technical characteristics identified and analysed in the foregoing.
In general, the device 1 is configured for generating and transmitting a registration code identifying at least one identification data of a user.
The receiver device 6 is configured to receive the registration code by means of a transmission performed via a wireless transmission protocol.
In other words, the receiver device 6 can be coupled to the device 1 to receive the registration code therefrom. Further, the receiver device 6 is configured for storing the identification code.
More specifically, the receiver device 6 can store the registration code received by the device 1 locally and/or remotely.
For example, the receiver device 6 may comprise an internal memory 7a which is readable and editable and in which the registration code is stored and/or which can be connected to a remote storage system 7b.
The remote storage system 7b may comprise a remote server, a cloud, a shared data structure (such as, for example, a blockchain) or any combination thereof.
More specifically, by using the storage technology by means of blockchain it is possible to guarantee the unalterability of the recording code once it has been received by the receiver device 6.
By way of example, the receiver device 6 can be installed or incorporated or can correspond with a management system of the place in which the entries of the various users who travel there for reasons of security, statistical analysis or public order are to be registered.
In this context, thanks to the system 100 described herein, the registration of the users may be performed automatically without wasting the working time of an operator who would otherwise have to manually enter them in the management system.
Further, the receiver device 6 may be connected or connectable to a certifying body which is able to check and certify the authenticity of the registration code.
The certifying body may be a public or private body which is required to authenticate the registration code, in particular to verify that the registration code is an authentic code that effectively contains data suitable for identifying a specific user.
This does not mean that the certifying body is designed to autonomously and automatically decrypt the registration code received for a verification, but simply means that it is able to do so and recognise that the code satisfies certain authenticity standards defined, for example, on the basis of determined markers present in the code and/or in respect of predetermined rules of composition and encryption of the code. In this way, should it be necessary for the needs of public order, access to all the identification data encrypted in the registration code would have the option of interfacing with the certifying body to obtain the data.
In this way, besides guaranteeing the user's privacy, as the user's information is not made available to the operators who provide the service for which they are to be registered, the forces of law and order’s task is also facilitated, as they can easily identify and obtain contact information of the user if there is a need to do so.
In general it should be noted that, in this context and in the following claims, the device 1 is shown as divided into separate functional modules (acquisition module 2 or storage module 3, and so on) for the sole purpose of describing the functionality in a clear and complete manner.
In reality, the device 1 may, in one case, consist of a single electronic device, suitably programmed to perform the functions described and the various modules can correspond to hardware units and/or software routines forming part of the programmed device 1.
Alternatively or in addition, the functions can be performed by a plurality of electronic devices on which the above-mentioned functional modules can be distributed.
The processing unit may also be equipped with one or more processors for carrying out the instructions which are advantageously contained in the storage module 3 and in such a way as to carry out a registration method as described below.
The above-mentioned functional modules may also be distributed on different computers, either locally or remotely, on the basis of the architecture of the network on which they are housed.
The present invention also relates to a registration method which allows the identity of a user to be recorded and certified in a fast and efficient manner.
More specifically, the method described here can be performed in a particularly high-performing manner by using a device 1 and a registration system 100 characterised by one or more of the technical features described in the foregoing. Operatively, the method is performed by acquiring a plurality of identification data of the user.
This acquisition may be performed only once after which the identification data is stored or can be acquired any number of times both for the addition of further identification data and for their updating, or for performing a verification that one or more item of identification data is consistent with and compliant with the previously stored data.
At least a part of the identification data acquired is then encrypted so as to protect the user's privacy.
As indicated above, the selection of which data is encrypted and which is not encrypted can be set by the user according to his requirements and the type of registration operation he wishes to carry out.
More specifically, the method comprises identifying as sensitive data at least one item of user identification data and the encoding of the identification data is performed by encrypting only the sensitive data.
The plurality of data (both encrypted and accessible if present) is therefore used to generate a registration code which represents them and which is transferred to a receiver device 6.
The receiver device 6 stores the registration code in such a way as to register the user, which is uniquely identified by the information contained in the registration code.
The storage of the registration code can advantageously be performed by storing the registration code in a blockchain.
The registration of the user may also be accompanied by a verification of the authenticity of the code, preferably by subjecting the code to a control by a certifying body.
At the same time, the identity of the user can also be checked, for example, by also subjecting the registration code to a check by a certifying body.
In other words, the certifying body can perform a double control aimed at authenticating not only the code itself, but also the identity of the person who requested the registration. For example, the method may comprise the acquisition of an item of biometric data of the user and the above-mentioned verification steps can be performed by comparing the biometric data acquired with a corresponding reference data stored in a database of the certifying body.
Both the biometric data and the reference data may be data encrypted in such a way as not to allow access to them by unauthorised third parties.
Moreover, the biometric data may also be used to activate/authorise the transmission of the reference code.
In other words, the step of transmitting the registration code may be carried out only after a positive compliance verification between the biometric data and the reference data.
In the second illustrated case, for greater efficiency the reference data may also be an item of data stored locally in a registration device 1 such as the one described here.
The generation of the registration code can preferably also be performed by taking into account the place and time in which the registration procedure is performed, that is to say, the transmission of the registration code.
The method described here advantageously overcomes the drawbacks of the prior art since it enables the data of the user to be quickly shared while at the same time encoding the data which the user does not wish to be accessible to all.
In this way, it is possible to facilitate and speed up a registration procedure while at the same time protecting the user’s privacy.

Claims

1. A device for registering a user comprising:
- an acquisition module (2) configured for acquiring a plurality of identification data of the user;
- a storage module (3) configured for storing the plurality of identification data;
- an encoding module (4) configured for encoding at least a part of the plurality of identification data and for generating a registration code representing said plurality of identification data;
- a transmission module (5) configured for transmitting said registration code by means of a wireless transmission protocol.
2. The device according to claim 1, wherein said plurality of identification data comprises at least one biometric data of the user, said acquisition module (2) comprising a biometric recognition system configured for acquiring said biometric data, preferably said biometric recognition system comprising at least one between: a fingerprint reader, an audio acquisition device, a video acquisition device.
3. The device according to claim 1 or 2, wherein the acquisition module (2) is configured for acquiring a plurality of identification data of the user comprising at least one sensitive data, said encoding module (4) being configured for encoding only said at least one sensitive data.
4. The device according to claim 3, wherein the storage module (3) can be edited for identifying at least one identification data as sensitive data.
5. The device according to any one of the preceding claims, wherein the acquisition module (2) comprises a position detector and/or a clock, configured for detecting, respectively, a geographical position and a time in which a transmission of the registration code is executed, said encoding module (4) being configured to generate a registration code representing also said geographical position and/or time.
6. The device according to any one of the preceding claims, wherein the acquisition module (2) comprises an input device which can be operated by the user to activate at least the transmission of the registration code.
7. The device according to claim 6, wherein said input device comprises a fingerprint reader configured to detect a fingerprint of the user and to activate the transmission of the registration code only if the fingerprint detected corresponds with a reference fingerprint, said reference fingerprint preferably being stored in said storage module (3).
8. A registration system comprising:
- a registration device (1) according to any one of the preceding claims;
- a receiver device (6) configured to receive, by means of the wireless transmission protocol, the registration code transmitted by the registration device and for storing said identification code.
9. The system according to claim 8, wherein the receiver device is connected or connectable to a certifying body designed to verify and certify the authenticity of the registration code.
10. The system according to claim 8 or 9, wherein the receiver device (6) is configured for storing the registration code using a shared data structure of the blockchain type.
11. A method for registering a user comprising the steps of:
- acquiring a plurality of identification data of the user;
- encrypting at least a part of the plurality of identification data;
- generating a registration code representing the plurality of data; 16
- transmitting the registration code to a receiver device (6);
- storing the registration code using the receiver device (6).
12. The method according to claim 11, comprising a step of verifying the authenticity of said registration code, preferably subjecting the registration code to a control by a certifying body.
13. The method according to claim 11 or 12, comprising a step of verifying and certifying the identity of the user, preferably subjecting said registration code to a control by a certifying body.
14. The method according to any one of claims 11 to 13, wherein said step of storing the registration code is executed by storing the registration code in a blockchain.
15. The method according to any one of claims 11 to 14, comprising a step of acquiring biometric data of the user and verifying the compliance of said biometric data with a reference data; said step of transmitting the registration code being executed only in response to a positive verification.
16. The method according to any one of claims 11 to 15, wherein the step of generating a registration code is executed by generating a registration code also representing a geographical place and/or a time in which the step of transmitting the registration code is executed.
17. The method according to any one of claims 11 to 16, comprising a step of identifying as sensitive data at least one identification data of said plurality of identification data, said step of encrypting at least a part of the plurality of identification data being executed by encrypting only the sensitive data.
EP21802822.3A 2020-11-06 2021-11-03 Device and method for registering a user Pending EP4241478A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102020000026521A IT202000026521A1 (en) 2020-11-06 2020-11-06 DEVICE AND METHOD OF REGISTRATION
PCT/IB2021/060155 WO2022097028A1 (en) 2020-11-06 2021-11-03 Device and method for registering a user

