GB2511467A - Access management system and method - Google Patents

Access management system and method Download PDF

Info

Publication number
GB2511467A
GB2511467A GB1412244.4A GB201412244A GB2511467A GB 2511467 A GB2511467 A GB 2511467A GB 201412244 A GB201412244 A GB 201412244A GB 2511467 A GB2511467 A GB 2511467A
Authority
GB
United Kingdom
Prior art keywords
template
captured
stored
biometric
biometric data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1412244.4A
Other versions
GB2511467B (en
GB201412244D0 (en
Inventor
Jonathan Gratton
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NATIONWIDE RETAIL SYSTEMS Ltd
Original Assignee
NATIONWIDE RETAIL SYSTEMS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NATIONWIDE RETAIL SYSTEMS Ltd filed Critical NATIONWIDE RETAIL SYSTEMS Ltd
Priority to GB1412244.4A priority Critical patent/GB2511467B/en
Publication of GB201412244D0 publication Critical patent/GB201412244D0/en
Publication of GB2511467A publication Critical patent/GB2511467A/en
Application granted granted Critical
Publication of GB2511467B publication Critical patent/GB2511467B/en
Priority to PCT/GB2015/051994 priority patent/WO2016005759A1/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/98Detection or correction of errors, e.g. by rescanning the pattern or by human intervention; Evaluation of the quality of the acquired patterns
    • G06V10/993Evaluation of the quality of the acquired pattern
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Abstract

A method for managing access to a network of devices (3, 4, 5) using biometric identification and an associated access management system (1). The system and method manage access by capturing biometric data, e.g. fingerprint, voice, retina or echocardiogram (ECG), from a user using a biometric scanner (7), generating a captured template based on the data using a template extraction module (12) and comparing using a comparison module (13) the captured template with a database of templates stored on a memory (14) each associated with a registered user. If a match is found, the quality of the captured template is compared with the quality of the stored template and the stored template is replaced with the captured template if the quality of the captured template is higher.

