FR2916880A1 - Secured enrolment device i.e. enrolment terminal, for e.g. name, has information acquisition unit constituted by keyboard, sensitive tablet, finger print reader and photographic apparatus, and enrolment unit for combining information - Google Patents

Abstract

The device i.e. terminal (100), has a personal information e.g. biometric information, acquisition unit constituted by a keyboard (120), sensitive tablet (125), finger print reader (130) and digital photographic apparatus (150) and an enrolment unit for combining the personal information. An autonomous foldable system console has an unfolded position for usage and a folded position for transportation and storage. The console includes an upper part (105-1) and lower parts (105-2, 105-3) with equivalent dimensions, where the lower parts form a monopod type foot of the device.

Description

The present invention relates to the acquisition of personal information,

  in particular biometric information, and more particularly a secure transportable terminal for enrollment and personalization. In general, enrollment allows you to collect personal data. These data can be textual data, for example a name, an address, a social security number or a birth date, graphic data, for example a signature, or biometric data, for example a fingerprint. Thus, an enrollment function is intended to acquire identification information. The enrollment makes it possible in particular to collect biometric data on an individual for later identification and / or to create identification documents such as for example a National Identity Card or a Passport. These identification documents may be in the form of a paper document or possibly a plastic document. The identification information may be printed on the document and / or stored in the document if it is provided with an electronic component. Typically, such a document is a smart card, a badge or a paper document comprising a contactless communication chip in the thickness of a sheet. It should be recalled here that biometrics is a global technique aimed at establishing a person's identity by measuring one of their physical characteristics. There may be several types of physical characteristics, some more reliable than others, but all are in principle unfalsifiable and unique to be representative of a single individual. Common identification solutions based on biometric data are fingerprint, iris or retina recognition, or even facial recognition.

  Identification documents may be issued immediately after the enrollment of the holder. Alternatively, these identification documents can be issued later, after a control and validation phase.

  Several types of data acquisition can be made, in particular according to the nature of the identification document, according to the method and means of identification or according to specific needs related to the objective sought by the identification. For example, the acquisition of identification data can be done by photography or by data entry.

  The identifying information may be a portrait, a signature, a fingerprint, retina or iris characteristics or personal information. To secure the authentication, the identification document preferably comprises a secure microcontroller involved in the identification of the carrier. For example, the identification document may be a microcircuit ID card with external contacts flush to the format ID1 (standardized format of smart card) according to ISO 7816 or a passport comprising such a microcontroller equipped with communication means non-contact, typically in accordance with ISO 14443, arranged in the thickness of one of its sheets or cover. The proliferation of badges and access cards, particularly to sensitive sites and industrial sites, increasingly requires the establishment of such enrollment systems. Likewise, it is also necessary, in certain circumstances, to reinforce the security of identity documents and, consequently, to set up such enrollment systems. Although enrollment systems exist, these are not entirely satisfactory. Some more or less autonomous systems include a digital camera associated with a laptop.

  However, such devices are not, or little, secure and do not allow to make personalization, that is to say, to adapt an identification document to the characteristic data of an individual. In addition, these systems require external infrastructure elements such as media on which these systems must be arranged and devices for positioning the user in a predetermined configuration (for example a stool).

  Alternatively, there are fixed enrollment systems, which can be implemented only under specific conditions and in a secure environment, for example in premises adapted to secure access, which entail high installation costs. In particular, there is strong demand in emerging countries for such systems. However, the main difficulty here lies in the remoteness of populations, often nomadic or, on the contrary, difficult to move, official centers. In such cases, the multiplication of fixed installations for new centers is difficult to envisage, especially for financial, security and confidentiality problems.

  It may also be desirable to avoid the need to provide a secure environment, for example to enlist employees in a company, in particular to reduce the costs of implementation. The invention solves at least one of the problems discussed above. In particular, the invention proposes a secure transportable enrollment and personalization terminal. The invention thus relates to a secure enrollment device comprising means for acquiring personal information and enrollment means for combining said personal information, this device being transportable and comprising an autonomous panel. The device according to the invention thus makes it possible to carry out enrollment or personalization operations without resorting to a particular environment and / or to complementary external infrastructure elements. Advantageously said desk is foldable, having an unfolded position of use and a folded position suitable for transport and storage. According to a particular embodiment, said desk comprises at least three parts of substantially equivalent dimensions, said at least three parts being interconnected at one of their ends by a hinge type movable junction, two of said at least three parts being adapted to form the feet of said device. Advantageously, the device further comprises means of protection and transport to facilitate transport and storage. Still advantageously, said desk is at least partially metal to improve the stability and strength of said desk. Advantageously, said desk incorporates a processing unit. The device according to the invention is preferably autonomous.

  According to a particular embodiment, said means for acquiring personal information comprise means for acquiring biometric data. The device according to the invention thus makes it possible to use reliable information that can not or hardly be reproduced. Advantageously, the position of at least one of said biometric data acquisition means is adjustable in height to fit the user without the need to resort to external elements such as a stool. According to a particular embodiment, said biometric data acquisition means comprise a digital image acquisition device, a fingerprint reader and / or a sensitive tablet in order to be able to acquire different types of biometric data as required. The device according to the invention advantageously comprises at least one chip card reader, at least one document reader comprising at least one electronic circuit and / or at least one contactless card reader in order to be able to establish identification documents of different kinds. Still advantageously, said means for acquiring personal information include means for inputting said personal information and / or means for remote access to said personal information. The personal data can thus be entered locally or accessed from a remote server. According to a particular embodiment, said device further comprises identification means for verifying the authenticity of the document and the correspondence of the identification data with the recipient of said document before it is issued. Still according to a particular embodiment, said device further comprises document personalization means comprising at least one electronic chip. This embodiment makes it possible to directly obtain an identification document as a result of this enrollment phase. Other advantages, objects and features of the present invention appear from the following detailed description, given by way of non-limiting example, with reference to the accompanying drawings in which: - Figure 1, including Figures la, 1b, 1c and 1d, schematically illustrates an example of secure transportable terminal according to the invention seen in profile, front and side; FIG. 2 represents a detailed view of the part comprising certain data acquisition devices of the transportable terminal illustrated in FIG. 1; FIG. 3 illustrates an example of the processing device that can be used in the secure transportable terminal of the invention in order to implement identification, enrollment and / or personalization applications; FIG. 4 illustrates the principle of enrollment; FIG. 5 illustrates certain steps implemented by the document management module; and, - Figure 6 shows a transport case adapted to move and store the transportable secure terminal of the invention.

  The enrollment solution according to the present invention makes it possible to dispense with any infrastructure in the sense that it groups together in a mobile, autonomous, secure and transportable terminal all the equipment necessary for the enrollment process as well as for the personalization process. and document control.

  The transportable terminal according to the invention is autonomous in that it frees itself from any support because it comprises a suitable and ergonomic desk, both for data entry and photography, fingerprinting, signature and document verification. According to a preferred embodiment, the transportable terminal operates on battery and does not require any particular electrical installation. The transportable terminal also makes it possible to carry out the necessary checks and controls, in particular to carry out a visual check of the individual or to compare his fingerprints with imprints previously stored before issuing or personalizing a document. During the control phase, the previously acquired data concerning the individual to be recognized, for example a photograph of identity or fingerprints, are possibly displayed and are compared with data from the enrollment, that is to say say data from the individual in person. The recognition process is done in real time. The data used during the control phase can be stored locally in the transportable terminal or can be accessed, for example in a remote database, via secure communication of a wired or wireless network connection. The transportable terminal allows electrical customization of a smart card. An electronic certificate, guaranteeing information recorded on the identification card, is preferably used. The electronic certificate can be obtained locally, through the use of a root card used as a secure key management system (or HSM for hardware security module in English terminology). Alternatively, an electronic certificate can be obtained by means of a network connection to a server allowing secure communication of sensitive data. The electronic certificate is then issued by a remote HSM, for example the server that includes such an HSM. FIG. 1, comprising FIGS. 1a, 1b, 1c and 1d, illustrates an exemplary transportable terminal seen in profile, from the front and from the side. As shown, the transportable enrollment terminal 100 comprises a stand-alone desk 105 on which the acquisition and processing elements are mounted. The stand alone desk 105 is such that it can be used without having recourse to external elements such as supports such as for example a table to put the equipment and a stool to allow the user to be correctly positioned with respect to the transportable terminal. According to the embodiment presented, the stand-alone desk 105 comprises three parts. An upper part 105-1 on which are mounted the acquisition and processing elements and two lower parts 105-2 and 105-3 forming the legs of the desk. These three parts are connected by a hinge type connection, arranged substantially horizontally, to fold the desk when not in use or to be transported. The folded and unfolded positions are preferably locked using a standard lock system. To ensure greater stability of the console, the two parts 105-2 and 105-3 forming the feet are here connected by a bar or a plate 105-4 movably fixed on one of the parts and detachably on the 'other. Alternatively, the bar or the plate 105-4 can be fixed movably on both parts, allowing a translational movement of the bar or the plate 105-4, a notch to maintain it in place in the position desired. The upper part 105-1 of the console comprises an opening behind which is fixed a screen 110, for example a standard screen of TFT (Thin Film Transistor) technology. The height of the desk is such that the screen 110 is approximately located at the eyes of a user standing next to the desk. The upper part 105-1 of the console further comprises a movable part 115, connected to the upper part 105-1 of the console by means of a hinge-type connection arranged substantially horizontally. In a folded position, the movable portion 115 is against the upper part 105-1 of the desk. In a position of use, the mobile part forms an angle of about 120 degrees with the upper part 105-1 of the desk, so that a user standing next to the desk has easy access to an acquisition interface and control located on the upper face of the movable portion 115. The upper face of the movable portion 115 here comprises a keyboard 120, a sensitive tablet 125 can be used with a stylus or a finger of the user, a fingerprint reader 130, a contactless reader 135 and an electronic passport reader 140. As illustrated, the electronic passport reader 140 is here removable (it is for example held in place by clips, the connection electrical connection is established using standard connectors). The sensitive tablet 125 may in particular be used to acquire the signature of an individual and also to control the treatment device, in the same way as the sensitive tablet of a laptop. The processing device, for example PC type (Persona / Computer), is advantageously housed in the upper part 105-1 of the console or in the mobile part 115. According to a particular embodiment, the treatment device is fixed vertically to inside the desk and locked by a lock. The desk consists mainly of five elements 105-1 to 105-4 and 115, for example five metal elements, which can fold to form a parallelepiped of about 0.90x0.45x0.20 m.

  The console 105 further comprises a fixing device 155, for example an open ring, adapted to receive a foot 145 for a digital camera 150. The foot 145 is preferably of the monopod type, adjustable in height. Naturally, the desk 105 may be adapted to receive other acquisition and processing components to meet specific needs. An additional printer (not shown) may be placed on the ground, for example between the two feet. The transportable terminal 100 weighs about 15 to 20 kg. Its size, deployed, is about 1.60 x 0.45 x 0.40 m (height x width x depth). Folded, its size is about 0.90x0.45x0.20 m (height x width x depth). Figure 2 illustrates in more detail the movable portion 115. In this example, the movable portion 115 includes an opening 200 adapted to receive the stylet connected to the sensitive tablet 125 when it is not used.

  The movable portion 115 further comprises an internal cavity that can be used to integrate one or more smart card readers 205, a USB hub 210 (Universal Serial Bus), also called USB Hub in English terminology, and a housing 220 of control or control that can be used in particular to control the reader without contact 135. Advantageously, the movable portion 115 also comprises an opening 215 to facilitate the connection and disconnection of cables, including the concentrator 210. The concentrator allows to connect simply some electronic parts of the system between them and / or with the processing device. The smart card reader (s) 205 are here adapted to receive a terminal access card for an authentication application, a root card for the management of electronic certificates by an authorized person or a card to be personalized. Thus, to collect the identification information, including biometric, the terminal 100 has the following elements, - a digital image acquisition device 150 can be a standard camera or a camcorder as needed, maintained at the height desired by a foot 145 fixed by means of a support provided on the side of the desk 105; - A fingerprint reader 130 used for acquisition, control before issuing an identification document or identification for access to the enrollment station by an authorized person. The fingerprint reader may be, for example, a sensor of the company Id3; and - a sensitive tablet 125 and possibly its stylus to collect the signature to be affixed to the final document or to control that appearing on the document to be delivered.

