WO2009001394A1 - Contact less smart card with facial recognition - Google Patents

Contact less smart card with facial recognition Download PDF

Info

Publication number
WO2009001394A1
WO2009001394A1 PCT/IT2008/000425 IT2008000425W WO2009001394A1 WO 2009001394 A1 WO2009001394 A1 WO 2009001394A1 IT 2008000425 W IT2008000425 W IT 2008000425W WO 2009001394 A1 WO2009001394 A1 WO 2009001394A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
data
owner
holder
points
Prior art date
Application number
PCT/IT2008/000425
Other languages
French (fr)
Inventor
Rafael Dalenz Bove
Original Assignee
Gelco S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from ITRM20070355 external-priority patent/ITRM20070355A1/en
Priority claimed from ITRM20070407 external-priority patent/ITRM20070407A1/en
Application filed by Gelco S.R.L. filed Critical Gelco S.R.L.
Priority to EP08790014A priority Critical patent/EP2162866A1/en
Publication of WO2009001394A1 publication Critical patent/WO2009001394A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/0014Coin-freed apparatus for hiring articles; Coin-freed facilities or services for vending, access and use of specific services not covered anywhere else in G07F17/00
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Definitions

  • This invention refers in general to the problem of the recognising of the possession by people, of the qualification required for the access a service, an area, at a generic security level.
  • qualification is identified as the possessing of a valid "contactless" card or badge.
  • the final analysis it is the secure recognition of the card's authenticity and the data contained in it.
  • this invention provides a method for secure data exchange between qualification and detection -reading- system in order to make the use of cards or badges suitable for those services requesting recharge or prepayment, enabling access to services subject to unitary or time taxation or in any case conditioned to complex logics, or for services that to be circulated have difficulty in referring to centralised management systems for verification of data authenticity and for which it is necessary that the data and relative security keys be transported inside the card.
  • Another limitation of these RFID devices is that the maximum detection distance is limited: the greater this distance is, the more limited the data processing capability is.
  • the object of the innovation is to supply an intelligent contactless card or badge which we will call TICL, that due to its onboard available intelligence is able to guarantee security and exclusive data access, therefore it is suitable for sensitive transactions where security is the first requirement.
  • the TICL device has good memory and data processing availability and can provide a variety of functions.
  • An important object of the innovation is the use of authentication and known encryption algorithms, in particular the "one-time password" and challenge type or even with an asymmetric key for data protection and security.
  • Another object of the innovation is being able to selectively increase the maximum detection and writing distance of the card, in order to exchange data between system and cards within the whole area of the service.
  • the aim of this invention is to verify that an authentic card or badge is being held by the legitimate owner. This verification is carried out by comparing an image of the face of the holder, taken by a camera, with data stored within the intelligent card which corresponds to that of the legitimate owner.
  • a further aim of this invention besides providing criteria for recognising the authenticity of a card or badge, is to implement an exchange of secure data between the badge and the reading system. In this way it will be possible to use cards or badges for services that require recharge or prepay functions in order to authorise access to services subject to taxes or time limits or, in any case, conditioned by complex logic.
  • the aim of this invention is to create a card using standard hardware and software technologies in order to make the development of subsidiary products feasible for any developer and make each system component economical and easy to maintain.
  • the scope of the invention is to introduce onto the market an intelligent, wireless, contact-less model of a card or badge comprising an internal memory.
  • a file is downloaded onto the memory containing data produced by an algorithm that, starting from a photograph of the badge owner's face, carries out a series of measurements on a limited series of areas and characteristic points and transforms them into a corresponding series of coded data.
  • the choice and codification of the points is such that any other photograph of the owner produces the same code, disregarding a proportionality factor. If another photograph does not produce the same series of data, disregarding the proportionality factor, within a probability range of 90%, it may be assumed it does not belong to the same person.
  • Increasing the number of points taken into consideration the possibility that the facial photographs of two different people produce the same series of data, disregarding the proportionality factor, asymptotically tends to be 0.
  • the data deriving from the above code of the photograph of the card owner's face is stored only in the card held by its legitimate owner, thereby respecting the owner's privacy.
  • a camera films the owner's face, codifies it and compares it with the data stored in the card. If the two series of numeric data (one stored on the card corresponding to the description of the legitimate owner, and the other measured by the camera) are compatible, the verification is positive and the transaction may continue, otherwise it will be stopped.
  • Fig. 1 shows a general outline of the card or badge according to what exists at present.
  • FIG. 2 schematically shows the various component sections cooperating to implement detection and an optimised control of the flow of people and relative taxation.
  • - Fig. 3 is a general block layout of the system sections according to another preferred embodiment of this invention.
  • - Fig 4 is a sequential block diagram of the phases that comprise the authentication and face recognition procedure according to the invention.
  • the innovation consists in forming a card or badge on a laminate support 7 containing an electronic circuit described below, built with surface mount device (SMD) components.
  • the electronic circuit is made up, as shown in figure 1, of: a microprocessor I 5 a SIM 2 with relative algorithms and encryption keys in memory, a photovoltaic cell 3, with a supply circuit and capacitative circuits and/or rechargeable battery 4, one or more transceivers (RFID) 5, with relative antennas 6.
  • RFID transceivers
  • the microprocessor 1 is the intelligence of the card 10 that must process the firmware algorithms stored in the internal program memory, for producing the encrypted data exchange with a remote access device.
  • the microprocessor always operates in an energy saving mode, and switches over to the active state only when the RFID circuit is activated and only for the time necessary for the transaction.
  • the microprocessor activates the encrypted data exchange with known encryption algorithms and furthermore the encryption key is protected and resident in the SIM that makes up the circuit.