Description

ACCESS MANAGEMENT SYSTEM AND METHOD
This invention relates generally to an access management system and method. More specifically, although not exclusively, this invention relates to access management systems and methods that incorporate biometric authentication to selectively control access to, for example, one or more elements, features or aspects in a network or system.
Traditional access management systems often incorporate keys, identification badges, passwords and/or personal identification numbers, which can be forgotten, stolen or duplicated. Contradistinctively, biometric authentication relies on one or more unique immutable human characteristics that are not susceptible to such issues. Biometrics therefore provide a superior level of security, convenience and ease of use.
Access management systems incorporating biometric authentication are known and generally include one or more biometric scanners configured to capture a biometric sample from a user, for example, fingerprints, retinal patterns, facial patterns, voice patterns, echocardiographic patterns and so on. The captured biometric sample is then compared to a database of registered templates to associate the captured sample with a registered individual and to provide the user with access characteristics associated with that registered individual. In order to populate the database, user templates are captured and stored by a process commonly referred to as enrolment.
During enrolment, a biometric scan is captured and processed to isolate certain features and to provide a synthesis of relevant characteristics extracted from those features. For example, where the biometric data is a fingerprint an image is captured and fingerprint ridge outlines are isolated from which minutiae data is extracted and used to generate a template.
Similar processes are used to create templates for retinal, facial, voice and/or echocardiographic patterns.
The quality of the biometric data acquired during a scan will depend on the properties of the source as well as the fidelity and utility of the scan. Properties of the source that can affect the quality of the biometric data include, for example, finger scars in the case of fingerprints. The fidelity of the scan can be affected by, for example, the quality of the scanner or the distortion of features in a captured image. Utility is dependent upon the extent or size of the scan, for example the proportion or extent of requisite features actually captured during the scan. One measure that provides an indication of overall quality is the minutiae data, for example the number of useable minutia points.
For the avoidance of doubt, the terms minutiae, minutiae data and minutia points as used herein refer not only to data comparators derived from fingerprint scans, but also to those derived from any other type of biometric data, such as retinal patterns, facial patterns, voice patterns, echocardiographic patterns and the like.
The accuracy of or confidence in a match between a captured biometric sample and the template in the database is dependent upon the quality of both the template and the sample.
For example, if the useable minutiae data in each of the template and the sample is extensive then more data points are available for comparison, leading to a greater level of confidence in the result of the comparison. Conversely, where the quality of one or both of the sample and/or the template is low then less data points are available for comparison, is leading to a lower level of accuracy or confidence.
It is therefore necessary to ensure that the quality of the template generated during enrolment is as high as possible in order to maximise the accuracy of or confidence in subsequent authentications. However, many factors can affect the quality of the template including not only features of the system, such as the quality of the scanner, the template extraction algorithm or the matching algorithm, but also features or actions of the user. For example, where the biometric data relates to fingerprints, the user may have wet or dry fingers or may not place their finger or thumb on the scanner correctly. Similarly, in the case of a retinal patterns the user may, for example, be unable to remain steady or may have a drooping eye lid.
As a result of the aforementioned issues, the minimum confidence values for authentication are often set lower than desirable in order to avoid false rejections. However, reducing these threshold values increases the likelihood of false acceptances, which adversely affects the reliability of the authentication and results in diminished security levels.
It is therefore a first non-exclusive object of the invention to provide an access management system and method using biometric authentication in which the likelihood of false rejections and/or false acceptances is reduced. It is a more general non-exclusive object of the invention to provide an improved access management system and method that mitigates one or more issues associated with known access management systems and methods.
Accordingly, a first aspect of the invention provides a method for managing access to a network or system and/or for updating an access management system, the method comprising the steps of: a) providing a database on or in which is stored one or more biometric templates each associated with a registered individual; b) capturing biometric data from a user and optionally generating a captured template therefrom or based thereon; c) comparing the captured biometric data or template with at least one of the stored templates in order to determine whether the user corresponds to or matches a registered individual; and d) updating or replacing or overwriting the stored template with the biometric data or is the or a biometric template generated from or based on the captured biometric data if a correspondence or match is found and/or if the quality of the captured biometric data or template is higher or superior to the quality of the stored template.
The quality of the stored templates is therefore improved continuously through use of the system and without the need for supervision by authorised staff. The applicants have discovered that not only does this reduce the administrative burden during the enrolment stage, but the system can be upgraded to improve security without the need for re-enrolment. For example, more advanced scanning equipment and/or template extraction or matching algorithms offering improved template generation and/or increased security may be incorporated into the system with stored templates being upgraded during normal use, rather than requiring re-enrolment.
The method may further comprise authorising or permitting or prohibiting or denying access to one or more elements, features, aspects, devices or locations of the or a network or system or to one or more features thereof or of the network or system, which may comprise a protected network or system, for example a network or system whose access is controlled, in use, by the method or by the access management system. The method may comprise authorising or allowing or permitting access if, e.g. only if, a correspondence or match is found.
The method or comparing step may further comprise comparing user privileges associated with a registered individual, e.g. determined to correspond to or match the captured biometric data or template, with the access desired or required or requested by the user and/or authorising or permitting access if, e.g. only if, such user privileges comprise or permit or enable such access.
The capturing step may comprise capturing biometric data from a user, e.g. via or using a biometric data capture means or input or element or device or apparatus or scanner or reader, which may be associated with a device or location or a group of devices or locations of the network or system, for example to which access is required or desired or requested by the user. In some embodiments, the capturing step comprises capturing biometric data from a user, e.g. via or using one of two or more, such as a plurality of, biometric data capture means or inputs or elements or devices or apparatus or scanners or readers, each of which may be associated with a device or location, or a group of devices or locations, of is the network or system, e.g. to which access is required or desired or requested by the user.
The one or more devices may, for example comprise one or more or any combination of photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or associated with a group selected therefrom.
The method may further comprise tracking a usage by the user of a device, for example a device to which access is permitted, and/or updating a usage and/or transaction database with the usage, e.g. one or more details or features of the usage. Additionally or alternatively, the method may further comprise calculating a transaction fee, which may be associated with the tracked usage or with a usage by the user of a device. The method may further comprise updating the or a usage and/or transaction database with the transaction fee. In some embodiments, the method comprises updating the usage and/or transaction database with one or more details or features of the tracked usage and a transaction fee associated with such usage.
The quality may comprise or be determined or measured by a quality value. The quality or quality value of the captured biometric data and/or of at least one of the captured and/or stored templates may be dependent on or comprise or measured or determined by the number of data points, for example usable data points, e.g. available for comparison. In some embodiments, the quality or quality value of the captured biometric data and/or of the stored template comprises, or is measured or compared with respect to, the minutiae data or the number of useable minutia points, e.g. available therefor or derived or derivable therefrom and/or available for comparison.
The method may further comprise the step of comparing quality values of the biometric data captured from the user or of the captured template, for example with that of the stored template, e.g. with that of a stored template determined to correspond or match the biometric data captured from the user or a template generated therefrom, for example in order to determine whether the quality of the captured template is higher or superior to the io quality of the stored template.
At least one or each of the captured and/or stored templates may comprise a template format, which may comprise a predetermined number of available data points or comparison points or comparison data points. One or more or each template and/or the is template format may further include one or more positions and/or directions, for example a position and direction in respect of each minutia point. One or more of the quality values may comprise or be determined by comparing the data points or useable data points thereof with the data points or comparison points or comparison data points of the template format, e.g. the maximum such points, for example by comparing the number of such points in each of the captured template and the template format. For example, one or more of the quality values may comprise or be determined by calculating the ratio of data points or useable data points or minutia points or useable minutia points thereof with the number, e.g. maximum number, of data points or comparison points or comparison data points available in the template format.
The method may further comprise the step of determining a quality value for one or more or each of the biometric data captured from the user and/or the captured template and/or one or more of the stored templates. In some embodiments, the method comprises the step of determining a quality value for one or more of the stored templates, for example to which the user corresponds or matches, e.g. if and/or only if a correspondence or match is found. However, the database preferably includes a quality value in respect of each stored template that is also preferably associated therewith.
The method or comparing step may further comprise determining a confidence level or value, for example associated with the correspondence or match between the captured and stored templates or with the determination, e.g. of whether the user corresponds to or matches a registered individual. The method may comprise finding a determination of correspondence or of a match if, e.g. only if, the determined confidence level or value is higher than a predetermined level or value. Additionally or alternatively, the method may comprise authorising or permitting access if, e.g. only if, the determined confidence level or value is higher than a predetermined level or value. The predetermined confidence level or value may be, for example 50% or 60% or 70% or 80% or 90%.
In some embodiments, the minimum threshold value is at least partially dependent upon the quality of the stored template or an average quality of all stored templates or a group thereof and/or the threshold value may be increased or altered if and/or when the or at least one of the stored templates is updated or replaced or overwritten. In some embodiments, each or at least one of the stored templates may comprise a minimum threshold value that is different from the or at least one of the other stored templates.
In some embodiments, the confidence level or value is determined by calculating the ratio of the number of data points or minutia points that match or correspond, e.g. substantially, between the captured and stored template and the number of data points or comparison points or comparison data points, e.g. the maximum such points, available in the template format.
The step of generating a captured template may be carried out using a template extraction algorithm. The comparing step may be carried out using a comparison or matching or identification algorithm and/or may comprise comparing the template generated from the captured biometric data, or the captured biometric template, with the at least one of the one or more stored templates. The comparing step may comprise comparing or matching minutia points, e.g. of the captured template, on position and direction against the minutia points, e.g. of one or more of the stored templates, and/or determining whether the captured template comprises the same and/or a mirror reflection of the stored template or one of the stored templates.
