GB2580769A - A server in communication with an identity card holder and system - Google Patents

A server in communication with an identity card holder and system Download PDF

Info

Publication number
GB2580769A
GB2580769A GB1917497.8A GB201917497A GB2580769A GB 2580769 A GB2580769 A GB 2580769A GB 201917497 A GB201917497 A GB 201917497A GB 2580769 A GB2580769 A GB 2580769A
Authority
GB
United Kingdom
Prior art keywords
identity card
identity
card holder
user
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1917497.8A
Other versions
GB2580769B (en
GB201917497D0 (en
Inventor
Swallow Craig
Davies Nick
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Soloproject Ltd
Original Assignee
Soloproject Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Soloproject Ltd filed Critical Soloproject Ltd
Priority to GB1917497.8A priority Critical patent/GB2580769B/en
Priority claimed from GB1709815.3A external-priority patent/GB2563608B/en
Publication of GB201917497D0 publication Critical patent/GB201917497D0/en
Publication of GB2580769A publication Critical patent/GB2580769A/en
Application granted granted Critical
Publication of GB2580769B publication Critical patent/GB2580769B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/90Services for handling of emergency or hazardous situations, e.g. earthquake and tsunami warning systems [ETWS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2139Recurrent verification

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Emergency Management (AREA)
  • Environmental & Geological Engineering (AREA)
  • Public Health (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A server comprising a processor 410, a memory 420 and a first electronic interface 440 is capable of establishing long-range communications with an identity card holder (100) remote from the server system 400. The server is configured to receive user information through the first electronic interface from the card holder and send, when the identity of a registered user is confirmed, information relating to a pairing of an identity card (10) and the corresponding identity card holder to a workforce management system for recording time and attendance of the corresponding registered user. Wherein, the user information either confirms the identity of a registered user now linked to the identity card holder, or is an identity code of the identity card that enables the identity of a registered user to be confirmed. The registered user could be added to an alarm or alert platform which could issue a risk indication based on a geolocation engine.