  • the SIM 2 has the encryption key in memory, which cannot be read outside the SIM.
  • the SIM 2 in turn is protected by a local code memorised in the processor firmware and used by it to activate the functions. An attempt to read the SIM with an incorrect code blocks the SIM permanently.
  • the SIM 2 contains various files that preserve sensitive data to be protected and which are transferred encrypted one way or another, during the exchange between card 10 and remote access device.
  • a photovoltaic cell 3 is placed on the TICL surface to extract energy from environmental illumination, which will be stored inside it.
  • a feed regulation circuit 4a takes the energy produced by the photovoltaic cells 3 to store it in the capacitative circuits or in the rechargeable batteries 4b.
  • An RFID transceiver 5 with a serigraphy antenna 6 on the badge surface must alert the microprocessor when it is interrogated, and activate the radio frequency data transceiving.
  • the transceiving circuit recognises the command and transmits its identifying registration number.
  • the detection system that has become aware of the presence of a card in its area can decide to start an exchange of protected data with the card.
  • the transceiver circuit recognises the command and alerts the microprocessor for the encrypted exchange of messages.
  • the microprocessor powers down.
  • the reader system When the reader system has guaranteed the security of the data correctly deciphered, it can update the data contained in the card, deducting or updating more or less sophisticated consumption or calculations.
  • a possible application referred to public transportation, for example, is using this card as a travel pass. Authentication and deduction of the number of trips or credit time will be automatically be calculated when the passenger is on board the vehicle.
  • the innovation introduces three distinct systems, which when working together can be considered logically integrated in a single system.
  • the first one is the TICL 10 card system, which is the authorization title to the vehicle or reserved public place;
  • the second one is the reader to display insufficient credit or residual credit, possibly connected to a host;
  • Fig. 2 shows a generic barrier that can be passed using three access doors: 11, 11' and 11" - which could be three ordinary entry / exit bus doors or a reserved public area.
  • a reader device with an insufficient credit display is placed at each 12, 12', 12" door and a credit purchase device 13 is available either inside or outside the vehicle.
  • the device When entering the vehicle, the device checks the TICL card validity and whether there is enough credit. A display shows GO or insufficient credit. The detection -reading- device continually checks the cards inside the vehicle to calculate them or to tax them if necessary for the time of the journey or stay in the public place. If device 13 is present, the user can purchase credit inside the vehicle.
  • the detection device memorises all the cards validated to expedite manual checks for verification of offences.
  • the travel card we have invented for transportation is a card 10 with onboard electronics.
  • Transponder badges have existed for a long time, but in this invention the card 10 has the following innovative features: 1
  • the card is the title of travel or of right to the service and can be recharged with transactions that use encryption algorithms.
  • the type of recharge can be for one journey, for several journeys, for a period of journeys with time limits, etc.
  • the card 10 is validated and taxed electronically within a public mobile vehicle or place where there are a large number of similar cards, but with different data -identifier-.
  • the algorithms for reading card data 10 without interaction errors, even if there are numerous cards close to each other, are resolved by the data exchange algorithm and are part of the reader software and the card firmware.
  • An antenna system inside public buses or the public place, with organised distribution, allows to read simultaneously all the card transponders; the onboard reader 12 checks the authenticity of the encryption keys of the cards 10 and possibly provides for the subsequent authorisation or deduction or telematics debit, of the cost due by each card, rewriting the data on the card.
  • Communication protocol phases can be summed up as follows: a- intervention of the recognition preamble and encrypted key validity; b- transmission of codes and encrypted data; c- validation procedure of data transmitted; d- data update in the relative archives and encryption keys.
  • the security and authentication functions use the high reliability access technologies used in the GSM mobile telephony system and make use of the relative authentication and management protocols of user ID security and security of data exchanged.
  • the season ticket, or more in general the ticket, is univocally identified by the SIM ID code and this code along with the personal Ki authentication key are the identification credentials.
  • this information is never transmitted on a radio channel, but uses a challenge- response type of mechanism.
  • the fundamental advantage of these security procedures comes from the distributed system characteristic that adapts specifically to the type of localised application, which is the aim of this invention.
  • the system elements that intervene actively in realizing the procedures and where the information and resources relative to security are distributed are: the SIM (Subscriber Identity Module), the card, a register similar to an HLR and one similar to a VLR, which in the GSM transposition correspond, respectively, to: 1- the HLR to the general register of subscribers or owners of tickets (prepaid, free, etc.);
  • VLR to a register of visitors (passengers) placed for example at each metro station, which records access temporarily after authentication.
  • the card 10 includes, in the SIM 2, the personal authentication key Ki, the authentication algorithm A3, the encryption algorithm A5.
  • each metro station or each public transportation vehicle is a VLR and a kind of Base Transceiver Station (BTS) operating in RFID capacity and where the algorithms A3 and A5 are also contained.
  • BTS Base Transceiver Station
  • At the base of the encryption and authentication processes is the Authentication Center functional unit that is provided with the codes, the Ki key and the standard encryption algorithms in addition to an algorithm for generating pseudo-casual numbers.
  • the AuC Authentication Center
  • the authentication procedure is started up each time the card 10 comes close and enters in the range of action of a radio base station (a bus stop sign or a metro station) by an activation, deactivation or interrogation procedure of the services contemplated.
  • a radio base station a bus stop sign or a metro station
  • the functional units involved in the authentication process are: the SIM in the terminal and the AuC (Authentication Center) at the HLR equivalent. Authentication is done by adopting the known challenge-response type of mechanism. Therefore when the AuC receives an authentication request, it recognises the likely user ID, generates and transmits a random number as a challenge, the card receives the challenge and transmits it to the SIM.
