WO2003036571A1 - Procede, systeme et appareil de surveillance de limitation d'acces a des personnes autorisees - Google Patents

Procede, systeme et appareil de surveillance de limitation d'acces a des personnes autorisees Download PDF

Info

Publication number
WO2003036571A1
WO2003036571A1 PCT/EP2002/010901 EP0210901W WO03036571A1 WO 2003036571 A1 WO2003036571 A1 WO 2003036571A1 EP 0210901 W EP0210901 W EP 0210901W WO 03036571 A1 WO03036571 A1 WO 03036571A1
Authority
WO
WIPO (PCT)
Prior art keywords
string
subject
authorisation
identification
authorised
Prior art date
Application number
PCT/EP2002/010901
Other languages
English (en)
Inventor
Gerrit Roelofsen
Boaz Simon Gelbord
Original Assignee
Koninklijke Kpn N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Kpn N.V. filed Critical Koninklijke Kpn N.V.
Publication of WO2003036571A1 publication Critical patent/WO2003036571A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • the invention relates to access control to an area for subjects. More specifically the invention relates to a method, system and monitoring apparatus for access control to an area using automatic recognition of representations of persons or objects.
  • the area of recognition of representations of "subjects” involves automatic identification of persons or objects by means of algorithms that look for pattern matches between images representing a person or an object applying for access, and previously recorded reference images beyond a certain probability of doubt.
  • Additional to subject (person/object) recognition there is a need to provide specific services (access rights, service facilities etc.) to e.g specific persons or groups of persons, based on personal identification means like ID cards etc.
  • specific services e.g. which access rights and/or limitations, access times, etc.
  • additional information is needed to establish what specific services (e.g. which access rights and/or limitations, access times, etc.) should be provided to a person who has been given permission to access a certain area, e.g. a building, room and/or LAN, telecommunications or computing facilities (network etc. ) .
  • a disadvantage of the known systems is that the system for person recognition and the system for service provisioning are separate systems, each of them using their own means and resources .
  • the invention comprises a method, a system and monitoring apparatus for access control for subjects (e.g. persons or objects), to a physical (e.g. building, room) or virtual (e.g. network, facilities etc.) area.
  • a monitoring apparatus can be a (digital) camera.
  • a first identification string (initial identification string, IIS) is generated, comprising a (digital) representation, e.g. image, of (a distinguishing part of) the relevant subject.
  • IIS initial identification string
  • storage refers to having the data available in any possible manner such as registration of the location of the data, saving the data on a data carrier, knowing the whereabouts of the data somewhere in a network etc.
  • a second identification string (operational identification string, OIS)
  • OIS operation identification string
  • the operational identification string can be compared with the various initial identification strings stored for the subjects which -via previous registration during the initial step- are authorised to have access to the secured area.
  • an operational authorisation string (OAS) can be generated , representing a further information carrier (FIC) , which comprises information about further access rights, facilities etc. to or services within the secured area, e.g.
  • an initial authorisation string (IAS) is generated and stored in the initial step .
  • the IAS relates to the OAS and may comprise -like the OAS- an image or other representation of a further information carrier ( FIC) carrying information about access to or services within said physical or virtual area .
  • the operational authorisation string (OAS ) is compared with the relevant initial stored authorisation string ( IAS) .
  • This option can provide additional security, while both the subject ' s OIS is investigated whether it matches (at least) one stored IISs, and, additionally, the subj ect ' s OAS is investigated whether it matches the relevant OIS .
  • the further information carrier may compriseinformation about further access rights or services within the secured area, e . g . access or service time restrictions , further access- or service rights and/or limits within the secured area, charges to be paid for use of the area e . g . network or communication facilities , etc . etc .
  • a common initial identification/authorisation string may be generated and stored, incorporating, at least partly, an initial identification string (IIS) and an initial authorisation string (IAS ) , and comprising, for recognition purposes , e . g an image of at least part of the authorised subj ect, and, for further access and/or services provisioning purposes , the authorised subject ' s further information carrier (FIC) .
  • IIS initial identification string
  • IAS initial authorisation string
  • a common operational identification/authorisation string (OIAS) is generated, incorporating, at least partly, an operational identification string (OIS ) as well as an operational authorisation string (OAS ) .
  • OIAS may comprise, for recognition purposes , e . g an image of at least part of the authorised subject and, for further access and/or services provisioning purpose, the relevant subject's further information carrier
  • the further information carrier may have the form of a
  • token e.g. a card, label or coin. It may be restricted to an individual person or may apply for a group of persons.
  • the FIC may be worn on a person's body or clothes. Finally, it may, for additional security, comprise a unique identification mark of e.g,. the relevant person, authorised to or applying for access, e.g. the person's signature, fingerprint, face scan or retina scan.
  • Figures 1 and 2 show an exemplary embodiment of a system fit for execution of the method depicted above.
  • Figure 1 shows a system for access control of persons to a secured physical or virtual area 1, controlled by an access controller 2.
  • the secured area here comprises a closed room 1, comprising a computer network 14 and terminals. Access to the room 1 is controlled by means of a door or the like, actuated by control means 2. After a person 4 or 8 has got permission to enter the room 1, each person has his specific further access and/or service privileges and/or restrictions in the use of the network 14.
  • the access controller 2 is controlled by a system processor 3.
  • an initial identification string (IIS) 6 is generated by means of a camera 5, comprising a digitised representation, viz. a digital image or scan of a distinguishing part of the authorised person's body, e.g. the person's face.
  • the processor 3 stores the IIS 6, formatted as an ordinary bitmap or as a string of vector parameters describing the image, in a database (DB) 7.
  • DB database
  • an operational identification string (OIS) 9 is generated-, by means of a camera 10, comprising a bitmap or -after processing inside or outside the camera- a vector string representing the face of the person 8 applying for access.
  • the operational identification string is compared, by the processor 3, with the IISs 6 previously generated and stored in database 7for various persons 4 authorised to have access to the area 1.. If an IIS matches the OIS of person 8, the person is granted permission to enter the secured area.
  • an operational authorisation string (OAS) 11 may be generated by a camera 12, comprising the image (again formatted as a bitmap string or a processed, e.g.. vectorised data string) of a further information carrier ⁇ FIC) 13, comprisingfurther information concerning e.g. the rights of person 8 within the area 1.
  • OAS operational authorisation string
  • the further information carrier may comprise further information concerning the access rights of the person 8 to the area 1 e.g. time restrictions (entrance times) or rights/restrictions to (not-shown) sub-rooms, or to further services to be offered within that area e.g. access rights to the computer network 14.
  • the FIC 13 may have the form of a card, coin or label and may be strictly personal or may apply for a group of persons. Said "further information" may be printed upon the surface of the FIC card, coin or label, while such card, coin or label, e.g. may be clipped on the person's clothes.
  • an initial authorisation string (IAS) 16 may be generated, by means of a camera 15,, for each person 4 to be authorised to have access to the secured areas 1 (room) and 14 (network), which IAS is subsequently stored in database 7.
  • the IAS 16 comprises a -representation (vectorised or not) of the image of a further information carrier (FIC) 17, comprising further information concerning the- access and service rights of ⁇ the, relevant authorised person.4 to the secure room 1 and/or network 14. Note: if person 4 and person 8 are one and the same, .the FIC 13 is likely to be the same as the FIC 17.
  • the operational authorisation string (OAS) 11 of the relevant person 8 requesting access to area 1 is compared, by processor 3, with the . initial authorisation strings (IAS) 16, recorded previously and stored in database 7 during the initial step I .
  • the requesting person will or will not get permission, by means of the access control means 2, to enter and use the area 1 and the services of network 14. If person 8 gets permission to enter, the information content of the person's FIC 13 is interpreted by processor 3 and determines the person's further rights for access to and services within area 1.
  • the contents of person's FIC 13 is not checked against stored FIC representations (IASs), but only serves to determine -only after person 8 gets permission to access area 1 due to a positive investigation result of his OIS 9 against the stored IISs 16- the further rights etc. of person 8 within area 1 (for instance the access rights to services of network 14) after being entered area 1.
  • the cameras 5, 10, 12 and 15 can be replaced by a single camera suited to execute one or more of the functions of the cameras 5, 10, 12 and 15 as described above.
  • the processor 3 can be an integral part of the camera (s).
  • the storage means 7 can be an integral part of the camera as well as being physically separated from the camera: In the latter case the camera (s) can be equipped with network communication means in order to transmit and/or receive the various strings to be stored in said storage means 7 over a network. In an embodiment the camera is further equipped with state-of-the-art compression means to reduce the capacity needed for the storage means 1 and to limit bandwidth usage of 1 the network.
  • FIG 2 shows a second embodiment of the invention.
  • IIS 6 and IAS 16 instead- of separate image strings IIS 6 and IAS 16 (in figure 1) , one common initial identification/authorisation string (HAS) 18 is generated by camera 5, and saved in database 7.
  • HAS comprises an integrated image of a (distinguishing part of the) body of the authorised person 4 and of the authorised person's FIC 17.
  • a common operational identification/authorisation string (OIAS) 19 is generated by camera 10, comprising an integrated image of a (distinguishing part of the) body of the requesting person and of the requesting person's FIC 13. Subsequently, the OIAS 19 of person 8 is compared with the stored IIASs 18 of the various persons 4 authorised to have access to the area 1, each of which has an
  • the access controller 2 not necessarily prohibits access of e.g. a person to an area in case the initial strings (IIS, IAS, HAS) do not match with the operational strings (OIS, OAS, OIAS) . Instead of or simultaneously to prohibitting access to said area an alarm or other signalling of non-matching strings can be provided for.
  • the FIC of persons 4 and 8 also may, additionally, include a unique representation of those persons, e.g. the person's signature, fingerprint, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne un procédé, un système et une caméra destinés à limiter l'accès à une zone (1, 14) accessible à des personnes autorisées. Dans une première étape, des chaînes d'identification initiale IIS (6), comprenant des représentations de personnes autorisées (4) sont stockées. Dans une seconde étape suivante, est créée une chaîne d'identification opérationnelle OIS (9), comprenant l'image d'une personne (8) demandant l'accès. L'OIS est comparée aux IIS sauvegardés des personnes autorisées. Dans cette seconde étape, est aussi produite une chaîne supplémentaire d'autorisation opérationnelle OAS (11) comprenant l'image d'un support d'information supplémentaire FIC (13), contenant une information additionnelle concernant l'accès demandé. En outre, dans la première étape, il est possible de créer et de sauvegarder une chaîne d'autorisation initiale (16) comprenant l'image d'un support d'information supplémentaire FIC (17) contenant une information additionnelle concernant l'accès de la zone sécurisée à des personnes autorisées (4), alors que dans la seconde étape, l'OAS est comparée à l'IAS (16).
PCT/EP2002/010901 2001-10-22 2002-09-30 Procede, systeme et appareil de surveillance de limitation d'acces a des personnes autorisees WO2003036571A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP01203970A EP1304659A1 (fr) 2001-10-22 2001-10-22 Méthode, système et dispositif de contrôle pour contrôler l'accès de personnes
EP01203970.7 2001-10-22

Publications (1)

Publication Number Publication Date
WO2003036571A1 true WO2003036571A1 (fr) 2003-05-01

Family

ID=8181099

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2002/010901 WO2003036571A1 (fr) 2001-10-22 2002-09-30 Procede, systeme et appareil de surveillance de limitation d'acces a des personnes autorisees

Country Status (2)

Country Link
EP (1) EP1304659A1 (fr)
WO (1) WO2003036571A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4805223A (en) * 1985-04-22 1989-02-14 The Quantum Fund Limited Skin-pattern recognition method and device
US4821118A (en) * 1986-10-09 1989-04-11 Advanced Identification Systems, Inc. Video image system for personal identification
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
WO1999030267A1 (fr) * 1997-12-08 1999-06-17 Soltesz John A Kiosque libre service comportant une capacite de verification et/ou d'enregistrement de donnees biometriques
EP0924655A2 (fr) * 1997-12-22 1999-06-23 TRW Inc. ContrÔle d'accès à des portes ou à des machines à l'aide de comparaisons d'empreintes digitales

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4805223A (en) * 1985-04-22 1989-02-14 The Quantum Fund Limited Skin-pattern recognition method and device
US4821118A (en) * 1986-10-09 1989-04-11 Advanced Identification Systems, Inc. Video image system for personal identification
US4993068A (en) * 1989-11-27 1991-02-12 Motorola, Inc. Unforgeable personal identification system
WO1999030267A1 (fr) * 1997-12-08 1999-06-17 Soltesz John A Kiosque libre service comportant une capacite de verification et/ou d'enregistrement de donnees biometriques
EP0924655A2 (fr) * 1997-12-22 1999-06-23 TRW Inc. ContrÔle d'accès à des portes ou à des machines à l'aide de comparaisons d'empreintes digitales

Also Published As

Publication number Publication date
EP1304659A1 (fr) 2003-04-23

Similar Documents

Publication Publication Date Title
US6657538B1 (en) Method, system and devices for authenticating persons
US5995014A (en) Biometric interface device for upgrading existing access control units
US6219439B1 (en) Biometric authentication system
US6801640B1 (en) Gate control device
CN109711133A (zh) 身份信息的认证方法、装置及服务器
EP0935221A2 (fr) Système d'authentification à distance
CA2392264C (fr) Systeme et procede de controle automatique du passage d'une frontiere
CN112005231A (zh) 生物特征认证方法、系统和计算机程序
CN110304506B (zh) 一种电梯控制方法、装置、电梯系统及存储介质
CA2636453A1 (fr) Jeton biometrique multisysteme
CA2361405A1 (fr) Systeme d'acces biometrique, sans jeton, a un guichet automatique
JP2001118103A (ja) ゲート管理装置
US20020010862A1 (en) Biometric authentication system sharing template data among enterprises
CN112017326B (zh) 一种车内用户状态监测系统及方法
CN110097662A (zh) 一种电子身份认证方法及认证系统
US20050102291A1 (en) Apparatus and method providing distributed access point authentication and access control with validation feedback
WO2023228744A1 (fr) Système de déverrouillage de porte, dispositif terminal, système de commande d'équipement et procédé de déverrouillage de porte
JP3583892B2 (ja) ネットワークセキュリティ方法
EP1304659A1 (fr) Méthode, système et dispositif de contrôle pour contrôler l'accès de personnes
KR100300623B1 (ko) 아이리스 데이터 조합 시스템
JP2001005836A (ja) アイリス登録システム
JP2003099780A (ja) アクセスコントロールシステム
WO2016010884A1 (fr) Systèmes et procédés de gestion de ressources bancaires mobiles
JPH0969138A (ja) サービス端末により処理される書類にマークを付ける方法と装置
CN112328992B (zh) 基于人工智能的人体检测方法及云服务器

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP