JP2023112682A - Systems and methods for enhancing biometric matching accuracy - Google Patents

Abstract

To provide a method, a system, and a memory for improving the accuracy of identifying and authenticating a person via biometrics.SOLUTION: A system of enhancing biometric analysis matching utilizes an image sensor, such as a digital camera, to capture an image of a face of a person, and performs image enhancement, such as edge and contrast enhancement, prior to performing face matching. The enhancement is localized to a given image region based on determined region illumination. The system also performs image processing and analysis including face detection, alignment, feature extraction, and recognition. A biometric recognition confidence indicator is generated using the results of the image enhancement and analysis, at least partly in response to a biometric recognition confidence indicator falling below a threshold, to enhancing recognition confidence using an image of visual indicia acquired using the image sensor.SELECTED DRAWING: None

Description

[INCORPORATION BY REFERENCE TO ANY PRIORITY APPLICATION]
Any and all applications identified as claiming foreign or internal priority in an Application Data Sheet filed with this application fall under 37 CFR 1.57 and are hereby incorporated by reference. be done.

[field]
The present disclosure relates generally to performing biometric identification and authentication, and enhancing biometric authentication, optionally using an imaging device.

[Description of related technology]
Biometrics has become an increasingly important technology in user identification and authentication. However, typically the use of biometrics to identify and authenticate a person occurs in relatively restricted environments. For example, a given camera phone that uses face matching to unlock the phone typically illuminates the user's face fairly evenly, with no other faces in the camera's field of view. Placed close to the face. Such relatively ideal when trying to identify and authenticate a person when many other people are present in close proximity and lighting conditions are uneven and large shadows are possible, e.g. at the entrance of an event venue. conditions do not exist.

Additionally, different types of biometric readers may be utilized by different access control systems. Therefore, it is traditionally difficult to centralize access control for different venues operated by different entities, as it is difficult to determine what kind of biometric data to receive from a given venue. ing.

Thus, there is a need for enhanced techniques for increasing the accuracy of human identification and authentication via biometrics.

SUMMARY The following presents a simplified inventive summary of one or more aspects in order to provide a basic understanding of such aspects. This Summary of the Invention is not an extensive overview of all contemplated aspects, and it is intended to neither identify key or critical elements of all aspects nor delineate the scope of all or any aspect. Intend. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.

Aspects of the present disclosure relate to systems that enhance biometric analysis matching utilizing biometric data from sensors, such as digital cameras used to capture images of a person's face. The system may perform image enhancement, such as edge and contrast enhancement, before performing face matching. Enhancement may be localized to a given image region based on the determined region illumination. The system can perform image processing and analysis, including face detection, alignment, feature extraction, and recognition. For example, extracted features may be used to find matching records in a data store. A biometric confidence indication may be generated using the results of image enhancement and analysis. An image of the visual indicia obtained using the image sensor is used to increase recognition confidence at least partially in response to the biometric confidence indication not meeting the threshold. Once a matching record is identified, a determination can be made as to whether the record relates to event access rights at the venue.

Aspects of the present disclosure relate to systems and methods configured to electronically identify and authenticate a person using biometrics. A first type of biometric reading of a first person is obtained from a first biometric reader at a first location. A first type of biometric reading is compared to a biometric identifier stored in a data store. Event access data associated with the first type of predetermined biometric identifier is obtained in response to determining that the first type of biometric reading matches the predetermined biometric identifier. responsive to a determination that the event access data associated with the first type of predetermined biometric identifier grants the first person access to the first location at the first time; Transmitted to a device to cause an indication of permission to access and/or release a barrier to allow entry to the venue.

Aspects of the present disclosure relate to a computer-implemented method of electronically authenticating a person using biometrics, the method comprising: at a first time, a first biometric reader at a first location; receiving a first type of biometric reading of a first person from a first biometric reader at a first location; a biometric identifier stored in a data store containing the biometric identifier; and a first type of biometric reading of the first person from the first biometric reader at the first location; Event access data associated with a first type of predetermined biometric identifier at least in part in response to identifying a match with the first type of predetermined biometric identifier stored in a data store containing the biometric identifier. and determining whether event access data associated with a first type of predetermined biometric identifier permits a first person access to a first location at a first time and the event access data associated with the first type of predetermined biometric identifier is at least partially responsive to a determination to grant the first person access to the first location at the first time. transmitting instructions to cause an indication of access authorization to be indicated by the first device; receiving a measurement reading, the second type being different than the first type; and a second type biometric measurement of the first person from a second biometric reader at a second location. comparing the reading to a biometric identifier stored in a data store containing the biometric identifier; and a second type of biometric reading of the first person from a second biometric reader at a second location. associated with the second type of predetermined biometric identifier at least in part in response to determining that the value matches a second type of predetermined biometric identifier stored in a data store containing the biometric identifier; obtaining event access data and determining whether the event access data associated with the second type of predetermined biometric identifier permits the first person access to the second location at the second time. and the event access data associated with the second type of predetermined biometric identifier is at least partially in determining to grant the first person access to the second location at the second time. responsive to transmitting an instruction to cause an indication of access permission to be shown by the second device.

Aspects of the present disclosure relate to a system that includes a computing device and a non-transitory computer-readable memory that stores instructions that, when executed by the computing device, cause the system to perform actions including: The operations include, at a first time, receiving a first type of biometric reading of a first person from a first biometric reader at a first location; Using the first type of biometric reading of the first person from the biometric reader to identify a matching predetermined biometric identifier of the first type stored in a data store containing biometric identifiers. , obtaining event access data associated with a first type of predetermined biometric identifier; and obtaining event access data associated with the first type of predetermined biometric identifier at a first time at a first location. and the event access data associated with the first type of predetermined biometric identifier permits access to the first location at a first time. transmitting an instruction to cause an indication of access authorization to be shown by the first device at least in part in response to the decision to authorize the first person; receiving a second type of biometric reading of a first person from a biometric reader at a second location, the second type being different than the first type; Using a second type of biometric reading of the first person from the measurement reader to identify a matching predetermined biometric identifier of the second type stored in a data store containing biometric identifiers. and obtaining event access data associated with a second type of matching predetermined biometric identifier; and event access data associated with the second type of predetermined biometric identifier at a second time. determining whether to grant access to the second location to the first person; transmitting instructions to cause an indication of access grant to be shown by the second device, at least in part in response to the decision to grant the first person access to the device.

Aspects of the present disclosure relate to non-transitory computer-readable memory that stores instructions that, when executed by a computing system, cause the computing system to perform actions including: at a first time, receiving a first type of biometric reading of a first person from a first biometric reader at a location; using the first type of biometric reading to identify a corresponding predetermined biometric identifier of the first type stored in a data store containing biometric identifiers; and and the event access data associated with the first type of predetermined biometric identifier permits the first person access to the first location at a first time and determining whether the event access data associated with the first type of predetermined biometric identifier allows the first person access to the first location at the first time. at least in part in response to transmitting an instruction to cause an indication of access authorization to be indicated by the first device; receiving a second type of biometric reading, the second type being different than the first type; using the two types of biometric readings to identify a corresponding predetermined biometric identifier of a second type stored in a data store containing biometric identifiers; accessing the event access data associated with the biometric identifier; and the event access data associated with the second type of predetermined biometric identifier permits the first person access to the second location at a second time. and the event access data associated with the second type of predetermined biometric identifier permitting the first person access to the second location at the second time. and transmitting instructions to cause an indication of access permission to be shown by the second device, at least in part in response to the determination of.

Aspects will now be described with respect to the drawings outlined below. These drawings and accompanying descriptions are provided to illustrate example aspects of the disclosure and not to limit the scope of the invention.

FIG. 1 is a schematic diagram of an example computer network environment that may be utilized in conjunction with certain techniques and processes disclosed herein. FIG. 2 is a block diagram of an example computer node in the network of FIG. FIG. 3 is a schematic diagram. 4 and 5 are example flow diagrams in the venue admission subsystem of the embodiment of FIG. 3 and the system of the embodiment of FIG. 2, respectively. FIG. 6A shows an example networked environment architecture. FIG. 6B shows an example system architecture. FIG. 7 shows an example venue entry area configuration. 8A and 8B show an example process. Figures 9A and 9B show an example database record/table.

The teachings in all patents, published applications, and references cited herein are incorporated by reference in their entirety.

Aspects of the present disclosure relate to systems and methods configured to enhance the use of biometrics and human identification and authentication. Biometric sensors may be in the form of still cameras, video cameras, optical sensors, ultrasonic sensors, and/or capacitive sensors, as examples. Such sensors may be used for biological biometric recognition (e.g., face recognition, fingerprint recognition, iris recognition, palm contour recognition, and/or blood vessel recognition, for example) and/or behavioral recognition (e.g., gait ( gate) recognition, sign recognition, speech recognition, and/or keystroke recognition).

When utilizing images for authentication, the system may optionally perform image enhancement, such as edge and/or contrast enhancement, prior to identification, authentication, and/or verification. Enhancement may optionally be localized to a given image region based on the illumination intensity of the determined region.

Aspects of the present disclosure relate, in some aspects, to creating a master biometric data repository. A technical challenge of using biometric identification for a given user is that the user must have many "personal information" such as multiple email addresses, message service addresses, phone numbers, user device identifiers, credit card numbers, debit card numbers, and/or may relate to a cryptocurrency wallet identifier or the like. A given identity may be associated with various devices, services, and/or applications (eg, financial accounts, ticketing applications, electronic wallets, etc.). Different user identities may be associated with different biometric identifiers (where biometric identifiers may be used to access respective devices, services, applications, events, structures, etc.). For example, a first user credential of a user may be associated with a left index finger print, a second user credential of a user may be associated with all right hand finger prints, and a third credential may be a facial print. (face print). As such, it can be difficult to determine which biometric identifier to use to access a given device, service, application, event, structure, or the like. Stores some or all of the identity information associated with the user, an indication of which biometric identifiers are associated with a given identity, and optionally the biometric identifiers (e.g., numerical models of corresponding physical characteristics) An integrated biometric data store is described herein.

Such biometric identifiers may be used to identify and authenticate persons seeking access to an event at a venue at a given time (eg, a given date and time). By way of illustration, biometric data of a person at the entry point of an event venue may be obtained and transmitted to an authentication and access control system. The authentication and access control system may optionally be configured to provide access control functions for multiple venues operated by multiple parties. The system may be configured to compare the biometric data to that stored in the user's database.

If a match is found, the corresponding user record can be accessed and a determination made as to whether the user has authorization to access the event at the venue at the given time. If the user record indicates that the user has authorization to access the event at the venue at a given time, transmit a corresponding message or instruction to the device at the entry point of the event venue to confirm that the user has authorization. (which can cause corresponding visual and audible indicators to show human perceivable authentication indications, such as by illumination of a green light, or textual and/or graphical messages of access permission displayed on the device ). If the user record indicates that the user does not have authorization to access the event at the venue at a given time, transmit a corresponding message or instruction to the device at the entry point of the event venue to indicate that the user does not have authorization. (which provides a human perceivable authentication indication on corresponding visual and audible indicators, such as by illumination of a red light, or access denied text and/or graphic messages displayed on the device). and/or may lift or open barriers to access the venue).