The method may further comprise the step of enrolling at least one of the one or more registered individuals. In some embodiments, the method or the enrolling step comprises capturing biometric data from one or more individuals to be registered and/or generating a template or respective template from the biometric data captured from the or the respective individual and/or for the or each individual to be registered, for example using the or a template extraction algorithm. The method or the enrolling step may further comprise storing the template generated and/or its quality value, for example if the quality thereof or of the biometric data captured from the individual to be registered or of the template generated therefrom is greater than or superior to a predetermined minimum threshold, for example 50% or 60% or 70% or 80% or 90%.
The capturing step preferably comprises capturing one or more fingerprints, but may additionally or alternatively comprise capturing one or more or any combination of retinal patterns, facial patterns, voice patterns, echocardiographic patterns. At least one or each of the templates may comprise minutiae data, for example one or more minutia points. In some embodiments, the or each template is generated using a template format, which may comprise 20 minutia points, but preferably comprises at least 20 minutia points, for example at least 40, 50, 60 70 or 80 minutia points. In particularly preferred embodiments, the is template format comprises at least 90 minutia points, for example 92 minutia points. Where technology permits, the template format may comprise more than 100 minutia points.
The database may comprise a plurality of biometric templates and/or be stored on a memory or memory means and/or one or more of the comparing and/or determining and/or updating or replacing or overwriting steps may be carried out using a processor or processing means, for example wherein at least a portion of the biometric data capture means may be located remotely with respect to the memory means and/or processing means.
Another aspect of the invention provides an access management system comprising biometric data capture means, a processor and a memory operatively connected to the processor and/or on which is stored a database of one or more biometric templates each associated with a registered individual, the processor being configured to carry out one or more steps according to the method described above.
Another aspect of the invention provides an access management system, e.g. for managing access to a network of devices, the system comprising a memory on which is stored a database of one or more biometric templates each associated with a registered individual, a processor operatively connected to the memory and a biometric data capture means, e.g. for association with at least one device whose access is to be managed, wherein the system is configured to capture biometric data from a user and/or generate a captured template from or based on biometric data captured from a user via the biometric data capture means, to compare the captured biometric data or template with at least one of the one or more stored templates in order to determine whether the user corresponds to or matches a registered individual and to update or replace or overwrite the stored template with the biometric data or the or a biometric template generated from or based on the captured biometric data if a correspondence or match is found and/or if the quality of the captured biometric data or template is higher or superior to the quality of the stored template.
For the avoidance of doubt, any of the features described herein apply equally to any aspect of the invention. For example, any of the features of the method described above may be incorporated within the system and/or the system may be configured or programmed or adapted to cariy out any one or more steps or features of the method.
The system is preferably also configured to permit or deny access to one or more features of a device of the network or system or to one or more features thereof based on the determination of the comparison. More specifically or alternatively, the system may be configured to instruct or cause the device in respect of which access is requested to permit or deny access to one or more features thereof based on the determination of the comparison.
The system may further comprise a template extraction module or algorithm or element, e.g. for generating or configured to generate a captured template from or based on biometric data captured, in use, from a user via the biometric data capture means.
Additionally or alternatively, the system may comprise a comparison module or algorithm or element, e.g. for comparing or configured to compare the captured biometric data or template with at least one of the one or more stored templates, for example in order to determine whether the user corresponds to or matches a registered individual. The comparison module or algorithm or element may further be for determining or configured to determine a confidence value associated with the correspondence or match between the captured and stored templates, for example wherein the system or comparison module or algorithm or element or processor is configured to find a correspondence or match if, e.g. only if, the confidence value is greater than a minimum threshold value, for example 50% or 60% or 70% or 80% or 90%. The system or comparison module or algorithm or element may be configured to set or determine or calculate the or a minimum threshold value at least partially in dependence upon the quality of the stored template or an average quality of all stored templates or a group thereof. The comparison module or algorithm or element may additionally or alternatively be suitable for or configured to carry out one or more steps or features of the comparison step of the method described above.
The biometric data capture means may comprises one or more biometric scanners, for example each for association with one or more, for example one of two or more or a plurality of devices of a network, e.g. whose access is to be managed, or for association with a io group of such devices. The one or more biometric scanners may comprise a plurality of biometric scanners, for example each associated with or mounted adjacent to a respective device of the network whose access is to be managed. The one or more devices may comprise one or more photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or is any group selected therefrom.
The system may further comprise a transaction module or algorithm or element, e.g. for tracking or configured to track a usage by the user of a device to which access is permitted and/or for updating or configured to update a usage and/or transaction database stored on the memory, for example with one or more details or features of the usage and/or one or more values calculated or determined therefrom, such as a transaction fee that may be calculated based on or from the usage or from one or more details or features thereof.
The system may further comprise an enrolment biometric scanner, e.g. for capturing biometric data from an individual to be registered, for example wherein the system may be configured to carry out one or more of the enrolment steps of the method described above.
At least one or each of the biometric data capture means or scanners may comprise a fingerprint scanner. Additionally or alternatively, at least one or each of the biometric data capture means or scanners may comprise one or more of a retinal scanner, a camera, a voice recorder and echocardiograph.
