GB2471995A

GB2471995A - Monitoring the presence and identity of users at a location

Info

Publication number: GB2471995A
Application number: GB0912370A
Authority: GB
Inventors: Oliver Mcgovern
Original assignee: INTELLIGENT TOOLS Ltd
Current assignee: INTELLIGENT TOOLS Ltd
Priority date: 2009-07-16
Filing date: 2009-07-16
Publication date: 2011-01-26
Also published as: GB0912370D0

Abstract

A handheld device 1 to monitor the authorised, or otherwise, presence and identity of one or more users at a location, the device 1 comprises a first data input; a biometric data input; a location identifier, and a processor and memory associated with the device. The memory comprises details about the authorisation of users at particular locations. The location identifier, preferably a GPS receiver, is configured to identify the location of the device in use and the device is configured so that when the user inputs a first identifier at the first data input and inputs a biometric identifier at the biometric data input, the processor determines from the biometric data, and preferably the first inputted data, and the location information if the presence of said user is authorised at the determined location of the device. The biometric data input is preferably a fingerprint scanner and the first data input is preferably a signature input screen to capture the signature of a user. The handheld device 1, preferably a PDA or smartphone, may communicate with an external computer. Also disclosed is a protective jacket that incorporates a biometric input device which may be used with the handheld device 1.

Description

MONITORING INDIVIDUALS

This disclosure relates to systems for monitoring and identifying individuals at a geographically identifiable site.

Such monitoring may be required for many purposes, including, but not limited to, security, compliance with Health & Safety provisions, or simply for time-keeping purposes. A particular problem arises in the construction industry where, in the course of a major development, no-one may know at any one time exactly who is on site, on what basis they are there, and whether all necessary Health & Safety requirements have been satisfied. Procedures for clocking-on and clocking-off are notoriously unreliable and prone to abuse with a large and diffuse workforce operating on an extended site.

The present disclosure seeks to address these shortcomings.

PDAs (Personal Digital Assistants) which combine data input with mobile telephony have been commercially available for a number of years. For specific uses in adverse environmental conditions these have been provided with ruggedized cases (hereafter termed: "jackets"), enabling the PDA to be used for data input at locations remote from conventional computing facilities.

A number of forms of apparatus for biometric data capture have also been proposed. These have included signature verification devices, fingerprint capture devices, and face, iris, retina or voice recognition systems.

There have even been proposals for combining biometric data capture devices with PDAs for identity authentification. See, for example, GB 2437761 Hussain, US 6040783 Houvener et at, US 7284266 Morris et at, US 2006/00 13446 Stephens and US 2007/0206838 Fouquet. However, none of these prior proposals satisfy the requirements for monitoring individuals at a geographically identifiable site such as a construction project.

In accordance with a first aspect of the present disclosure, there is provided a system for monitoring the presence of individuals at a geographically identifiable site, the system comprising: a base station; at least one personal digital assistant (PDA) adapted for GPS reception and for connection via a network to the base station, the network preferably being selected from a telephone network, an intranet, and an extranet such as the Internet; and a rugged jacket within which the PDA is mounted, the jacket including at least one biometric data capture device coupled to the PDA; the PDA preferably including at least one data entry functionality selected from touch screen and keyboard, the data entry functionality being accessible to a user through the jacket; the PDA being adapted upon a biometric data capture to provide a packet of personal data via said network to said base station, said personal data including at least biometric data derived from said biometric data capture device, the time of capture, an identifier for the particular PDA, and the GPS location of the PDA; and the base station comprising: a server linked to a database including first memory storing a list of individuals permitted at said site and biometric data relating to such individuals, the server including a first discrimination engine adapted upon receipt of a said packet of personal data to check whether the biometric data therein corresponds to biometric data stored in said first memory and associated with a permitted individual, and if so preferably to record in memory associated with said individual said time, said PDA identifier and said GPS location from said personal data, and the server including a second discrimination engine adapted upon receipt of a said packet of personal data to check whether said GPS location is located at said site.

According to a second aspect of the invention there is provided a portable device to monitor the authorised, or otherwise, presence of one or more users at a location, the device comprising: a first data input; a second biometric data input; a location identifying means; a memory associated with the device, said memory comprising details about the authorisation of users at particular locations; and processing means associated with the device; preferably wherein in use the location identifying means identifies the location of the device; the user inputs a first identifier at the first data input and inputs a biometric identifier at the second biometric data input; and the processing means determines from the first and second inputted data and the location information if the presence of said user is authorised at the determined location of the device.

Preferably, wherein the device comprises a protective rugged outer layer.

Preferably, wherein the first data input is a signature capture device.

Preferably wherein the device further comprises a connection to an external network, such as the Internet, preferably wherein the memory and processing means are stored on an external computer in communication with the portable device through the connection, more preferably wherein the first and second inputted data are transferred to the external computer and the determination if the presence of the user is authorised is performed on the external computer.

Preferably wherein the memory and processing means are located within the portable device, preferably wherein determination if the presence of the user is authorised occurs on the portable device.

Preferably wherein the device is a handheld computer such as PDA or smartphone, and/or wherein the location identifying means is a Global Navigation Satellite Systems such as GPS and/or a radio such as GPRS using cell tower triangulation, and/or wherein the biometric input is one of: face recognition, iris recognition, thumb or fingerprint recognition, palm print recognition, voice recognition.

Preferably wherein upon the determination of the presence of an authorised person, the user is presented with questions relating to their location, and preferably wherein the answers to the questions are recorded on the memory associated with the device, and/or wherein the questions are related to any health and safety requirements of the location of the device, and/or wherein the failure to answer a question prevents the user from being authorised at the device location.

Preferably, wherein a third party, such as a site manager or representative, is notified when an authorised or unauthorised person is in a location of interest, more preferably wherein the notification occurs via the sending of a message, such as SMS, or voice message.

Preferably wherein the time and location of users is stored in a memory associated with the device, preferably wherein the memory is a database comprising information regarding the presence and position of users, preferably wherein the database is a time recording database to record the time that a user is present a given location and more preferably the database in accessible via the internet and the device has an IP rating of 1P65.

Preferably wherein the protective outer layer is a ruggerdised jacket and preferably wherein the ruggerdised jacket comprises a biometric input.

According to yet another aspect of the invention there is provided a jacket suitable for placing around a portable device the jacket comprising: a rugged outer layer; a biometric data input device embedded into the jacket, said biometric input device adapted to communicate with a PDA placed inside the jacket.

The first discrimination engine may be linked to a permission approval generator triggered by a determination that the biometric data does not correspond to biometric data of a permitted individual stored in said first memory, the permission approval generator being adapted to display Questions relating to compliance with Health & Safety provisions and to the category of the individual (such as an Employee, Outside Contractor or Visitor) on a screen associated with said PDA, the permission approval generator being adapted upon detection of satisfactory Answers to said Questions entered to said PDA by a user employing said at least one data entry functionality to add said individual user and biometric data associated therewith to data stored in said first memory as a permitted individual of the particular said category.

There may be actual transmission of data, Questions and/or Answers via said network, for example as e-mails or SMS (short messaging service) messages, or the system may be web based so that the data, Questions and Answers may be recorded at said server and displayed on screen at said PDA via an intranet/extranet connection such as the Internet. The geographically identifiable site may be restricted to one or more entry/exit points, and the system may be set up so that individuals are required to use a said PDA for biometric data capture in order to be allowed entry or egress at said entry/exit point(s). Alternatively, each employee and each contractor or visitor may be issued with a PDA, either the PDA being internally configured to trigger periodic alarms requiring a biometric data capture within a set interval from said alarm, or the base station being configured to transmit a voice or SMS message to said PDA at set intervals requiring a biometric data capture within a set time therefrom.

The system may be linked to accounting/human resources systems associated with the base station to record the time employees spend on site as a replacement for conventional clocking-on and clocking-off The GPS functionality may be used to determine at any time whether and which employees are working on site, are resting at approved locations (restroom or cafeteria), have left the site for the day or are resting at unapproved or disapproved locations. The system may be used to ensure that all Outside Contractors and Visitors to the site have been adequately inducted through applicable Health & Safety provisions by including Questions pertaining thereto in the said Questions associated with the permission approval generator, and may be used to track such individuals within the site and record their arrival and departure.

Practical embodiments of systems for monitoring the presence of individuals at a geographically identifiable site are described below by way of example only with reference to the accompanying drawings in which: -Fig. 1 shows a schematic diagram illustrating an embodiment of system for monitoring the presence of individuals at a geographically identifiable site; Fig. 2 shows a schematic diagram illustrating the links between a PDA, an associated jacket and a network; Fig. 3 is an image of a ruggerdised PDA according to an embodiment of the invention; Fig. 4 is a schematic circuit diagram for the ruggerdised jacket according to an aspect of the invention; Fig. 5 is a logic flow diagram illustrating operation of an embodiment of jacket; Fig. 6 is a logic flow diagram for one practical embodiment of the system for monitoringi'controlling presence of individuals at a construction site that is integrated into the Health and Safety system for that site; Fig. 7 is a logic flow diagram for a sign-out routine in one practical embodiment of the system; Fig. 8 is a flow diagram of a user signing into a site according to another embodiment of the invention; and Fig. 9 is a flow diagram of a user signing out of a site according to another embodiment of the invention.

The term PDA is used throughout the specification to describe a handheld computer such as palmtop computer or smartphone. A PDA often has a telephonic capabilities that allow a user to connect to a telephone network as well as means to connect to other communication networks such as the Internet, intranets, wireless networks etc. In the various embodiments of the invention the PDA used is one which has access to one or more communication networks such a mobile telephone network, data networks such as 3G, GPRS etc. In further embodiments the PDA does not have access to telecommunications networks.