Description

A SERVER IN COMMUNICATION WITH AN IDENTITY CARD HOLDER AND SYSTEM
TECHNICAL FIELD
This disclosure relates to a server in communication with an identity card holder, a system, and a method.
BACKGROUND
There is an urgent need to provide improved identity card systems, especially for lone workers. As a result, identity card holders have become more sophisticated, and are known to include wireless communications abilities to allow data and voice communications with supporting computer networks and human operators, camera functionality, geolocation services, and are able to allow a user to raise an alarm, or to automatically raise an alarm in certain predefined circumstances.
Consequently, identity card holder devices with such functionality are becoming more challenging to design and manufacture, and hence more expensive than before. Additionally, these new sophisticated designs have the potential for yet unknown and surprising uses.
A goal is to provide a way of increasing the use of these more sophisticated identity card holders and systems. Another goal is to provide new uses for these more sophisticated identity card holders and systems.
SUMMARY OF THE INVENTION
Aspects and embodiments of the invention provide a server, a method and a system as claimed in the appended claims.
In this way, the invention provides a solution to or mitigates the problems with the prior identity card holder equipment and lone worker systems. Users are logged into an identity card holder via their identity card through an electronic interface. In this way, multiple users can easily and conveniently share identity card holders, and the more sophisticated functionality thereon, from a pool of identity card holders. Also, access to a more sophisticated identity card holder and system is prevented for unauthorised users. Implementers of this invention are able to provide a tailored, accurate, and relevant response to an individual user, at a pre-authorisation stage, a routine usage stage or in an emergency situation because an identity of the user of the identity card holder, and their credentials, are known by the system. The invention also provides the ability to a system to send relevant risks, permissions, and information to an identity card holder by knowing exactly who is using the identity card holder, and optionally where they are located. A more sophisticated audit logging trail can be more easily and reliably established, for lone worker protection, cost management logging, and time attendance logging.
Within the scope of this application it is expressly intended that the various aspects, embodiments, examples and alternatives set out in the preceding paragraphs, in the claims and/or in the following description and drawings, and in particular the individual features thereof, may be taken independently or in any combination. That is, all embodiments and/or features of any embodiment can be combined in any way and/or combination, unless such features are incompatible. The applicant reserves the right to change any originally filed claim or file any new claim accordingly, including the right to amend any originally filed claim to depend from and/or incorporate any feature of any other claim although not originally claimed in that manner.
BRIEF DESCRIPTION OF THE DRAWINGS
One or more embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a schematic overview of an identity card system in accordance with an embodiment of the invention; Figure 2 is a schematic overview of an identity card holder of the system of Figure 1; Figure 3 is a rear perspective view of an identity card holder in accordance with an embodiment of the invention; Figure 4 is a schematic overview of a server of the system of Figure 1; Figure 5 is a flow chart describing a method of operation of the system of Figure 1; Figure 6 is a continuation of the flow chart of Figure 5; and Figure 7 is a continuation of the flow chart of Figure 5.
DETAILED DESCRIPTION
An example embodiment of the invention is now described.
Figure 1 is a schematic overview of an identity card system in accordance with an embodiment of the invention. The identity card system comprises an identity card 10, an identity card holder 100 and a server 400. The identity card 10 is proximal the identity card holder 100, and the server 400 is remote from the identity card holder 100. Normally, the identity card holder 100 is in the field, where the field means a working environment of a user or lone worker.
The identity card 10 comprises information about a user associated with the identity card, such as a photograph and printed credentials, which may include job title, qualifications, date of birth, security access clearance level, and so on as is known to persons in this area. The identity card 10 also has radio frequency identification (RFID) functionality, and in this example the identity card 10 stores an identity code associated with the user, and is configured to send the identity code using RFID communications techniques when interrogated. While in this example embodiment RFID technology is used, other methods of communicating information from an identity card to the identity card holder are envisaged, including optical communication technology, as well as other wireless electromagnetic technologies.
Figure 2 is a schematic overview of the identity card holder 100.
The identity card holder 100 comprises a processor 110 a memory 120 a physical interface 130 configured to hold an identity card 10, a first electronic interface 140 capable of performing long-range communications with the server 400, and a second electronic interface 150 configured to receive information from the identity card 10 proximal to the identity card holder 100.
The physical interface 130 uses protruding tabs to hold the identity card 10 in place on the identity card holder 100. However, a slot and window arrangement may also be used, or any other arrangement for holding an identity card 10 in place for display. In an alternative, the identity card holder may, in addition or exclusively, use electronic means for communicating the identity of a wearer or holder of the identity card holder 100 to a third party electronic device, in which case the physical interface 130 may not be needed as long as the identity card 10 is in range of the second electronic interface 150 so that corresponding information may be relayed.
The first electronic interface 140 is a mobile cellular interface and includes appropriate antenna technology as would be known to a skilled person in the field of mobile cellular telecommunications (such as technology operating in line with and conforming to 3G or 4G telecommunications standards, as appropriate). Additionally or alternatively, the first electronic interface 140 uses wireless networking technology, such as wireless local area network technology, for example technology operating in line with and conforming to WiFi standards (e.g. IEEE 802.11).
