WO2005010813A1 - Positive biometric identification - Google Patents

Positive biometric identification Download PDF

Info

Publication number
WO2005010813A1
WO2005010813A1 PCT/AU2004/000968 AU2004000968W WO2005010813A1 WO 2005010813 A1 WO2005010813 A1 WO 2005010813A1 AU 2004000968 W AU2004000968 W AU 2004000968W WO 2005010813 A1 WO2005010813 A1 WO 2005010813A1
Authority
WO
WIPO (PCT)
Prior art keywords
individual
algorithm
smart card
biometric data
fragment
Prior art date
Application number
PCT/AU2004/000968
Other languages
French (fr)
Inventor
Barry John Taylor
Original Assignee
Grosvenor Leisure Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Grosvenor Leisure Incorporated filed Critical Grosvenor Leisure Incorporated
Publication of WO2005010813A1 publication Critical patent/WO2005010813A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration

Definitions

  • THIS INVENTION relates to the provision of a method for the positive identification of an individual, particularly, but not exclusively, as a means to prevent fraudulent obtaining and use by one person of multiple credit or debit cards, driving licenses, healthcare and pension cards and the like in the name of differing individuals.
  • a significant disadvantage of such cards and documents is that the issue and policing thereof is inadequate to prevent an unscrupulous person from fraudulently obtaining a multiple of such cards or documents and accessing funds and/or receiving Government licences or social security payments in the names of a number of individuals.
  • a method for the positive identification of an individual said individual having a first identification means adapted for carriage with said individual, said method including: obtaining biometric data unique to said individual; deriving from said biometric data a first algorithm unique to said individual; storing said first algorithm on a database; deriving from said biometric data a second algorithm unique to said individual, said second algorithm differing from said first algorithm; storing said second algorithm on said first identification means; providing means to obtain verification biometric data from a person requiring said positive identification; deriving from said verification biometric data a verification algorithm; and comparing said verification algorithm with said first algorithm; wherein identification of said person is deemed positive if: said verification algorithm is identical with said first algorithm; and said person can offer said first identification means at time of said positive identification being undertaken.
  • biometric data of an individual is not stored either on the 5 identification means or the database, only the appropriate algorithms derived from that biometric data. As such algorithms cannot be reversed engineered to the original data, personal biometric data of the individual cannot be obtained therefrom.
  • said identification means is a card of the type capable of holding information in a machine-readable form.
  • Said biometric data can be any such data unique to said individual and includes one or more fingerprints, iris scan, facial features, hand geometry and voice pattern or any combination thereof.
  • said biometric data is a fingerprint analysis.
  • said biometric data can include an embedded image of said individual,
  • typically, a head and shoulders photographic image of said individual.
  • further security is provided by encrypting one or more of said first algorithm, said second algorithm and said verification algorithm.
  • said individual attends a point of issue for said identification means, for example to a bank for a machine-readable "smart " 0 card, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued,
  • the individual must first provide positive identification which meets the requirements of the institution before proceeding , Once assigned a smart caid, biometric ⁇ aia.
  • biometric ⁇ aia.
  • fingerprint data, -f the individual is taken at the institution using any suitable fingerprint reader known in the art. Although not essential, data can be taken from two or more fingerprints to further decrease the likelihood of a subsequent false identification of said individual. From the scanned image of the fingerprint(s), an algorithm unique to that scanned ?
  • a first fragment of that encrypted algorithm is stored on a master database.
  • a second fragment of that encrypted algorithm, differing from the first fragment, is stored on the smart card.
  • the establishment of this smart card and its associated storage of in the first fragment on the master database is considered to be the first such enrolment by the individual on that master database.
  • the individual is then free to use the smart card in accordance with its conditions of issue.
  • the fingerprint(s) of that person/individual is taken, an encrypted algorithm as described above is established and a fragment of the form corresponding to the first fragments stored on the master database is determined and compared with all actual first fragments stored in the master database. If there is a match, then the issue of the smart card can be 0 denied.
  • the smart card now wishes to obtain, for example, a driving licence
  • the fingerprint(s) of that individual is taken, an encrypted algorithm as described above is established and a fragment of the form corresponding to the first fragments stored on the master database is 5 determined and compared with all actual first fragments stored in the master database. If there is a match, the driving licence would " only be issued if the individual can produce the smart card (representing the original enrolment of that individual as discussed above) which contains the second fragment stored on the smart card which can be compared with the corresponding eunnnrl fragment of the fingerprint sample provided by the individual at the time of requesting the driving licence.
  • a secure method of identifying an individual can be obtained.
  • no personal or private details of any one individual is held on any database and, even if a person should fraudulently obtain access to the details held on the master database, it has no value to that person.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Multimedia (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A method of positively identifying an individual is disclosed wherein neither full personal or private details of any such individual is held on any database. From the scanned image of a fingerprint, an algorithm unique to that scanned image is generated and encrypted. A first fragment of that encrypted algorithm is stored on a master database. A second fragment of that encrypted algorithm, differing from the first fragment, is stored on a smart card for use by the individual. Should another person, falsely representing to be that individual, attempt to obtain another identical such smart card, the fingerprint of that person is taken, an encrypted algorithm is established and a fragment of the form corresponding to the first fragments stored on the master database is determined and compared with all actual first fragments stored in the master database. If there is a match, then the issue of the smart card can be denied. If an individual who has genuinely obtained the smart card now wishes to obtain a second differing smart card, the fingerprint of that individual is taken, an encrypted algorithm is established and a fragment of the form corresponding to the first fragments stored on the master database is determined and compared with all actual first fragments stored in the master database. If there is a match, the second smart card is only issued if the individual can produce the original smart card which contains the stored second fragment which can be compared with the corresponding second fragment of the fingerprint sample provided by the individual at the time of requesting the second smart card.

Description

TITLE: POSITIVE BIOMETRIC IDENTIFICATION
THIS INVENTION relates to the provision of a method for the positive identification of an individual, particularly, but not exclusively, as a means to prevent fraudulent obtaining and use by one person of multiple credit or debit cards, driving licenses, healthcare and pension cards and the like in the name of differing individuals.
The advertising of goods and services over media such as television and the Internet is now commonplace. With television advertising, the public can often purchase the goods or services so-advertised over the telephone using a credit card facility. With the Internet, the general public can order numerous consumer goods and/or services online. Once again, payment for these goods and/or services is often by a credit card facility. Yet again, payment of goods at their point of sale by credit or debit cards (EFTPOS) is now common in the marketplace.
Although credit and debit cards are usually issued by private enterprise, Government
Departments also issue cards or documents which purport to be unique to an individual. Typical issues include a driving licence and healthcare or pension card.
A significant disadvantage of such cards and documents is that the issue and policing thereof is inadequate to prevent an unscrupulous person from fraudulently obtaining a multiple of such cards or documents and accessing funds and/or receiving Government licences or social security payments in the names of a number of individuals.
In an attempt to overcome these problems, Governments, in the past, have postulated the issue of a master card for each individual which contains information unique to that individual, for example biometric information, and that card would have to be produced before any financial transaction is undertaken or before any Government license or social security card or the like is issued to that individual.
However, such proposals have met with strong resistance from the general public as it iε considered inappropriate for a Government to hold such personal and unique information on its citizens and others on a database. Accordingly, these proposals have been soundly rejected to date by the general public.
It is thus a general object of the present invention to provide a method for the positive identification of an individual which substantially eliminates the above- described disadvantages without requiring information to be retained by the issuing authority, particularly Government, from which any specific individual can be identified.
According to the present invention, there is provided a method for the positive identification of an individual, said individual having a first identification means adapted for carriage with said individual, said method including: obtaining biometric data unique to said individual; deriving from said biometric data a first algorithm unique to said individual; storing said first algorithm on a database; deriving from said biometric data a second algorithm unique to said individual, said second algorithm differing from said first algorithm; storing said second algorithm on said first identification means; providing means to obtain verification biometric data from a person requiring said positive identification; deriving from said verification biometric data a verification algorithm; and comparing said verification algorithm with said first algorithm; wherein identification of said person is deemed positive if: said verification algorithm is identical with said first algorithm; and said person can offer said first identification means at time of said positive identification being undertaken.
It is to be noted that the biometric data of an individual is not stored either on the 5 identification means or the database, only the appropriate algorithms derived from that biometric data. As such algorithms cannot be reversed engineered to the original data, personal biometric data of the individual cannot be obtained therefrom.
Preferably, said identification means is a card of the type capable of holding information in a machine-readable form.
10 Said biometric data can be any such data unique to said individual and includes one or more fingerprints, iris scan, facial features, hand geometry and voice pattern or any combination thereof.
Preferably, said biometric data is a fingerprint analysis.
Optionally, said biometric data can include an embedded image of said individual,
\ typically, a head and shoulders photographic image of said individual.
Optionally, further security is provided by encrypting one or more of said first algorithm, said second algorithm and said verification algorithm.
In an embodiment of the present invention, said individual attends a point of issue for said identification means, for example to a bank for a machine-readable "smart"0 card, where normal identification procedures for banking or credit card facilities must be met before said identification means is issued, As is usual when applying for a credit or debit card at such an institution, the individual must first provide positive identification which meets the requirements of the institution before proceeding, Once assigned a smart caid, biometric ϋaia. In particular, fingerprint data, -f the individual is taken at the institution using any suitable fingerprint reader known in the art. Although not essential, data can be taken from two or more fingerprints to further decrease the likelihood of a subsequent false identification of said individual. From the scanned image of the fingerprint(s), an algorithm unique to that scanned ? image is generated and encrypted using any appropriate encryption algorithm known in the art. A first fragment of that encrypted algorithm is stored on a master database. A second fragment of that encrypted algorithm, differing from the first fragment, is stored on the smart card. For the purposes of this embodiment of the present invention, the establishment of this smart card and its associated storage of in the first fragment on the master database is considered to be the first such enrolment by the individual on that master database.
The individual is then free to use the smart card in accordance with its conditions of issue.
Should that individual, or another person falsely representing to be that individual, 15 attempt to obtain another identical such smart card, the fingerprint(s) of that person/individual is taken, an encrypted algorithm as described above is established and a fragment of the form corresponding to the first fragments stored on the master database is determined and compared with all actual first fragments stored in the master database. If there is a match, then the issue of the smart card can be 0 denied.
On the other hand, if the individual who has genuinely obtained the smart card now wishes to obtain, for example, a driving licence, the fingerprint(s) of that individual is taken, an encrypted algorithm as described above is established and a fragment of the form corresponding to the first fragments stored on the master database is 5 determined and compared with all actual first fragments stored in the master database. If there is a match, the driving licence would" only be issued if the individual can produce the smart card (representing the original enrolment of that individual as discussed above) which contains the second fragment stored on the smart card which can be compared with the corresponding eunnnrl fragment of the fingerprint sample provided by the individual at the time of requesting the driving licence.
By using the present invention, a secure method of identifying an individual can be obtained. However, no personal or private details of any one individual is held on any database and, even if a person should fraudulently obtain access to the details held on the master database, it has no value to that person.
It will be appreciated that the above described embodiment is only an exemplification of the present invention and that modifications and alterations can be made thereto without departing from the inventive concept as defined in the following claims.

Claims

1. A method for the positive identification of an individual, said individual having a first identification means adapted for carriage with said individual, said method including: obtaining biometric data unique to said individual; deriving from said biometric data a first algorithm unique to said individual; storing said first algorithm on a database; deriving from said biometric data a second algorithm unique to said individual, said second algorithm differing from said first algorithm; storing said second algorithm on said first identification means; providing means to obtain verification biometric data from a person requiring said positive identification; deriving from said verification biometric data a verification algorithm; and comparing said verification algorithm with said first algorithm; wherein identification of said person is deemed positive if: said verification algorithm is identical with said first algorithm; and said person can offer said first identification means at time of said positive identification being undertaken,
2. A method as defined in Claim 1 wherein said identification means is a card of the type capable of holding information in a machine-readable form.
3. A method as defined in Claiml or Claim 2 wherein said biometric data is selected from the group comprising one or more fingerprints, iris scan, facial features, hand geometry and voice pattern or any combination thereof.
4. A method as defined in Claim 3 wherein said biometric data is a fingerprint analysis,
5, A method as defined in any one of Claims 1 to 4 wherein said biometric data further includes an embedded image of said individual.
6. A method as defined in Claim 5 wherein said image is a head and shoulders photographic image of said individual.
7. A method as defined in any one of Claims 1 to 6 wherein one or more of said first algorithm, said second algorithm and said verification algorithm is encrypted.
PCT/AU2004/000968 2003-07-24 2004-07-20 Positive biometric identification WO2005010813A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2003903825A AU2003903825A0 (en) 2003-07-24 2003-07-24 Positive biometric identification
AU2003903825 2003-07-24

Publications (1)

Publication Number Publication Date
WO2005010813A1 true WO2005010813A1 (en) 2005-02-03

Family

ID=31983456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2004/000968 WO2005010813A1 (en) 2003-07-24 2004-07-20 Positive biometric identification

Country Status (2)

Country Link
AU (1) AU2003903825A0 (en)
WO (1) WO2005010813A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001084494A1 (en) * 2000-04-28 2001-11-08 Precise Biometrics Ab Biometric identity check
US20020112177A1 (en) * 2001-02-12 2002-08-15 Voltmer William H. Anonymous biometric authentication
WO2002095657A2 (en) * 2001-05-18 2002-11-28 Iridian Technologies, Inc. Authentication using application-specific biometric templates
EP1329855A1 (en) * 2002-01-18 2003-07-23 Hewlett-Packard Company User authentication method and system
US20040019570A1 (en) * 2000-06-16 2004-01-29 International Business Machines Corporation Business system and method using a distorted biometrics
US20040128502A1 (en) * 2002-12-30 2004-07-01 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
WO2004061668A1 (en) * 2002-12-31 2004-07-22 International Business Machines Corporation Authorized anonymous authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001084494A1 (en) * 2000-04-28 2001-11-08 Precise Biometrics Ab Biometric identity check
US20040019570A1 (en) * 2000-06-16 2004-01-29 International Business Machines Corporation Business system and method using a distorted biometrics
US20020112177A1 (en) * 2001-02-12 2002-08-15 Voltmer William H. Anonymous biometric authentication
WO2002095657A2 (en) * 2001-05-18 2002-11-28 Iridian Technologies, Inc. Authentication using application-specific biometric templates
EP1329855A1 (en) * 2002-01-18 2003-07-23 Hewlett-Packard Company User authentication method and system
US20040128502A1 (en) * 2002-12-30 2004-07-01 American Express Travel Related Services Company, Inc. Methods and apparatus for credential validation
WO2004061668A1 (en) * 2002-12-31 2004-07-22 International Business Machines Corporation Authorized anonymous authentication

Also Published As

Publication number Publication date
AU2003903825A0 (en) 2003-08-07

Similar Documents

Publication Publication Date Title
US11908030B2 (en) Secure transaction system
US10943233B2 (en) System and method for transaction authentication
US5673320A (en) Method and apparatus for image-based validations of printed documents
US20020163421A1 (en) Personal fingerprint authentication method of bank card and credit card
WO2001090962A1 (en) Secure biometric identification
US20060174134A1 (en) Secure steganographic biometric identification
US20040138991A1 (en) Anti-fraud document transaction system
CN101069187A (en) Secure cards and methods
US20060131389A1 (en) Data card authentication system and method
US8464936B2 (en) Identification card
JPH10157352A (en) Ic card, and personal information administration system using the ic card
US20060092476A1 (en) Document with user authentication
WO2005010813A1 (en) Positive biometric identification
Hunter Chip and PIN–biggest UK retail project since decimalisation, but not enough on its own to defeat card fraud
AU2001255978B2 (en) Secure biometric identification
Nasution et al. Turnitin
Guerin Fraud in Electronic Payment
Moise Types of Bank Cards Related Frauds
WO2008135768A2 (en) Authorisation of signatures on documents
JP2002190005A (en) Multifunctional ic card
KR20000018119A (en) Electronic Money Exchange System Using Fingerprint Identification
AU2001255978A1 (en) Secure biometric identification
KR20020033274A (en) Sytem for the acceptance of payment through IC typed credit card and identifier of fingerprint
WO2007023488A2 (en) Apparatus for providing secured documents
KR20050029514A (en) System and method that prevents illegal usage of credit card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
122 Ep: pct application non-entry in european phase