As shown in Fig. 1, a plurality of portable units 1 are coupled to a network 2 linked to a base station 3. Network 2 may be a telephone network, an intranet or an extranet such as the Internet. Each portable unit 1 comprises a PDA 4 mounted within a rugged jacket 5. We envisage that portable units 1 will be employed on a construction site. The jacket 5 must accordingly protect the PDA from the typical mud, dust and wet conditions likely to be encountered on a construction site, typically to an 1P54 rating. The jacket should also be sufficiently rugged to protect the PDA against a fall from at least one metre on to a hard surface such as concrete. A typical portable unit is illustrated in Fig. 3. However, it will readily be appreciated that there may be wide differences in the form and construction of the jacket depending, in particular on the particular model of PDA that has to fit within it. We have found that a suitable PDA is the TyTn JM manufactured by HTC Corporation, Taiwan and available in the United Kingdom from Vodafone Ltd as Vodafone vi 615TM and from T-Mobile Ltd as MDA Vario JJJTM for operation on their respective mobile telephone networks.

The jacket 5 serves as more than mere protection for its PDA. It may derive power from the PDA, for example via a USB connection, and is coupled via a USB connection or by employing BluetoothTM connectivity for data transfer to the PDA.

Jacket 5 mounts at least one biometric data capture device. In the illustrated embodiment, the biometric data capture device is a fingerprint reader 6, but other commercially available biometric data capture devices, including facial, iris, retina or voice recognition systems are also contemplated. Preferably, provision is made for at least a second data capture device, which preferably comprises a signature verification device or another biometric data capture device. People are familiar with signing their name as a way of confirming who they are and their agreement to something.

Inclusion of a signature pad in the system thus provides something with which users will be familiar. The preferred PDA identified above has a touch-screen 7 which, with suitable software loaded to the PDA will enable biometric data to be captured from the signature as written through transparent window 8 ofjacket 5 on to touch-screen 7.

In another embodiment the jacket 5 is integrated with the casing of the PDA, to form a ruggerdised PDA. The jacket in this embodiment is not removable as it forms part of the casing. The fascias that define the casing of the PDA are preferably made from a rubberized material designed to withstand the same environmental conditions as described above. The ruggerdised fascia plates preferably have the same functionality of the jacket 5 in terms of having additional mounted biometric data capture devices, such a fingerprint scanner, face recognition, iris recognition etc. In further embodiments, the PDA is not contained in the rugged jacket and is a "stand-alone" PDA. The PDA has included the software which supports the functionality of being able to record entry to a site as described in further detail with reference to Figures 6 to 9. The PDA also comprises a plurality of data input means, preferably a signature and some form biometric input as well as a known alphanumeric keypad or touchscreen.

In the preferred embodiment the ruggerdised jacket or casing has an IP rating (International Protection Rating) of 1P65, in order to withstand the conditions typically associated with building site environments. In further embodiments other IP ratings may be used.

We have found that suitable fingerprint capture devices have a minimum resolution of 125 dpi, a maximum resolution of 1000 dpi, and typically 500 dpi, with an image size of between 50-by-SO pixels and 500-by-500 pixels. The preferred fingerprint recognition software is Fingerprint SDKITM available from Griaule Biometrics of San Jose, California. This software supports 26 different fingerprint readers, allowing a wide range of different such readers to be incorporated in the jacket 5.

Signature verification may be static or dynamic. A static signature verifier compares two graphical image handwritten signatures to determine whether they are consistent. A dynamic signature verifier records the movement of a pen or stylus and collects time and position data as determined by a digitizer tablet during the signing process. The touch-screen 7 of the preferred PDA identified above incorporates a suitable digitizer. However, such digitizer tablets are readily commercially available so that in alternative arrangements incorporating a PDA that does not have this facility, such a digitizer tablet may be mounted on the jacket 5, and be coupled to the PDA by a USB connection or via Bluetooth connectivity. We prefer to combine both static and dynamic signature verification, which are available in software form from Florentis Ltd of Frome, Somerset, combined with the iSignTM suite of tools available from Communication Intelligence Corporation of Redwood Shores, California, which includes a verification engine, which is associated with server 9 of base station 3 (Fig. 1), and means for display of the signature in electronic ink form on a screen associated with server 9 and/or on touch-screen 7.

The server has a first discrimination engine 10 associated therewith, here including the iSignTM verification engine, to check whether the biometric data (here the captured fingerprint data and the captured signature data) corresponds to biometric data previously stored in first memory 11 associated with server 9 and associated with individuals 12 previously granted permission to be at the geographically identifiable site.

We prefer to employ verification of individuals by using two different biometric data capture devices, here fingerprint recognition and signature verification, because the already low error rate of commercially available fingerprint recognition systems of around 2% is thereby reduced to an over all error rate of almost zero.

Figure 3 shows an image of a ruggerdised PDA according to an aspect of the invention. There is shown the PDA with a keypad for a mobile telephone, a touchscreen and stylus for inputting a signature and a fingerprint scanner at the top of the PDA. The PDA is covered in ruggerdised material which has an IP rating of 1P65.

Turning now to Fig. 4, there is shown a simplified block diagram for the electrical system of the jacket 5. The jacket has a microcontroller 13 which controls its several functions, and which is powered from a battery 14 mounted in the jacket via a power management circuit 15 which is coupled electrically to the power circuits of the PDA 4, for example via a USB connection, to maintain battery charge. The microcontroller 13 is coupled to fingerprint reader 6 to control its operation, and links via a data interface 16 to PDA 4. The microcontroller 13 may also link via interface 17 to peripherals 18 such as other biometric data capture devices, for example a face, iris or voice recognition data capture device, or to a printer.