  • the SIM calculates the response SRES to the challenge by inputting the random number (RAND) and the user's authentication key Ki, memorised in the SIM, to the authentication A3 algorithm (key-dependent one-way hash function).
  • the SRES "signed" response is transmitted to the local network visited in that moment by the user, where it is compared to the value that the home network has calculated by applying the same algorithm A3 to the random number RAND and to the Ki key corresponding to the user's declared ID.
  • the user is identified and access to the service is registered (for example, in the last analysis, the opening of the entry turnstile to the metro) if and only if the two values coincide: the SRES received and the calculated value (the SIM holds the exact identification key). Otherwise the connection is refused and an authentication failure message is notified, blocking access to the user holding it. In this case other ID verification instruments can intervene, such as a biometric identifier - as it will be showed into details subsequently- or personnel directly.
  • detection, calculation and checking techniques of the people present and their circumscribed transit should be arranged for connection via GSM, GPRS or radio to a service centre for real time analysis and treatment of the data regarding the cards and/or passes.
  • the AuC is the functional unit responsible for generating the group of parameters (RAND, SRES, Kc) that are usually referred to as a triplet. Therefore the AuC has two basic duties: secure, protected memorisation of the Ki keys of the users and their passes/cards - titles-, and generate and supply the HLR, upon request, with a number of triplets for each user.
  • the triplets must be generated in continuation (one is normally used at each access). What actually happens is that they are generated and memorised in the HLR and supplied, upon request, to the VLRs. This aspect fits perfectly with the operating conditions in which the same travel card is usually used several times, from the same point of entrance or access to public service.
  • VLRs - as already specified, identifiable with the metro station or the bus stop sign or the bus itself- are themselves a characterising element, since it is a new type of VLR and radio base station operating in mobility, that actually function differently from the corresponding static ones in the GSM.
  • the invention is also based on performing of an algorithm which starts from real time photographs of a face and then:
  • the algorithm produces the same code from any other photo of the holder, disregarding a proportionality factor. If another photograph does not produce the same series of data, disregarding the proportionality factor, within a probability range of 90%, it may be assumed it does not belong to the same person. Increasing the number of points taken into consideration, the possibility that the facial photographs of two different people produce the same series of data, disregarding the proportionality factor, asymptotically tends to be 0.
  • the N points selected from characteristic points of a human face are defined by processing the image with image treatment techniques that block out the face, eyes, nose and mouth.
  • the selected points must correspond to points that are not influenced by movement of facial-jaw muscles.
  • the image treatment techniques measure the standardised distances between the selected points and codify the chromatic differences.
  • the number of points is increased until a percentage of secure recognition is achieved. This is assessed with compromise between the speed of the data processor and the size of the card's memory.
  • the transmitter circuit recognises the command and transmits its identifying number. In this condition of protocol activation the reading distance should be short so that the user is forced to position him/herself in front of the camera.
  • the system reader starts photographing the user and activates the algorithm which, from the photo, produces the series of data to compare with the data memorized in the card.
  • a command is sent to the card requesting it to be read and to transmit its data.
  • the transmitter circuit recognises the command and activates the microprocessor for the encrypted exchange of messages.
  • the system reader verifies the congruence of the data and activates, or not, the requested service.
  • the system reader can update the data contained in the card deducting or updating consumption or more sophisticated accounts.
  • the microprocessor goes into power down mode.
  • the recognition and authentication system as proposed in this invention works with three distinct pieces of equipment which work together and can be considered integrated in a single system.
  • a- The intelligent, contact-less card which constitutes the right to access and contains the cryptographic data characterising the user's photograph.
  • b- The reader which is generally linked to a host computer.
  • c- The camera which photographs the user.
  • Fig. 3 shows an area with three doors 11, 11' and 11", which could be three classic entrances to or exits from a protected area.
  • a reading device 12, 12', 12" is placed on each door together with a corresponding camera 13,13',13".
  • device 12 When a user tries to access the protected area through door 11, device 12 checks the validity of the intelligent, contact-less card and camera 13 photographs the user. The algorithm described in Fig. 4 is then applied to the photograph of the person who wishes to access the area and if the data that produce the algorithm are identical to those memorised in the card 10, door 11 opens otherwise an alarm is set off.
  • the basic element for this invention is therefore an electronic card 10 with memorized data.
  • Card 10 constitutes the right to access a place or service and contains the data for recognition and authentication of its owner. This data is encrypted and the key is kept in a SIM.
  • the communication protocol provides for the use of three encryption keys that may coincide or increase depending on services requested of the intelligent, contact-less.
  • the keys have the following functions:
  • phase 3 Key to control or test the status of the card by the equipment assigned to the personnel authorised to manually verify the card.
  • the phases of the communication protocol may be summarised as follows: a - preamble of recognition and validity of encoded keys b - transmission of encrypted data c - validation process of transmitted data d- data updating in relative archives and encoding keys.
  • One of the advantageous aspects of this article is the reduction of the environmental impact caused by the considerable amount of cards and tickets, due to the re-use of the card that can be recycled at any time, and furthermore it is multi-use therefore a multi-service card.
  • the method of reading cards inside the metallic vehicles is even more favoured by the reflections produced by the metallic masses, significantly aiding effectiveness of the detection proposed in public vehicles.
  • the equipment for detecting and calculating the people present in a circumscribed environment is an economic system that totally changes the technique that checks the flow of people qualified to access a service.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Accounting & Taxation (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • General Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