The second electronic interface 150 uses radio frequency identification (RFID) technology to interrogate and receive information from the identity card 10. The second electronic interface 150 utilises near field communications (NFC) circuitry to interrogate identity cards in proximity to the identity card holder 100, i.e. within range of the NFC circuitry.
Proximal may also be defined as one of the following: within 1000 mm of, within 500 mm of, within 400 mm of, and physically held by the identity card holder 100.
The memory 120 stores a database of identity codes of users who are registered to use the identity card holder 100, and the processor 110 is configured to search the database of users and check whether the identity code received through the second interface 150 matches a stored identity code of a user who is registered to use the identity card holder 100.
If the identity code received through the second interface 150 matches a stored identity code of a user who is registered to use the identity card holder 100, the processor 110 is configured to instruct the first electronic interface 140 to send a confirmation message to the server 400 to confirm the identity of the user linked to the identity card holder 100 using the identity code or another associated piece of information.
The identity card holder 100 is configured to receive queued information relevant to the user from the server 400 via the first electronic interface 140, and to output that information to the user.
Figure 3 is a rear perspective view of the identity card holder 100.
The identity card holder 100 further comprises an output device 160, wherein the processor is configured to cause the queued information, received from the server 400, and relevant to the now verified user, to be output to the user via the output device 160. The output device 160 is a touch-screen display, but may be a display with no touch sensing facility or an audio output, or any other known output technology or technologies in combination.
The identity card holder 100 further comprises an emergency input device 165, such as a button, activation of which causes processor 110 to send an emergency alert to server 400 via the first electronic interface 140.
In this particular embodiment, the physical interface is arranged to display the identity card 10 so that other members of the public can see the credentials of the user, and verify the identity of the user with a photograph on the identity card, when available.
The identity card holder 100 also has a second physical interface 170 for attachment of the identity card holder 100 to a person, either directly or via a lanyard, lapel coupling or belt coupling, as is known in this field. This allows the identity card holder 100 and identity card 10 to be prominently displayed on the user or wearer.
The identity card holder 100 further comprises a geolocation module 180, such as one that is able to use Global Navigation Satellite System (GNSS) technology, such as a global positioning system (GPS) module or the like, and that can calculate the location of the identity card holder 100. Other methods of calculating geolocation may be used such as scanning codes. This location information is arranged to be output by the first electronic interface 140 to server 400, or is used locally on the identity card holder 100 to filter information, such as risk information pertinent to the user associated with the identity card 10 received from the server 400 via the first electronic interface 140, or both.
Figure 4 is a schematic overview of the server 400.
The server 400 comprises a processor 410, a memory 220, and a first electronic interface 440 capable of establishing long-range communications with the identity card holder 100 remote from the server 400. The server 400 may be a server system 400 that is distributed over several or many different individual servers 400, but is labelled as a server 400 throughout for simplicity. The server 400 is configured to communicate simultaneously with many identity card holders 100, each of which is associated with a different user. References to the identity card holder 100 and the description related thereto are equally applicable to all identity card holders 100 in the system.
The server 400 is configured to receive user information through the first electronic interface 440 from the identity card holder 100, the user information either confirming the identity of a registered user now linked to the identity card holder 100, or the identity code of the identity card 10.
The server 400 is configured to send, when the user information confirms the identity of a registered user, any queued information intended for that user to the first electronic interface 440 for onward transmission to the identity card holder 100.
The server 400 is configured to register, when the user information confirms the identity of a registered user, the registered user on an alarm platform and to load the user's profile details on the alarm platform.
The server 400 is configured to register, when the user information confirms the identity of a registered user, the registered user on an alert platform that is configured to issue risks relating to the registered user. Optionally, the alert platform issues risks using a geolocation engine and a received location of the identity card holder 100, for example a received location generated by geolocation module 180 on the identity card holder 100.
The server 400 is configured to send, when the user information confirms the identity of a registered user, information relating to a pairing of the corresponding identity card 10 and the corresponding identity card holder 100 to a workforce management system for recording time and attendance of the corresponding registered user.
The server 400 is configured to check, when the user information confirms the identity of a registered user, access permissions for the registered user and then send information to the corresponding identity card device 100 to enable or disable or limit features on the identity card device 100 accordingly. Such features may include access to documents via the identity card holder 100 or via other co-located user equipment such as a smartphone, tablet or laptop computer which each rely on functions of the identity card to access such documents. Such features may also or alternatively include alarm functionality, or camera functionality or both.
The server 400 is also configured to forward user information, for example the identity code or other identifying information of the user, to third party systems via an API or other communication mechanism. This may allow third party systems to update access control systems on certain buildings, plant, etc based on the identity card holder 100 being used by a particular user and the identity code or unique identifier of the identity card holder itself, or based on user credentials such as qualifications or employee number, or both.