Fig. 5 shows a simplified operational flow diagram for jacket 5. When the portable unit 1 is operational, jacket 5 is placed on stand-by at 19 waiting for communication from the PDA. It may check periodically at 20 whether a command has been received, and if not return to stand-by. Commands may be of two kinds. It may receive a status request command 21, which causes it to check battery voltage level at 22, check Bluetooth signal at 23 and send system status back to the PDA at 24. When a scan request command 25 is received, the microcontroller 13 first turns on and initializes fingerprint reader 6 at step 26. It will then initiate and store scan data from a finger placed on the fingerprint reader at step 27. When the scan is complete (step 28), microprocessor 13 calculates the image size at 29 to check that it falls within permitted parameters. If so, the microprocessor sends the status and fingerprint data via interface 16 to PDA 4 in step 30.

The scan request may be initiated at (that is: by human intervention) or by the PDA or from server 9, as explained with reference to Fig. 2. Thus, the geographically identifiable site may be restricted to a number of specific entry/exit points, and gatekeepers may be equipped with portable units 1 at each such entry/exit point, requiring biometric data capture for each individual seeking entry or egress.

Alternatively, each employee and each contractor or visitor tom the site may be issued with a portable unit, the PDA of which is configured to trigger periodic alarms requiring a biometric data capture within a set interval from said alarm, or the server 9 may be configured to transmit a voice or SMS message to PDA 4 at set intervals requiring a biometric data capture within a set time therefrom.

In any of the above circumstances, the PDA 4 will send a scan request 31 to jacket 5, which is acknowledged by a signal 32 back to the PDA. The jacket then seeks to perform a scan (Fig. 5), and transmits its response 33 to the PDA. This response will consist of a valid scan signal together with the scan data or an invalid scan signal. On receipt of such response signal, PDA 4 sends a signal 34 to the jacket which will be an acknowledgement or a rescan request. When scan data has been received at the PDA, it is fransmitted over the network 2 to server 9 in step 35.

At the same time as it transmits scan data, the PDA will also transmit data such as GPS data, to enable the identifying of the location of the PDA and the time.

Presently commercially available GPS receivers, such as the GPS receiver of the preferred TyTn JJTM PDA are capable of pinpointing the location of the receiver to within 20 metres. This is sufficiently accurate to establish whether an individual with the PDA is at a geographically identifiable site such as a construction site or a defence installation. The server may have a reverse geocoding engine 36 associated therewith and arranged to provide an estimated street address from the GPS location transmitted.

A suitable such engine is the Geobase EngineTM available from Telogis Inc of Irvine, California, which engine is capable not only of providing an estimated street address, but also of mapping that address on a screen displayed map and of testing the GPS position against geofences, namely allowed boundaries, which may be an area within a predetermined radius of a fixed point or, as is particularly useful for present purposes against a map drawn boundary. Thus, with a geographically identifiable site, which establishes a geofence, this preferred reverse geocoding engine will act as a second discrimination engine for an embodiment of system according to the teachings of this disclosure to check whether the transmitted GPS location is located at the construction site, defence installation or other geographically identifiable site concerned.

The functions of personal identification and monitoring of individuals at a geographically identifiable site described above can be combined with Health & Safety Provisions applicable to that site, as explained in more detail below with reference to Fig. 6 of the accompanying drawings, which is a logic flow diagram for one complete practical embodiment of system embodying the present teachings.

A User 37 touches the PDA touch-screen through transparent window 8 of the jacket 5 in step 38 to initiate a session. The system first checks for network connectivity in step 39, and if connectivity is confirmed the steps below follow. The User is requested to scan their finger, which is performed in step 40, using the routines explained above with reference to Figs. 2 and 5. A validation check is then made employing the first discrimination engine to see whether the fingerprint biometric data corresponds to biometric data stored in memory at the base station in step 41. The system may be set up so that an SMS message or an e-mail is generated during step 41 and sent to the Site Manager or company representative. This SMS or e-mail may be generated regardless of the result of the verification check, or alternatively if the check shows that the individual concerned is a person previously permitted on the site, or again if the check shows that the individual has not previously been permitted entry to the site.

If the validation check 41 is not successful, the individual is asked in step 42 whether this is their first time on site, this Question being displayed on the screen 7.

If the Answer to this Question is "No", the individual is requested to rescan their finger and the system returns to step 40. A positive Answer invites the individual to enter their first name (step 43) and then their last name (step 44). The first-time-entry individual is then requested in step 45 to identify themselves as a Sub-Contractor, Employee, Visitor or someone involved in Collections and Deliveries, and different provisions apply depending upon the Answer. Thus, a Sub-Contractor is requested to select or to enter the Supplier's name in step 46. Where a particular Supplier is identified, a validation check is performed in step 47 to check that the Supplier concerned is listed in a Table of bona fide Sub-Contractors 48 maintained in memory associated with the server 9. Assuming all is well, the individual is requested in step 49 to indicate the purpose of their current visit. Where the Individual identifies themselves as a labour-only Sub-Contractor in step 46, they pass directly to step 49.