A system for detecting, calculating and checking presences and taxing presences in circumscribed areas based on the possession of a contactless type of card with authentication, verification and updating of the holder's data by means of preliminary processing of data relative to the photo of the holder -to be compared with data included in the card memory-, and using encryption algorithms with a SIM resident key, comprising : i- a recharge system, purchasing credit for contactless cards with authentication, verification and updating of card data using encryption algorithms with a SIM resident key: ii- service access based on a contactless card that memorises the authorisation purpose; iii- telecameras, microprocessors and transceivers that use antennas installed inside such circumscribed areas to process acquired data and execute transactions with these cards.

Description

TITLE: CONTACT LESS SMART CARD WITH FACIAL RECOGNITION TECHNICAL FIELD
This invention refers in general to the problem of the recognising of the possession by people, of the qualification required for the access a service, an area, at a generic security level. In the field of interest of this invention, qualification is identified as the possessing of a valid "contactless" card or badge. In the final analysis it is the secure recognition of the card's authenticity and the data contained in it. More in particular, in addition to the criteria of recognising qualification authenticity, this invention provides a method for secure data exchange between qualification and detection -reading- system in order to make the use of cards or badges suitable for those services requesting recharge or prepayment, enabling access to services subject to unitary or time taxation or in any case conditioned to complex logics, or for services that to be circulated have difficulty in referring to centralised management systems for verification of data authenticity and for which it is necessary that the data and relative security keys be transported inside the card.
BACKGROUND ART
The production of devices such as badges, cards and other contactless devices, is in great expansion. The many payment or credit systems, cashpoint systems, access control systems, etc., make wide use of it and today the functionalities requested to these devices are increasingly complex. At present there are badges of all kinds, but the field of interest concerning the invention is the contactless one, where the badge is read only if within a minimum and maximum distance of the detection system, with no need for physical contact. Badges with RFID devices are widely used, but today they still have a limited data processing capacity since, in order to respect the pocket-size constraints, they have no feed sources and are self-fed by the electromagnetic field produced by the reader. Yet they are unable to draw sufficient energy from that field to activate the circuits that are capable of executing complex programs and firmware.
Another limitation of these RFID devices is that the maximum detection distance is limited: the greater this distance is, the more limited the data processing capability is.
Another important limitation is that the data memorised in these devices is vulnerable. For these reasons and others, service payment systems with RFID cards are still not very widespread because they are often considered easy to counterfeit. Despite the fact that the first modern biometric device was introduced on a commercial basis more than 25 years ago, producers of these technologies still work in an uncertain environment.
The efficiency of a biometric system consists in its capacity to distinguish the biometric characteristics of different individuals. The perfect precision of these systems, which are theoretically 100% accurate, could be an unachievable goal in the mass consumer market given the commercial need for cost-effective solutions. Although human characteristics appear to be unique, the technologies and techniques used to measure them have an inherent tolerance. This is due to the inaccuracy of the techniques applied and the different circumstances in which the characteristics are presented and measured. For example, the results of a United States government test in 2003 entitled "Face Recognition Vendor Test" cast doubts on the accuracy of face recognition systems. The test used systems from ten leading producers and a database of 120,000 images of approximately 37,000 individuals. None of the systems worked well in identification mode when a face was shown and identification of the subject was requested. On the other hand, production of devices such as badges, cards and other contact-less devices is rapidly expanding. They are widely used by many payment and credit systems, ATMs or cash- lines, access control systems, etc.. The functions required of these devices are increasingly complex. For example, in sensitive areas, where security is a priority, they are required to verify that the holder is the right person. This is usually carried out through diabolic passwords or very complex systems which compare the locally measured anthropometric data of the holder with data stored in a database. Many of these systems require complex equipment and often cannot be used because they infringe privacy laws. Perhaps the most commonly used system at the moment is that which verifies the fingerprint of the card holder with data stored in the card itself. Privacy laws are respected since the fingerprint is memorised within the card held by the owner and the validation device compares the data in the card with the fingerprint read by a special device.
Currently there are many types of badges but for purposes of the invention the family involved is that of the "contact less" type where the badge is read only if it is within a minimum and maximum distance from the reading system without any physical contact. The badge described in the invention is of the intelligent type, with remarkable working potential since it is able to process a substantial amount of data within a certain time. DISCLOSURE OF INVENTION
The object of the innovation is to supply an intelligent contactless card or badge which we will call TICL, that due to its onboard available intelligence is able to guarantee security and exclusive data access, therefore it is suitable for sensitive transactions where security is the first requirement. The TICL device has good memory and data processing availability and can provide a variety of functions. An important object of the innovation is the use of authentication and known encryption algorithms, in particular the "one-time password" and challenge type or even with an asymmetric key for data protection and security. Another object of the innovation is being able to selectively increase the maximum detection and writing distance of the card, in order to exchange data between system and cards within the whole area of the service.
Together with recognition of the holder, the aim of this invention is to verify that an authentic card or badge is being held by the legitimate owner. This verification is carried out by comparing an image of the face of the holder, taken by a camera, with data stored within the intelligent card which corresponds to that of the legitimate owner.
A further aim of this invention, besides providing criteria for recognising the authenticity of a card or badge, is to implement an exchange of secure data between the badge and the reading system. In this way it will be possible to use cards or badges for services that require recharge or prepay functions in order to authorise access to services subject to taxes or time limits or, in any case, conditioned by complex logic.
Lastly, the aim of this invention is to create a card using standard hardware and software technologies in order to make the development of subsidiary products feasible for any developer and make each system component economical and easy to maintain.
These aims and others that will be clarified in the description are obtained using a technique of survey, calculation, check of persons present and taxation of transit in a circumscribed sector based on encryption algorithms for authentication and validation of the exchange during access as shown in claims 1-14 attached, and a device deriving from the assembly of known circuits, opportunely selected and modified electrically, and then mechanically adapted to make the object manageable and pocket- sized, above all not cumbersome according to claim 15.
The scope of the invention is to introduce onto the market an intelligent, wireless, contact-less model of a card or badge comprising an internal memory. A file is downloaded onto the memory containing data produced by an algorithm that, starting from a photograph of the badge owner's face, carries out a series of measurements on a limited series of areas and characteristic points and transforms them into a corresponding series of coded data. The choice and codification of the points is such that any other photograph of the owner produces the same code, disregarding a proportionality factor. If another photograph does not produce the same series of data, disregarding the proportionality factor, within a probability range of 90%, it may be assumed it does not belong to the same person. Increasing the number of points taken into consideration, the possibility that the facial photographs of two different people produce the same series of data, disregarding the proportionality factor, asymptotically tends to be 0.
The data deriving from the above code of the photograph of the card owner's face is stored only in the card held by its legitimate owner, thereby respecting the owner's privacy. When the card is brought close to the reading device, a camera films the owner's face, codifies it and compares it with the data stored in the card. If the two series of numeric data (one stored on the card corresponding to the description of the legitimate owner, and the other measured by the camera) are compatible, the verification is positive and the transaction may continue, otherwise it will be stopped.
BRIEF DESCRIPTION OF DRAWINGS