As an illustration, if the physical feature is a fingerprint, the numerical model may include vectors defining its shape and orientation. For example, the shape may be formed by raised friction ridges and grooves. Shapes can include radial hooves, ulnar hooves, arcuate hooves, and spiral hooves.

As an example, the fingerprint reader may be in the form of an optical reader that may use a digital camera to capture a visual image of the fingerprint. A digital camera sensor converts the fingerprint ridges and valleys into digital values that are used to generate the fingerprint scan data.

As a further example, the fingerprint reader may be in the form of a capacitive reader (which may utilize a CMOS reader) that uses capacitors to form the display/image of the fingerprint. For example, a fingerprint reader may include an array of hundreds or thousands of small capacitors configured to detect the capacitance between the ridges and valleys of a finger with respect to a capacitor plate. If ridges are present, the distance of the ridges to the capacitor plates will be small, resulting in a relatively small capacitance. If a valley line is present, the distance of the valley line to the capacitor plates is increased by the air gap between them, resulting in a relatively large capacitance (eg, the charge on the capacitor may remain unchanged). The capacitance of a given array capacitor is converted to a digital value using an analog-to-digital converter. These digital values can be used to generate a two-dimensional digital representation of the fingerprint.

By way of still further illustration, the fingerprint reader may be in the form of an ultrasonic reader configured to utilize high frequency sound waves to penetrate the epidermal layer of the skin and read the fingerprint in the dermal layer of the skin. For example, a fingerprint reader may include an array of ultrasonic transmitters and receivers. An ultrasound transmitter emits ultrasound pulses that are reflected from the ridges, valleys, and pores of the fingerprint. An array of ultrasound receivers (eg, measuring mechanical stress due to the intensity of the ultrasound pulses reflected at various points on the fingerprint) detects the reflected ultrasound pulses. Detection of reflected pulses is used to generate a detailed three-dimensional digital representation of the fingerprint.

A database may store fingerprint records associated with user records. For example, the database may store the fingerprints of each finger of the user or only the fingerprints of some fingers. For example, a particular fingerprint database (e.g., associated with a particular venue) may contain only left and right index finger fingerprints, while other fingerprint databases (associated with particular other venues) may contain only the fingerprints of a given user. (eg, typically 10 fingers, but in some cases fewer).

Optionally, face recognition may be used. Advantageously, facial recognition can be contactless, can occur at long range, and can be extremely accurate. The system can acquire images of faces and perform image processing and analysis, including face detection, alignment, feature extraction, and recognition. A biometric confidence indication may be generated using the results of image enhancement and analysis. An image of the visual indicia obtained using the image sensor is used to increase recognition confidence at least partially in response to the biometric confidence indication being below the threshold.

As a further illustration, if the physical feature used to identify a person is a face, the model may correspond to spatial geometries that distinguish facial features. The model may be a two-dimensional or three-dimensional model (which may model facial curves, such as eye socket, nose, and/or jaw curves). A camera or other imaging device may be used to capture the image of the user. When users are in a crowd or queuing (eg, to gain admission to an event venue), cameras may be placed in the entrance area of the venue. A face recognition process may involve obtaining an image containing a face to be recognized, and face recognition may be performed to identify the face in the image. For example, an image may contain multiple faces, body parts, building structures, furniture, and other items, making it difficult to separate faces.

Face detection may be performed using a machine learning engine, such as a neural network comprising an input layer, one or more hidden layers, a pooling layer, and an output layer, optionally in real time. Face detection algorithms start by searching for certain relatively easily identified features, such as a person's eyes, and then move on to other features until a certain level of confidence is reached to identify a person's facial region. Features such as eyebrows, mouth, nostrils, iris, chin, etc. may be searched and detected.

Upon detection of facial regions, the spatial geometry of the face can be utilized to identify individuals based on their facial features. Optionally, a face template is generated in real-time, the template containing a small set of data that uniquely identifies an individual based on their facial features (this is comparable to storing high-resolution images). with the additional attendant benefit of reduced use). The generated template can then be compared to a set of known templates in a database for identification or one specific template for authentication. A confidence score can be generated that indicates how well the two templates match. Optionally, the score may need to meet a threshold for the generated template to be considered a match with the template stored in the database.

As a further example, iris biometric recognition may be utilized. Advantageously, iris recognition is contactless, can be performed at long distances, can only require a glance, can be rapid (e.g., less than 2 seconds), and is extremely accurate. obtain. An iris scanner system (e.g., a video camera) uses light, such as infrared light (which may be invisible to the human eye), to detect unique patterns (e.g., invisible to the human eye). may be configured to illuminate the person's iris using When performing iris pattern detection, the iris scanner may be configured to detect and exclude eyelashes, eyelids, specular reflections that may occlude part of the iris. Thus, an iris scanner may acquire a set of pixels (eg, 200-300 hundred iris attributes) corresponding to the iris only. For example, a frame grabber may grab frames from the video transmitter, detect the pattern of the iris visible between the pupil and the sclera, and convert it into a digital template in real time. This template may be compared to templates stored in a database to identify matching user records.

As a further example, a palm scanner configured to emit infrared or near-infrared light to acquire a user's vascular pattern and/or configured to acquire palm contour data may be utilized.

Various types of biometric scanners may or may not be particularly suitable for a given environment. For example, cameras configured to capture facial images are less suitable than fingerprint scanners for outdoor environments that are exposed to the elements (e.g., rain, sleet, and snow) and may lack adequate lighting at night. Sometimes. Thus, as noted above, different venues may utilize different biometric scanners to accommodate different environmental conditions.

To increase accuracy and reduce false positives and false negatives, multiple of the aforementioned biometric techniques may be used at a given point of entry to identify a person (e.g., fingerprint, facial, and/or iris fingerprints). scanning and recognition). Optionally, when utilizing an odd number of biometric identification technologies, a voting protocol may be utilized in which common decisions made by the majority of biometric technologies will govern. For example, using three different biometric techniques, two of which agree that a given person matches a user's identity in the same user record, and a given person does not match that identity. If one of the techniques indicates that the majority decision will prevail and it will be determined that the person mentioned above matches the user of the user record.

Additionally and/or alternatively, an electronic device may be utilized to identify the user. For example, a user's mobile device (e.g., mobile phone, smart card, digital key) provides one or more unique identifiers (e.g., unique user device identifier (e.g., mobile ID) and/or unique user identifier) can. The identifier may be assigned by an authentication system and/or by a device manufacturer/provider (e.g. phone or SIM card provider), e.g. IMEI (International Mobile Equipment Identity) identifier, MEID (Mobile Equipment Identifier) ) identifier, ESN (electronic serial number) identifier, IMSI (international mobile subscriber identity) identifier, etc.). Such identifiers may be provided via optical indicia (eg, one-dimensional or two-dimensional bar codes, such as QR codes, etc.), wireless electromagnetic transmission, or audio signals. Such identifiers may optionally be encrypted prior to transmission or presentation. The identifier may be encoded with a timestamp as similarly described elsewhere herein. If the identifier and timestamp are presented via an optical code, the optical code may be regenerated periodically to include an updated timestamp (e.g., 5, 10, 15, 20, or 30 seconds, or every anywhere from 5 seconds to 120 seconds). Examples of using a user's electronic device in identifying the user are described elsewhere herein. Thus, for example, it may be necessary to authenticate a user using two (or more) techniques, optionally including at least via the user device and via biometric data.

The biometric data stored in the user record and used as a reference (e.g., reference template) in determining the user's identity may include the user's device (e.g., still camera, video camera, and/or fingerprint scanner). may be obtained during the registration process via the For example, biometric data may be obtained during a registration process in which a user sets up a user account (eg, via an application installed on the user's device). Optionally, operators of various venues may each have their own registration process. Additionally or alternatively, such biometric data may be obtained via biometric readers placed at event venues, travel hub locations (e.g., airports, train stations, bus stops, etc.), or other locations.

By way of illustration, a venue biometric scanner may be configured to operate in a registration mode or a verification mode. If attendees at a given venue do not already have biometric records recorded for the type of biometric scanner at the venue, user biometric data and associated user identification data (e.g., government-issued identifiers, etc.) or from an optical indicium presented by a user device as described elsewhere herein). Biometric data may be stored in association with user identification data. On the other hand, if the participant's biometric data already exists, we obtain the participant's biometric data, as described elsewhere herein, as well as the participant's right to access the venue (e.g., A biometric scanner may be used to use the biometric data to determine whether to have a current event.

Different venues may offer different suites of biometric scanners and/or user device recognition systems, as described elsewhere herein. For example, certain venues may utilize fingerprint readers/recognition systems, certain other venues may utilize face imaging/recognition systems, and other particular venues may utilize iris imaging/recognition systems. Moreover, even among those venues that utilize fingerprint scanner systems, certain venues may scan the left index finger for user identification/authentication and verification, while other venues may Either the left or right hand thumbprint can be used for this purpose. As yet a further example, certain venues may utilize optical fingerprint readers that produce two-dimensional fingerprint representations, while other venues may use capacitive fingerprint readers that produce three-dimensional fingerprint representations.

In this way, an integrated and aggregated authentication database that records the various types of biometric data used to authenticate a given user at a variety of venues or sets of venues authenticates users at the venue, and if users The process of determining whether one has access to a venue during a given time segment can be significantly faster and more accurate.

Although certain descriptions and examples may refer to using biometrics to identify a person and determine if that person has access to a venue, the systems described herein And the method also identifies a person to whom that person has access rights to other resources, such as online electronic accounts and services (e.g., item provider accounts, email accounts, message service accounts, etc.) or electronic devices. It is understood that it can also be used to determine whether Further, although specific examples may be described with respect to biometric readers located at venues, a person may be used to obtain biometric data by using biometric readers (e.g., facial images, fingerprints, iris images, etc.) to obtain biometric data. A person's own device (eg, cell phone or other device) equipped with a camera configured to read a fingerprint, a capacitor array configured to read a fingerprint, etc.). For example, users may utilize user devices to provide biometric data to remote systems to access online or physical services.

Certain aspects will now be described with respect to the drawings.

FIG. 6A illustrates an example networking environment that can be utilized to implement certain example processes herein. biometric system 602A may be located at one or more respective venues (or may have components located at one or more respective venues), one or more venue systems 604A, 606A, 608A; Communicate via network 600A (eg, the Internet, an intranet, a cellular network, and/or other networks).

For example, a given venue system has a corresponding authentication reader (sometimes called a scanner) located at the venue entrance (which may be the entrance of the venue building or the entrance to a restricted area within the building). can. A given authentication scanner/reader may, by way of example, include a user image and/or barcode (e.g., unique user identifier, unique device identifier, and/or timestamp) for authentication purposes. from a camera, barcode scanner (e.g., a camera or laser barcode scanner configured to scan a barcode), a user device a radio frequency receiver configured to receive a radio transmission including authentication data from a user device (e.g., user device 610A, 612A, 614A) configured to receive an audible signal including authentication data from , biometric readers (e.g., fingerprint readers, iris readers, face readers), and/or other devices configured to receive a unique user device and/or user identifier and/or time stamp. can include A given venue system may include a network interface configured to communicate over network 600 with biometric system 602A and optionally other systems.

Biometric system 602A may store user account information, including some or all of the user-related data such as: user name, user email address, user phone number/SMS/text message address, user avatar, geographic information (e.g., physical address, zip code, city, etc.), unique user identifier (e.g., alphanumeric identifier, fingerprint data, facial print data, and/or iris print data), a unique user device identifier (e.g., device identifiers disclosed elsewhere herein), corresponding to events to which the user has access rights event identifiers, user preferences (eg, favorite performers, favorite venues, favorite music styles, etc.), and/or other user-related data disclosed herein. Optionally, a user may obtain multiple tickets for a given event (eg, when attending together in a group) and store corresponding records in the user account. Optionally, the user may specify that each person's account identifier in the group who has an account on system 602A or a related system, and corresponding tickets (and access rights to the associated venues and events, are included in each person's record (any a biometric identifier, a user identifier, and/or a user device identifier thereof).

Biometric system 602A may store one or more biometric records (eg, biometric templates) for a given user (see, eg, FIG. 9B). Biometric templates may be generated via an enrollment process performed by biometric system 602A or related systems, and/or obtained from respective venue systems (which may perform their own enrollment process). may A biometric template may include one or more biometric type models (eg, face model, two-dimensional fingerprint model, three-dimensional fingerprint model, iris model, etc.). As an example, a given user record may be a two-dimensional model (e.g., generated from an optical image) and/or a three-dimensional model (e.g., generated from a capacitor array reading) of the fingerprint of each or some fingers of the user. ). Additionally or alternatively, a user record may include one or more face templates (eg, generated from optical images).

Additionally or alternatively, a user record may include one or more iris templates (eg, generated from optical images captured using a camera), eg, left eye and/or right eye. Biometric system 602A optionally provides for a given user one or more user identifiers, passwords (e.g., text, alphanumeric user identifiers, e.g., specified by the user, electronic system, user's E assigned by email address, user's phone number, etc.), and/or device identifiers. User identifiers, passwords, and/or device identifiers may be unique. Optionally, the user identifier, password, and/or device identifier may not be unique, but the combination or pairing of the user identifier and device identifier may be unique.

Biometric system 602A may be configured to authenticate a user using authentication data obtained by a venue authentication scanner/reader, as similarly described elsewhere herein. For example, biometric system 602A may receive biometric data obtained from persons attempting to enter a venue for an event. Biometric data may be received in association with the venue identification information. The venue identification information can be mapped via a table to an indication of what kind of biometric readers the venue has and/or what kind of biometric data the venue collects (e.g. , FIG. 9A). Advantageously, the system may optionally only compare the received biometric data with the biometric data stored in the user record corresponding to the type of biometric reader utilized by the venue. This reduces the time required to make comparisons and the amount of computer resources (eg, processing bandwidth and memory) required to make such comparisons.

For example, the mapping table may indicate whether the venue system utilizes an iris reader, a face reader, an optical fingerprint reader, a capacitive fingerprint reader, a thermal fingerprint reader, a gait reader, or the like. Additionally or alternatively, the mapping table is based on specific biometric data read by the venue system (e.g., left iris, right iris, face, left thumb acquired via optical reader, left index finger captured via optical reader, left middle finger captured via optical reader, left ring finger captured via optical reader, left little finger captured via optical reader, captured via optical reader Right thumb, right index finger retrieved via optical reader, right middle finger retrieved via optical reader, right ring finger retrieved via optical reader, right little finger retrieved via optical reader , left thumb acquired through capacitive reader, left index finger acquired through capacitive reader, left middle finger acquired through capacitive reader, capacitive reader through left ring finger obtained via capacitive reader, left pinky finger obtained via capacitive reader, right thumb obtained via capacitive reader, right index finger obtained via capacitive reader, right middle finger captured via a capacitive reader, right ring finger captured via a capacitive reader, right little finger captured via a capacitive reader, etc.). Optionally, additionally or alternatively, metadata may be transmitted by the venue system along with the biometric data to identify the particular type of biometric data transmitted to biometric system 602A.

FIG. 6B is a block diagram illustrating example components of a biometric system 602A. The example biometric system 602A includes an apparatus of computer hardware and software components that can be used to implement aspects of the present disclosure. Those skilled in the art will appreciate that example components may include more (or fewer) components than those described in FIG. 6B. Biometric system 602A may include a cloud-based computer system.

With respect to a cloud-based computer system, a cloud-based computer system is a host computing environment ("cloud (sometimes referred to as a computing environment). The particular data described herein may optionally be stored in a host storage environment (sometimes referred to as "cloud" storage) that includes a collection of physical data storage devices that are remotely accessible and can be rapidly provided on demand. can be stored using a data store that can include

Biometric system 602A includes one or more processing units 620B (eg, general-purpose processors and/or high-speed graphics processors), one or more network interfaces 622B, non-transitory computer-readable media drives 624B, and input/output devices. interface 626B, all of which may communicate with each other over one or more communication buses. Network interface 622B may provide connectivity to one or more networks or computing systems (eg, venue systems, user devices, event promoters, seating chart visualization systems, etc.) for the services described herein. Accordingly, the processing unit 620B receives information (e.g., verification/authentication data (e.g., biometric data, user identifiers, device identifiers, etc.), verification/authentication requests, etc.) from other computing devices, systems, or services over a network. ) and may receive instructions, provide responsive data, and/or execute instructions. Processing unit 620B may also communicate to and from memory 62B4 and may also provide output information via input/output device interface 626B. Input/output device interface 626B may also accept input from one or more input devices such as a keyboard, mouse, digital pen, touch screen, microphone, camera, and the like.

Memory 628B may contain computer program instructions that may be executed by processing unit 620B to implement one or more aspects of the disclosure. Memory 620B typically includes RAM, ROM (and variants thereof, such as EEPROM) and/or other permanent or non-transitory computer-readable storage media. Memory 628B may store an operating system 632B that provides computer program instructions for use by processing unit 620B in the general operation and operation of biometric module 634B, including its components.

Memory 628B stores user name, user email address, user phone number/SMS/text message address, geographic information (eg, physical address, zip code, city, etc.), one or more unique or non-unique user identifiers. (eg, alphanumeric identifiers, fingerprint data, facial print data, iris print data, gait data, and/or as described elsewhere herein), one or more unique or non-unique the event identifier corresponding to the event to which the user has access; the seat identifier corresponding to the seat assigned to the user at the corresponding event; and the locations to which the user has access within the venue of the corresponding event. access identifier, user device identifier and/or hash of the user identifier, user preferences (e.g., favorite performers, favorite venues, favorite music styles, and/or other preferences described herein, etc.) ), payment instrument data, and/or other user data described herein. Memory 628B may also store event, access token, and venue information, such as those described elsewhere herein.

Some or all of the data and content described herein may optionally be stored in relational databases, SQL databases, NOSQL databases, or other types of databases. Content elements can be BLOBs (Binary Large Objects), which can be difficult to handle in conventional databases, such as large images (e.g. still photographs (e.g. of biometric features), movies (e.g. of biometric features), multi-layer graphics etc.), some or all of the content elements (eg, BLOBs) may be stored in files and corresponding reference information may be stored in a database. Optionally, memory 628B may include one or more third-party cloud-based storage systems.

The biometric module 634B generates a graphical user interface and may include GUI components for processing user input and search components (which may include a search engine used to search for ticketed events). Biometric module 634B may also include a multi-factor authentication component configured to identify and authenticate a user. As described herein, identification/authentication may be performed by comparing hashes of unique user identifiers and unique device identifiers with those generated by system 602A. As a further example, authentication includes recovering data that includes a unique user identifier and/or a unique device identifier (eg, using a private key or key used to perform the encryption), and encrypting the recovered data. This may be done by comparing to that stored by biometric system 602A. Optionally, Advanced Encryption Standard (AES), a symmetric encryption algorithm that encrypts fixed blocks of data (of 628 bits) at a time, may be used. As a further example, the Ribeth-Shamir-Edelman (RSA) encryption/decryption technique may optionally be utilized. As yet a further example, Triple DES (Data Encryption Standard) encryption/decryption technology may optionally be utilized. As yet a further example, a hash function may optionally be utilized. Optionally, additionally or alternatively, biometric indications of the user (eg, iris data, fingerprint data, facial data, etc.) may be used to perform authentication as described elsewhere herein.

The access rights verification component may be configured to determine whether the identified/authenticated user has the associated rights to access the event at the venue (and/or part of the event venue). For example, the access rights verification component determines whether the identified user has a ticket to an event at the venue for a given seat or seating area on a given date and/or time (e.g., an identified by accessing the record corresponding to the user and determining if there is an access rights indication for the identified user for the event of the current date/time).

The ticketing module 636B allows the user to view information about ticketed events, access event venue seating charts, view available and unavailable event venue seats, and select seats from a given seat. access images of views; view access token prices; create user accounts (optionally including some or all of the user account information described herein); Purchasing or obtaining access rights (e.g., access tokens) for the above, storing an indication of access rights obtained by the user, and/or recommending events to the user (e.g., user preferences, access token acquisition history, etc.) , geographic location, and/or event sponsor, etc.).

Image analysis and processing module 638B performs image analysis (e.g., on optical indicia that encodes encrypted authentication data, on images of biometric features (e.g., iris, face, fingers, etc.), contrast configured to perform enhancement, deblurring, and/or image rotation to enhance decoding and reconstruction of images of optical indicia (e.g., barcodes acquired using a camera device) and/or biometric features; can be

FIG. 7 shows an example venue authentication configuration. Participants 702 may be queuing or waiting at a venue entry point for entry. Camera 706 may be positioned to capture images of participant 702's face and/or iris for identification purposes. Optionally, additionally or alternatively, the venue may be configured with a fingerprint reader. Light 710 may be positioned to illuminate the participant's face while reducing shadows on the face, thereby improving the quality of images acquired for face recognition. Camera/scanner 704 may be arranged to capture an image of optical authentication data (e.g., a one-dimensional or two-dimensional barcode encoding a user identifier, device identifier, and/or timestamp) from a user device. . Camera/scanner 704 may include an LED barcode scanner or camera. Venue entrances may optionally be configured with barriers 708 (eg, turnstiles or gates). Barrier 708 may be computer controlled and may open upon identification of the participant and verification that the participant has access rights to enter the venue at the current time.

Images from cameras 704, 706 (or data derived from images captured by cameras 704, 706) may be used for identification and/or whether participants have access to the venue (e.g., current ) may be transmitted to a biometric system, such as biometric system 602A, for determination. The biometric system may transmit data to the venue device 712 indicating whether the participant has access. Device 712 may show a visual and/or audible indication of whether the participant has access to the event. Device 712 may be a portable handheld device (eg, held by a venue employee who manages access to the venue) or a fixed display/light indicator. Device 712 may be combined with a camera/scanner, such as camera 704 . For example, device 712 may include one or more display lights (eg, red and/or green LED lights) and/or a flat panel display.

Referring now to FIG. 8A, an example process is shown that uses biometric data to identify people in a venue, and if the identified people are at the current time (e.g., at a particular event). (for) to determine whether it has access rights to the venue. Processing may be performed in whole or in part by the venue's system, or in whole or in part by a biometric or other system.

At block 800A, biometric data is received from a biometric reader at the venue (entrance point of the venue). The biometric data may be a facial image, an optical two-dimensional image of one or more finger prints of a person, a capacitive three-dimensional image of one or more finger prints of a person, and/or one or more of a person. may correspond to one or more types, such as the iris of At block 802A, a determination is made as to what type of biometric data was received. For example, venue identification data received in conjunction with biometric data may be used to make the determination. Venue data can be used to look up what kind of biometric data the venue uses via a lookup table (eg, FIG. 9A). Additionally or alternatively, metadata may be transmitted in association with the biometric data to identify the type of biometric.

At block 804A, the received biometric data is compared against corresponding templates (of the determined biometric type) stored in a database (eg, shown in FIG. 9B) to determine if any matches exist. decide what to do. Advantageously, the processing optionally includes the biometric data of the user record corresponding to the type of biometric reader utilized by the venue, or corresponding to metadata identifying the type of biometric data. Just compare with the data. This reduces the time required to make comparisons and the amount of computer resources (eg, processing bandwidth and memory) required to make such comparisons. At block 806A, a determination is made as to whether a match was found.

If no match is found, block 808A transmits a failure message to the venue device, which may indicate a failure indication. A device may include one or more display lights (eg, red and/or green LED lights) and/or a flat panel display. Venue entrance personnel may deny entry to the venue in response to an indication of failure and/or barriers may be locked or closed (or remain closed) to prevent the person from entering the venue. can prevent

If a match is found, at block 810A, the corresponding user record is accessed and a determination is made as to whether the user has an associated access token (eg, ticket) for the event at the venue (eg, at the current date and time). . If the user does not have an associated access token, block 812A transmits a failure message to the venue's display device, which may indicate a failure indication. Venue entrance personnel may deny entry to the venue in response to an indication of failure and/or barriers may be locked or closed (or remain closed) to prevent the person from entering the venue. can prevent

If the user has an associated access token, block 814A transmits an entry message to the venue's display device, which may show an entry indication. A venue entrance attendant may grant entry to the venue and/or the barrier may be lifted to give the person access to the venue, depending on the access indication. Optionally, the seat information may also be transmitted to the user device and displayed by the user device so that the user can access such restricted areas. Optionally, further access rights indications corresponding to access rights to restricted locations within the venue (eg, VIP areas) may be transmitted to the user device for display. Optionally, further display other indications corresponding to rights to services or items (e.g., meals, clothing, souvenirs, etc.) on the user device for display so that the user can access such services or items. may be transmitted.

Optionally, if multiple access tokens to a venue/event are associated with a user (e.g., a user obtains tickets for a group), the entry message transmitted to the venue display device is It may indicate whether it is allowed, and the display may show the number of people who are eligible to be admitted with the identified/authenticated user. Venue entrance attendants, depending on the access indication, may allow the indicated number of people to enter the venue and/or the barrier may be lifted to give the group access to the venue.

Referring now to FIG. 8B, an example process is shown that uses biometric data to identify a person in a venue and to determine if the identified person has access rights to the venue at the current time. and configured to use auxiliary identification methods to increase identification accuracy when the identification confidence level using initial biometric data is insufficient. Although the example processing relates to performing face recognition, the processing can be performed on other biometric features as well, such as fingerprints or iris patterns. Processing may be performed in whole or in part by the venue's system, or in whole or in part by a biometric or other system.

At block 800B, a determination that facial feature biometrics are being used to perform user identification and access control (e.g., lookup tables and/or metadata as described elsewhere herein) is determined. ). At block 802B, an image of the user is received. For example, the image may include one or more faces and other body parts of participants waiting in line to access the venue. The images can be still or moving images captured by a still or video camera.

At block 804B, dominant faces may be detected and extracted. For example, the dominant face may be detected as the largest face in the image or closest to the camera position. Face detection was performed using a Haar cascade classifier, a Histogram of Oriented Gradients (HOG), followed by a linear support vector machine classifier, and/or a multitasking cascaded convolutional network (MTCNN). can break A neural network may include an input layer, one or more hidden layers, a pooling layer, and/or an output layer. Face detection techniques may be configured to digitally "draw" a shape (eg, a box) for a given face (eg, classify a particular region of pixels as containing a face). Detected dominant faces can be extracted and stored in their respective destination records for further analysis.

At block 806B, face alignment may be performed to improve the accuracy of face recognition. Face alignment normalizes the position of a given face, optionally placing the face in the center of the image so that the line connecting the centers of the two eyes is parallel to an axis (e.g., the horizontal axis). Rotate like this. Face alignment is particularly difficult when obtaining faces from an unconstrained environment such as a queue of people at a venue entrance, and similarity or affine transformations may be utilized in doing the alignment. Optionally, facial landmarks (eg, eyes, center of eyes, nose, tip of nose, mouth, corners of mouth, ears, earlobes, etc.) may be used to align the face. Optionally, the largest face (eg, the face closest to the camera) may be selected for face identification. Optionally, face identification can be performed on all faces in the image.

At block 808B, optionally, faces (eg, the faces performing face identification in the image) may be resized to the same scale. At block 810B, the aligned and resized face image of the given face may be used in performing face recognition. For example, feature extraction may be performed on faces. At block 812B, the face may be compared to faces (eg, face templates) in a database that stores user biometric data and records of user access rights to venues/events. For example, a facial target (eg, 20 facial features) may be taken as input and a feature vector generated. The process may then search the database to identify matching users (if any). For example, Euclidean distances between features in images acquired at a venue may be compared to Euclidean distances between facial features in a database. A match may be considered as the database showing the closest match in Euclidean distance.

At block 814B, a confidence score may be generated. A confidence score may indicate how confident the system is that the face image match is correct. The confidence score may be based on how close the Euclidean distance between features is, the number of features detected and used in calculating the Euclidean distance, image sharpness, image contrast, and/or other image features.

At block 816B, a determination is made as to whether the confidence score meets (eg, is greater than) a confidence score threshold. If the confidence score does not meet the confidence score threshold, then additional forms of identification/authentication data may be used to confirm the match at block 818B. For example, additional forms of identification/authentication data may be obtained automatically, or a user or venue attendant may be prompted to obtain additional forms of identification/authentication data. By way of example, if the initial biometric data is a facial image, the further identification/authentication data may be iris pattern data, fingerprint data, user identifier data (e.g. obtained from a barcode on the user device by a barcode reader), User device identifier data (e.g., obtained from the user device's barcode by a barcode reader), and further authentication data may include a timestamp (e.g., encoded in the barcode and obtained by the barcode reader). obtain).

At block 820B, a determination is made as to whether a match was successfully found.

If no match is found, block 822B transmits a failure message to the venue device, which may indicate a failure indication. A device may include one or more display lights (eg, red and/or green LED lights) and/or a flat panel display. Venue entrance personnel may deny entry to the venue in response to an indication of failure and/or barriers may be locked or closed (or remain closed) to prevent the person from entering the venue. can prevent

If a match is found, at block 824B, the corresponding user record is accessed and a determination is made as to whether the user has an associated access token (eg, ticket) for the event at the venue (eg, at the current date and time). . If the user did not have an associated access token, at block 826B a failure message is transmitted to the venue's display device, which may indicate a failure indication. Venue entrance personnel may deny entry to the venue in response to an indication of failure and/or barriers may be locked or closed (or remain closed) to prevent the person from entering the venue. can prevent

If the user has an associated access token, block 826B transmits an entry message to the display device at the venue, which may show an entry indication. A venue entrance attendant may grant entry to the venue and/or the barrier may be lifted to give the person access to the venue, depending on the indication of access. Optionally, the seat information may also be transmitted to the user device and displayed by the user device so that the user can access such restricted areas. Optionally, further access rights indications corresponding to access rights to restricted locations within the venue (eg, VIP areas) may be transmitted to the user device for display. Optionally, further display other indications corresponding to entitlements to services or items (e.g., meals, clothing, souvenirs, etc.) on the user device for display so that the user can access such services or items. may be transmitted.

Aspects of the present disclosure relate, in some aspects, to a computer-implemented method of electronically authenticating a person at an admission subsystem of a venue or event, the method comprising: (a) providing a user of a mobile device with a member identifier; and (b) storing authentication data, including at least one of a member identifier and a mobile device identifier, in at least one identifier database, said identifier database is operatively connected to the admission subsystem of the venue or event; and (c) receiving data at a server, the data being delivered locally to the mobile device by an application running on the mobile device. (d) the generated locally generated data is independent of the venue and event data and includes a time of generation and at least one of a generated member identifier and a generated mobile device identifier; comparing, by a server, the authentication data to the locally generated data; and (e) sending a signal to an admission subsystem of the venue or event based on the comparison.

In some embodiments,
(1) the authentication data includes a mobile device identifier, the locally generated data includes a generated mobile device identifier, and the mobile device identifier of the authentication data is the generated mobile device identifier of the locally generated data; An authentication signal is sent if there is a match, optionally the authentication data further comprising a member identifier, the locally generated data further comprising a generated member identifier, the member identifier of the authentication data also comprising the locally generated an authentication signal is sent only if the data matches the generated member identifier,
(2) Data generated locally by the application may be in the form of (A) a two-dimensional visual representation such as a matrix or QR code, (B) a barcode, or (C) a displayed set of characters. be,
(3) the application is downloaded to the mobile device, optionally from a link in the application;
(4) the above method includes (i) receiving, by a server, a request to purchase a ticket or a plurality of tickets from a purchaser, the purchase request being associated with at least one ticket; and (ii) at least storing ticket information associated with one ticket of at least one ticket information database, the ticket information database being operably connected to an admission subsystem of the venue or event; iii) by the server associating the ticket information with member identifiers stored in at least one identifier database; optionally, the ticket information includes: (A) quantity of at least one ticket associated with the purchase request; (B) at least one price of at least one ticket associated with the purchase request; (C) the time of the event associated with at least one of the at least one ticket associated with the purchase request; (D) the venue of the event associated with at least one of the at least one ticket associated with the purchase request; and (E) including displaying ticket volumes, ticket prices, event times, and event venues, or any combination of the above information;
(5) the application running on the mobile device periodically generates data, and the periodically generated data is locally generated data received by the server;
(6) the authentication signal is sent only if the time of generation of the received locally generated data is within a set of predetermined time intervals; or
(7) The above method further includes calculating a time difference between the time of generation and the current time, and transmitting the authentication signal only if the calculated time difference is less than a set value.

Aspects of such authentication techniques, systems, and methods (e.g., using a user device to authenticate a user) are entitled "Mobile Application Barcode Identification Method And System," published September 29, 2015. No. 9,147,191, the contents of which are hereby incorporated by reference in their entirety.

Aspects of the present disclosure, in another aspect, relate to an electronic authentication device for electronically authenticating a person at an admission subsystem of a venue or event, the device comprising one or more servers, the one or more servers comprising: a memory storing executable instructions that, when executed by the one or more servers, cause the one or more servers to perform the following actions: (a) extract authentication data from at least one identifier database; wherein the authentication data includes at least one of a member identifier assigned to a user of a mobile device and a mobile device identifier assigned to the user's mobile device, and the identifier database includes a (b) receiving data, the data generated locally on the mobile device by an application running on the mobile device; is independent of venue and event data and includes the time of generation and at least one of a generated member identifier and a generated mobile device identifier; (c) authentication data and locally generated data; and (d) sending a signal to the venue or event's admission subsystem based on the comparison.

In some embodiments,
(1) the authentication data includes a mobile device identifier, the locally generated data includes a generated mobile device identifier, and the mobile device identifier of the authentication data is the generated mobile device identifier of the locally generated data; If there is a match, the instructions, when executed, cause the one or more servers to transmit an authentication signal, optionally the authentication data further comprising a member identifier, and the locally generated data including the generated member identifier. further comprising, the instruction, when executed, causes the one or more servers to transmit an authentication signal only if the member identifier of the authentication data also matches the generated member identifier of the locally generated data;
(2) data generated locally by the application is in the form of (i) a two-dimensional visual representation such as a matrix or QR code, (ii) a barcode, or (iii) a displayed set of characters; be,
(3) the application is downloaded to the mobile device, optionally from a link in the application;
(4) The instructions, when executed, cause one or more of the servers to further perform the following actions: (i) receiving a purchase request from a purchaser, the purchase request comprising at least one and (ii) storing ticket information associated with at least one ticket in at least one ticket information database, said ticket information database being a venue or event admission subsystem. (iii) associating the ticket information with the member identifier; and (iv) if the one or more servers send the authentication signal, the user of the mobile device confirms that at least one optionally, the ticket information includes (A) quantity of at least one ticket associated with the purchase request; (B) at least one price of at least one ticket associated with the purchase request; (C) the time of the event associated with at least one of the at least one ticket associated with the purchase request; (D) the venue of the event associated with at least one of the at least one ticket associated with the purchase request; and (E) including indications of any combination of the above;
(5) the application running on the mobile device periodically generates data and the act of receiving locally generated data by the application includes receiving the periodically generated data; the act of obtaining at least one ticket by the user of is only performed if the time of generation of the received, locally generated data is within a set of predetermined time intervals; or
(6) The instructions, when executed, cause the one or more servers to further perform the operation of calculating the time difference between the time of generation and the current time, and only if the calculated time difference is less than a set value. One or more servers send authentication signals.

A mobile device may locally create or generate a new barcode representation that uniquely identifies a person (the holder/possessor of the mobile device).

A mobile device may be either a personal digital assistant (PDA), a mobile phone, or other handheld digital processing and/or communication device. In a preferred embodiment, the mobile device is a so-called smart phone as an example, but not limited thereto.

Entrant's smartphone application provides ticket holders with another digital means of verifying personal identity upon entry to a venue or event. A smartphone application periodically generates a unique QR code (barcode) containing a unique identifier (i.e. mobile device ID) that helps the venue/event admission system recognize the user. Unlike prior art systems, there is no downloading of barcodes (which act as tickets or otherwise) from the system server to the smart phone/mobile device client.

In a preferred embodiment, a person (eg, a user) is electronically authenticated in a computer-assisted manner upon entry to a venue or event or otherwise. A person may be a user, particularly a user holding an account. Thus, the above-described method electronically verifies a person as a user/customer holding an account and electronically accesses the user's account. A preferred method includes electronically storing a representation of a mobile device user and a particular mobile device representation of that user in a database.

The database is operatively connected to the admission subsystem of the venue or event. Subsystems may include rotary gates and/or gates, particularly those that are electronically controlled and operated.

Next, in a preferred embodiment, the method described above executes a code generator program on the particular mobile device. The mobile device then locally creates and displays a barcode that is unique to the user of the mobile device. Barcodes are not based on venue or event-only data, such as location names, addresses, event titles, performance names, event sessions/shows, and the like. In this way the barcode is independent of the venue and event data.

At the admission subsystem of a venue or event, a mobile device user displays a locally generated barcode on a particular mobile device. Accordingly, the above method includes (a) electronically reading a barcode from a particular mobile device; (c) electronically accessing a database and comparing the decrypted first displayed portion to the mobile device user's display stored in the database; portion of the display to the display of a particular mobile device stored in the database. When the comparison yields a match between the first display portion and the database stored representation of the mobile device user and a match between the second display portion and the database stored representation of the particular mobile device, the above-described The method automatically authenticates as positive a user of a mobile device upon entry to a venue or event. This may include opening, unlocking, or otherwise allowing a mobile device user to pass through a gate or carousel of a venue or event admission subsystem.

In some embodiments, the database also stores user account information. For each user account, the database stores a representation of (associated with) one mobile device of the person (user) holding the account. In other words, for each user account, the representation of the mobile device user (the person holding the account) is associated with that particular mobile device representation in the database. Also, in embodiments, the database for each user account stores information for one or more tickets owned by the user of the mobile device (person holding the account). However, the venue or event admission subsystem identifies the user of the mobile device as an individual at the venue or event admission separately and independently of authentication as a specific ticket holder (having a ticket for a specific event). Authenticate information.

The locally generated barcode uniquely identifies the mobile device user who is the account holder/user/customer. Barcodes are not based on venue or event-only data, such as location names, location addresses, event titles, performer names, event sessions or shows, and the like. Rather, barcodes are independent of event and venue data.

After authenticating the mobile device user as positive on admission to the venue or event, the venue or event admission subsystem further (a) obtains ticket information from the database; redeem one or more tickets to enable or enable admission to a venue/event;

Certain aspects will now be described with respect to the drawings.

FIG. 1 illustrates an example computer network or similar digital processing environment in which the techniques disclosed herein may be implemented.

The client computer/mobile device 50 and server computer 60 provide processing devices, storage devices, and input/output devices for executing application programs and the like. Client computer/device 50 may also be coupled by communications network 70 to other computing devices, including other client devices/processors 50 and server computer 60 . Similarly, other ancillary processing or reading devices 21 may be operably linked to server computer 60 by communications network 70 . Communication network 70 may be a remote access network, a global network (e.g., the Internet), a worldwide collection of computers, a local area or wide area network, and currently using respective protocols (TCP/IP, Bluetooth, etc.). can be part of gateways that communicate with each other. Other electronic device/computer network architectures are possible.

FIG. 2 is a schematic diagram of the internal structure of a computer (eg, client processor/device 50 or server computer 60 including ancillary device 21) in computer system 600 of FIG. Each computer 50, 60, 21 includes a system bus 79, which is a set of hardware lines used to transfer data between components of the computer or processing system. Bus 79 is essentially a shared conduit that connects different elements of the computer system (e.g., processors, disk storage, memory, input/output ports, network ports, etc.) and allows information to be transferred between the elements. . Attached to system bus 79 is input/output device interface 82 for connecting various input and output devices (eg, keyboard, mouse, display, printer, speakers, etc.) to computers 50 , 60 , 21 . Network interface 86 allows the computer to connect to various other devices belonging to a network (eg, network 70 of FIG. 1). Memory 90 stores aspects of the technology disclosed herein (e.g., mobile device application 15 including QR code generation, client/server hashing, database management 31, and assistance code, detailed below). It provides volatile storage for computer software instructions 92 and data 94 used to implement them. Disk storage 95 provides non-volatile storage for computer software instructions 92 and data 94 used to implement aspects of the technology disclosed herein. A central processor unit 84 is also attached to system bus 79 for executing computer instructions.

In one embodiment, processor routines 92 and data 94 are stored on computer-readable media (eg, removable storage media such as one or more DVD-ROMs, CDs, etc.) that provide at least a portion of the software instructions for the disclosed system. - A computer program product (commonly referred to as 92), including ROM, diskette, tape, non-transitory storage, etc.). Computer program product 92 may be installed by any suitable software installation procedure, as is known in the art. In other embodiments, at least a portion of the software instructions may also be downloaded via cable, telecommunications and/or wireless connections. In other embodiments, the program transmits signals propagated in a propagation medium (e.g., radio waves, infrared, laser waves, sound waves, or electrical waves propagated in a global network such as the Internet or other networks). wave)) is a computer program propagated signal product 607 . Such carrier media or signals provide at least some of the software instructions for the routine/program 92 .

In another embodiment, the propagated signal is an analog carrier wave or digital signal propagated in a propagation medium. For example, the propagated signal may be a digitized signal propagated in a global network (eg, the Internet), telecommunications network, or other network. In one embodiment, a propagated signal is a signal transmitted in a propagation medium over a predetermined period of time, such as instructions for a software application sent in packets over a network over a period of milliseconds, seconds, minutes, or longer. is. In another embodiment, the computer-readable medium of the computer program product 92 is a computer-readable medium, such as by receiving the propagation medium and identifying a propagated signal embodied in the propagation medium, as described above for the computer program propagated signal product. It is a propagation medium that system 50 can receive and read.

In general, the term "carrier medium" encompasses transient signals, propagating signals, propagating media, storage media, non-transitory media, and the like discussed above.

Referring to FIG. 3, a preferred embodiment of smart phone 50 is shown. It is understood that other mobile devices 50 containing similar application programs 15 are possible.

Applicants' smart phone application 15 provides ticket holders with another digital means of verifying personal identity upon entry to the event. The smartphone application 15 periodically generates a unique QR code 13 (barcode method) containing a unique identifier (i.e. mobile ID) that helps the system 100 recognize the patron (locally create).

(Contents of QR code (registered trademark))
The QR code 13 created and generated locally by the mobile application 15 contains a unique identifier (or e.g. including the iPhone® MD5). The application 15 presents (outputs) the QR code (registered trademark) 13 in a barcode format.

At a venue entrance or other electronically controlled (automatic) gate subsystem 23, a scanner/reading device 21 scans a QR code (barcode) 13 to system member ID, mobile ID, and UTC as follows: hash the date/time information of the .
Member ID + Mobile ID + UTC date/time + Md5 hash [Member ID + Mobile ID + UTC date/time]
During the ceremony,
Member ID is a 64-bit integer using the first six digits (eg, 999999) of the patron's unique system Member ID.
A mobile ID is a 64-bit integer generated by system server 60 and communicated to mobile application 15 or entered/specified in application 15 . The Mobile ID is tied directly to the patron's mobile device 50 (eg, 9999990000000119) so that the patron can only have one system account tied to one mobile device. The server 60 stores the system member ID, the corresponding mobile ID, and the ticket data of the purchased ticket in the database 31 for each customer.
UTC date/time is universal time and date (year, month, day followed by hours, minutes, seconds, e.g. 2010-08-05 64:56:33 is encoded as 20100805145633) . In one embodiment, mobile application 15 locally generates a unique date/time code every 60 seconds. Other frequencies of date/time code generation are possible.
The Md5 hash is a one-way encryption of Member ID + Mobile ID + UTC date/time.

(Setting of system 600)
With continued reference to FIGS. 6 and 3, database 31 may be a relational data store or other configuration data store. It is understood that various system and network architectures of the mobile device 50 running the application 15, the server 60 having the database 31, and the venue admission subsystems 23, 21 working together are suitable. For example, the web server 60 containing the database 31 may host a large number of different venues, ticketing agents/venues across multiple team sports, performers, etc., including, but not limited to, ticketing for games, concerts, presentations, and live performances. Support sellers, distributors, etc. The web server 60 containing the database 31 may be separate from the venue server 60 local to each venue. Web server 60 and venue server 60 (together with venue subsystem 23 and reader/scanner 21) may be connected to a WAN (Wide Area Network), LAN (Local Area Network), or other operating computer in a cable network, the Internet, an extranet, etc. A network may be operatively connected for communication and processing. As such, web server 60 and venue server 60 are collectively referred to herein as server 60 .

In embodiments, server 60 maintains database 31 . As new patrons/users at participating venues become members of system 600, server 60 assigns each unique system member ID and records it in database 31 (FIG. 5, block 51). As noted above, each patron can "register" one mobile device 50 (i.e., shown in system 600/server 60) to correspond to or be associated with that patron's system account (Fig. 5, block 52). The server 60 assigns and records the unique mobile ID of the customer (its account) in the database 31 . The mobile application 15 is then configured or parameterized with the system member ID (at least the first six digits in one embodiment) and the mobile ID, and is ultimately installed on the patron's target mobile device 50 (FIG. 5, block 53). To do this, the server 60 may download 51 the mobile application 15 so configured and parameterized to the target mobile device 50 over the communication network 70 or otherwise (FIG. 5, block 54).

When a customer purchases 61 tickets for events at various participating venues via server 60 (FIG. 5, block 55), system 600/server 60 records ticket data in database 31 accordingly (i.e., ticket The data is recorded under the patron's system account) (FIG. 5, block 56). A "ticket" is a contractual right to enter a venue on a specific date and time or for a specific event. Contractual rights may be to specific seats or areas at a venue or event. To the extent the representation of a "ticket" is stored or retained electronically, it is an "e-ticket" or "electronic ticket". A variety of techniques are suitable for displaying such tickets, using common or known techniques.

(Admission to the venue)
A user of the mobile device 50 runs/executes the application program 15 on the target smart phone/mobile device 50 . The executing application program 15 then generates, or more precisely locally creates, a unique QR code (barcode) 13 and displays it on the display screen/unit of the target mobile device 50. . Step 39 of FIG. 4 is exemplary. It is noted that the server 60 of the system 600 is not responsible for the initial creation of this unique barcode 13 , but rather the mobile device 50 running the application 15 .

At the venue gate or entry subsystem 23, the scanner/reader device 21 scans the QR code (barcode) 13 from the display screen of the mobile device 50 (step 40, Figure 4). Scanner/reading device 21 utilizes common or known bar code reading technology and is configured to perform MD5 hashing (or similar hashing) as will be made clear below.

When a QR code (barcode) 13 is scanned from the display screen of the mobile device 50, the scanner/reader device 21, which electronically communicates with the server 60 and database 31, accesses the system account and thus the ticket. and use a set of checks to authenticate users attempting to gain access to the venue. The progression of system 600 checks is as follows and is illustrated graphically in FIG.

1. The scanner/reader device 21 first decodes the contents of the read bar code 13 (step 41). This yields a member ID candidate value, a mobile ID candidate value, and a UTC date/time candidate value.

2. The scanner/reader device 21 checks the UTC date/time candidate value to see if the read bar code 13 has expired or meets a threshold date/time range as indicated by the server 60. (Step 42). If the date/time is out of date, scanner device 21 issues an appropriate error message.

3. Scanner/reader device 21 communicating with server 60 uses the decoded result of the Mobile ID candidate value to find the corresponding member ID stored in system 600 in database 31 . Known database search and/or download techniques are used (step 43). Server 60 and/or scanner device 21 issue any appropriate error message if the candidate mobile ID value is not properly bound to database 31 or if the corresponding member ID is otherwise not found in database 31 .

4. If no error has occurred up to this stage, then in step 44 : (a) the MD5 (encrypted) hash of the candidate Member ID value + the candidate Mobile ID value + the candidate date/time value in UTC; Verify the hash of the barcode 13 read by comparing the MD5 hash cipher of the System Member ID + the corresponding Mobile ID + UTC date/time candidate value stored in the database 31 . This effectively authenticates and verifies the user of the target mobile device 50 .

It is understood that the processing of step 44 may be performed by and in any combination of server 60 and scanner/reader device 21 . That is, in step 44 of processing at server 60, server 60 (i) retrieves the read and decoded member ID candidate value, mobile ID candidate value, and UTC date/time candidate value from scanner/reader device 21; (ii) utilizes a recently retrieved stored system member ID and corresponding stored mobile ID from database 31, and (iii) a hash routine to each set of data values. and compare the results of the two hashes, and (iv) communicate (download) the comparison result to the scanner/reader device 21 . If the comparison yields a match, the user is authenticated (ie system verified).

Alternatively, the process may be performed by or at the scanner/reader device 21 by (i) requesting a search in the database 31 for the stored mobile ID corresponding to the system member ID of step 43 and returning the result to (ii) run a hash routine locally on the two sets of data values (stored and candidate) and compare the hash results. If the comparison yields a match, the user is authenticated (ie system verified).

Other configurations of processing in server 60 and/or scanner/reader 21 of step 44 are possible.

An error signal or message is provided by the scanner/reader 21 if the comparison of the hash results does not yield a match.

5. Once the member ID, ie the authentication of the user of the mobile device is verified, the scanner/reader device 21 and/or the server 60 (step 45) checks the ticket in the user's account as shown in the database 31. Use a general database search using the member ID as an index. Ticket data corresponding to this patron/mobile device user (via member ID) may be downloaded from the server 60 to the venue's gate subsystem 23 or scanner/reader device 21 .

6. The scanner/reader device 21 and/or the venue's gate subsystem 23 redeem the ticket according to the downloaded ticket data (step 46).

Preferably, there is a successful match between the QR code 13 read from the user's mobile device 50 and hashed by the scanner/reader device 21 with that of the data stored in the database 31, as described above. This may prompt the scanner device 21 or the venue's admission subsystem 23 to obtain admission to the venue and print the patron's (user of the mobile device 50) seat position indication and/or other ticket data. An unsuccessful match will deny entry and prompt the scanner/reader device 21 or gate subsystem 23 to point the patron (mobile device user) to the venue ticket office.

In this way, the barcode 13 generated/created locally on the mobile device 50 is not an "electronic ticket" to the event/venue (and does not indicate the venue and event), but rather verifies the patron's identity. , or a digital means of authenticating an individual user (mobile device owner). After the mobile device user has been authenticated, the system 600 then considers the applicable ticket/event data shown in the user's system account uniquely associated/associated with the target mobile device 50 ( get).

(Example)
In an example non-limiting embodiment of the system 600, the web server 60 serves the patrons/patrons and ticket agents/sellers/resellers/agencies across multiple spectator/team sports and live performance type events. Assisting websites to conduct ticket transactions with merchants/venue ticket offices, etc. End-users (which may be users/customers) log on to the website and register to become members of the system 600 . During registration, the end-user provides, for example, their name, address, email address, and mobile phone number of their mobile device 50 . The server 60 then creates a user account, assigns a unique member ID to the end user, and assigns a unique mobile ID to the mobile device 50 indicated by the user. Server 60 also creates a record in database 31 and stores therein the newly created user account information (including applicable user information), unique member ID, and unique mobile ID corresponding to the end user. Or hold.

Additionally, the server 60 organizes the mobile applications 15 that end users use on their mobile devices 50 . In particular, the server 60 sets the mobile ID and member ID parameters in the application 15 and downloads 51 the configured/parameterized application 15 to the end user's mobile device 50 . Downloading 51 may be done by emailing a link of the application to mobile device 50 or by other installation techniques known in the art (FIG. 5, block 53). The end-user's mobile device 50 with the application 15 optionally (on command of the user) carries a bar code 53 that uniquely identifies the end-user as an account-holding member of the system 600, i.e., the registered member corresponding to the respective account. ) can be created.

As a registered account-holding member of system 600 , end-users have access to various ticket offers and sales via website/web server 60 . In one example case, an end-user purchases 61 one or more tickets for an event via a website, for example, using a credit card to meet the economics of a ticketing transaction. The server 60 records the appropriate ticket data in the end user's database 31 records and accounts, indicating, for example, the date/time of the event, the venue, the title/name of the event, the seats/location, and the amount paid. (FIG. 5, block 56). Purchased tickets in paper form need not be mailed, printed from a computer screen display, or provided to the end user.

At the date/time of the event, the end-user operates (ie, executes) the application 15 of their mobile device 50 to create a barcode 13 on the device's 50 display unit/screen. At the venue gate 23 , the scanner/reader 21 scans and reads the barcode 13 from the end user's mobile device 50 . The scanner/reader 21 and/or venue server 60 in communication with the web server 60 and database 31 processes the read bar code 13 and electronically authenticates the end user as described in steps 40-44 of FIG. (ie, verifying their identity as a registered member holding an account on system 100 and not verifying at this stage as a specific ticket holder for the event of interest).

Once an end-user has been authenticated or verified by system 600 as a system member (and not as a ticket holder for the event of interest at this stage), server 60 and scanner/reader 21 access the end-user's system account and access the event. Get a ticket/e-ticket for This may operate a gate 23 (such as a carousel) to redeem the ticket/e-ticket and allow the end-user to pass through (entrance). Scanners/readers 21, gates 23, or network printers at the venue can print ticket receipts, seat information, etc. for the end user.

Optionally, optical codes (e.g., six-dimensional barcodes or two-dimensional barcodes (e.g., QR codes)) described herein are configured to allow error detection and correction. For example, such errors may be caused by dirt, smudges, or a user's finger obscuring an optical code (e.g., displayed on a user's mobile device). It can be implemented by adding a Bose-Chaudhuri-Hocquenghem code, such as a Reed-Solomon code, to the original data to be encoded into the code. The number of words may correspond to the number of codewords that may need to be corrected (eg, the number of codewords of the added Reed-Solomon code may be twice the number of codewords that may need to be corrected). ).

The methods and processes described herein may have fewer or additional steps or states, and the steps or states may occur in a different order. It is not necessary to reach all steps or states. The methods and processes described herein may be embodied in, fully or partially automated through, software code modules executed by one or more general purpose computers. Code modules may be stored in any kind of computer readable media or other computer storage device. Some or all of the methods described above may alternatively be embodied in whole or in part in dedicated computer hardware. Systems described herein may optionally include displays, user input devices (eg, touch screens, keyboards, mice, voice recognition, etc.), network interfaces, and the like.

The results of the disclosed method can be any type of computer data repository, such as a relational database using volatile and/or non-volatile memory (eg, magnetic disk storage, optical storage, EEPROM and/or solid state RAM). and in a flat file system or the like.

The various exemplary logical blocks, modules, routines, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or a combination of both. To clearly illustrate this interchangeability of hardware and software, examples of various components, blocks, modules, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the particular application and design constraints imposed on the overall system. The functionality described may be implemented in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

Further, examples of the various logical blocks and modules described in connection with the embodiments disclosed herein can be used in machines designed to perform the functions described herein, e.g., general purpose processor devices, digital implemented or performed by a signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof; can. A general-purpose processor device may be a microprocessor, but in the alternative, the processor device may be a controller, microcontroller, or state machine, combinations thereof, or the like. The processor device may include electrical circuitry configured to process computer-executable instructions. In another embodiment, the processor device includes an FPGA or other programmable device that performs logic operations without processing computer-executable instructions. A processor device may also be implemented as a combination of computing devices, such as a DSP and microprocessor combination, multiple microprocessors, one or more microprocessors in combination with a DSP core, or any other such configuration. can. Although described herein primarily in terms of digital technology, processor devices may also include primarily analog components. Computing environments include, but are not limited to, microprocessor-based computer systems, mainframe computers, digital signal processors, portable computing devices, device controllers, or computational engines within appliances, to name a few. It can include any kind of computer system.

Components of the methods, processes, routines, or algorithms described with respect to the embodiments disclosed herein may be implemented directly in hardware, in software modules executing by a processor device, or in a combination of both. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of non-transitory computer-readable storage medium. An example storage medium may be coupled to a processor device such that the processor device can read information from, and write information to, the storage medium. Alternatively, the storage medium may be integral to the processor device. A processor device and storage medium may reside in one ASIC. The ASIC may reside in a user terminal. Alternatively, the processor device and storage medium may reside as separate parts of the user terminal.

In particular, conditional language used herein such as "can", "could", "could", "for example", etc., are to be understood unless specifically indicated otherwise or within the context in which they are used. Unless stated otherwise, it is intended to mean that, generally, certain embodiments include certain features, components, and/or steps, while other embodiments do not. Thus, such conditional language indicates that features, components, and/or steps are somehow required of one or more embodiments, or that one or more embodiments require other inputs or instructions. It is not intended to generally imply that the presence or absence necessarily includes logic for determining whether these features, components and/or steps are included or performed in any particular embodiment. The terms “comprise,” “include,” “have,” etc. are synonymous and are used inclusively and expansively and do not exclude additional components, features, functions, acts, and the like. Also, the term "or" is used in an inclusive sense (not exclusive sense), for example, when used to join a list of components, the term "or" means that the list means one, some, or all of the components of

Disjunctive language, such as the phrase "at least one of X, Y, Z," means that unless specifically indicated otherwise, an item, term, etc. can be either X, Y, or Z, or any combination thereof. (eg, X, Y, and/or Z) are specifically understood in context as commonly used. Thus, such disjunctive language is not intended to imply, generally, that at least one of X, at least one of Y, and at least one of Z are each required to be present in a particular embodiment. shouldn't.

The phrase "click" may be used in reference to a user selecting a control, menu selection, etc., but other user input such as voice commands, text input, gestures, etc. may be used. User input may include, for example, an interface, e.g., text fields in which the user enters text, and/or menu selections (e.g., drop-down menus, lists from which the user can check or make selections via check boxes). or other mechanisms, groups of individually selectable icons, etc.). When a user provides input or activates a control, the corresponding computing system may perform the corresponding operation. Some or all of the data, inputs, and instructions provided by the user may optionally be stored in a data store (e.g., database) of the system, from which the system accesses such data, inputs, and instructions. get them. The notifications/reminders and user interfaces described herein may be web pages, dedicated or non-dedicated telephony applications, computer applications, short message service messages (e.g., SMS, MMS, etc.), instant messages, email, push It may be provided via notifications, sounds, and/or pop-up interfaces, and the like.

User terminals as described herein include mobile communication devices (e.g., cell phones), laptops, tablet computers, interactive televisions, game consoles, media streaming devices, head wearable displays, network watches, other wearable computing devices, etc. may be in the form of A user terminal may optionally include a display, user input devices (eg, touch screen, keyboard, mouse, voice recognition, etc.), network interfaces, and the like.

Although the foregoing detailed description shows, describes, and points out novel features as applied to various embodiments, variations in the form and details of example devices or algorithms may be made without departing from the spirit of the present disclosure. can be omitted, substituted and changed. It will be appreciated that the particular embodiments described herein may be embodied in forms that do not provide all of the features and advantages shown herein, some features being separated from others. can be used or implemented in The scope of certain embodiments disclosed herein is indicated by the appended claims rather than by the foregoing description. All changes that come within the spirit and range of equivalency of the claims are to be embraced within their scope.

Claims (72)

A computer-implemented method of electronically authenticating a person using biometrics, comprising:
receiving a first type of biometric reading of a first person from a first biometric reader at a first location at a first time;
comparing said biometric reading of said first type of said first person from said first biometric reader at said first location to a biometric identifier stored in a data store containing biometric identifiers; and
said biometric reading of said first type of said first person from said first biometric reader at said first location stored in said first data store including a biometric identifier; obtaining event access data associated with said predetermined biometric identifier of said first type, at least in part in response to identifying a match with a predetermined biometric identifier of type;
determining whether the event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location at the first time; and,
the event access data associated with the predetermined biometric identifier of the first type is at least part in determining to grant the first person access to the first location at the first time; responsively transmitting instructions to cause an indication of access permission to be indicated by the first device;
receiving a second type of biometric reading of said first person from a second biometric reader at a second location at a second time, said second type being said first biometric reading; a step that differs from the type of
said biometric reading of said second type of said first person from said second biometric reader at said second location with a biometric identifier stored in said data store containing a biometric identifier; a step of comparing;
said biometric reading of said second type of said first person from said second biometric reader at said second location stored in said second data store including a biometric identifier; obtaining event access data associated with said predetermined biometric identifier of said second type at least in part in response to identifying a match with a predetermined biometric identifier of type;
determining whether the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time; and,
said event access data associated with said predetermined biometric identifier of said second type being at least part of determining to grant said first person access to said second location at said second time; responsively transmitting an instruction to cause an indication of access permission to be shown by the second device. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 1. The method according to 1. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. Item 1. The method according to item 1. 2. The method of claim 1, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The method comprises the first biometric reading of the first person from the first biometric reader at the first location using a data structure mapping locations to biometric types. 2. The method of claim 1, further comprising the step of determining that the type of The method comprises: the biometric reading of the first person from the first biometric reader at the first location received in relation to the biometric reading at the first time; 2. The method of claim 1, further comprising determining being of the first type using metadata. 2. The method of claim 1, wherein the first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 2. The method of claim 1, configured to operate in verification mode. a computing device;
a non-transitory computer readable memory storing instructions that, when executed by the computing device, cause the system to perform actions including:
receiving a first type of biometric reading of a first person from a first biometric reader at a first location at a first time;
using the biometric reading of the first type of the first person from the first biometric reader at the first location stored in a data store containing a biometric identifier; identifying a type of matching predetermined biometric identifier and obtaining event access data associated with the first type of the predetermined biometric identifier;
determining whether the event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location at the first time; and,
the event access data associated with the predetermined biometric identifier of the first type is at least part in determining to grant the first person access to the first location at the first time; responsively transmitting instructions to cause an indication of access permission to be indicated by the first device;
receiving a second type of biometric reading of said first person from a second biometric reader at a second location at a second time, said second type being said first biometric reading; and being different from the type of
using said biometric reading of said second type of said first person from said second biometric reader at said second location stored in said data store containing a biometric identifier; identifying a second type of matching predetermined biometric identifier;
obtaining event access data associated with the matching predetermined biometric identifier of the second type;
determining whether the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time; and,
said event access data associated with said predetermined biometric identifier of said second type being at least part of determining to grant said first person access to said second location at said second time; and transmitting instructions to cause an indication of access permission to be shown by the second device in response. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 9. The system according to 9. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. 10. The system according to Item 9. 10. The system of claim 9, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The operation comprises the first biometric reading of the first person from the first biometric reader at the first location using a data structure mapping locations to biometric types. 10. The system of claim 9, further comprising determining that the type of The action receives the biometric reading of the first person from the first biometric reader at the first location in relation to the biometric reading of the first person. 10. The system of claim 9, further comprising determining to be of the first type using metadata. 10. The system of Claim 9, wherein the first biometric reader comprises a camera and/or a capacitor array. The biometric reader operates in a registration mode to create a new biometric record for a given person and in a verification mode to enable verification that a given person has access rights to a given place or event. 10. The system of claim 9, configured to operate. A non-transitory computer-readable memory storing instructions that, when executed by a computing system, cause the computing system to perform actions including:
receiving a first type of biometric reading of a first person from a first biometric reader at a first location at a first time;
using the biometric reading of the first type of the first person from the first biometric reader at the first location stored in a data store containing a biometric identifier; identifying a corresponding predetermined biometric identifier of a type and accessing event access data associated with the predetermined biometric identifier of the first type;
determining whether the event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location at the first time; and,
the event access data associated with the predetermined biometric identifier of the first type is at least part in determining to grant the first person access to the first location at the first time; responsively transmitting instructions to cause an indication of access permission to be indicated by the first device;
receiving a second type of biometric reading of said first person from a second biometric reader at a second location at a second time, said second type being said first biometric reading; and being different from the type of
using said biometric reading of said second type of said first person from said second biometric reader at said second location stored in said data store containing a biometric identifier; identifying a corresponding predetermined biometric identifier of the second type;
accessing event access data associated with said corresponding predetermined biometric identifier of said second type;
determining whether the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time; and,
said event access data associated with said predetermined biometric identifier of said second type being at least part of determining to grant said first person access to said second location at said second time; responsively transmitting instructions to cause an indication of access permissions to be indicated by the second device. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 18. The non-transitory computer readable memory of 17. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 18. The non-transitory computer readable memory of 17. 18. The non-transitory of claim 17, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. computer readable memory. The operation comprises the first biometric reading of the first person from the first biometric reader at the first location using a data structure mapping locations to biometric types. 18. The non-transitory computer readable memory of claim 17, further comprising determining that the type of The action receives the biometric reading of the first person from the first biometric reader at the first location in relation to the biometric reading of the first person. 18. The non-transitory computer readable memory of claim 17, further comprising determining that the memory is of the first type using metadata. 18. The non-transitory computer readable memory of Claim 17, wherein said first biometric reader comprises a camera and/or a capacitor array. The biometric reader operates in a registration mode to create a new biometric record for a given person and in a verification mode to enable verification that a given person has access rights to a given place or event. 18. The non-transitory computer readable memory of claim 17, configured to operate. A computer-implemented method of electronically authenticating a person using biometrics, comprising:
storing in memory an indication of what type of biometric reader is to be used at a first plurality of different locations, wherein the first plurality of different locations includes sporting and/or entertainment events; a step including an event venue configured to host;
receiving a first biometric reading of a first type of a first person from a first biometric reader of a first type at a first location at a first time including a first date; and,
data comprising a biometric identifier for said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location; comparing to a biometric identifier stored in a store;
said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location includes a biometric identifier; Obtaining event access data associated with the predetermined biometric identifier of the first type responsive at least in part to identifying a match with the predetermined biometric identifier of the first type stored in a data store. and
said event access data associated with said predetermined biometric identifier of said first type permits access to said first location for a first sporting and/or entertainment event taking place at said first time; determining whether to authorize the first person;
The event access data associated with the predetermined biometric identifier of the first type permits access to the first location for the first event occurring at the first time. Transmitting an instruction to cause an indication of access authorization to be shown by a first device at least in part in response to a decision to authorize a person, whereby said first person is permitted to access said first person at said first location. accessing said first location for said first sporting and/or entertainment event taking place at one time;
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader being of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, the second type of differing from one type of said first biometric reading;
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; said second biometric reading of said second type of said first person from said second biometric reader of a type stored in said data store including a biometric identifier; comparing to the biometric identifier of the species;
said second biometric reading of said second type of said first person from said second biometric reader of said second type at said second location includes a biometric identifier; Obtaining event access data associated with the predetermined biometric identifier of the second type responsive at least in part to identifying a match with the predetermined biometric identifier of the second type stored in a data store. and
The event access data associated with the predetermined biometric identifier of the second type is at the second time at the second time for a second sporting and/or entertainment event occurring at the second time. determining whether to allow the first person to access the location of
said event access data associated with said predetermined biometric identifier of said second type permits access to said second location for said second sporting and/or entertainment event taking place at said second time; transmitting instructions to cause an indication of access permission to be shown by the second device at least in part in response to the decision to grant permission to the first person. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 25. The method according to 25. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. Item 26. The method of Item 25. 26. The method of claim 25, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The method uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 26. The method of claim 25, further comprising determining to be of the first type. The method comprises the method wherein the first biometric reading of the first person from the first biometric reader at the first location is the first biometric reading at the first time; 26. The method of claim 25, further comprising determining to be of the first type using metadata received in connection with the . 26. The method of Claim 25, wherein the first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 26. The method of claim 25, configured to operate in verification mode. a computing device;
a non-transitory computer readable memory storing instructions that, when executed by the computing device, cause the system to perform actions including:
Storing in memory an indication of what type of biometric reader to use at a first plurality of different locations, the first plurality of different locations configured to host an event including a designated event venue;
Receiving a first biometric reading of a first type for a first person from a first biometric reader of a first type at a first location at a first time including a first date. and,
biometric identifier using said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location; identifying the matching pre-determined biometric identifier of the first type stored in a data store comprising: and obtaining event access data associated with the pre-determined biometric identifier of the first type;
the event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location for a first event occurring at the first time; determining whether to allow
The event access data associated with the predetermined biometric identifier of the first type permits access to the first location for the first event occurring at the first time. Transmitting an instruction to cause an indication of access authorization to be shown by a first device, at least in part responsive to the decision to authorize the person, whereby the first person, at the first time, the first access to one location; and
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader is of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, wherein the second type is a biometric reading; being different from the first type of
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; matching the second type stored in the data store containing a biometric identifier using the second biometric reading of the second type of the first person from a biometric reader of identifying a predetermined biometric identifier to
obtaining event access data associated with the matching predetermined biometric identifier of the second type;
determining whether the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time; and,
The event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location for a second event at the second time. transmitting an instruction to cause an indication of access permission to be shown by the second device at least in part in response to the decision to do so. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 34. The system according to 33. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. 34. The system of Clause 33. 34. The system of claim 33, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The operation uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 34. The system of claim 33, further comprising determining to be of the first type. The action receives the first biometric reading of the first person from the first biometric reader at the first location in relation to the first biometric reading. 34. The system of claim 33, further comprising determining to be of the first type using metadata. 34. The system of Claim 33, wherein said first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 34. The system of claim 33, configured to operate in verification mode. A non-transitory computer-readable memory storing instructions that, when executed by a computing system, cause the computing system to perform actions including:
Storing in memory an indication of what type of biometric reader to use at a first plurality of different locations, the first plurality of different locations configured to host an event including a designated event venue;
Receiving a first biometric reading of a first type for a first person from a first biometric reader of a first type at a first location at a first time including a first date. and,
biometric identifier using said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location; identifying the corresponding predetermined biometric identifier of the first type stored in a data store comprising: and accessing event access data associated with the predetermined biometric identifier of the first type;
The event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location for a first event at the first time. determining whether to
the event access data associated with the predetermined biometric identifier of the first type permits the first person access to the first location for the first event at the first time; Transmitting instructions to cause an indication of access authorization to be indicated by a first device at least in part in response to the decision to authorize, whereby the first person is prompted to perform the event at the first time. having access to the first location for
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader is of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, wherein the second type is the first different from the first type of biometric reading;
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; using said second biometric reading of said second type of said first person from a biometric reader of said second type stored in said data store including a biometric identifier; identifying a predetermined biometric identifier to
accessing event access data associated with said corresponding predetermined biometric identifier of said second type;
determining whether the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time; and,
the event access data associated with the predetermined biometric identifier of the second type permits the first person access to the second location at the second time for the second event; and transmitting instructions to cause an indication of access permission to be shown by the second device at least in part in response to the decision to grant. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 42. The non-transitory computer readable memory of 41. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 42. The non-transitory computer readable memory of 41. 42. The non-transitory of Claim 41, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. computer readable memory. The operation uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 42. The non-transitory computer readable memory of claim 41, further comprising determining that it is of said first type. The action receives the first biometric reading of the first person from the first biometric reader at the first location in relation to the first biometric reading. 42. The non-transitory computer readable memory of claim 41, further comprising determining that the memory is of the first type using metadata. 42. The non-transitory computer readable memory of Claim 41, wherein said first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 42. The non-transitory computer readable memory of claim 41, configured to operate in verification mode. A computer-implemented method of electronically authenticating a person using biometrics, comprising:
storing in memory an indication of what type of biometric reader to use at a first plurality of different locations, wherein the first plurality of different locations is to host an in-person event; a step including an event venue configured in
receiving a first biometric reading of a first type of a first person from a first biometric reader of a first type at a first location at a first time including a first date; and,
said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location data comprising a biometric identifier Obtaining event access data associated with the predetermined biometric identifier of the first type responsive at least in part to identifying a match with the predetermined biometric identifier of the first type stored in a store. a step;
The event access data associated with the predetermined biometric identifier of the first type permits access to the first location for an event of a first in-person event occurring at the first location. determining whether to authorize one person;
The event access data associated with the predetermined biometric identifier of the first type permits access to the first location for the first event occurring at the first location. Transmitting an instruction to cause an indication of access authorization to be shown by a first device at least in part in response to a decision to authorize a person, whereby said first person is performed at said first location accessing said first location for said first in-person event;
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader being of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, wherein the second type is the first different from said first type of biometric reading;
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; said second biometric reading of said second type of said first person from said second biometric reader of a type stored in said data store including a biometric identifier; comparing to the biometric identifier of the species;
said second biometric reading of said second type of said first person from said second biometric reader of said second type at said second location includes a biometric identifier; Obtaining event access data associated with the predetermined biometric identifier of the second type responsive at least in part to identifying a match with the predetermined biometric identifier of the second type stored in a data store. and
whether the event access data associated with the predetermined biometric identifier of the second type authorizes the first person access to the second location for a second in-person event; a step of determining;
the event access data associated with the predetermined biometric identifier of the second type for determining to grant the first person access to the second location of the second in-person event; and at least partially in response, transmitting an instruction to cause an indication of access permission to be shown by the second device. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 49. The method according to 49. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. Item 49. The method of Item 49. 50. The method of claim 49, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The method uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 50. The method of claim 49, further comprising determining to be of the first type. The method receives the first biometric reading of the first person from the first biometric reader at the first location in relation to the first biometric reading. 50. The method of claim 49, further comprising determining to be of the first type using metadata. 50. The method of Claim 49, wherein the first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 50. The method of claim 49, configured to operate in verification mode. a computing device;
a non-transitory computer readable memory storing instructions that, when executed by the computing device, cause the system to perform actions including:
Storing in memory an indication of what type of biometric reader to use at a first plurality of different locations, the first plurality of different locations configured to host an event including a designated event venue;
Receiving a first biometric reading of a first type for a first person from a first biometric reader of a first type at a first location at a first time including a first date. and,
enabling said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location to perform a biometric measurement; identifying a matching predetermined biometric identifier of the first type stored in a data store containing identifiers;
determining whether the predetermined biometric identifier of the first type is associated with an access right granting the first person access to the first location for a first event; ,
at least determining that the predetermined biometric identifier of the first type is associated with the access right granting the first person access to the first location for the first event; In partial response, transmitting instructions to cause an indication of access permission to be shown by a first device, thereby allowing the first person to access the first location;
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader is of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, wherein the second type is a biometric reading; being different from the first type of
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; enabling said second biometric reading of said second type of said first person from a biometric reader of said second type stored in said data store including a biometric identifier; identifying a matching predetermined biometric identifier;
determining whether the predetermined biometric identifier of the second type is associated with an access right granting the first person access to the second location;
access granting, at least in part in response to determining that the predetermined biometric identifier of the second type is associated with the access right granting the first person access to the second location; transmitting an instruction to cause a display of is shown by the second device. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 57. The system according to 57. wherein said predetermined biometric identifier of said first type comprises facial data of said first person and said predetermined biometric identifier of said second type comprises iris pattern data of said first person. 58. The system of Clause 57. 58. The system of claim 57, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. The operation uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 58. The system of claim 57, further comprising determining to be of the first type. The action receives the first biometric reading of the first person from the first biometric reader at the first location in relation to the first biometric reading. 58. The system of claim 57, further comprising determining to be of the first type using metadata. 58. The system of claim 57, wherein said first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 58. The system of claim 57, configured to operate in verification mode. A non-transitory computer-readable memory storing instructions that, when executed by a computing system, cause the computing system to perform actions including:
Storing in memory an indication of what type of biometric reader to use at a first plurality of different locations, the first plurality of different locations configured to host an event including a designated event venue;
Receiving a first biometric reading of a first type for a first person from a first biometric reader of a first type at a first location at a first time including a first date. and,
enabling said first biometric reading of said first type of said first person from said first biometric reader of said first type at said first location to perform a biometric measurement; identifying a corresponding predetermined biometric identifier of the first type stored in a data store containing identifiers;
determining whether the predetermined biometric identifier of the first type is associated with an access right granting the first person access to the first location for a first event; ,
at least in part in determining that said predetermined biometric identifier of said first type is associated with an access right granting said first person access to said first location for a first event; transmitting an instruction to cause an indication of access permission to be shown by a first device, thereby allowing the first person to access the first location for the first event;
receiving a second biometric reading of said first person from a second biometric reader at a second location at a second time including a second date; the measurement reader is of a different type than the first biometric reader;
determining, based at least in part on the second location, that the second biometric reading is of a second type, wherein the second type is the first different from the first type of biometric reading;
said second biometric reading at said second location at least in part in response to determining, based at least in part on said second location, that said second biometric reading is of a second type; enabling said second biometric reading of said second type of said first person from a biometric reader of said second type stored in said data store including a biometric identifier; identifying a corresponding predetermined biometric identifier;
access authorization, at least in part in response to determining that the predetermined biometric identifier of the second type is associated with an access right authorizing the first person to access the second location; and transmitting instructions to cause the display to be shown by the second device. 3. The predetermined biometric identifier of the first type comprises facial data of the first person, and the predetermined biometric identifier of the second type comprises fingerprint data of the first person. 65. The non-transitory computer readable memory of 65. 3. The predetermined biometric identifier of the first type comprises face data of the first person, and the predetermined biometric identifier of the second type comprises palm data of the first person. 65. The non-transitory computer readable memory of 65. 66. The non-transitory of Claim 65, wherein said predetermined biometric identifier of said first type comprises two-dimensional biometric data and said predetermined biometric identifier of said second type comprises three-dimensional biometric data. computer readable memory. The operation uses a data structure in which the first biometric reading of the first person from the first biometric reader at the first location maps location to biometric type. 66. The non-transitory computer readable memory of claim 65, further comprising determining that it is of said first type. The action receives the first biometric reading of the first person from the first biometric reader at the first location in relation to the first biometric reading. 66. The non-transitory computer readable memory of claim 65, further comprising determining that the memory is of the first type using metadata. 66. The non-transitory computer readable memory of Claim 65, wherein said first biometric reader comprises a camera and/or a capacitor array. The first biometric reader is in a registration mode to create a new biometric record for a given person and to be able to verify that a given person has access rights to a given place or event. 66. The non-transitory computer readable memory of claim 65, configured to operate in verification mode.

Images