An Employee identified in step 45 also passes directly to step 49. A Visitor, however, is first asked in step 50 to identify on behalf of whom they are visiting before passing to step 49. It will be understood that for a different type of geographically identifiable site (for example a defence installation, a sports ground, etc) there may be different or additional categories. In this embodiment, in step 49, a first-time-entry Sub-Contractor, Employee or Visitor is asked whether the purpose of their current visit is for work, for inspection or for a meeting on site. For a different type of site there may be different apt purposes.

The first-time-entry individual is then asked in step 51 whether they are wearing PPE (Personal Protective Equipment), and they may be presented with a checklist which will depend upon the nature of the site, the category of the individual (such as Sub-Contractor, Employee or Visitor) and the purpose of the current visit (such as work, inspection, meeting). If they answer "No", they are told in step 52 that they are not permitted entry and requested to contact the Site Manager (who may, of course, issue them with appropriate PPE before returning the individual to the Question of step 51). If there is no return to the Question of step 51, the routine is terminated. Having confirmed in step 52 that they are wearing PPE, they are asked in step 53 expressly to confirm that all the safety equipment besides PPE required to carry out the purpose for which they are entering the site is present. If they answer "No", they are told in step 54 that they are not permitted entry and requested to contact the Site Manager (who may, of course, organize any required safety equipment before returning the individual to step 53). Again, if there is no return to the Question of step 53, the routine is temiinated. The system may provide at step 55 for a message, suitably in SMS or e-mail format, to be sent to the Manager or a company representative to record the confirmation and/or lack thereof furnished in Question 53 so that there is a permanent record of this.

Having confirmed in step 53 that all required safety equipment is present, the individual is asked in step 56 whether they have been inducted by the Site Manager.

If they answer "No", they are told in step 57 that they are not permitted entry and requested to contact the Site Manager (who may, of course, then induct them before returning the individual to the Question of step 56). Those who answer "Yes" to the Question of step 56 pass to the signature verification step 58.

However, those individuals who were identified as bona fide Sub-Contractors in validation check step 47 are subject to an additional subroutine in which they are first asked in step 59 to provide a Risk Assessment which is communicated to the Manager, suitably by means of SMS or e-mail, in step 60. Those without a Risk Assessment are told in step 61 that they are not permitted entry and requested to contact the Site Manager (who may, of course, organize a Risk Assessment before returning the individual to step 59). Those with a Risk Assessment are asked in step 62 to provide a Method Statement in relation to their sub-contract task which Method Statement is communicated to the Manager, suitably by means of SMS or e-mail, in step 63. Those without a Method Statement are told in step 64 that they are not permitted entry and requested to contact the Site Manager (who may, of course, organize a Method Statement before returning the individual to step 62). Those bona fide Sub-Contractors who have confirmed that do have both Risk Assessment and Method Statement are asked to confirm in step 65 that they have both been reviewed by the Site Manager. If they answer "Yes", they pass to the signature verification step 58. Those who answer "No" are told in step 66 that they are not permitted entry and requested to contact the Site Manager (who may, of course, then review the Risk Assessment and Method Statement before returning the individual to step 65). The system may provide at step 67 for a message, suitably in SMS or e-mail format, to be sent to the Manager to record the confirmation and/or lack thereof furnished in step 65 so that there is a permanent record of this.

Having completed this sub-routine specifically for identified bona fide Sub-Contractors, the Sub-Contractor passes to the signature verification step 58.

Returning to validation check step 41, if this is successful, the biometric data for the individual concerned corresponding to biometric data stored in memory at the base station, the individual being identified in step 68 as an existing user at the geographically identifiable site concerned, a welcome message is displayed on the PDA in step 69 referring both to the individual by name and to their purpose for previously visiting the site. If they are identified as someone involved in Collections and Deliveries, they pass to a sub-routine to which first-time-entry individuals identified in step 45 as someone involved in Collections and Deliveries are also subject. In this sub-routine, they are first requested in step 70 to enter or select the name of the Supplier for whom they work. This could be by means of a drop-down menu of approved such Suppliers or, in the case of existing users, could be by asking the individual to confirm the name of the Supplier with whom they are identified in memory from their previous visit. They are then asked to specify whether they are visiting for collection or for delivery in step 71 and, in step 72, to enter their on-hire number or other identifier for the job in hand. A message, suitably in SMS or e-mail format, is suitably sent to the Manager to record this data in step 73 so that there is a permanent record of this.

They are then taken to an editable confirmation screen 74, where they are asked in step 75 to confirm that they automatically agree to the site Rules, and this is then confinTned by their signature in signature verification step 58 to which they then pass.

Those identified existing users who were not identified as someone involved in Collections and Deliveries pass from the welcome message step 69 to the editable confirmation screen 74, where they may be identified, in this example of the system, as Sub-Contractor, Employee or Visitor, and are requested at step 76 to state the purpose of their visit (such as work, inspection, meeting/pricing) before passing to step 75 (above), and thereafter to confirmation by signature in signature verification step 58 to which they then pass.