  It is also possible to add to the terminal 100 other sensors, for example an iris or retina sensor. Such a sensor can in particular be used for acquisition, control before delivery or identification. It can be fixed on the side of the desk 105. To control the identity of an individual, enlist it or to personalize an identification card, the terminal 100 has the following interfaces, an electronic passport reader 140 to control an electronic passport; one or more smart card readers 205 for inserting an access card to the terminal, a root card by an authorized person or the card to be personalized; and a contactless reader 135 for verifying or customizing a document when it includes a contactless communication means or for controlling access to the PC by a contactless card. The transportable terminal is preferably protected by an access control, which can be achieved using the smart card reader, the contactless reader or the fingerprint reader. The information thus collected is compared to data stored in the transportable terminal or to which the transportable terminal is accessed and to which are associated rights of use of the transportable terminal. Figure 3 illustrates an example of the processing device that can be used to implement the identification, enrollment and / or personalization applications. Preferably, the apparatus 300 comprises a communication bus 302 to which are connected a central processing unit 303 such as a microprocessor; A ROM 304 or Read Only Memory (ROM), which may comprise one or more "Prog" programs; A RAM 306 or Random Access Memory (RAM), comprising registers adapted to store variables and parameters created and modified during the execution of the aforementioned programs; A communication interface 308 connected to a distributed communication network, the interface being able to transmit and receive data; An interface 310 to which the screen 110 is connected making it possible to display data and / or to serve as a graphical interface with the user who can interact with the programs used, the keyboard 120 and the tablet 125; A hard disk 312 may include programs and / or data; • an acquisition card 314 connected to the camera 150 and other sensors that can be used for data acquisition, including biometric data; and, an I / O card 316 connected to the smart card readers 205, to the contactless reader 135 and to the electronic passport reader 140. The communication bus 302 allows communication and interoperability between the various elements included. in the device 300 or connected to it. The representation of the bus is not limiting and, in particular, the central unit is able to communicate instructions to any element of the apparatus 300, directly or via another element of the apparatus 300. executable code of the program (s) enabling the apparatus 300 to implement the processes of the identification, enrollment and / or personalization applications, can be stored, for example, in the hard disk 312 or in ROM 304. Alternatively, the executable code of the programs can be received via the communication network, via the interface 308, to be stored identically to that previously described or stored by any other information medium such as, for example, a compact disc (CD-ROM) or a memory card. In general, computer-readable or microprocessor-readable information storage means, whether or not integrated into the device, possibly removable. More generally, the program or programs may be loaded into one of the storage means of the apparatus 300 before being executed. The central processing unit 303 controls the execution of the instructions or portions of software code of the identification, enrollment or personalization program (s), instructions which are stored in the hard disk 312, in the read-only memory 304 or in the other storage elements mentioned above. Upon power-up, the program (s) stored in a non-volatile memory, for example hard disk 312 or ROM 304, are transferred to RAM 306 (RAM), which then contains the executable code of the or program (s), as well as registers to memorize the variables and the parameters necessary for the implementation of these programs. It should be noted that the apparatus comprising the device according to the invention may also be a programmed apparatus. The instructions of the program (s) implementing the invention may, for example, be implemented in a programmable or specific integrated circuit (Application-Specific Integrated Circuit, ASIC). Specific software is used to provide all or some of the different functionalities of the transportable terminal, each of which can be implemented as an independent module. These independent modules are for example the following, - demonstration module; - enrollment module; - document management module (verification, control and delivery); - Electrical personalization module of a smart card (optionally a graphic personalization can be performed using a suitable printer, for example a Datacard SP55 type printer, Datacard is a brand); - module for updating the information present on a smart card; - access authorization management module; and, - printing module of credentials by adding a portable printer. The various operations performed by these modules are executable offline, that is to say locally, or online when a network link is established. They rely on key management services and standard Public Key Infrastructure (PKI) certification interfaces, provided respectively by a root card or a remote HSM. Each of these modules is described in more detail below.