The server 400 is configured to log the use of an identity card 10 with an identity card holder for audit purposes in an audit log. Such use may include logging the identity code or other identifier identifying the user associated with the identity card 10, such as a user name or other identifying detail or details, such as employee or contractor number, together with a time that the identity card 10 is used with the identity card holder 100. In addition, the audit log may record one or more of the date and time of use, period of use, frequency of use in a given time period. Credentials of the user at the time of use may also be recorded in the audit log. Location information may also be logged.
The server 400 is configured to send, when the user information is an identity code, an acceptance message to the identity card holder 100 to allow pairing of the identity card holder 100 with the identity card 10, or a rejection message to the identity card holder 100 to prevent pairing of the identity card holder 100 with the identity card 10.
Figure 5 is a flow chart describing a method of operation of the system of Figure 1.
At step S510, the NFC circuitry 150 on the identity card holder 100 periodically scans for the presence of an RFID card.
At step S520, a decision is made as to whether a card is detected or not, and if not detected, the method proceeds to step S520N where the identity card holder 100 logs out any user and sends a signal to the server 400 to confirm that the particular user has been logged out and therefore unlinked with the identity card holder 100. The server 400 then logs this event in an audit log as discussed above. If a card is detected at step S520, the method proceeds to step 3520Y and the identity code stored on the identity card 10 is read by the NFC circuitry 150.
At step S530, the method searches the database of users registered to use the identity card holder 100 stored on the identity card holder 100 (which stores a list of "pooled users" and corresponding identity codes) and checks whether the identity code received through the second interface 150 matches a stored identity code of a user who is registered to use the identity card holder 100.
At step S540, a decision is made as to whether a matching user is found in the list of pooled users. If a matching user is not found, the method proceeds to step S540N and the identity code is sent to the server 400 for verification. The verification process is outlined in Figure 6 discussed below, and instructions may be received from server 400 at step S550 that the identity code of the user should be added to the database of paired users, or rejected. If a matching user is found, the method proceeds to step S540Y and the user corresponding to the identity code read from the identity card 10 is logged into the identity card holder 100, and a confirmation message is sent to the server 400 to confirm the identity of the user linked to the identity card holder 100. Further details of what happens after the confirmation message is sent is outlined in Figure 7 and discussed below.
Figure 6 is a continuation of the flow chart of Figure 5 after step S540N.
At step S610, a check is performed to see whether the identity code is stored on the server 400 corresponding to a matching registered user. If a matching registered user is found on the server 400, the method proceeds to step S610Y, and new user information is sent to the identity card holder 100 to allow pairing of the identity card 10 and corresponding user with the identity card holder 100 in question. The method then returns to step S550 shown in Figure 5.
If a matching registered user is not found, the method proceeds to step S620 where a check is made to determine whether the identity code corresponds to a blacklisted user, that is, a user that is specifically prohibited from using the system or the identity card holder 100, or both. If the identity code corresponds to a stored blacklisted user, then at step S620Y a reject message is sent to the identity card holder 100 and pairing of the identity card and the identity card holder 100 is rejected. The functions of the identity card holder 100 are not usable until an identity card 10 corresponding to a registered user is successfully paired with the identity card holder 100. If the identity code does not correspond to a stored blacklisted user, then a dialogue is initiated by the server 200 or other system with a system administrator to authorise the identity code and corresponding user for use in the system, and for pairing with the identity card holder 100 as a pooled user. The administrator may at step S630 add the user and identity code to the blacklist and move to step S620Y, or at step S640 authorise the identity code, and optionally link the identity code to a user profile containing personal data and risk management information for that user, such as escalation lists of emergency contacts, or types of work undertaken.
After completion of steps S620Y and S640, the method returns to step S550 shown in Figure 5.
Figure 7 is a continuation of the flow chart of Figure 5 after step S540Y.
At step S710, a check is performed to see whether any pending actions corresponding to a matching user are stored on the server 400. If pending actions are found on the server 400, the method proceeds to step S710Y, and those pending actions which have been queued are released to the matching user, optionally via the identity card holder 100 or via another user device which uses the identity card holder 100 to access information. Such pending actions may include new instructions on what jobs are to be carried out, or updates as to risks or access rights to documents or buildings.
Whether or not there are pending actions, the method at step S720 may optionally register the matching user on an alarm platform, which may be part of or separate to the server 400.
As part of such registration, profile details are loaded so that any back up persons or algorithms monitoring the registered user via the identity card holder 100 and associated systems is able to know to whom they are dealing, and also know the qualification level, job title, and other pertinent information, to improve response accuracy of the alarm platform.
At step S730, the method registers the registered user for receiving risks pertinent to that registered user, which may relate to forthcoming risks based on a schedule for that user, and which may also take into account a location of the corresponding identity card holder 100. Risks are then sent to the user via the identity card holder 100 or other electronic device of the user.
At step S740, the method sends the user login information to a workforce management system for recording time and attendance of the corresponding registered user. This step may be performed regardless of whether or not the user is registered on an alarm platform.
At step S750, the method checks the access permissions for the registered user and then sends information to the corresponding identity card device 100 to enable or disable or limit features on the identity card device 100 accordingly. Such features may include access to documents via the identity card holder 100 or via other co-located user equipment such as a smartphone, tablet or laptop computer which each rely on functions of the identity card to access such documents, or camera functionality, or other device functionality. This step may be performed regardless of whether or not the user is registered on an alarm platform.
At step S750, the method forwards user information, for example the identity code or other identifying information of the user, to third party systems via an API. This may allow third party systems to update access control systems on certain buildings, plant, etc based on the identity card holder 100 being used by a particular user.
The method also logs the use of an identity card 10 with an identity card holder 100 for audit purposes in an audit log. Such use may include logging the identity code or other identifier identifying the user associated with the identity card 10, such as a user name or other identifying detail or details, such as employee or contractor number, together with a time that the identity card 10 is used with the identity card holder 100. In addition, the audit log may record one or more of the date and time of use, period of use, frequency of use in a given time period. Credentials of the user at the time of use may also be recorded in the audit log.
Location information may also be recorded in the audit log.
Once the above is completed, the method returns to step S550 in Figure 5, and ultimately returns to step S510 for periodic scanning for the presence of an identity card 10 in proximity to the identity card holder 100.
RFID (radio frequency identification) is a technology that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency (RF) portion of the electromagnetic spectrum to uniquely identify an object, animal, or person. In this case, to identify a person associated with (and issued with) an identity card 10. The identity card 10 stores an identity code which is cross-referencable to credentials of a person, such as their name, address, employee number, qualifications, job title, company name, date of birth, etc. The identity code is unique within the system employed so that no two persons share the same identity code.
Near Field Communication (NFC) is a short-range wireless connectivity standard (Ecma- 340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they're touched together, or brought within a few centimeters of each other.
This disclosure provides a solution to or mitigates the problems with prior identity card holder equipment and lone worker systems. Users are logged into an identity card holder via their identity card through an electronic interface. In this way, multiple users can easily and conveniently share identity card holders, and the more sophisticated functionality thereon, from a pool of identity card holders. Also, access to a more sophisticated identity card holder and system is prevented for unauthorised users. Implementers of this invention are able to provide a tailored, accurate, and relevant response to an individual user, at a pre-authorisation stage, a routine usage stage or in an emergency situation because an identity of the user of the identity card holder, and their credentials, are known by the system. The invention also provides the ability to a system to send relevant risks, permissions, and information to an identity card holder by knowing exactly who is using the identity card holder, and optionally where they are located. A more sophisticated audit logging trail can be more easily and reliably established, for lone worker protection, cost management logging, and time attendance logging.
ADDITIONAL STATEMENTS
This disclosure relates to an identity card holder. Particularly, but not exclusively, the disclosure relates to an identity card holder able to receive computer-readable information from an identity card inserted into the identity card holder, the computer-readable information identifying a person associated with the identity card. Particularly, but not exclusively, the disclosure relates to an identity card holder and background server system that processes the computer-readable information. Particularly, but not exclusively, the disclosure relates to an identity card holder and background server system used by lone workers. Aspects of the invention relate to an identity card holder, a system, and a method.
According to a first aspect of the invention, there is provided an identity card holder comprising a processor, a memory, a physical interface configured to hold an identity card, a first electronic interface capable of performing long-range communications with a server remote from the identity card holder and a second electronic interface configured to receive information from an identity card proximal to the identity card holder.
Optionally, wherein the second electronic interface uses radio frequency identification, RFID, or near field communications, NFC, to receive information from an identity card proximal to the identity card holder.
Optionally, wherein the second electronic interface is configured so as to define proximal as one of the following: within 1000 mm, within 500 mm, within 400 mm, and physically held by the identity card holder.
Optionally, wherein the information comprises an identity code of a user associated with the corresponding identity card.
Optionally, wherein the memory stores a database of identity codes of users who are registered to use the identity card holder, and the processor is configured to search the database of users and check whether the identity code received through the second interface matches a stored identity code of a user who is registered to use the identity card holder.
Optionally, wherein if the identity code received through the second interface matches a stored identity code of a user who is registered to use the identity card holder, the processor is configured to instruct the first electronic interface to send a confirmation message to a remote server system to confirm the identity of the user linked to the identity card holder.
Optionally, further comprising an output device, wherein the processor is configured to cause queued information relevant to the user to be output to the user via the output device.
Optionally, wherein the identity card holder is configured to receive the queued information relevant to the user via the first electronic interface.
Optionally, wherein the output device is one of a display or a touch-screen display.
Optionally, wherein the physical interface is arranged to display an identity card.