For purely exemplary purposes and with no intention of limiting the particulars of the innovation and possible fields of application, the following is a description of the invention - to be used in the public transport sector - with reference to the enclosed figures, of which:
- Fig. 1 shows a general outline of the card or badge according to what exists at present.
- Fig. 2 schematically shows the various component sections cooperating to implement detection and an optimised control of the flow of people and relative taxation.
- Fig. 3 is a general block layout of the system sections according to another preferred embodiment of this invention. - Fig 4 is a sequential block diagram of the phases that comprise the authentication and face recognition procedure according to the invention.
BEST MODE FOR CARRYING OUT THE INVENTION
The innovation consists in forming a card or badge on a laminate support 7 containing an electronic circuit described below, built with surface mount device (SMD) components. The electronic circuit is made up, as shown in figure 1, of: a microprocessor I5 a SIM 2 with relative algorithms and encryption keys in memory, a photovoltaic cell 3, with a supply circuit and capacitative circuits and/or rechargeable battery 4, one or more transceivers (RFID) 5, with relative antennas 6.
In particular the microprocessor 1 is the intelligence of the card 10 that must process the firmware algorithms stored in the internal program memory, for producing the encrypted data exchange with a remote access device. The microprocessor always operates in an energy saving mode, and switches over to the active state only when the RFID circuit is activated and only for the time necessary for the transaction. The microprocessor activates the encrypted data exchange with known encryption algorithms and furthermore the encryption key is protected and resident in the SIM that makes up the circuit.
The SIM 2 has the encryption key in memory, which cannot be read outside the SIM. The SIM 2 in turn is protected by a local code memorised in the processor firmware and used by it to activate the functions. An attempt to read the SIM with an incorrect code blocks the SIM permanently. The SIM 2 contains various files that preserve sensitive data to be protected and which are transferred encrypted one way or another, during the exchange between card 10 and remote access device.
A photovoltaic cell 3 is placed on the TICL surface to extract energy from environmental illumination, which will be stored inside it. A feed regulation circuit 4a takes the energy produced by the photovoltaic cells 3 to store it in the capacitative circuits or in the rechargeable batteries 4b.
An RFID transceiver 5 with a serigraphy antenna 6 on the badge surface must alert the microprocessor when it is interrogated, and activate the radio frequency data transceiving.
When the card 10 is close to the reader it is interrogated, the transceiving circuit recognises the command and transmits its identifying registration number.
The detection system that has become aware of the presence of a card in its area can decide to start an exchange of protected data with the card. The transceiver circuit recognises the command and alerts the microprocessor for the encrypted exchange of messages. At the end of the transaction the microprocessor powers down.
When the reader system has guaranteed the security of the data correctly deciphered, it can update the data contained in the card, deducting or updating more or less sophisticated consumption or calculations.
By activating the detection and writing functions of card data, when the card is identified as being present in a certain area, a series of functional applications can be obtained; some of them will be described below as examples.
A possible application referred to public transportation, for example, is using this card as a travel pass. Authentication and deduction of the number of trips or credit time will be automatically be calculated when the passenger is on board the vehicle.
The innovation introduces three distinct systems, which when working together can be considered logically integrated in a single system.
1 The first one is the TICL 10 card system, which is the authorization title to the vehicle or reserved public place;
2 The second one is the reader to display insufficient credit or residual credit, possibly connected to a host;
3 A credit purchase device in also fundamental.
Fig. 2 shows a generic barrier that can be passed using three access doors: 11, 11' and 11" - which could be three ordinary entry / exit bus doors or a reserved public area.
A reader device with an insufficient credit display is placed at each 12, 12', 12" door and a credit purchase device 13 is available either inside or outside the vehicle.
When entering the vehicle, the device checks the TICL card validity and whether there is enough credit. A display shows GO or insufficient credit. The detection -reading- device continually checks the cards inside the vehicle to calculate them or to tax them if necessary for the time of the journey or stay in the public place. If device 13 is present, the user can purchase credit inside the vehicle.
The detection device memorises all the cards validated to expedite manual checks for verification of offences.
The travel card we have invented for transportation is a card 10 with onboard electronics. Transponder badges have existed for a long time, but in this invention the card 10 has the following innovative features: 1 The card is the title of travel or of right to the service and can be recharged with transactions that use encryption algorithms. The type of recharge can be for one journey, for several journeys, for a period of journeys with time limits, etc.
2 The card 10 is validated and taxed electronically within a public mobile vehicle or place where there are a large number of similar cards, but with different data -identifier-. The algorithms for reading card data 10 without interaction errors, even if there are numerous cards close to each other, are resolved by the data exchange algorithm and are part of the reader software and the card firmware.
3 All the transactions of input or output with telematic debit of the cost of the journey are done with encryption algorithms, using inaccessible SIM resident encryption keys.
An antenna system inside public buses or the public place, with organised distribution, allows to read simultaneously all the card transponders; the onboard reader 12 checks the authenticity of the encryption keys of the cards 10 and possibly provides for the subsequent authorisation or deduction or telematics debit, of the cost due by each card, rewriting the data on the card.
Communication protocols currently provide for the use of three encryption keys that can coincide, or increase with the evolution of the calculation power of the μP 1 of the card 10. The keys are for the following functions:
1 Key for recharging the card 7 in specially arranged machines 13.
2 Key for dynamic real time updating of the data contained in the card 7 for authorisation and deduction of the portions of the card that have been used.
m 3 Key for checking or testing the status of the card 7 by the equipment used by personnel for manual card checks.
Communication protocol phases can be summed up as follows: a- intervention of the recognition preamble and encrypted key validity; b- transmission of codes and encrypted data; c- validation procedure of data transmitted; d- data update in the relative archives and encryption keys.
In a particular embodiment of the present invention, the security and authentication functions use the high reliability access technologies used in the GSM mobile telephony system and make use of the relative authentication and management protocols of user ID security and security of data exchanged. The season ticket, or more in general the ticket, is univocally identified by the SIM ID code and this code along with the personal Ki authentication key are the identification credentials.
For authentication and encryption procedures, this information is never transmitted on a radio channel, but uses a challenge- response type of mechanism.
The fundamental advantage of these security procedures comes from the distributed system characteristic that adapts specifically to the type of localised application, which is the aim of this invention. The system elements that intervene actively in realizing the procedures and where the information and resources relative to security are distributed, are: the SIM (Subscriber Identity Module), the card, a register similar to an HLR and one similar to a VLR, which in the GSM transposition correspond, respectively, to: 1- the HLR to the general register of subscribers or owners of tickets (prepaid, free, etc.);
2- the VLR to a register of visitors (passengers) placed for example at each metro station, which records access temporarily after authentication.
The card 10 includes, in the SIM 2, the personal authentication key Ki, the authentication algorithm A3, the encryption algorithm A5.
The information is distributed as in the GSM network: each metro station or each public transportation vehicle is a VLR and a kind of Base Transceiver Station (BTS) operating in RFID capacity and where the algorithms A3 and A5 are also contained. At the base of the encryption and authentication processes is the Authentication Center functional unit that is provided with the codes, the Ki key and the standard encryption algorithms in addition to an algorithm for generating pseudo-casual numbers. The AuC (Authentication Center) memorises the security parameters in the analogues of the VLR and HLR databases.
The authentication procedure is started up each time the card 10 comes close and enters in the range of action of a radio base station (a bus stop sign or a metro station) by an activation, deactivation or interrogation procedure of the services contemplated.