A further aspect of the invention provides a computer program element comprising computer readable program code means for causing a processor to execute a procedure to implement the aforementioned method. A yet further aspect of the invention provides the computer program element embodied on a computer readable medium.
A yet further aspect of the invention provides a computer readable medium having a program stored thereon, where the program is arranged to make a computer execute a procedure to implement the aforementioned method.
A yet further aspect of the invention provides a retrofit kit for adapting an existing access management system to function as an access management system as described above, the retrofit kit comprising a computer program element and/or a computer readable medium as described above.
A yet fuither aspect of the invention provides a biometric scanner, e.g. specifically adapted for incorporation into an access management system as described above, which scanner may be configured to carry out at least a portion of one or more steps of the method.
Within the scope of this application it is expressly envisaged that the various aspects, embodiments, examples and alternatives set out in the preceding paragraphs, in the claims and/or in the following description and drawings, and in particular the individual features thereof, may be taken independently or in any combination. Features described in connection with one aspect or embodiment of the invention are applicable to all aspects or embodiments, unless such features are incompatible.
Embodiments of the invention will now be described by way of example only with reference to the accompanying drawings in which: Figure 1 is a schematic representation of a network of devices whose access is controlled by an access management system according to one embodiment of the invention; and Figure 2 is a flow chart illustrating the enrolment process using the access management system of Figure 1; Figure 3 is a schematic of part of a fingerprint highlighting examples of minutiae data; Figure 4 illustrates three examples of fingerprints having associated quality issues; Figure 5 illustrates the effect of the orientation of a finger during a scan; Figure 6 illustrates the correct orientation of a finger during a scan; Figure 7 illustrates examples of incorrect orientations of a finger during a scan; and Figure 8 is a flow chart illustrating a method according to one embodiment of the io invention using the access management system of Figure 1.
Referring now to Figure 1, there is shown an access management system 1 for managing access to a network 2 of devices 3, 4, 5. The devices 3, 4, 5 include printer/photocopiers 3, point of sale (POS) terminals 4, and access doors 5. The access management system 1 includes a central computer 10 incorporating a processor 11, a template extraction module 12, a comparison module 13 and a memory 14 on which is stored a registration database of biometric templates each associated with a registered individual. In this embodiment, the access management system also incorporates a transaction module 15 for tracking details of the usage of the devices 3, 4, 5 by users of the system 1 and updating a usage database also stored on the memory 14.
The access management system 1 includes a plurality of biometric scanners 6, 7, which are fingerprint scanners 6, 7, although other types of biometric scanners are envisaged without departing from the scope of the invention. The scanners 6, 7 include an enrolment scanner 6 mounted adjacent to the central computer 10 and a plurality of remote biometric scanners 7 each mounted adjacent to and associated with a respective device 3, 4, 5. Each of the remote scanners 7 and each of the device 3, 4, 5 is operatively connected to the central computer 10 via respective network cables 7a, 3a, 4a, 5a in this embodiment, although wireless connections are also envisaged, such as wireless network connections.
In this embodiment, the access management system 1 incorporates a computer network through which each of the devices 3, 4, 5 and remote scanners 7 are connected to the central computer 10 and are allocated individual addresses, for example internet protocol addresses.
In order to populate the registration database on the memory 14, each individual to be registered undergoes an enrolment procedure 8, which is outlined in the flow chart of Figure 2. First, a biometric scan 80 is carried out, which is a fingerprint scan 80 using the enrolment scanner 6 in this embodiment. The biometric data derived from the scan 80 is then sent from the enrolment scanner 6 to the template extraction module 12 for minutiae data extraction 81 and template generation 82. The processor 11 carries out a quality value calculation 83 for the generated template by dividing the number of useable minutia points in the generated template by the maximum number of data comparison points available for the template format. In this embodiment, the template format includes 92 data comparison points, each of which includes position and direction data. The processor 11 then carries out a quality threshold determination 84 such that if the calculated quality value is greater than a predetermined threshold value, in this case 50%, then the template is stored 85 in the registration database together with its quality value, but if it is not the template is rejected 86 and the process must be repeated.
Figure 3 illustrates a series of features of a fingerprint 87 from which minutiae data may be extracted and templates may be generated. These include, for example, ridge endings 87a, enclosures 87b, bifurcations 87c and islands 87d. Such techniques are known in the art and will not be described further herein.
Figure 4 illustrates three examples of fingerprint scans 88a, 88b, 88c. The first scan 88a was carried out on a dry finger and shows faint ridge definition which is unlikely to provide much, if any, useable minutiae data. The second scan 88b was carried out on a finger that was excessively wet and exhibits merging ridges which is also unlikely to provide much useable minutiae data. These two scans illustrate examples of scenarios that can affect the fidelity of the scan. The third scan 88c is of a finger having excessive scarring, which are properties of the source of biometric data and will also affect the extent of useable minutiae data. These scans 88a, 88b, 88c show examples of how scan quality can be affected by factors independent of the quality of the equipment used.
Figure 5 illustrates the effect of different finger orientations about an axis perpendicular to the scan plane. Generally, minutiae data extraction algorithms are able to cope with some variation in orientation, for example up to 45°, but excessive variation can also cause a reduction in the quality of the templates generated from the data.
Similarly, Figures 6 and 7 illustrate respectively acceptable and unacceptable finger orientations during the scan, wherein the orientation shown in Figure 7 adversely affects the utility of the scan. Specifically, the orientation shown in Figure 7 would only result in a scan of the fingertip, which provides a considerably less extensive image from which to extract the minutiae data, while the orientation shown in Figure 6 enables the scanner to capture a much more extensive image of the finger.
Turning now to the method 9 illustrated by the flow chart in Figure 8, when access to one of the devices 3, 4, 5 is required by a user, the user (not shown) places their finger on the io relevant remote scanner 7 and a biometric scan 90 is carried out. As with the enrolment process 8, the biometric data derived from the scan 90 is sent from the remote scanner 7 to the template extraction module 12 for minutiae data extraction 91 and template generation 92. The processor 11 carries out a quality value calculation 93 for the captured template by dividing the number of useable minutia points in the captured template by 92, i.e. the number of data comparison points available for the template format. The processor 11 then carries out a quality threshold determination 94 such that if the calculated quality value is greater than a predetermined threshold value, in this case 50%, then a comparison is carried out by the comparison module 13 between the captured template and one or more templates stored in the registration database, but if it is not the template is rejected 96 and the process must be repeated.
There are two distinct approaches to biometric recognition, the first is commonly referred to as verification and the second is generally referred to as identification. The verification approach is a one-to-one matching process in which the user identifies themselves and a biometric sample is captured and compared to a previously registered or stored template.
If the sample matches the template, the user is "verified" as the individual and granted the privileges and access of the verified individual. The identification approach is a one-to-many matching process in which the user need not identify themselves. Rather the captured biometric sample is compared to a registration database of existing templates of registered or stored users and, when a match is found, the user is "identified" as the individual and granted the privileges and access of the identified individual.
This embodiment of the invention involves an identification based biometric recognition approach, although it is envisaged that the system 1 of the invention may be configured to carry out a verification based biometric recognition.
In this embodiment, the comparison 95 is therefore carried out against all of the stored templates. This process is simplified by suitable categorisation or classification of the templates, thereby saving processing time. Specifically, the comparison 95 is carried out by an identification algorithm which orders the stored templates based on the enrolled templates statistics by order of position and direction as well as number of points within the templates. The matching process uses a compartmental process or binary listing to lower the time to match. The comparison 95 involves comparing the minutia points of the captured template on position and direction against the minutia points of the stored templates to determine the degree of correspondence between the minutia points. A confidence value is calculated based on the degree of correspondence. In this embodiment, the confidence value is determined by calculating the ratio of the number of minutia points that match or correspond between the captured and stored templates and the number of data points available in the template format.
The processor 11 then carries out a match determination 97, which involves assessing the confidence value or values determined by the comparison module 13 to establish first whether a match has been found that meets the minimum confidence value, which is 50% in this embodiment. If such a match is found, the processor 11 determines whether the registered individual associated with that stored template is authorised to access the requested device or feature or location. If a match is found that meets the minimum confidence value and the registered individual is found to be authorised for the requested access, then access is permitted 98, but if no match is found or if the privileges of the matched individual do not permit such access, then access is denied 99.
If access is permitted, the transaction module 15 tracks the usage of the devices 3, 4, 5 by the user and updates the usage database. For example, where an item is purchased from the POS terminal 4 or a file is printed by the printer/photocopier 3, the transaction module calculates a transaction fee and updates the usage database with details of the usage (e.g. items purchased and/or number of pages printed) together with the transaction fee calculated by the transaction module 15. The system 1 in this embodiment communicates with an account management system (not shown), which manages payments and credit limits.
In parallel, the processor carries out a quality comparison 100 between the captured template and the stored template. If and only if the quality of the captured template is greater than that of the stored template, the stored template is overwritten 101 with the captured template and its quality value. Thus, the quality of the templates stored in the registration database is improved any time a valid authorisation is 98 occurs. This continuous improvement is independent of the enrolment process and does not require additional resources, since it is carried out automatically by the system 1.
It will be appreciated by those skilled in the art that several variations to the aforementioned embodiments are envisaged without departing from the scope of the invention. For example, the quality may be measured or the quality value calculated in a different way and/or the quality value threshold may be set to any suitable value. Indeed, the system 1 may be configured to increase the threshold value as the quality of the stored templates improves. Additionally or alternatively, the biometric scanners 6, 7 need not comprise fingerprint scanners 6, 7 and may additionally or alternatively be configured to capture one or more other biometric characteristics or data. The system 1 need not incorporate a transaction module 15 as this may be incorporated within the account management system (not shown) or usage may not be tracked and/or the account management system (not shown) may be omitted.
For the avoidance of doubt, although the template extraction, comparison and transaction modules 12, 13, 15 are illustrated as components in Figure 1, it is envisaged and indeed intended that such modules are incorporated as software modules, rather than hardware modules. However, including them as hardware modules is also envisaged within the scope of the invention. Indeed, it will be appreciated that any features of the system 1 may be incorporated within existing hardware. For example the biometric scanners 6 may be incorporated within the hardware of the central computer, e.g. wherein an integral camera may be configured to capture a fingerprint and/or an integral microphone may be configured to capture a voice pattern. Similarly, the biometric scanners 7 associated with the devices 3, 4, 5 may be incorporated within one or more hardware elements thereof.
It will also be appreciated by those skilled in the art that any number of combinations of the aforementioned features and/or those shown in the appended drawings provide clear advantages over the prior art and are therefore within the scope of the invention described herein.