Optionally, further comprising a second physical interface for attachment of the identity card holder to a person, either directly or via a lanyard, lapel coupling or belt coupling.
Optionally, further comprising a geolocation module that can calculate the location of the identity card holder.
According to a second aspect of the invention, there is provided a server. The server comprising a processor, a memory and a first electronic interface capable of establishing long-range communications with an identity card holder remote from the server system. The server is configured to receive user information through the first electronic interface from a remote identity card holder. The user information either confirming the identity of a registered user now linked to the identity card holder, or an identity code of an identity card.
Optionally, wherein the processor is configured to send, when the user information confirms the identity of a registered user, any queued information intended for that user to the first electronic interface for onward transmission to the identity card holder.
Optionally, wherein when the user information confirms the identity of a registered user, the server is configured to register the registered user on an alarm platform and to load the user's profile details on the alarm platform.
Optionally, wherein when the user information confirms the identity of a registered user, the server is configured to register the registered user on an alert platform that is configured to issue risks relating to the registered user.
Optionally, wherein the alert platform issues risks using a geolocation engine and a received location of an identity card holder.
Optionally, wherein when the user information confirms the identity of a registered user, the server is configured to send information relating to a pairing of the corresponding identity card and the corresponding identity card holder to a workforce management system for recording time and attendance of the corresponding registered user.
Optionally, wherein when the user information confirms the identity of a registered user, the server is configured to check access permissions for the registered user and then send information to the corresponding identity card device to enable or disable features on the identity card device accordingly.
Optionally, wherein when the user information is an identity code, the server is configured to send an acceptance message to the identity card holder to allow pairing of the identity card holder with the identity card, or a rejection message to the identity card holder to prevent pairing of the identity card holder with the identity card.
Optionally, a system comprising the identity card holder of any preceding statement, and the server of any preceding statement.
According to a third aspect of the invention, there is provided a method of operating an identity card system. The method comprising at an identity card holder, detecting the presence of an identity card and reading information therefrom which allows an identity of a user associated with the identity card to be known at a server, logging information regarding the identity of the user associated with the identity card and information regarding the identity card holder.
Optionally, further comprising checking whether the user is present in a list of pooled users, and if the user is present, the user is logged into the identity card holder.
Optionally, further comprising checking whether the user is present in a list of pooled users, and if the user is not present, the information or related information is sent from the identity card holder to the server.
Optionally, further comprising performing a check at the server to see whether the user corresponds to a registered user, and if the user is a registered user, then instructing the identity card holder to pair the identity card and corresponding user with the identity card holder.
Optionally, further comprising performing a check at the server to see whether the user corresponds to a registered user, and if the user is not a registered user, checking whether the user corresponds to a blacklisted user, and if the user is a blacklisted user, then sending a reject message to the identity card holder and instructing the identity card holder to reject pairing of the identity card and the identity card holder.
Optionally, further comprising if the identity code does not correspond to a stored blacklisted user, then creating a dialogue with a system administrator to authorise the user, and if the user is authorised, then instructing the identity card holder to pair the identity card and corresponding user with the identity card holder.
Optionally, further comprising linking the information to a user profile containing personal data and risk management information for that user.
Optionally, further comprising checking whether any pending actions corresponding to the user are stored on the server, and if pending actions are found those pending actions are released to the user.
Optionally, wherein the pending actions are released to the user via one or both of the identity card holder and another user device which uses the identity card holder to access information.
Optionally, further comprising registering the user on an alarm platform.
Optionally, further comprising loading profile details as part of the registration so that any back up persons or algorithms monitoring the user via the identity card holder and associated systems is able to know details of the person with whom they are monitoring.
Optionally, further comprising registering the user for receiving risks pertinent to that user, and then sending risks to the user via the identity card holder or other electronic device of the user.
Optionally, further comprising sending information regarding a user login event to a 10 workforce management system for recording time and attendance of the corresponding user Optionally, further comprising checking access permissions for the user and then sending information to the corresponding identity card holder to enable or disable or limit features on the identity card holder accordingly.
Optionally, further comprising forwarding the information or related information identifying the user to third party systems to allow third party systems to update access control systems.
Optionally, further comprising logging the use of an identity card with an identity card holder in an audit log.
Optionally, further comprising logging one or more of an identity code or other identifier identifying the user associated with the identity card, a user name or other identifying detail or details, an employee or contractor number, a time that the identity card is paired with the identity card holder, a date and time of use, a period of use, a frequency of use in a given time period, credentials of the user and location information.