The functional units involved in the authentication process are: the SIM in the terminal and the AuC (Authentication Center) at the HLR equivalent. Authentication is done by adopting the known challenge-response type of mechanism. Therefore when the AuC receives an authentication request, it recognises the likely user ID, generates and transmits a random number as a challenge, the card receives the challenge and transmits it to the SIM. The SIM calculates the response SRES to the challenge by inputting the random number (RAND) and the user's authentication key Ki, memorised in the SIM, to the authentication A3 algorithm (key-dependent one-way hash function). The SRES "signed" response is transmitted to the local network visited in that moment by the user, where it is compared to the value that the home network has calculated by applying the same algorithm A3 to the random number RAND and to the Ki key corresponding to the user's declared ID.
The user is identified and access to the service is registered (for example, in the last analysis, the opening of the entry turnstile to the metro) if and only if the two values coincide: the SRES received and the calculated value (the SIM holds the exact identification key). Otherwise the connection is refused and an authentication failure message is notified, blocking access to the user holding it. In this case other ID verification instruments can intervene, such as a biometric identifier - as it will be showed into details subsequently- or personnel directly.
It is evident that detection, calculation and checking techniques of the people present and their circumscribed transit according to this invention should be arranged for connection via GSM, GPRS or radio to a service centre for real time analysis and treatment of the data regarding the cards and/or passes.
Even in the transposition by GSM to access control, the AuC is the functional unit responsible for generating the group of parameters (RAND, SRES, Kc) that are usually referred to as a triplet. Therefore the AuC has two basic duties: secure, protected memorisation of the Ki keys of the users and their passes/cards - titles-, and generate and supply the HLR, upon request, with a number of triplets for each user. The triplets must be generated in continuation (one is normally used at each access). What actually happens is that they are generated and memorised in the HLR and supplied, upon request, to the VLRs. This aspect fits perfectly with the operating conditions in which the same travel card is usually used several times, from the same point of entrance or access to public service. In this case the VLRs - as already specified, identifiable with the metro station or the bus stop sign or the bus itself- are themselves a characterising element, since it is a new type of VLR and radio base station operating in mobility, that actually function differently from the corresponding static ones in the GSM.
The invention is also based on performing of an algorithm which starts from real time photographs of a face and then:
• identifies N selected and predefined characteristic points of the human face;
• identifies and selects the most chromatically evident points of the face;
• performs a series of measurements correlated, among the identified points, and standardised with respect to a measurement between two predefined characteristic points of the human face -for example the distance between the nose tip and the eyebrow-,
• performs a series of measurements which weigh the chromatic differences between the identified points and are standardised with respect to a measurement carried out between two selected characteristic points of the human face, -for example the colour difference between cheeks and chin-, • compresses and encodes the measured data according to the same data formatting performed on data recorded in the SIM memory (2) of the card.
It has been demonstrated that with the same selection of points for processing, the algorithm produces the same code from any other photo of the holder, disregarding a proportionality factor. If another photograph does not produce the same series of data, disregarding the proportionality factor, within a probability range of 90%, it may be assumed it does not belong to the same person. Increasing the number of points taken into consideration, the possibility that the facial photographs of two different people produce the same series of data, disregarding the proportionality factor, asymptotically tends to be 0.
The N points selected from characteristic points of a human face are defined by processing the image with image treatment techniques that block out the face, eyes, nose and mouth. The selected points must correspond to points that are not influenced by movement of facial-jaw muscles.
Definition of the most evident chromatic points in the photograph of the face is carried out exasperating the contrast and identifying the limit points.
The image treatment techniques measure the standardised distances between the selected points and codify the chromatic differences.
The number of points is increased until a percentage of secure recognition is achieved. This is assessed with compromise between the speed of the data processor and the size of the card's memory. When the intelligent, contact-less card is in proximity of the reader and is interrogated, the transmitter circuit recognises the command and transmits its identifying number. In this condition of protocol activation the reading distance should be short so that the user is forced to position him/herself in front of the camera.
Once it is aware of the card within its sphere of competence, the system reader starts photographing the user and activates the algorithm which, from the photo, produces the series of data to compare with the data memorized in the card. At the same time, a command is sent to the card requesting it to be read and to transmit its data. The transmitter circuit recognises the command and activates the microprocessor for the encrypted exchange of messages. The system reader verifies the congruence of the data and activates, or not, the requested service.
Having guaranteed the safety of the correctly deciphered data, the system reader can update the data contained in the card deducting or updating consumption or more sophisticated accounts.
At the end of the transaction, the microprocessor goes into power down mode.
The recognition and authentication system as proposed in this invention, works with three distinct pieces of equipment which work together and can be considered integrated in a single system. a- The intelligent, contact-less card which constitutes the right to access and contains the cryptographic data characterising the user's photograph. b- The reader which is generally linked to a host computer. c- The camera which photographs the user.
Fig. 3 shows an area with three doors 11, 11' and 11", which could be three classic entrances to or exits from a protected area. A reading device 12, 12', 12" is placed on each door together with a corresponding camera 13,13',13".
When a user tries to access the protected area through door 11, device 12 checks the validity of the intelligent, contact-less card and camera 13 photographs the user. The algorithm described in Fig. 4 is then applied to the photograph of the person who wishes to access the area and if the data that produce the algorithm are identical to those memorised in the card 10, door 11 opens otherwise an alarm is set off.
The basic element for this invention is therefore an electronic card 10 with memorized data. Card 10 constitutes the right to access a place or service and contains the data for recognition and authentication of its owner. This data is encrypted and the key is kept in a SIM.
In a preferred utilisation, the communication protocol provides for the use of three encryption keys that may coincide or increase depending on services requested of the intelligent, contact-less. The keys have the following functions:
1. Key to recharge the card 10 in specially designed machines.
2. Key for dynamic, real-time updating of the data contained in card 10 (reading and writing of characteristic data in the photo of the holder's face).
3. Key to control or test the status of the card by the equipment assigned to the personnel authorised to manually verify the card. The phases of the communication protocol may be summarised as follows: a - preamble of recognition and validity of encoded keys b - transmission of encrypted data c - validation process of transmitted data d- data updating in relative archives and encoding keys.
INDUSTRIAL APPLICABILITY
Up to now, authentication of a card holder by measuring biometric parameters has been done through identification of the iris or fingerprint. With this invention a new alternative is possible: identification of the compatibility between the image of the card holder's face and an image of the card owner described within the card itself. Among the advantages of the invention, we must mention the simplicity of the hardware involved: a camera that can also be used for other functions such as video surveillance. Among the functions derived from the invention, it is possible to identify persons to be found within an environment starting from a photograph of a wanted person, or simply to identify all the known persons within a given environment.
Almost all the tickets or cards used to access services open to the public are at present made of synthetic plastic materials or paper and are always disposable. Therefore we calculate that every year, worldwide, hundreds of millions of cards or tickets are produced with no possibility for recycling.
One of the advantageous aspects of this article is the reduction of the environmental impact caused by the considerable amount of cards and tickets, due to the re-use of the card that can be recycled at any time, and furthermore it is multi-use therefore a multi-service card.
The lowering of costs on TICL components would be extremely significant consequent to use by public service managers, when all travel cards or various purchases are based on the TICL.
The method of reading cards inside the metallic vehicles is even more favoured by the reflections produced by the metallic masses, significantly aiding effectiveness of the detection proposed in public vehicles.
The equipment for detecting and calculating the people present in a circumscribed environment, according to this invention, is an economic system that totally changes the technique that checks the flow of people qualified to access a service.