Claims (23)

  1. CLAIMS1. A method for managing access to a network of devices, the method comprising the steps of: a) providing a database on or in which is stored one or more biometric templates each associated with a registered individual; b) capturing biometric data from a user; c) generating a captured template from or based on the captured biometric data; d) comparing the captured template with at least one of the stored templates in order to determine whether the user corresponds to or matches a registered individual; e) permitting or denying access to one or more features of a device of the network or system or to one or more features thereof based on the determination in the comparison step; and is f) replacing the stored template with the captured template if a correspondence or match is found and if the quality of the captured template is higher or superior to the quality of the stored template.
  2. 2. Method according to claim 1, wherein the capturing step comprises capturing biometric data from a user via one of a plurality of biometric scanners each associated with a device or location or a group of devices or locations of the network.
  3. 3. Method according to claim 1 or claim 2, wherein the capturing step comprises capturing biometric data from a user via one of a plurality of biometric scanners each associated with one of a plurality of photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or associated with a group selected therefrom.
  4. 4. Method according to any preceding claim further comprising tracking a usage by the user of a device to which access is permitted and updating a usage and/or transaction database with one or more details or features of the usage.
  5. 5. Method according to any preceding claim, wherein the comparison step comprises determining a confidence value associated with the correspondence between the captured and stored templates and a determination of a correspondence or match is only found if the confidence value is greater than a minimum threshold value.
  6. 6. Method according to claim 5, wherein the minimum threshold value is at least partially dependent upon the quality of the stored template or an average quality of all stored templates or a group thereof.
  7. 7. Method according to any preceding claim further comprising the step of enrolling at least one of the one or more registered individuals by: a) capturing biometric data from an individual to be registered; b) generating a template from the biometric data captured from the individual; and c) storing the template if the quality thereof is greater than or superior to a predetermined minimum threshold.is
  8. 8. Method according to any preceding claim, wherein the captured andlor stored templates comprise a template format and the quality thereof is determined by comparing the useable data points therein or thereof to the data points available in the template format.
  9. 9. Method according to any preceding claim, wherein the or each capturing step comprises capturing one or more fingerprints.
  10. 10. Method according to any preceding claim, wherein the or each capturing step comprises capturing one or more retinal patterns, facial patterns, voice patterns, echocardiographic patterns.
  11. 11. An access management system for managing access to a network of devices, the system comprising a memory on which is stored a database of one or more biometric templates each associated with a registered individual, a processor operatively connected to the memory and a biometric data capture means for association with at least one device whose access is to be managed, wherein the system is configured to: a) capture biometric data from a user; b) generate a captured template from or based on biometric data captured from a user via the biometric data capture means; c) compare the captured template with at least one of the one or more stored templates in order to determine whether the user corresponds to or matches a registered individual; d) permit or deny access to one or more features of a device of the network or system or to one or more features thereof based on the determination of the comparison; and e) replace the stored template with the captured template if a correspondence or match is found and if the quality of the captured biometric data or template is higher or superior to the quality of the stored template
  12. 12. Access management system according to claim 11, wherein the biometric data capture means comprises one or more biometric scanners each for association with one of two or more devices of a network whose access is to be managed.
  13. 13. Access management system according to claim 11 or claim 12, wherein the biometric data capture means comprises a plurality of biometric scanners each associated with one of a plurality of photocopiers and/or printers and/or point of sale terminals and/or cash revaluation terminals and/or credit replenishment terminals and/or access doors or associated with a group selected therefrom.
  14. 14. Access management system according to any one of claims 11 to 13 further comprising a transaction module for tracking a usage by the user of a device to which access is permitted and for updating a usage and/or transaction database stored on the memory with one or more details or features of the usage and/or one or more values calculated or determined therefrom.
  15. 15. Access management system according to any one of claims 11 to 14 further comprising a comparison module for comparing the captured template with one or more stored templates and for determining a confidence value associated with the correspondence or match between the captured and stored templates, wherein the system is configured to find a correspondence or match only if the confidence value is greater than a minimum threshold value.
  16. 16. Access management system according to claim 15, wherein the minimum threshold value is at least partially dependent upon the quality of the stored template or an average quality of all stored templates or a group thereof.
  17. 17. Access management system according to any one of claims 11 to 16 further comprising an enrolment biometric scanner for capturing biometric data from an individual to be registered, wherein the system is configured to: a) capture biometric data from an individual to be registered via the enrolment biometric scanner; b) generate a template from the biometric data captured from the individual; and c) store the template if the quality thereof is greater than or superior to a predetermined minimum threshold.
  18. 18. Access management system according to any one of claims 11 to 17, wherein the biometric data capture means comprises a fingerprint scanner.
  19. 19. Access management system according to any one of claims 11 to 18, wherein the biometric data capture means comprises one or more of a retinal scanner, a camera, a voice recorder and echocardiograph.
  20. 20. A computer program element comprising computer readable program code means for causing a processor to execute a procedure to implement a method according to any one of claims ito 10.
  21. 21. A computer readable medium having a program stored thereon, wherein the program is arranged to make a computer execute a procedure to implement a method according to any one of claims 1 to 10.
  22. 22. A retrofit kit for adapting an existing access management system to function as an access management system according to any one of claims 11 to 19, the retrofit kit comprising a computer program element according to claim 20 or a computer readable medium according to claim 21.
  23. 23. A biometric scanner specifically adapted for incorporation into an access management system according to any one of claims 11 to 19.
GB1412244.4A 2014-07-09 2014-07-09 Access management system and method Expired - Fee Related GB2511467B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1412244.4A GB2511467B (en) 2014-07-09 2014-07-09 Access management system and method
PCT/GB2015/051994 WO2016005759A1 (en) 2014-07-09 2015-07-09 Access management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1412244.4A GB2511467B (en) 2014-07-09 2014-07-09 Access management system and method