  In the demonstration module, a specific interface makes it possible to present to the operator the different possibilities offered by the secure transportable terminal in terms of biometric acquisitions. This module has no real effect on identification, enrollment or customization.

  In the enrollment module, a specific interface allows the operator to make the necessary settings and acquisitions depending on the type of final support, for example a passport or a smart card. Figure 4 illustrates the principle of enrollment. A step 400 is for acquiring the biometric data of the individual to be enrolled. These data are for example a photograph 405 of the portrait of the individual, his signature 410 and his fingerprints 415. This acquisition phase uses the corresponding devices mentioned above. The application provides an interface to control the acquisition of this data according to the specifications required for the current enrollment. By way of illustration, the acquisition of an identity photograph can be in accordance with ISO / IEC 19794-5. The signature can be entered directly using the tablet 125 or can be imported, especially in the form of an image. Likewise, certain biometric data may be imported in the form of computer files, accessed locally or via a network, or obtained by analyzing documents containing this information, in particular by scanning such documents. A step 420 is to obtain personal information about the individual who enrols. Such information is for example civil status information such as name, first name, date and place of birth and home address. This data can be entered on the transportable terminal, in particular using the keyboard 120 and a form-type interface 425 comprising fields to be entered, these fields being optional or optional. As with the biometric data, this data can also be obtained using computer files 430, accessed locally or via a network, or obtained by the document analysis containing this information, in particular by scanning such documents.

  A step 435 makes it possible to create a file including the data necessary for enrollment. The data are preferably compressed in a step 440 according to a standard compression algorithm and then used to form a file in a step 445. This file is advantageously encrypted in a step 450 before being stored in a database 475, preferably local . According to a particular embodiment, only the biometric data are encrypted, the other data not being encrypted. If necessary, the information obtained on the individual can be printed as a paper form in a step 455 in order to create a documentary evidence, for example an identity document receipt. The encryption function 460 provides all cryptographic services required for enrollment. In particular, this function offers a data encryption method, a method of controlling access to the transportable terminal and a method for checking the validity of an electronic signature stored in an identity document. The document management module includes a specific interface allowing the operator to carry out the necessary checks and controls before issuing final documents such as national identity cards, passports and smart cards.

  For example, it verifies the authenticity of the document and the correspondence of the identification data with that from the recipient of the said document. This check makes it possible, in particular, to verify that the identification documents actually correspond to an individual and / or a pre-existing document, for example an old passport, before handing over these documents. The document management module integrates several functions, among which an electronic signature verification function, a function for reading data stored in a document comprising an electronic circuit and a function for displaying biometric data, in particular for displaying a message. photograph of identity, signature and / or fingerprints and data related to an individual such as civil status information.

  Figure 5 illustrates some steps implemented by the document management module. A function 500 aims to control access to the data stored in a document comprising an electronic circuit. A step 505 makes it possible to initialize the access to the stored data using, for example, a function of the ATS (Answer-to-Select) type in which a first string of characters is transmitted by the document, for example a document according to ISO 14443, at the initialization of the communication with the reading device. A next step 510 allows the reader to test applications present in the document to verify the communication and operation of the circuit present in the document. Finally, a step 515 is intended to unblock the circuit present in the document and to put this circuit in a state of use. The function 520 is based on a standard cryptography algorithm to provide access to the document by means of cryptographic means of the terminal by using, for example, a certificate or cryptographic means of authentication specific to this validation step. A function 525 reads the data stored in the document at step 530 and displays this data at step 535 to analyze this data before delivering the document. In the smart card personalization module, a specific interface allows the operator to make electrical customization of a smart card from a root card or through a remote HSM accessible through a network connection. The customization is done in a standard way using the information entered by the user and / or acquired biometric data. Advantageously, this graphic interface also makes it possible to carry out a graphic personalization of the identification document if a suitable printer is available. The personalization may be subject to an authorization check given by a central database if the mobile station is connected to it via a network.