However the individual arrives at signature verification step 58, they write their signature and a validation check is made in step 77, as described above. A message, suitably in SMS or e-mail format, is suitably sent to the Manager to record the result of this check in step 78 so that there is a permanent record of this. If the validation check fails, they are asked to sign again and returned to step 58. If the validation check succeeds, the routine is complete (step 79), the individual is allowed on to the site, and the system returns to the network connectivity check step 39 to await another user.

In further embodiments, after the successful registration of a user at step 77 the user may be presented with site specific information. For example, if a first-aider is not identified as being present on the site, a message is presented to the user informing them of this. Preferably, a message is also sent to the Manager or company representative to inform them that personnel are present on a site when a first-aider is not present. Other bespoke site information may also be presented at this stage.

Portable units 1 incorporating a PDA and jacket may be located at each point of entrance and exit to the site, in which case individuals may only need to use the unit on entry and upon exit (see description of an exemplary sign-off procedure below).

Alternatively, each employee or each individual allowed entry may have a personal portable unit, which (especially if not an employee) they may be required to give up on signing-out. In circumstances where people on site will have portable units 1, they may be prompted from time to time for a further round of biometric data capture, which, it will be appreciated, will prevent portable units being exchanged, or one employee covering for another. Alternatively, the PDA may be periodically prompted to communicate its GPS location over the network to the base station, which, on a large site, enables the location of the individual concerned to be tracked around the site.

Turning now to Fig. 7, a simplified routine for signing-out is illustrated schematically. The individual touches the touch screen (step 80) which prompts a fingerprint scan, performed as described above, in step 81. A successful scan, as a result of which biometric data from the scan is found to correspond to that of an individual's biometric data stored in memory at the base station, that individual also being identified as a person present at the geographically identifiable site, prompts a message at step 82 to sign-out. The individual writes their signature as requested in step 83. This is subject to a verification check in step 84. If this check does not confirm the individual as the same person as identified by the fingerprint scan, the individual goes back to step 82 and is asked to sign-out. When the step 84 does confirm that the signature corresponds with the individual identified by the fingerprint scan, the individual may be prompted at 85 to answer one or more Health & Safety or security related questions depending firstly on the identification of the individual concerned and upon which other individuals are identified by the system as on-site.

For example in scenario 86, the Manager may need to be urgently alerted, suitably by an E-mail or SMS message automatically prompted by the system, in step 87, if the result of this particular individual leaving the site will mean that no person is present on site with first-aid qualifications. In scenario 87, if the individual is identified as the last person to leave the site, they are prompted in step 88 to confirm that the site and any equipment and materials therein are secure/locked. A negative response may prompt a message at 89 to carry out these steps and return the individual to the sign-out prompt of step 82. A positive response, may call upon the individual to confirm this by a further signature, in step 90, the signature being subject to a validation check, as described above, before logging-off in step 91.

Figure 8 shows a further embodiment of a user signing into a site using the device. In this embodiment instead of using a signature and a biometric identifier the user enters a text/ alphanumeric input e.g. PIN code or surname and a second input such as a signature or fingerprint. Due to legal requirements, the signature is the preferred identifier, however in other embodiments a further biometric identifier may be used.

As described with reference to Figure 6 the user approaches the device and signs in at step 100. The user enters a first identifier such as a fingerprint, surname or PiN number into the device. Preferably a timestamp is also associated with the entry.

At step 102 it is determined if the user, as identified from the first identifier, has visited the site previously. This is to ensure that the relevant site specific health and safety requirements are meet. In the preferred embodiment the site location is determined by use of GPS position determination as described in detail with reference to Figure 6. The determination of if a user has visited the site previously may occur by the querying of a site specific database (not shown) which contains details of the previous visitors, or a message may be displayed on the screen 4 of the PDA asking the user to indicate via a device input e.g. touchscreen or keypad, if they have visited the site previously. If the user answers no, or it has been determined that there is no previous record of the user having visited that site, the process goes to step 104.

At step 104 the user undergoes the site check as described with reference to Figure 6 steps 42 to 53. In particular the work identity of the user is determined (contractor/visitor), and the user is queried as to whether they are wearing the relevant safety equipment such as PPE (in further embodiments the PPE requirement may be changed according to the needs of the site) and if they have read the relevant safety instructions. Once the user has satisfied the relevant safety requirements, the purpose of their visit is determined and optionally the site manager informed of their presence (not shown).

At step 106 the user has either visited the site previously, or they have successfully completed the requirements at step 104. The user signs in using their second identifier at step 106 such as signature, or a biometric identifier such as a fingerprint, iris, etc. In the Figure the second identifier is a signature, though any suitable biometric data input may also be used. Again, a timestamp is also preferably associated with the data entry.

At step 108 the second biometric identifier is verified, preferably within 2 seconds of the data having been inputted. Verification occurs using the known techniques and software as discussed with reference to Figure 1.

If the user is successfully identified at step 108 the user is successfhlly signed in at step 110 and is preferably reminded to sign out, by way of a message on the screen, when they leave the site as well as any safety messages.

If the user has not been verified after 2 seconds at step 108 they can re-input their second identifier at step 112. If after a number of times, preferably three, the user has been unable to successfhlly enter their second identifier they are present with a message on their screen at step 114 informing them that they are not allowed on the site and that they should contact the site manager. Preferably, the site manager is also alerted by means of SMS or any other suitable messaging means, that the user is not authorised.

In a preferred embodiment, the user's first identifier is the fingerprint scan, which provides a high level of certainty of the identity of the user. Once the fingerprint has been recognised and associated with the user, using known fingerprint recognition software, the user is asked to input their second identifier. This second identifier is preferably a signature. In a preferred embodiment, the image of the signature is also transmitted along with a timestamp, indicating the time at which the data was inputted, to the external computer and stored thereon. Therefore, the apparatus identifies a user via their biometric input e.g. fingerprint and records their signature as further documentary evidence of the login. As stated previously for legal requirements, the capture of the signature is the preferred embodiment though in further embodiments other identifiers e.g. PIN number may be sent and stored on the external computer.

Figure 9 shows a further embodiment of the user logging off the system, when using the textual input as the first identifier as described above with reference to Figure 8. The user approaches the system and initiates the signing off procedure at step 120. This is as described in detail with reference to Figure 7.

At step 122 the user inputs their second identifier (in the flow chart a signature). The signature is captured and identified preferably using the software and hardware as described with reference to Figure 1. In the example shown in Figure 9 the second identifier is a signature recognition and the user is presented with an input screen and a prompt to sign their name at step 122. The signature is identified at step 124 using known signature recognition software. If the signature is not identified, or a match has not been found within a predetermined time limit, preferably 2 seconds, the user has to re-input their signature at step 126.

Once the signature or other biometric data has been verified at step 124, a check is made to see if the user is the last person left on site. This check may be in the form of a visual prompt on the PDA, or if the verification is performed online by querying the external computer to verify if any other users are onsite. In a further embodiment, the PDA queries to see if other PDAs are present via known messaging standards, such as BluetoothTM. If other PDAs are present and a user is signed in on the PDA it is taken as an indication that other persons are present on the site and the process moves to step 184 and signs the user off. In an embodiment, if a user leaves the site the site manager is informed by way of a message such as an SMS message.

If it is determined at step 128 that the user is the last user on site, the user is presented with a series of security questions to answer before the signing out is completed. These questions may be tailored according to the site environment and act as further level of security for the site.

Whilst the embodiments shown in Figures 8 and 9 are shown with a alphanumeric input as the first identifier and a signature as the second identifier it will clear to the skilled man that further embodiments may utilise an combination of two different identifiers such as name, PiN, fingerprint, iris, voice etc, to identify and authenticate the user.

The verification at steps e.g. 106 and 124 are preferably performed online, in that the data inputted into the device is transferred to an external computer (not shown) by a wired or wireless communication means, so that the comparison of the data to a database which holds previously recorded information, such as name, PiN, surname, sample signature or biometric information, may occur on the external computer. Such a system is also known as an online system. In further embodiments, the external computer is a network of computers and databases. Optionally, such information is encrypted with a public key encryption in order to protect the potentially sensitive data that is transferred to the external computer. The advantage of transferring the verification steps 106 and 124 to an external machine is that it reduces the computational requirement of the handheld device as it would no be required to perform potentially computationally expensive verification algorithms. Additionally, by performing the comparison online it allows for the data to be stored away from the portable device e.g. on the internal memory of the external computer or a server associated with the external computer. This in turn reduces the memory requirements for the portable device.

However, in some situations it is not desirable to transmit data to an external computer. For example, some security installations will not permit the transfer of data, or use of a wireless connection. Additionally, in some sites e.g. an underground site, it may not be possible to connect to the external computer (which may be held at a distance from the site) because of the environmental factors associated with the site.

Therefore there is, in a preferred embodiment, an option to perform offline verification including biometric verification. In offline verification the verification is performed at the portable unit. When the verification of the data is performed offline, the internal memory store of the PDA contains previously recorded information, including biometric information and the timestamp of when the information was captured by the device, about users. The information inputted at for example, steps 100, 106 or 122, is then compared to the information stored in the local memory store and verified using known comparison software stored locally on the PDA. Preferably periodically the PDA is connected to an external computer and data is uploaded from the memory store of the PDA to the memory store of the external computer and vice versa, thereby ensuring the information stored in both the PDA and external computer are up-to-date. As the data is preferably captured with a timestamp that details when the data was inputted, it is possible to ascertain from the central computer when a person was on site despite not being in contact with the device.

The transfer of data to and from the PDA to any external computer, memory or database is preferably performed over a secure website or via known data encryption layers such as SSL, TLS etc. In the preferred embodiment, the data that is held on the PDAs and any external data is periodically backed up onto an external server.

Whilst the PDA described in the above embodiments is one that is capable to connect to further networks e.g. telephony network and data networks, in a further embodiment, the PDA is an offline device, that has no connections to telephony networks. In this embodiment, the PDA has a external wired connection such as a USB or Firewire connector (or any other suitable connection) to communicate with an external computer to upload and download data.

In yet another embodiment, in order to save on energy requirements the data may be saved on the local memory store and transmitted to the external computer at various intervals during the day e.g. every hour. The verification of the inputted data is then performed on the external computer and information regarding the successful, or otherwise, identification of the user is transmitted back to the PDA.

It will be apparent from the above description of particular examples that the combination of one or more PDAs with a jacket providing for biometric data capture and the link to a base station with appropriate memory and discrimination engines allows a range of useful functions to be performed for Health and Safety, security and human resources purposes in a semi-automatic fashion not previously believed capable of being accomplished previously. Whereas practical systems in accordance with the teaching herein have been developed primarily for use in monitoring individuals at construction sites, persons of ordinary skills in this field will readily appreciate how such systems may be adapted for the needs of different kinds of geographically identifiable sites, including but not limited to secure establishments such as defence installations, prisons, etc, and to large workplaces such as factory sites, dockyards, airports, educational establishments, even farms and zoological gardens and safari parks. In a zoo or safari park application, the PDA may be arranged automatically to display information about the wildlife to be seen at different parts of the site as identified by the detected GPS location within it.

Claims

Claims 1. A handheld device to monitor the authorised, or otherwise, presence and identity of one or more users at a location, the device comprising: a first data input; a biometric data input; a location identifiying means; a memory associated with the device, said memory comprising details about the authorisation of users at particular locations; and processing means associated with the device; wherein the location identifying means is configured to identifiy the location of the device in use and the device is configured so that when; the user inputs a first identifier at the first data input and inputs a biometric identifier at the biometric data input; and the processing means determines from the biometric, and preferably the first, inputted data and the location information if the presence of said user is authorised at the determined location of the device.
2. A device of claim 1 wherein the device comprises a protective rugged outer layer, preferably with an IP rating of 1P65.
3. A device of any preceding claim wherein the first data input is a signature capture input, comprising a signature input screen and software component.
4. A device of any preceding claim wherein the device further comprises a connection to an external network, such as the Internet.
5. A device of any claim 4 wherein the memory and processing means are (at least partly) stored on an external computer in communication with the portable device through the connection.
6. A device of claim 5 wherein the first and second inputted data are transferred to the external computer and the determination if the presence of the user is authorised is performed on the external computer.
7. A device of claim 1 and/or 5 wherein the memory and processing means are at least partly located within the portable device.
8. A device of any preceding claim the determination if the presence of the user is authorised occurs on the portable device.
9. A device of any preceding claim wherein the device is a handheld computer such as PDA or smartphone.
10. A device of any preceding claim wherein the location identifying means is a Global Navigation Satellite Systems such as GPS, and/or a radio such as GPRS using cell tower triangulation
11. A device of any preceding claim wherein the biometric input is one of: face recognition, iris recognition, thumb or fingerprint recognition, palm print recognition, voice recognition.
12. A device of any preceding claim wherein upon the determination of the presence of an authorised person, the user is presented with questions relating to their location.
13. A device of claim 12 wherein the answers to the questions are recorded on the memory associated with the device
14. A device of any of claims 12 and 13 wherein the questions are related to any health and safety requirements of the location of the device.
15. A device of any of claims 12 to 14 wherein the failure to answer one or more of the questions prevents the user from being authorised at the device location.
16. A device of any preceding claim wherein a third party, such as a site manager or representative, is notified when an authorised or unauthorised person is in a location of interest.
17. A device of claim 16 wherein the notification occurs via the sending of a message, such as SMS, email.
18. A device of any preceding claim wherein the time and location of users is stored in a memory associated with the device.
19. A device of claim 18 wherein the memory is a database comprising information regarding the presence and position of users.
20. A device of claim 19 wherein the database is a time recording database to record the time that a user is identified as being present at a given location.
21. A device of any of claims 2 to 20 when dependent on claim 2 wherein the protective outer layer is a ruggerdised jacket or layer, preferably with an IP rating of 65.
22. A device of claim 21 wherein the ruggerdised jacket or layer comprises a biometric input.
23. A device of any of claims 2 to 20 when dependent on claim 2 wherein the protective outer layer is a ruggerdised fascia plates for the portable device, preferably with an IP rating of 65.
24. A system comprising one or more devices according to any preceding claims in communication with an external computer.
25. The system of claim 24 wherein the external computer stores information regarding the presence of users at one or more locations on a memory.
26. A jacket suitable for placing around a handheld device the jacket comprising: a rugged outer layer; a biometric data input device embedded into the jacket, said biometric input device adapted to communicate with a PDA placed inside the jacket.
27. A jacket of claim 26 suitable for placing around a PDA device.
28. A jacket of claims 26 or 27 wherein the handheld device is the device of any of claims ito 23.
29. A device of any of claims 1 to 23 wherein the data from the first data input or biometric data input is marked with a timestamp.A device of claim 29 wherein in use: the user enters a fingerprint as their biometric identifier; is identified by their biometric identifier by the processor; inputs their signature at the first data input, an image of which is stored with the timestamp in the memory associated with device.31. A device of claims 28 or 29 when dependent on claim 20 where the time recorded in the database is the time recorded on the timestamp.32. A device of any of claims 1 to 23 when dependent on claim 20 where the time recorded in the database is the time that the data is received at the database.