Publications (1)

Publication Number Publication Date
EP4241478A1 true EP4241478A1 (en) 2023-09-13

Family

ID=74347540

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21802822.3A Pending EP4241478A1 (en) 2020-11-06 2021-11-03 Device and method for registering a user

Country Status (3)

Country Link
EP (1) EP4241478A1 (en)
IT (1) IT202000026521A1 (en)
WO (1) WO2022097028A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3007171B1 (en) * 2013-06-14 2019-08-23 Idemia Identity And Security METHOD FOR CONTROLLING PEOPLE AND APPLICATION TO INSPECTION OF PERSONS
US11321983B2 (en) * 2018-06-26 2022-05-03 Veriscan, Llc System and method for identifying and verifying one or more individuals using facial recognition
JP7238346B2 (en) * 2018-11-02 2023-03-14 日本電気株式会社 Information processing device, control program for information processing device, and communication terminal

Also Published As

Publication number Publication date
IT202000026521A1 (en) 2022-05-06
WO2022097028A1 (en) 2022-05-12

Similar Documents

Publication Publication Date Title
US9864992B1 (en) System and method for enrolling in a biometric system
US8275995B2 (en) Identity authentication and secured access systems, components, and methods
US9530137B2 (en) Method and apparatus for secure access payment and identification
CN1623167B (en) Security clearance card, system and method of reading a security clearance card
CN100587728C (en) Method and system for realizing access to object or service
US20030086594A1 (en) Providing identity and security information
JP6897953B2 (en) Admission terminal, admission method, admission program, and admission system
US20060000901A1 (en) Apparatus for reading standardized personal identification credentials for integration with automated access control systems
CN112005231A (en) Biometric authentication method, system and computer program
JP4776170B2 (en) Location certification system
US20070067330A1 (en) Security method for verifying and tracking service personnel
EP4241478A1 (en) Device and method for registering a user
AU2014100797A4 (en) Driver licence and other identification card and identity verification system
CN108492214B (en) Mobile terminal, server, management system and self-service check-in system
US20060178940A1 (en) Open house information system
WO2012178186A1 (en) Identification and authentication system and method
CN106203166A (en) A kind of auto navigation information data sharing method
JP2013235549A (en) Electronic voting system
CN115664689A (en) Internet identity verification service system
WO2007146771A2 (en) Universal secure registry
Base IT security success for US-based biometric suppliers
CA2577843A1 (en) Electronic identification system for form location, organization, and endorsment
FR2808146A1 (en) Personal identity checking procedure for Internet use uses random selection from stored questions

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230508

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)