Claims

1. A technique for identifying the holder/owner of a smart card (10) and for detecting and checking the people present and taxation of transit in a circumscribed area, by means of contactless means, based on two different kinds of security keys contained within a qualifying support-card (10) that gives contactless access, characterised in that it comprises the following steps performing the localised verification:
La- the card validation through an exchange of encrypted information relative to a first security access key between the card and contactless readers, that establishes card authenticity, hence the validity of the contactless card and the consistency of the data memorised on it;
Lb- simultaneous identification of the holder of the card by means of real-time measurement of the image of his/her face and a dedicated algorithmic calculation, interactively processing a limited number of specific data to identify the face and comparing this data with data relative to the legitimate owner stored inside the card, data deriving from the real-time photograph of the face being processed according to two different analysis methods (A,B) which comprise the following phases: A.i - identification of N pre-selected and predefined characteristic points in a human face;
A.ii - execution of a series of correlated measurements among identified points and standardised with respect to a measurement between two pre-selected characteristic points of a human face; B.i- identification and selection of the most chromatically evident points of the face in the photograph under examination; B.ii - execution of a series of measurements that weigh the chromatic differences among the identified points, standardised with respect to a measurement between two pre-selected characteristic points of a human face;
C - compressing and encoding data relating to latter analysis methods (A, B)according to the same data formatting performed in data recorded originally in the card.
II- subsequently implementing an exchange of information, again based on techniques of encrypted conversation, with a procedure of real time updating of the information content of the data memorised on the contactless card (10) on the basis of encryption algorithms that allow establishing an interconnection guaranteed against counterfeiting, using locally activated and operational means of authentication and security management.
2. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to claim 1, characterised by using a communication protocol for transferring information including the following phases: i- intervention of the recognition preamble and confirmation of validity of the encrypted keys; ii-code and encrypted data transmission; iii- validation procedure for data transmitted; iv- updating of data in the relative archives and the encryption keys.
3. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceding claims, wherein by using the remotely read transponder card to count people with cards, enables authorisation of the service based on encrypted protocol, and the update of the card (10) for authorised access, automatically calculating - remotely - the number of accesses still valid, and/or updating the amount of time valid for accessing the service.
4. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the above claims, characterized by enabling payment and recharging the card or ticket with transaction algorithms encrypted, the type of prepayment being for one trip, several trips and for a period, for trips with a time limit.
5. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the above claims, wherein with the authentication procedure started each time the card (10) approaches and enters the range of action of a base radio station using an activation, deactivation or interrogation procedure of the services through a challenge- response type of mechanism, so that when an AuC receives a request for authentication, it generates and transmits a random number to the card; the SIM on the card calculates the SRES response giving as input to resident authentication algorithm A3 the random number, RAND, and the user authentication key Ki, memorised in the SIM, the SRES response was transmitted to the local network visited in that moment by the user, where it is compared to the value calculated - and transmitted - at an HLR, applying the same algorithm A3 to the random number RAND and to the Ki key corresponding to the user's declared ID.
6. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceding claims, characterised by using registers updated in real time, types HLR and VLR, corresponding respectively as follows: a- the general register of subscribers or holders of travel cards, b- the register of visitors (passengers) located at each station, registering accesses after authentication, each metro station or bus or public vehicle stop being the headquarters of the VLR and the base radio station operating in mobility.
7. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceding claims, characterised in that in the sphere of public transportation services the card (7) is stamped and electronically debited by encrypted algorithms inside the mobile unit which may contain at once a considerable number of similar cards with different IDs.
8. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the above claims characterised by the fact that, since the contact-less card or badge has an internal memory which contains a file with data produced by an algorithm that, starting from a photographic image of the card owner's face, carries out a series of measurements on a limited series of characteristic areas and points and transforms them into a corresponding series of encoded information, the selection and encoding of the points is such that any other photograph of the owner produces the same code, disregarding a proportionality factor, so that by increasing the number of points examined, the possibility of the facial photographs of two different people producing the same series of data tends asymptotically to be 0.
9. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the above claims characterised by the fact that when the card is brought near
91 to a reading device, a camera takes a photograph of the holder's face, encodes it and compares it with the data stored in the card so that if the two series of numeric data - that stored in the card which corresponds to the description of the legitimate owner and that measured by the camera near to the access belonging to the holder - are compatible, the verification giving a positive result authorises the transaction, otherwise it is blocked.
10. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceding claims characterised by the following phases: i - photograph taken of face (5) ii - blocking out of face, eyes, nose and mouth (6) iii - identification of characteristic points common to every image
(7) iv - identification of the most evident points of the face under exam (8) v - standardised measurement of a series of distances among selected points and calculation of a chromatic weight for the points (9) vi - comparison between the series of information produced and the series of information memorised (10)
11. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceeding claims characterised by the fact that:
- identification in the photograph of the pre-selected N points of the human face occurs by processing the image with techniques of image treatment that block out the face, eyes, nose and mouth since the points chosen are not influenced by movement of facial or jaw muscles; - identification of the most evident chromatic points in the photograph of the face is carried out by exasperating the contrast and identifying the limit points;
- the image treatment techniques measure the standardised distances between selected points and encode the chromatic differences, and the number of points is increased until a percentage is reached that allows secure recognition evaluated with a compromise between processing speed and memory size of the card.
12. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the preceding claims characterised by the fact that the reading system (2), detecting the presence of a wireless, contact-less card in its vicinity: i- starts to photograph the user and activates the algorithm which, from the photo, produces a series of data to compare with the data memorized in the card and simultaneously sends a command to the card requesting it to be read and to transmit the data it contains, a transmitter circuit in the card recognising the command and activating the microprocessor for encrypted exchange of information; ii- guaranteeing the safety of the correctly deciphered data updates in real time the data contained in the card and deducts or updates consumption or accounts.
13. A technique for identifying the holder/owner of a card and for detecting and checking the people present according to the above claims characterised by the fact that it:
- allows identification of persons within a limited environment starting from photographs of a wanted person, and/or - allows identification of known persons within an environment.
14. A technique for identifying the holder/owner of a card and for detecting and checking the people present according the above claims, that starting from a simple numeric comparison and an arithmetic calculation, from identification on the photograph of the faces of those present, with image treatment techniques and algorithmic calculation, produces a series of data that is limited and distinct for each face.
15. An apparatus for detecting, calculating and checking presences and the relative transit in a circumscribed area according to the preceding claims that include at least: i- a laminated support (7) for a card or badge that contains an electronic circuit, made with surface mounted components, in turn including a microprocessor (1) with an EEPROM that memorises the card for authorised access, a SIM (2) with relative algorithms and inaccessible encryption keys memorised in it, a photovoltaic cell (3), with a feed circuit and capacitative and/or rechargeable battery circuits (4), one or more RFID transceivers (5), with relative antennas (6), ii- a reader (12) which communicates with an host computer, and at least one telecamera (13) which collects photos of the users, iii- microprocessors and transceivers that use antennas installed inside such circumscribed areas to process the data acquired and execute transactions with these cards or tickets.
PCT/IT2008/000425 2007-06-26 2008-06-24 Contact less smart card with facial recognition WO2009001394A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP08790014A EP2162866A1 (en) 2007-06-26 2008-06-24 Contact less smart card with facial recognition

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
ITRM2007A000355 2007-06-26
ITRM20070355 ITRM20070355A1 (en) 2007-06-26 2007-06-26 CONTACT LESS INTELLIGENT CARD FOR COMPLEX TRANSACTIONS WITH FACIAL IMAGE RECOGNITION
ITRM2007A000407 2007-07-25
ITRM20070407 ITRM20070407A1 (en) 2007-07-25 2007-07-25 CONTACT LESS INTELLIGENT CARD FOR SECURE COMPLEX TRANSACTIONS