Publications (3)

Publication Number Publication Date
GB201412244D0 GB201412244D0 (en) 2014-08-20
GB2511467A true GB2511467A (en) 2014-09-03
GB2511467B GB2511467B (en) 2015-03-11

Family

ID=51292741

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1412244.4A Expired - Fee Related GB2511467B (en) 2014-07-09 2014-07-09 Access management system and method

Country Status (2)

Country Link
GB (1) GB2511467B (en)
WO (1) WO2016005759A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018231122A1 (en) * 2017-06-15 2018-12-20 Fingerprint Cards Ab Template matching of a biometric object
EP3584741A4 (en) * 2017-03-08 2020-05-13 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Fingerprint registration method and related product

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008065572A (en) * 2006-09-07 2008-03-21 Konica Minolta Business Technologies Inc Method for updating biometric information used in biometric authentication system, and biometric authentication system
US20080212846A1 (en) * 2007-01-09 2008-09-04 Kazuya Yamamoto Biometric authentication using biologic templates
US20100060417A1 (en) * 2008-09-05 2010-03-11 Fujitsu Limited Biometrics authentication device and biometrics authentication method
EP2416274A1 (en) * 2009-03-30 2012-02-08 Fujitsu Limited Biometric authentication device, biometric authentication method, and storage medium
US20130038426A1 (en) * 2010-01-28 2013-02-14 Fujitsu Limited AUTHENTICATION DEVICE, AUTHENTICATION SYSTEM, and AUTHENTICATION METHOD
WO2014040124A1 (en) * 2012-09-11 2014-03-20 Auraya Pty Ltd Voice authentication system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7542590B1 (en) * 2004-05-07 2009-06-02 Yt Acquisition Corporation System and method for upgrading biometric data
US8483450B1 (en) * 2012-08-10 2013-07-09 EyeVerify LLC Quality metrics for biometric authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008065572A (en) * 2006-09-07 2008-03-21 Konica Minolta Business Technologies Inc Method for updating biometric information used in biometric authentication system, and biometric authentication system
US20080212846A1 (en) * 2007-01-09 2008-09-04 Kazuya Yamamoto Biometric authentication using biologic templates
US20100060417A1 (en) * 2008-09-05 2010-03-11 Fujitsu Limited Biometrics authentication device and biometrics authentication method
EP2416274A1 (en) * 2009-03-30 2012-02-08 Fujitsu Limited Biometric authentication device, biometric authentication method, and storage medium
US20130038426A1 (en) * 2010-01-28 2013-02-14 Fujitsu Limited AUTHENTICATION DEVICE, AUTHENTICATION SYSTEM, and AUTHENTICATION METHOD
WO2014040124A1 (en) * 2012-09-11 2014-03-20 Auraya Pty Ltd Voice authentication system and method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3584741A4 (en) * 2017-03-08 2020-05-13 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Fingerprint registration method and related product
US11164022B2 (en) 2017-03-08 2021-11-02 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for fingerprint enrollment, terminal, and non-transitory computer readable storage medium
WO2018231122A1 (en) * 2017-06-15 2018-12-20 Fingerprint Cards Ab Template matching of a biometric object
US11216639B2 (en) 2017-06-15 2022-01-04 Fingerprint Cards Anacatum Ip Ab Template matching of a biometric object

Also Published As

Publication number Publication date
WO2016005759A1 (en) 2016-01-14
GB2511467B (en) 2015-03-11
GB201412244D0 (en) 2014-08-20

Similar Documents

Publication Publication Date Title
CN111133433B (en) Automatic authentication for access control using face recognition
Ross et al. Handbook of multibiometrics
AU2016214084B2 (en) Systems and methods for performing fingerprint based user authentication using imagery captured using mobile devices
Bolle et al. Guide to biometrics
US10580243B2 (en) Conditional and situational biometric authentication and enrollment
US9355236B1 (en) System and method for biometric user authentication using 3D in-air hand gestures
US10509943B2 (en) Method of processing fingerprint information
US20140059675A1 (en) Biometric authentication
WO2006012132A2 (en) Generation of directional field information in the context of image processing
WO2006012053A2 (en) Generetion of quality field information in the context of image processing
JP2009544092A (en) Hybrid biometric system
Jaafar et al. A review of multibiometric system with fusion strategies and weighting factor
WO2014097340A2 (en) Method for evolutionary biometric recognition having speed and security features suitable for pos/atm applications
Patil et al. Multi-modal biometric system using finger knuckle image and retina image with template security using PolyU and DRIVE database
US9773150B1 (en) Method and system for evaluating fingerprint templates
WO2016005759A1 (en) Access management system and method
WO2021148844A1 (en) Biometric method and system for hand analysis
Kiran et al. Biometric authentication: a holistic review
KR100456463B1 (en) A Hybrid Fingerprint Verification Method using Global and Local Features
US20080290991A1 (en) Procedure for the determination of an authorization
US10984085B2 (en) Biometric recognition for uncontrolled acquisition environments
JP6346359B1 (en) Signature verification system
Szczepanik et al. Security lock system for mobile devices based on fingerprint recognition algorithm
Cucinotta et al. Hybrid fingerprint matching on programmable smart cards
Pandiaraja et al. An Overview of Joint Biometric Identification for Secure Online Voting with Blockchain Technology

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220709