  In the module for updating the information stored in the identification documents comprising an electronic component such as smart cards, a specific interface allows the operator to modify certain information present on the smart card. These updates concern in particular the information related to the holder of the document, in particular the civil status information. Finally, in the access authorization management module, a specific interface allows the operator to configure the system and in particular the management of access rights.

  A flight case transport case (flight case) can be used to easily transport and store the transportable terminal 100 and its accessories, including the battery or batteries, the digital camera and the cables, as shown in FIG. FIG. 6. To be dragged, the transport case 600 here comprises a handle 605, preferably retractable, and rollers 610. A set of shims 615, here the shims 615-1 and 615-2, make it possible to wedge and protect the transportable terminal, folded, in the box 600. The wedges are advantageously formed in a shock-absorbing material such as a foam, for example expanded polystyrene.

  According to an advantageous embodiment, the shims 615 form a first cavity 620-1 having approximately the size of the folded transportable terminal and at least a second cavity 620-2 adapted to receive the accessories of the transportable terminal, in particular the batteries, the digital camera and cables as indicated previously.

  The secure transportable terminal contained in the wheeled box 600, or alternatively in a soft bag with shoulder strap, is easily transportable by a person. Naturally, to meet specific needs, a person skilled in the field of the invention may apply modifications in the foregoing description.

Claims (19)

  A secure enrollment device (100) comprising personal information acquisition means (120, 125, 130, 150) and enrollment means for combining said personal information, said device being characterized in that is transportable and includes a stand (105) autonomous.   2. Device according to claim 1 characterized in that said desk is foldable, said desk having an unfolded position of use and a folded position adapted to transport and storage.   3. Device according to claim 2 characterized in that said desk comprises at least three parts (105-1, 105-2, 105-3) of substantially equivalent dimensions, said at least three parts being linked together to one of their ends by a hinge type movable junction, two (105-2, 105-3) of said at least three parts being adapted to form the feet of said device.   4. Device according to claim 2 or claim 3 further comprising means (600, 615) for protection and transport.   5. Device according to any one of the preceding claims characterized in that said desk is at least partially metallic.   6. Device according to any one of the preceding claims characterized in that said desk incorporates a processing unit.   7. Device according to any one of the preceding claims characterized in that it is autonomous.   8. Device according to any one of the preceding claims, characterized in that said means for acquiring personal information comprise means for acquiring biometric data (125, 130, 150).   9. Device according to claim 8 characterized in that the position of at least one of said biometric data acquisition means is adjustable in height.   10. Device according to claim 8 or claim 9 characterized in that said biometric data acquisition means comprise a digital image acquisition device (150).   11. Device according to claim 8 or claim 9, characterized in that said means for acquiring biometric data comprise a fingerprint reader (130).   12. Device according to claim 8 or claim 9 characterized in that said biometric data acquisition means comprise a sensitive tablet (125).   13. Device according to any one of the preceding claims characterized in that said device further comprises at least one smart card reader (205).   14. Device according to any one of the preceding claims, characterized in that said device further comprises at least one document reader (135, 140) comprising at least one electronic circuit.   15. Device according to any one of the preceding claims characterized in that said device further comprises at least one contactless card reader (135).   16. Device according to any one of the preceding claims, characterized in that said means for acquiring personal information comprise means for inputting said personal information (120, 125).   17. Device according to any one of the preceding claims characterized in that said means for acquiring personal information further comprise means for remote access to said personal information.   18. Device according to any one of the preceding claims characterized in that said device further comprises identification means.   19. Device according to any one of the preceding claims characterized in that said device further comprises document personalization means comprising at least one electronic chip.