Claims (25)

  1. CLAIMS1. A server (400) , the server (400) comprising: a processor (410); a memory (420); and a first electronic interface (440) capable of establishing long-range communications with an identity card holder (100) remote from the server system (400); wherein the server (400) is configured to: receive user information through the first electronic interface (240) from a remote identity card holder (100), the user information either confirming the identity of a registered user now linked to the identity card holder (100), or an identity code of an identity card (10) that enables the identity of a registered user to be confirmed; send, when the identity of a registered user is confirmed, information relating to a pairing of the corresponding identity card (10) and the corresponding identity card holder (100) to a workforce management system for recording time and attendance of the corresponding registered user.
  2. 2. The server of claim 1, wherein the processor (410) is configured to send, when the identity of a registered user is confirmed, any queued information intended for that user to the first electronic interface (440) for onward transmission to the identity card holder (100).
  3. 3. The server of claim 1 or claim 2, wherein the server (400) is configured to register, when the identity of a registered user is confirmed, the registered user on an alarm platform and to load the user's profile details on the alarm platform.
  4. 4. The server of any of claims 1 to 3, wherein the server (400) is configured to register, when the identity of a registered user is confirmed, the registered user on an alert platform that is configured to issue risks relating to the registered user.
  5. 5. The server of claim 4, wherein the alert platform issues risks using a geolocation engine and a received location of an identity card holder (100).
  6. 6. The server of any of claims 1 to 5, wherein the server (400) is configured to check, when the identity of a registered user is confirmed, access permissions for the registered user and then send information to the corresponding identity card device (100) to enable or disable features on the identity card device (100) accordingly.
  7. 7. The server of claim 1, wherein the server (400) is configured to send, when the user information is an identity code, an acceptance message to the identity card holder (100) to allow pairing of the identity card holder (100) with the identity card (10), or a rejection message to the identity card holder (100) to prevent pairing of the identity card holder (100) with the identity card (10).
  8. 8. A method of operating an identity card system, the method comprising: at a server: receiving user information through a first electronic interface (240) from a remote identity card holder (100), the user information either confirming the identity of a registered user now linked to the identity card holder (100), or an identity code of an identity card (10) ) that enables the identity of a registered user to be confirmed; and sending, when the identity of a registered user is confirmed, information relating to a pairing of a corresponding identity card (10) and the corresponding identity card holder (100) to a workforce management system for recording time and attendance of the corresponding registered user.
  9. 9. The method of claim 8, further comprising: sending, when the identity of a registered user is confirmed, any queued information intended for that user to the first electronic interface (440) for onward transmission to the identity card holder (100).
  10. 10. The method of claim 8 or claim 9, further comprising: registering, when the identity of a registered user is confirmed, the registered user on an alarm platform and loading the user's profile details on the alarm platform.
  11. 11. The method of any of claims 8 to 10, further comprising: checking, when the identity of a registered user is confirmed, access permissions for the registered user and then sending information to the corresponding identity card device (100) to enable or disable features on the identity card device (100) 5 accordingly.
  12. 12. The method of claim 8, further comprising: sending, when the user information is an identity code, an acceptance message to the identity card holder (100) to allow pairing of the identity card holder (100) with the identity card (10), or a rejection message to the identity card holder (100) to prevent pairing of the identity card holder (100) with the identity card (10).
  13. 13. A computer readable medium having instructions stored thereon to carry out the method of any of claims 8 to 12. 15
  14. 14. A system comprising the server of any of claims 1 to 7 and an identity card holder (100), wherein the identity card holder (100) comprises: a processor (110); a memory (120); a physical interface (130) configured to hold an identity card (10); a first electronic interface (140) capable of performing long-range communications with a server (400) remote from the identity card holder (100); and a second electronic interface (150) configured to receive information from an identity card (10) proximal to the identity card holder (100).
  15. 15. The system of claim 14, wherein the second electronic interface (150) of the identity card holder (100) uses radio frequency identification, RFID, or near field communications, NFC, to receive information from an identity card (10) proximal to the identity card holder (100).
  16. 16. The system of claim 14 or claim 15, wherein the information received from the identity card (10) comprises an identity code of a user associated with the corresponding identity card (100).
  17. 17. The system of claim 14, wherein the identity card holder further comprises an output device (160), wherein the processor (110) is configured to cause queued information relevant to the user to be output to the user via the output device (160).
  18. 18. The system of claim 17, wherein the identity card holder (100) is configured to receive the queued information relevant to the user via the first electronic interface (140).
  19. 19. The system of claims 17 or 18, wherein the output device is one of: a display, a touch-screen display.
  20. 20. The system of any of claims 14 to 19. wherein the physical interface of the identity card holder (100) is arranged to display an identity card (10).
  21. 21. The system of any of claims 14 to 20, wherein the identity card holder (100) further comprises a second physical interface (170) for attachment of the identity card holder (100) to a person, either directly or via a lanyard, lapel coupling or belt coupling.
  22. 22. The system of any of claims 14 to 21, wherein the identity card holder (100) further comprises a geolocation module (180) that can calculate the location of the identity card holder (100).
  23. 23. The system of any of claims 14 to 22, wherein the processor (410) is configured to send, when the identity of a registered user is confirmed, any queued information intended for that user to the first electronic interface (440) of the server (400) for onward transmission to the identity card holder (100).
  24. 24. The system of any of claims 14 to 23, wherein the server (400) is configured to check, when the identity of a registered user is confirmed, access permissions for the registered user and then send information to the corresponding identity card device (100) to enable or disable features on the identity card device (100) accordingly.
  25. 25. The system of any of claims 14 to 22, wherein the server (400) is configured to send, when the user information is an identity code, an acceptance message to the identity card holder (100) to allow pairing of the identity card holder (100) with the identity card (10), or a rejection message to the identity card holder (100) to prevent pairing of the identity card holder (100) with the identity card (10).
GB1917497.8A 2017-06-20 2017-06-20 A server in communication with an identity card holder and system Expired - Fee Related GB2580769B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1917497.8A GB2580769B (en) 2017-06-20 2017-06-20 A server in communication with an identity card holder and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1917497.8A GB2580769B (en) 2017-06-20 2017-06-20 A server in communication with an identity card holder and system
GB1709815.3A GB2563608B (en) 2017-06-20 2017-06-20 An identity card holder and system

Publications (3)

Publication Number Publication Date
GB201917497D0 GB201917497D0 (en) 2020-01-15
GB2580769A true GB2580769A (en) 2020-07-29
GB2580769B GB2580769B (en) 2021-02-10

Family

ID=69147195

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1917497.8A Expired - Fee Related GB2580769B (en) 2017-06-20 2017-06-20 A server in communication with an identity card holder and system

Country Status (1)

Country Link
GB (1) GB2580769B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140273957A1 (en) * 2013-03-15 2014-09-18 Xerox Corporation Method and apparatus for automatically pairing a mobile endpoint device to an output device using a card swipe authentication
US20160277383A1 (en) * 2015-03-16 2016-09-22 Assa Abloy Ab Binding to a user device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140273957A1 (en) * 2013-03-15 2014-09-18 Xerox Corporation Method and apparatus for automatically pairing a mobile endpoint device to an output device using a card swipe authentication
US20160277383A1 (en) * 2015-03-16 2016-09-22 Assa Abloy Ab Binding to a user device

Also Published As

Publication number Publication date
GB2580769B (en) 2021-02-10
GB201917497D0 (en) 2020-01-15

Similar Documents

Publication Publication Date Title
US10607731B2 (en) Method and system for authenticating and monitoring home health interactions
US9697511B2 (en) Method for securing transactions, transaction device, bank server, mobile terminal, and corresponding computer programs
US20160171451A1 (en) System and method for tracking employee attendance and managing employee access to company assets
USRE43809E1 (en) Personal item reminder
US20120246076A1 (en) Credit card fraud prevention system
KR20190040021A (en) Smart commissioning of first responders in the event command system
US11055696B2 (en) Portable terminal, terminal function management system, terminal function management method, terminal function management program, and computer-readable recording medium upon which said program has been recorded
GB2511887A (en) Transportation boarding system and method therefor
EP2811426A1 (en) Radio frequency identification notification system
US20150051931A1 (en) System and Method for Providing Asset Accountability Information
KR101554867B1 (en) System for managing visitor using Near Field Communication
US9524621B2 (en) Information processing method, mobile device, and information processing program
JP2016126564A (en) Method and system for preventing improper use of electronic ticket
JP2015071492A (en) Object location management system, and server-side management system and terminal-side management system for object location management system
WO2018234781A1 (en) An identity card holder and system
GB2580769A (en) A server in communication with an identity card holder and system
GB2580770A (en) A server in communication with an identity card holder and system
GB2580771A (en) A method of operating an identity card system
JP7151944B1 (en) Authentication terminal, system, control method and program for authentication terminal
US20150334514A1 (en) Information providing system, information terminal and information providing server
US10055558B2 (en) Telecommunication method for authenticating a user
EP2196968A1 (en) Detection of personal satellite objects in the vicinity of the user
EP2398002A1 (en) Method and related guarding device for guarding at least one object
KR20150077701A (en) Method for verifing derivery driver using a short range communication and communication terminal therefor
US20120306647A1 (en) Jacket locator

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20210620