Publications (1)

Publication Number Publication Date
WO2009001394A1 true WO2009001394A1 (en) 2008-12-31

Family

ID=39926892

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2008/000425 WO2009001394A1 (en) 2007-06-26 2008-06-24 Contact less smart card with facial recognition

Country Status (2)

Country Link
EP (1) EP2162866A1 (en)
WO (1) WO2009001394A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ITRM20100267A1 (en) * 2010-05-21 2011-11-22 Vittoria Carnevale METHODS OF USE OF BAGS FOR EXPENDITURE OF THE REUSABLE TYPE WITH DIGITAL IDENTIFICATION.
US9251330B2 (en) 2014-04-09 2016-02-02 International Business Machines Corporation Secure management of a smart card
WO2016053605A1 (en) * 2014-10-02 2016-04-07 Mastercard International Incorporated Credit card with built-in sensor for fraud detection
WO2017048148A1 (en) * 2015-09-17 2017-03-23 Siemens Aktiengesellschaft Monitoring a flow of objects by a sim card detector
US10504126B2 (en) 2009-01-21 2019-12-10 Truaxis, Llc System and method of obtaining merchant sales information for marketing or sales teams
CN110633765A (en) * 2019-04-04 2019-12-31 石秋华 Self-adaptive big data processing platform
US10594870B2 (en) 2009-01-21 2020-03-17 Truaxis, Llc System and method for matching a savings opportunity using census data
US10878816B2 (en) 2017-10-04 2020-12-29 The Toronto-Dominion Bank Persona-based conversational interface personalization using social network preferences
US10943605B2 (en) 2017-10-04 2021-03-09 The Toronto-Dominion Bank Conversational interface determining lexical personality score for response generation with synonym replacement
US11062312B2 (en) 2017-07-14 2021-07-13 The Toronto-Dominion Bank Smart chip card with fraud alert and biometric reset

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1229496A2 (en) * 2001-02-02 2002-08-07 Matsushita Electric Industrial Co., Ltd. Information terminal apparatus and authenticating system
US20060016875A1 (en) * 2004-07-01 2006-01-26 American Express Travel Related Services Company, Inc. Method for registering a biometric for use with a smartcard
US20060082439A1 (en) * 2003-09-05 2006-04-20 Bazakos Michael E Distributed stand-off ID verification compatible with multiple face recognition systems (FRS)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1229496A2 (en) * 2001-02-02 2002-08-07 Matsushita Electric Industrial Co., Ltd. Information terminal apparatus and authenticating system
US20060082439A1 (en) * 2003-09-05 2006-04-20 Bazakos Michael E Distributed stand-off ID verification compatible with multiple face recognition systems (FRS)
US20060016875A1 (en) * 2004-07-01 2006-01-26 American Express Travel Related Services Company, Inc. Method for registering a biometric for use with a smartcard

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10504126B2 (en) 2009-01-21 2019-12-10 Truaxis, Llc System and method of obtaining merchant sales information for marketing or sales teams
US10594870B2 (en) 2009-01-21 2020-03-17 Truaxis, Llc System and method for matching a savings opportunity using census data
WO2011145054A1 (en) * 2010-05-21 2011-11-24 Vittoria Carnevale Methods for using a shopping bag of reusable type with identification of digital type
ITRM20100267A1 (en) * 2010-05-21 2011-11-22 Vittoria Carnevale METHODS OF USE OF BAGS FOR EXPENDITURE OF THE REUSABLE TYPE WITH DIGITAL IDENTIFICATION.
US9251330B2 (en) 2014-04-09 2016-02-02 International Business Machines Corporation Secure management of a smart card
US9516021B2 (en) 2014-04-09 2016-12-06 International Business Machines Corporation Secure management of a smart card
WO2016053605A1 (en) * 2014-10-02 2016-04-07 Mastercard International Incorporated Credit card with built-in sensor for fraud detection
WO2017048148A1 (en) * 2015-09-17 2017-03-23 Siemens Aktiengesellschaft Monitoring a flow of objects by a sim card detector
US11062312B2 (en) 2017-07-14 2021-07-13 The Toronto-Dominion Bank Smart chip card with fraud alert and biometric reset
US11157908B2 (en) 2017-07-14 2021-10-26 The Toronto-Dominion Bank Smart chip card with fraud alert and biometric reset
US10878816B2 (en) 2017-10-04 2020-12-29 The Toronto-Dominion Bank Persona-based conversational interface personalization using social network preferences
US10943605B2 (en) 2017-10-04 2021-03-09 The Toronto-Dominion Bank Conversational interface determining lexical personality score for response generation with synonym replacement
CN110633765A (en) * 2019-04-04 2019-12-31 石秋华 Self-adaptive big data processing platform

Also Published As

Publication number Publication date
EP2162866A1 (en) 2010-03-17

Similar Documents

Publication Publication Date Title
WO2009001394A1 (en) Contact less smart card with facial recognition
CA2529176C (en) Method and system for creating and operating biometrically enabled multi-purpose credential management devices
US8103881B2 (en) System, method and apparatus for electronic ticketing
CN104487987B (en) For preventing the system and method for fraud
CN102792323B (en) Follow the tracks of the system of container and logistics using bio-identification card and CSD
US20050001712A1 (en) RF ID tag
JP4225501B2 (en) Portable personal authentication device and electronic system to which access is permitted by the device
WO2018234221A1 (en) Incremental enrolment algorithm
US20070295807A1 (en) Biometric and geographic location system and method of use
JP2001092786A (en) Portable personal identification device and electronic system to which access is permitted by the same device
WO2011146492A2 (en) Dual transponder radio frequency identification
US20080172733A1 (en) Identification and verification method and system for use in a secure workstation
US20110145147A1 (en) System and method for authorizing transactions
US8620039B2 (en) Card device security using biometrics
WO2013001133A1 (en) Bank-card fraud detection and prevention for bank automats
Ali et al. Authenticated Access Control for Vehicle Ignition System by Driver’s License and Fingerprint Technology
AU2015268601B2 (en) Method for operating an ID-based access control system
JP2003050960A (en) Security system for electronic money
US20210192658A1 (en) In-vehicle biometric collection and verification
AU2004250655B2 (en) Method and system for creating and operating biometrically enabled multi-purpose credential management devices
US20220391876A1 (en) Payment system and apparatus
EP2228763A1 (en) Approval and payment system for accessing to mobility services
SE528125C2 (en) Procedure and apparatus for verification of payment of fee

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08790014

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008790014

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE