WO2011019996A1 - An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability - Google Patents
An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability Download PDFInfo
- Publication number
- WO2011019996A1 WO2011019996A1 PCT/US2010/045443 US2010045443W WO2011019996A1 WO 2011019996 A1 WO2011019996 A1 WO 2011019996A1 US 2010045443 W US2010045443 W US 2010045443W WO 2011019996 A1 WO2011019996 A1 WO 2011019996A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- disposed
- transfer medium
- data transfer
- secure
- data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Definitions
- This invention relates generally to devices and methods for identification, verification and authentication of individuals and/or documents, and more particularly to a device possessing a secure multifunctional authentication service integrated with data storage capability, wherein the device is disposed to comprise a multifunctional intelligent peripheral or accessory device, which, upon implementation into a system, is disposed to control a set of transactions that the system is designated to perform by the device, in conjunction with a data transfer medium which is under the control of the device.
- NCIC 2000 National Crime Information Center 2000.
- This review was used as the framework for building the NCIC 2000 program.
- a significant part of that review addressed the need for law enforcement patrol officers to have the ability to transmit and receive fingerprint and photo information.
- the review recommended, "The FBI undertake to capture, store, and transmit fingerprint images in a digital form, either binary or in gray scale of the two thumb impressions of a subject in the wanted or missing person file.” It was further recommended, "The FBI conduct a study to determine the most cost effective transmission system for photograph, fingerprints, text, and other FBI services that would satisfy user requirements for rapid response using the NCIC 2000 system.
- a mobile/wireless fingerprint capability has been for real-time positive identification purposes by law enforcement personnel performing 1:N searches to determine the identity of a suspect and link that identity to other already determined suspect information.
- Changes in world events have brought about an increased need to verify the identity of individuals and link these individuals to documents that establish their identity. In these circumstances a 1:1 comparison to verify the claimed identity is sufficient.
- the need to verify identity may vary from security to fraud prevention to border control.
- Civil applications such as public aid, customs, immigration, passport, and healthcare ID verification as well as commercial enterprises (banks and credit cards) are areas wherein mobile/wireless fingerprinting may be applied.
- EU European Union
- the EU shall also enable the use of e-visa and e-passport and e-id entry and exit for non-EU nationals. These stations will be manned; however the personnel will require special equipment to process these transactions. At fixed locations like airports, standard computing technology with biometric and secure credential reading accessories will suffice, however at land border crossings and seaports, a handheld configuration will be required. Thus, the scenarios wherein border guards need to check people on trains, buses or vessels need to be addressed.
- LAPD Los Angeles Police Department
- PDA Personal Digital Assistant
- LAPD uses the Cogent "BlueCheck” device, which is an accessory to a Smartphone or PDA. Its function is limited to capturing fingerprints and the Smartphone or PDA only forwards the information to a central Automated Fingerprint Identification System (“AFIS"). Therefore, with increased focus on Border Control and the use of secure electronic credentials, there is a need for these mobile handheld devices to incorporate more than just biometric identification.
- AFIS Automated Fingerprint Identification System
- the instant invention provides for an intelligent peripheral device possessing a secure multifunctional authentication service integrated with data storage capability, wherein the device is disposed to comprise a multifunctional intelligent peripheral or accessory device, which, upon implementation into a system, is disposed to control a set of transactions that the system is designated to perform by the device, in conjunction with a data transfer medium which is under the control of the device.
- the instant invention provides for a device for the authentication and verification of individuals and/or documents through a secure multifunctional authentication service with data storage capability, wherein the device is disposed to be in data communication with a plurality of remote databases through a data transfer medium.
- the data transfer medium may be defined as a medium for the transfer of a plurality of information from the device to the remote databases.
- the device includes a secure information exchange device to allow for the secure pairing and operation between the device and the data transfer medium, wherein the secure information exchange device (“SIED”) enables the creation of a trusted and encrypted environment between the device and the data transfer medium, preferably for the identification, verification and authentication of individuals and/or documents.
- SIED secure information exchange device
- the instant invention provides the requirements of both a 1:N and 1:1 biometric application, in combination with the need to conduct searches using demographic data and validate an individual's identity through a plurality of stored biometric information in the electronic credential using the newly established Extended Access Control (“EAC") protocols.
- EAC Extended Access Control
- the instant application possesses the ability to perform a plurality of biometric functions, depending on a particular situation and/or the requirements of an operator of the instant invention, wherein the functions, include but are not limited to the following:
- a special credential authentication function allows the operator of the instant invention to obtain information as to the authenticity of the secure credential of a subject in question; these credentials include, but are not limited to:
- An operator of the instant invention may select any combination of or all of these functions to meet their needs.
- the device is configurable to accommodate any combination of the main functions along with their sub-functions.
- the instant invention is disposed to allow for the storage of a plurality of databases including, but not limited to a watch list, fingerprint and/or Denied Persons List (“DPL”) or other type of subset database.
- DPL Denied Persons List
- This embodiment allows for the operator of the instant invention to identify subjects, preferably in situations where communications may be limited including, but not limited to, remote areas or buildings wherein communication signals are not reliable. Furthermore, this embodiment may be utilized in a scenario wherein a specific set of individuals are being searched against, as opposed to single entity.
- the solution provides for the means to update the plurality of databases stored on the device by the operator via the data transfer medium. Furthermore, each device is disposed to be uniquely identifiable in order that it may be discerned the identity of the device that accesses the database information. Moreover, the database (s) are encrypted when stored on the device and the device is disposed to delete any database information, should the device encounter tampering and/or use with without proper authorization.
- Demographic Search Only Demographic data is captured via a machine readable zone (“MRZ”) reader on the device if an Optical Character Recognition (“OCR”) is available; via a Radio Frequency Identification (“RFID”) reader of the device if a contactless chip is available; or the data may be manually entered by an operator of the instant invention through a keyboard 29 located on the device 12; and,
- MMRZ machine readable zone
- OCR Optical Character Recognition
- RFID Radio Frequency Identification
- the 1:N FP solution allows an operator of the system to capture fingerprints of unknown subjects in the field. Once a fingerprint is captured, the instant invention is disposed to transmit the fingerprint to a central AFIS site for searching. Following transmission, a hit/no hit response is returned to the device; if available, a photo of the subject may also be returned.
- the Central Database Search allows operators of the instant invention to obtain demographic data from the subject in the field (which may be obtained by visual inspection of an individual's credentials or by reading the credentials via either the OCR, or RFID chip, located within the device) .
- the operator is able to perform a plurality of searches by using this function, including but not limited to:
- a 1:N FP search is done to determine whether or not an individual requiring identification is in a database.
- the 1:N search may be with the National or State (US) AFIS, or it may also be submitted to an EU central AFIS like BIS, Interpol or Eurodac or in the US to the FBI.
- the operator of the system should have the ability to selectively conduct search (s) from the AFIS databases they are authorized to access; they should also be able to select the order in which the AFIS databases are searched against.
- This search can be conducted in one or several different databases, depending on what the operator initiates and the type of information available from the individual in question. Some examples of this type of search include but are not limited to:
- the operator will have the ability to selectively conduct search (s) from the databases they are authorized to access; they should also be able to select the order in which the databases as searched against. 3.
- a Demographic and FP Search This search may combine the functions of the two previous functions. The operator will be able to select which type of search is done first. Verification and/or Authentication (1:1 Local and Document Authentication)
- This solution allows for the confirmation of an individual's identity preferably through a biometric verification and/or credential authentication.
- This embodiment requires the use of a smart card/e-passport or other machine readable imbedded biometric solution.
- the operator should be able to verify the identity of the subject with the offered credential, and also verify the authenticity of the credential.
- the operator responsible for performing the task would be able to acquire a reference fingerprint from the credential of the subject along with any other appropriate identification and/or photo image information.
- the device would also be able to capture a fingerprint from the subject for the purpose of comparing the two images.
- the newly captured search print image is processed in the device, and the fingerprint minutia is disposed to be extracted and compared against the reference fingerprint. If the two prints are a match, the person's identity has been verified.
- the device will be capable of obtaining updates either via a data transfer medium.
- the device itself is uniquely identifiable so that it can be known exactly which device obtains which version of database information.
- the databases are encrypted when stored on the device and cannot be accessed without proper authorization.
- This embodiment addresses a solution for a situation when the operator is verifying a new Schengen Visa or other government/agency issued credential, however the biometric data is not stored in the credential itself, but rather in a central database.
- the operator preferably should be able to submit the individual's captured finger print to the central AFIS where it will be compared with the stored fingerprint that is associated with the Schengen Visa number, or other government/agency issued credential number.
- the operator should be able to run the following scenarios using this function, including but not limited to:
- the device includes a multifunctional authentication service and is disposed to be in data communication with a plurality of remote databases; furthermore a secure information exchange device located within the device itself provides for the secure pairing and operation of the device and a data transfer medium to allow for the transfer of a subject's information to a plurality of databases in order that the detailed description thereof that follows may be better understood, and in order that the present contribution to the art may be better appreciated.
- a secure information exchange device located within the device itself provides for the secure pairing and operation of the device and a data transfer medium to allow for the transfer of a subject's information to a plurality of databases in order that the detailed description thereof that follows may be better understood, and in order that the present contribution to the art may be better appreciated.
- FIG. 1 is a block diagram illustrating a device for the authentication and verification of individuals and documents, wherein the device possesses a secure multifunctional authentication service and is in data communication with a plurality of remote databases.
- FIG. 2 is a block diagram illustrating both the objects which form the infrastructure of the instant invention, and the objects utilized for identification and verification during use of the instant invention.
- FIG. 3 is a flow diagram illustrating one embodiment of the operation of the instant invention by an operator and operation of the instant invention by a device manager.
- FIGS. 4A and 4B are a pair of flow diagrams illustrating device management of the instant invention.
- FIG. 5A is a flow diagram illustrating a method for device pairing of the instant invention, preferably between a device and a data transfer medium.
- FIGS. 5B through 5H display flow diagrams illustrating the various steps in the device pairing process between the device and a data transfer medium.
- FIG. 6 is a flow diagram illustrating a method for configuration management of the instant invention.
- FIG. 7 is a flow diagram illustrating synchronization of the instant invention.
- FIG. 8A is a flow diagram illustrating field operations by an operator of the instant invention during an identification query.
- FIG. 8B is a flow diagram illustrating field operations by an operator of the instant invention during a verification query.
- FIG. 8C is a flow diagram illustrating field operations by an operator of the instant invention during a reconnect between devices.
- FIG. 9 is a flow diagram illustrating database management of the instant invention.
- FIG. 1OA is a flow diagram illustrating one embodiment of an operator of the instant invention performing an identification query search.
- FIG. 1OB is a flow diagram illustrating one embodiment of an operator of the instant invention performing a verification query search.
- FIG. 1OC is a flow diagram illustrating one embodiment of the process for capture of a user credential and processing through a local and remote database by the device.
- FIG. 11 is a block diagram illustrating a variety of interfaces between the device, a data transfer medium and a plurality of user interfaces to allow an operator to communicate with each layer of the instant invention.
- the instant invention discloses an intelligent peripheral device possessing a secure multifunctional authentication service integrated with data storage capability, wherein the device is disposed to comprise a multifunctional intelligent peripheral or accessory device, which, upon implementation into a system, is disposed to control a set of transactions that the system is designated to perform by the device, in conjunction with a data transfer medium which is under the control of the device.
- the instant invention is disposed to perform the authentication and verification of individuals and/or documents, wherein the device includes a plurality of data storage capability, and is disposed to be in data communication with a plurality of remote databases through a data transfer medium. Furthermore, each accessory device is disposed to possess a secure multifunctional authentication service.
- the instant invention is disposed to function as a device to enable the authentication of both a subject and their associated issued credentials, as well as a validation that the individual presenting the issued credentials is the actual holder.
- the device is disposed to enable this operation to occur using any data transfer medium to allow for communication with a plurality of remote databases.
- the authentication of a subject may occur through the use of a biometric data search and a demographic data search and match capability, either alone or in combination.
- the instant invention is further disposed to enable an encrypted wireless connection between the device and any data transfer medium, for the secure transfer of information from the device to and from a plurality of remote databases.
- This function may be accomplished through hardware and software embedded with the device, in combination with a data transfer medium.
- the communication may be of any protocol and technology.
- the encryption protection may be provided as an autonomous layer to the actual communications protocol or technology utilized with the instant invention.
- an operator is provided with the ability to manage the pairing of a device and a data transfer medium, in combination with the issuance of these paired sets to the operator.
- the operator is provided with the ability to manage and control any data that is downloaded to the device from a central or remote database.
- FIG. 1 illustrates a block diagram of the instant invention 10, wherein a device 12 is disposed to be in data communication with a data transfer medium 14.
- the data transfer medium 14 may be a mobile device, a portable communications device, a computing platform device or a Bluetooth® connection.
- the device 12 comprises a biometric authentication module 16, wherein the authentication module is disposed to preferably capture a subject's fingerprint for the purposes of either identification or verification.
- the device 12 includes a Machine Readable Zone (“MRZ”) Reader 18A and an Optical Character Recognition (“OCR”) reader 18B, along with and a Radio Freguency Identification (“RFID”) reader 20 disposed to capture and process various documents m possession of a subject preferably for an authentication query.
- MMRZ Machine Readable Zone
- OCR Optical Character Recognition
- RFID Radio Freguency Identification
- an optical document scanner 22 is provided for analysis of documents for authentication.
- the device 12 further includes a secure access module 24, wherein the secure access module is disposed to interface with the data transfer medium 14 for the secure transfer of information between the device and a plurality of remote databases.
- the device 12 is disposed to possess a plurality of data storage 26 preferably in the form of either a local fingerprint database or a denied person's watch list for example.
- the device 12 is disposed to possess a camera 27 to allow an operator of the device to secure a visual identification of a subject, a magnetic strip reader 31 and a contact card reader 33.
- the device 12 is in data communication with a device management system 28, through the data transfer medium 14, wherein the form of data communication is preferably a wireless communication. Additionally, the device 12 is disposed to be in data communication with a plurality of databases 30 preferably for remote identification and verification of an individual and/or documents.
- the instant invention is disposed to allow for a plurality of biometric and non-biometric search and match functions to be combined in any way an operator reguires thru the specialized configuration capability of the software and accessory device hardware.
- the four primary biometric functions are the following:
- non-biomet ⁇ c functions are the following (it is important to note that for each function the application enables the interface protocols to be customized to their respective requirements for each country) :
- a special credential authentication function allows the operator to obtain information as to the authenticity of the secure credential they are in possession of, including but not limited to:
- This embodiment allows for a watch list fingerprint and DPL or other type of subset databases resident on the device itself. This would allow the operator to identify a subject where communications may be limited such as remote areas or in building where communication signals are not reliable. Also it is used when specific set of subjects are being searched against.
- the device provides for the means to update these local databases by the operator over a data transfer medium, including but not to limited to a proficient network, office WiFi, USB connection with an office PC, or through an office LAN connection.
- each device is disposed to be uniquely identifiable so that it can be known exactly which device obtains which database information.
- the database (s) resident on the device 12 are disposed to be encrypted when stored on the device, and to be automatically deleted if tampered with by an operator without proper authorization.
- This embodiment provides the capability to perform searches against designated segments of databases using records transmitted preferably via wireless technology from the device to plurality of remote databases.
- the 1:N FP function allows operators of the instant invention to capture fingerprints of unknown subjects m the field. Once the fingerprint is captured, it is transmitted to the central AFIS site for searching. A hit/no hit response is returned to the device, and if available, a photo of the individual may also be returned.
- a remote database search allows an operator to obtain demographic data of subjects in the field. This search can be conducted in one or several different databases; depending on what the operator initiates and the type of information available from the subject. The operator can selectively conduct search (s) from the databases they are authorized to access and they can select the order in which the databases are searched against .
- This embodiment is disposed to confirm the identity of an individual through biometric verification and document authentication. This requires the use of a smart card/e- passport or other machine-readable imbedded biometric solution. When a subject possesses this form of identification, the operator may verify the identity of the subject with the offered document, and have the option to also verify the authenticity of the document.
- this database is disposed to reside on the device in a secure format.
- the device is uniquely identifiable so that it can be known exactly which device obtains which version of database information.
- the database is encrypted when stored on the device and be automatically deleted if tampered with without proper authorization.
- the embodiment is disposed to allow for the verification of a new Schengen Visa or other government/agency issued credential when the biometric data is not stored in the credential itself, but rather stored in a remote database.
- the operator may submit a subject's captured fingerprint and transmit it to the central AFIS where it will be compared with the stored fingerprint that is associated with the Schengen Visa number or other government/agency issued credential number.
- the instant invention will also authenticate the Visa or credential using the device and the authentication application.
- FIG. 2 illustrates a block diagram of both the objects which form the infrastructure of the instant invention, and the objects utilized for identification and verification during use of the instant invention. The objects are separated into two groups; at the top of the diagram the infrastructure objects shown, and objects at the bottom of the diagram are used by identification and verification.
- the instant invention includes the device 12 for the authentication and verification of individuals and/or documents, wherein the device 12 is in data communication with a plurality of remote databases 30 through the data transfer medium 14.
- a Border Control Mobile Application (“BCMA") 32 may be installed on the device 12, wherein the BCMA 32 allows for the control of the identification and verification processes.
- the BMCA 32 is in data communication with the device 12 preferably via Bluetooth®, and a plurality of National State Host Machines preferably via a cell phone network.
- the BCMA 32 and the device 12 comprise a device object after a pairing process (described in a later section) .
- a plurality of communication certificates 34A and configuration data 34B are uploaded to the respective devices; in one embodiment the communication certificates 34A are in an X.509 format.
- a plurality of local databases 36 is disposed to be stored on the device 12, wherein this database 36 may include a plurality of database subsets 38A, including but not limited to "HOtIiStS", and a plurality of log data 38B, including but not limited to an operator's action log and an event log.
- a card verifiable (“CV") certificate 40 may be optionally stored on the device 12 and is disposed to be used when reading the RFID chip.
- a query object 42 is disposed to conduct a plurality of searches against the local 36 and remote databases 30.
- the query object 42 collects all of the necessary data in the identification/verification processes; the amount and type of data to be collected depends on the process.
- a credential 44 is disposed to store a plurality of demographic data 46A and a credential number 46B. Furthermore, the credential 44 possesses a plurality of authentication information 46C, including but not limited to watermarks and other verifiable properties, along with a plurality of biometric data 46D and a reference fingerprint of the operator 46E.
- the BCMA 32 is disposed to use a format description which describes the authentication information that can be found on a credential 44, along with a way for how the information may be read.
- FIG. 3 illustrates one embodiment of the operation of the instant invention by an operator and operation of the instant invention by a device manager.
- the workflow has two parallel braches (1) device management; and (2) field operations, which will be described in more detail in the below sections.
- FIG. 4A and 4B illustrate a flow diagram for operation of the device management system 28 of the instant invention, wherein the management system 28 of the device 12 is disposed to receive the device 12, the data transfer medium 14 along with the plurality of database subsets 26. Furthermore, the device management system 28 is responsible for the storage of applications, database subsets and device information into its own database.
- the device management system 28 is disposed to create a plurality of database profiles (hotlists) , configuration data, and subsequently update applications and database profiles on the device 12.
- the device management system 28 is disposed to pair the device with an available data transfer medium 14 and hand the device to the operator, and subsequently remove the pairing of devices, and download a filed operation log from the devices.
- FIG. 5A illustrates a method for device pairing of the instant invention, preferably between the device 12 and a data transfer medium 14 to allow for the secure transfer of information between the device 12 and a plurality of remote databases 30.
- the pairing and removing may be performed by a device manager.
- the device 12 includes a secure information exchange device ("SIED") 48, wherein the SIED 48 is disposed to authenticate the device 12 and is in data communication with the data transfer medium 14.
- SIED 48 is disposed to read and/or analyze a plurality of authentication data, including but not limited to the identification information and certificates of the device 12 and the data transfer medium 14.
- the SIED 48 compares the digital certificate of the device 12 and the data transfer medium 14 against an external certificate authority ("CA") root certificate.
- CA external certificate authority
- the device 12, and the data transfer medium 14, in combination with the SIED 48 all possess digital certificates issued by the same CA, and therefore are all on the same certification chain. Therefore, when the verification of the digital certificates is successful, the SIED 48 performs a search in a device database 50, and when the device 12 and the data transfer medium 14 are enrolled in the device database 50 the authentication of each is approved. Alternatively, if they are not present in the database 50, the SIED 48 warns the device manager. Therefore, upon authentication, the SIED 48 pairs the device 12 with the data transfer medium 14 to allow the device 12 to transmit and receive a plurality of information from the remote databases 30.
- CA external certificate authority
- a reguest for pairing is transmitted to the device 12 and the data transfer meidum 14.
- the SIED 48 is disposed to capture a fingerprint of an operator of the device 12 for an authentication query, and to authenticate the operator when there is a reconnect of the device 12 with the data transfer medium 14.
- the SIED 48 transmits its own digital certificate to both the device 12 and the data transfer medium 14.
- the device 12 and the data transfer medium may authenticate the SIED certificate against the root certificate of the external CA.
- the device 12 generates a key pair and at step 108, the device 12 transmits a public key to the SIED 48.
- the public key is utilized during the communication between the device 12 and the data transfer medium 14, wherein the device 12 will authenticate itself with the data transfer medium 14.
- the device 12 will transmit a Bluetooth® address to the SIED 48.
- the data transfer medium 14 is disposed to generate its own key pair, and at step 114 transmits the public key to the SIED 48. Again, as described above, this key will be used during the communication between the device 14 and the data transfer medium 14, wherein the data transfer medium 14 will authenticate itself.
- the data transfer medium 14 transmits the Bluetooth® address of the data transfer medium 14 to the SIED 48.
- the SIED 48 transmits the public keys of the device 12 and the data transfer medium 14 to the external CA to signature.
- the SIED 48 receives the signed certificates from the external CA, and at step 122 the SIED 48 signs each certificate with the private key of the SIED 48.
- the SIED 48 is disposed to preferably generate a sixteen character long random string to be utilized as a Bluetooth® password by the device 12 and the data transfer medium 14.
- the SIED 48 uploads the pairing information for each the device 12 and the data transfer medium 14, wherein the pairing information, includes but is not limited to each certificate, each Bluetooth® address and password and the captured fingerprint of the operator.
- FIGS. 5B through 5H display flow diagrams illustrating the various steps in the device pairing process shown in FIG. 5A with alternate embodiments between the device 12 and the data transfer medium 14 through the SIED 48 located in the device 12.
- the operator prior the commencement of a field operation by an operator 52 of the system, the operator will pair the device 12 to a data transfer medium 14.
- the process of pairing prior to use is necessary to ensure a certified link between the device 12, and its operator 52, and the data transfer medium 14.
- the pairing process provides essential information to the device 12 and the data transfer medium 14 in order to be able to build up a secure Bluetooth® communication, along with providing for a secure authentication and authorization.
- the confidentiality of the local database which is stored on the secure access module on the device 12 also incorporates the above process.
- the pairing and removing of pairing is performed by a device manager.
- the device manager is disposed to manage the device pairing by preferably registering the device 12, the data transfer medium 14, the local database 26 and the Operator 52 together.
- FIG. 5B illustrates the overall pairing process, wherein FIGS. 5C through 5H illustrate in more detail the individual steps which comprise the overall process.
- FIG. 5C-5H illustrates one embodiment of the process to perform the following operations:
- the pairing process commences with the discovery of each the device 12 and the data transfer medium 14 that will form a pair.
- the device 12 and the corresponding data transfer medium 14 are in data communication with the SIED 48.
- the SIED 48 acts as a trusted host, wherein each element of the operation (device 12 and the data transfer medium 14) trust on the SIED' s 48 genuineness.
- the SIED 48 is disposed to execute a software application which is provided together with the device 12.
- the SIED 48 authenticates the device 12 and the data transfer medium 14 respectively.
- the SIED 48 is disposed to read a plurality of authentication data (including Device IDs, certificates) from the device 12 and the data transfer medium 14.
- the SIED 48 checks each of the digital certificates against the external CA' s root certificate. If the verification of the digital certificates is successful, then the SIED 48 searches the device IDs in the device database 50. If the device 12 and the data transfer medium 14 are enrolled in the device database 50, then the authentication is successful. In any other case, the SIED 48 will alert the device; in this embodiment, registration of the device 12 and the data transfer medium 14 will occur prior to the commencement of the pairing process.
- the SIED 48 is disposed to perform the pairing by first capturing a fingerprint of the operator 52; preferably the fingerprint will be utilized to authenticate the operator when there is a connect-reconnect of the device 12 and the data transfer medium 14.
- the SIED 48 sends its own digital certificate to both the device 12 and to the data transfer medium 14; the device 12 and the data transfer medium 14 are disposed to authenticate the SIED certificate against the root certificate of the external CA.
- the device database 50 is not a part of device 12 itself, rather it is preferred that the operator 52 or device manage possesses an inventory database. Interfacing of the device database is a part of the device 12 integration. The enrolment of the devices shall be made by the end user, by using the registration software of their inventory database.
- the device If the SIED digital certificate is successfully verified by the device 12, the device generates a key pair (i.e. public and private) and forwards the public key to the SIED 48. This public key will be utilized during the communication between the device 12 and the data transfer medium 14, wherein the device 12 will authenticate itself to the data transfer medium 32. Finally, the device 12 will transmit the Bluetooth® address of the device 12 to the SIED 48.
- a key pair i.e. public and private
- the data transfer medium 14 Similar to the verification of the device 12, if the SIED digital certificate is successfully verified by the data transfer medium 14, the data transfer medium 14 generates a key pair and transmits the public key to the SIED 48. This key will be utilized during the communication between the device 12 and the data transfer medium 14, wherein the data transfer medium 14 will authenticate itself to the device 12. Finally, the data transfer medium 14 will transmit its Bluetooth® address to the SIED 48.
- the SIED 48 sends the public keys to the external CA for signature. Then the SIED 48 generates a sixteen character long ID which will be used as a Bluetooth password by the device 12 and the data transfer medium 14. The SIED 48 will then upload the device 12 certificate, the data transfer medium 14 certificate, the data transfer medium 14 Bluetooth® address, and the Bluetooth® password to the device 12. Once a successful pairing occurs, the pairing will be stored a database of the SIED 48. Following the pairing of the devices, a synchronization agent will update the hotlists and software application if necessary.
- FIG. 6 illustrates a flow diagram for configuration management of the overall system, wherein a configuration manager is responsible for the process to create a plurality of configuration data, and to define which application upgrades reguire installation on the device 12 at the synchronization process (see Fig. 7).
- the configuration data may be uploaded during the pairing process.
- the configuration manager performs a query to determine if new configuration data is available.
- the configuration data is updated, and at step 206, the configuration data is subsequently uploaded.
- the new configuration data is stored in the log data on the local database of the device 12.
- FIG. 7 illustrates a flow diagram for synchronization of the instant invention, wherein at step 210, either device 12 or the data transfer medium 14 is disposed to be in connection with the SIED 48.
- the configuration manager authenticates the attached device as previously described in FIG 5A.
- the application version of the device 12 is checked to determine whether an upgrade is available; at step 214B, the application version of the data transfer medium 14 is checked to determine whether an update is available.
- the application data is logged.
- the SIED 48 is disposed to check the database profile, and if the profile has changed, the SIED 48 will update the database at step 220.
- FIGS. 8A through 8C illustrate a variety of field operation processes that may be performed by an operator, wherein the process include, but are not limited to: Identification; Verification; and Reconnect of devices.
- the identification and the verification processes may include either a local or remote database search depending on a particular situation and need of an operator.
- a remote search is performed on a remote database, wherein the device 12 is disposed to transmit a search guery to a National State Host Machine ("NSHM”) preferably via a cell phone network; the data communication between the NSHM and the device 12 is preferably secured by using a Transport Layer Security (“TLS”) encryption.
- NSS Transport Layer Security
- Fig. 8A illustrates one embodiment of the identification query and/or search process, wherein one of the objects of the process is to determine whether a subject of a query/search is on a hotlist, DPL or other similar database subset.
- an operator captures a plurality of demographic and/or biometric data from a subject under investigation or query.
- a plurality of remote databases are searched against the captured data. If a remote search is not available due to the location of an operator as previously described, then at step 226, a local search is performed against the plurality of databases stored within the device 12.
- a query result is obtained and provided to the operator regarding the identification of the subject.
- FIG. 8B illustrates one embodiment of the verification query and/or authentication process, wherein one of the objects of the process is to authenticate a plurality of credentials in the possession of a subject, and to determine if the credentials belong to the subject.
- an operator capture's a plurality of biometric and authentication information from a subject, including but not limited to the subject's fingerprint, credential number (i.e. passport etc.) and other authentication information.
- the subject's information is authenticated use a plurality of local databases stored on the accessory device 12.
- the biometric data is stored on the credential
- the subject's credentials are verified using a locate search/database query. If the reference fingerprint is stored on the credential, the device 12 compares the reference print to the captured fingerprint.
- the subject's credentials are verified using a remote search/database query.
- the device 12 transmits the captured fingerprint and credential information to the remote database via a data transfer medium 14.
- the query result is generated in regards to the authenticity of the subject's credentials. Therefore, if the authentication fails, then the operator will be warned, however after a successful authentication, the process may continue.
- FIG. 8C illustrates a flow diagram of one embodiment of the process for a reconnection between the device 12, and a data transfer medium 14, if the connection is lost.
- the connection between the device 12 and the data transfer medium 14 may be lost.
- a re-connection shall be made by the operator.
- the operator must submit a fingerprint, and wherein at step 242 the operator is authenticated as described earlier, primarily through the operator's fingerprint.
- the accessory device 12 and the data transfer medium 14 are reconnected for usage.
- FIG. 9 illustrates a flow diagram for one embodiment of database management for the plurality of local databases stored within the device 12.
- the plurality of local databases housed within the device 12 provide an operator with the ability to perform searches, coupled with the ability to utilize this feature in case of a remote connection problem or when a fast response for an identification/verification request is required.
- the local database is preferably a part of a larger central database 246, wherein the central database may contain blacklisted/wanted persons, a biometric database with fingerprint data, or a database that contains blacklisted passports, ID cards.
- the plurality of databases located on the device 12 database is a limited size database, wherein a plurality of basic information shall to be provided by the operator. As such, an operator may transform the local database of the device 12 into a format which will be used during field operations for the operator.
- a plurality of data is downloaded after a data download request is transmitted to the central database 246.
- a plurality of local databases are created based on the data downloaded.
- the database is then encrypted with a password which is generated by the database manager.
- the database management component sends the encrypted database files and the related password together to a synchronization agent.
- the databases are stored by SQL CE on the device 12.
- the database files are encrypted with an AES128 method that is provided by the database engine.
- the device 12 encrypts the database passwords and stores them on the built-in SAM module. In a situation where the device 12 detects that a Bluetooth® connection may be possibly compromised (the connection interrupted, or decoupling), the device 12, deletes the passwords from the RAM of the device 12.
- FIG. 1OA through 1OC illustrate various embodiments for the capture of a subject's credentials and/or biometric data through an identification/verification query for a plurality of either local or remote databases.
- FIGS. 1OA and 1OB build upon and display the process previously described in FIGS. 8A and 8B.
- FIG. 1OC illustrates a flow diagram displaying the overall process from the viewpoint of the device 12, preferably for the capture of biometric and demographic data from a subject, and subsequently performing a variety of search queries for identification and/or verification purposes .
- the operator of the device 12 scans the MRZ of a subject's credential (in this embodiment a credential includes but is not limited to identification or a passport) . Following scanning of the MRZ of a subject's credential, the device 12 is disposed to decode the MRZ and include this content in the subject's file. Subsequently, at step 258 the operator determines if there is a chip on the subject's credential to be read, and includes this content in the subject's file. At step 260, the operator determines if it is necessary to capture a fingerprint of the subject, and if so, a plurality of fingers are disposed to be scanned, and then added to the subject's file.
- a credential includes but is not limited to identification or a passport
- the subject's file is closed, packed and transmitted over to the data transfer medium 14.
- the data transfer medium 14 receives the subjects file from the device 12 and unpacks the file.
- a workflow selection list may be displayed on the device 12, wherein the operator possesses the ability to determine the search query to be performed. In one embodiment, at step 266, the operator may select one of the following searches to be performed:
- the device 12 transmits a search object.
- a response to the local database search is by the accessory device 12 for review by the operator.
- the subject's file is packed and transmitted to a National State Host, a Central Data Base and/or an AFIS.
- a response to the remote database search is transmitted to the device 12 and stored in the subject's file.
- FIG. 11 illustrates a flow diagram of a variety of interfaces between the device 12, a data transfer medium 14 and a plurality of user interfaces to allow an operator to communicate with each layer of the instant invention.
- the device 12 is disposed to possess a system of configurable software 278, wherein the software and the various functions associated with the software, are utilized to support the device 12 when in use by an operator.
- the configurable software is utilized by a variety of operators, including law enforcement agencies, preferably for providing information about an individual, a plurality of vehicles and/or property.
- the configurable software 278 is disposed to provide an interface to the device 12, preferably in order to capture a plurality of data from identification documents, or a plurality of biometric data, including a subject's fingerprints.
- the information obtained from a subject by an operator may be processed by the configurable software 278, thereby enabling the operator to conduct either a local or remote search related to the subject.
- the searches can be performed in a centralized database, or locally by using the local databases of the device 12.
- the communication channel between the configurable software 278 and the device 12 is a TCP/IP (UDP optionally) , wherein the bandwidth may be as low as 19.2 kbps.
- TCP/IP UDP optionally
- the configurable software is disposed to be in data communication with the device 12 via a Bluetooth® connection.
- the application preferably is designed to be easy to use, and not require a significant amount of training for use by an operator.
- the device 12 should be paired with a data transfer medium 14 to allow for communication with a plurality of remote databases 30; in one embodiment, the device 12 may be paired with including but not limited to a laptop 276 and the data transfer medium 14 simultaneously. In this embodiment, a data connection with the laptop 276 should take preference over the data transfer medium 14.
- the device 12 possesses a plurality of functions and search queries including, but not limited to the following: Authentication
- a biometric based operator authentication shall be performed on each logon, by capturing the fingerprint of the operator with the device 12 and performing a match against the fingerprint internally stored on the device 12. Query local or state databases
- the configurable software 278 shall provide a user interface for querying both a local or remote (federal or state) database.
- the main queries include, but are not limited to:
- - Person requesting a plurality of information about a person by using his/her identification document, geographical data, or biometric identifiers
- Vehicle requesting a plurality of information about a vehicle by using vehicle identifiers (license plate,
- - Property requesting a plurality of information about a property by using its serial number and type.
- the SIED 48 located on the device 12 is disposed to provide an email messaging feature for a plurality of operators, wherein the configurable software 278 may provide a user interface for the messaging, in which an operator may send email messages to a plurality of other operators. The sender may see whether the recipient or recipients are logged in to the system, and when the recipient or some of the recipients are not logged in, they will receive the message the next time they logon.
- the messages are stored on the SIED 48 and are deleted only by an operator request.
- the SIED 48 is configured to dispatch asynchronous messages between the operators of the devices 12, and wherein the messaging service is preferably a closed system, where operators can send and receive messages only in the boundaries of the system.
- the AFIS based query is a fingerprint search, wherein preferably the two index fingers are captured by the device 12.
- the configurable software 278 is disposed to implement a graphical user interface 280 (GUI) on the device 12 for the fingerprint capture process, indicating the shape of a human hand.
- GUI graphical user interface 280
- the captured prints shall be sent to the appropriate service of the SIED 48 as an email attachment, wherein the subject of the email should be the human readable identifier. Name Search
- a query may be made with a plurality of demographic information about an individual, wherein the configurable software 278 shall implement a GUI for the Name Search process.
- a plurality of fields may be provided, including but not limited to:
- Last name Last name, first name (mandatory fields) .
- - Sex should be selectable from a list. (Female, Male, Unknown) - Race: may be selectable from a list, including but not limited to: American Indian, Asian, Black, unknown, White, and/or Hispanic.
- DoB Date of birth
- the identity of a person may be checked by validating his/her identification document. Furthermore queries may also be performed by using the information captured from an identification document.
- the configurable software 278 may implement a GUI for capturing information from an identification document, presenting the captured data to the operator, validating and indicating the result of the machine readable data to the operator. At least the following identification document processing may be supported:
- Biometric passports or e-passports combine paper and electronic data storage that contain demographic and biographic data of the holder.
- the device 12 is disposed to be able to collect this information from the passport itself.
- the process for information collection may include the following steps:
- the accessory device After selecting a passport option, the accessory device first scans the Machine Readable Zone (MRZ) of the passport. This may be accomplished by sliding the correct page (which contains the
- the next step is the scan of a contactless chip which may be accomplished by holding the e-Passport to the area that contains the RFID antenna in the device 12.
- a live fingerprint or fingerprints may be captured. If the passport chip contains fingerprint data this enables the device 12 to perform a 1:1 fingerprint matching query. Additionally, the captured (live or read from the chip) fingerprints may be utilized during an AFIS search.
- a passport verification success means that the subject is the entity described by the scanned passport, and the passport is valid. Further searches may be performed with the data collected about the person. These searches include but are not limited to: name search, and fingerprint search.
- a query may be started by scanning an MRZ on Personal Identification (Personal ID) Card of the person.
- Data stored in the MRZ (name, date of birth, etc.) of the ID card can be used to perform searches against the state database .
- Filling out the fields for a name search may be done automatically, if the operator can capture the barcode which is located on most United States Driver's Licenses. This function should perform the same query that name search does, only speeding up the data capturing process.
- Searching may be performed against the state database with by license plate information.
- a plurality of fields may be required, including but not limited to:
- - Plate number the number printed on the license plate.
- - State the state that issued the license plate. The state / abbreviation of the state must be selectable from a drop-down list.
- GUI 280 In order to refine the search the following optional fields may be present in the GUI 280:
- Style the style of the vehicle should be selectable from a list. Available styles are: partitioned, commercial, motorcycle, passenger (should be selected as default), reciprocity, trailer, truck.
- the license plate search yields results found on the specified vehicle. If a license plate search yields results, searches for the owner's records should be easily performed.
- Searches may be performed to find data records about vehicles that do not have license plates or have false license plates.
- a plurality of data fields should be present, including but not limited to:
- VIN Vehicle Identification Number
- the operator can perform a search for records stored on boats.
- the following information is required to perform the transaction:
- a search performed with information on a boat yields records the agencies has about the specified boat.
- Searches may be performed to find records on various stolen objects.
- Data fields that must be filled in are:
- Serial number serial number provided by the manufacturer.
- Type the type of the searched object, which should be selectable from a list.
- Searches may be performed to find data on registered guns.
- the search will yield records on the specified gun.
- the following data fields must be entered to successfully perform the search:
- Serial number the serial number embedded in the gun itself.
- caliber information can be filled in.
- the data must be provided in a format the state specifies.
- the query run with the data of a gun results in records found on the specified weapon.
- responses When a response arrives for a query, the operator should receive a visible or an audible notification. Responses are grouped by search transaction, wherein the responses are preferably deleted manually, but when the operator logs off all the data should be purged from the devices. Furthermore, in one embodiment, responses may be textual data, and should be parsed to find key words to highlight them.
- the configurable software 278 and the device 12 work in conjunction with a plurality of sensitive data; therefore a plurality of security features should be implemented in order to prevent the disclosure of this information. These responses must be safely deleted when the operator performs a logout operation.
- the operator should prevent unauthorized use of the device 12, but in case of theft the device 12 is disposed to perform a re- authentication of the operator preferably after five minutes of inactivity.
- transmissions between the accessory device 12 and the SIED 48 may be vulnerable to attacks such as eavesdropping or falsifying, therefore the communication should be encrypted; the encryption should achieve security of 256 bit AES by the FIPS 140-2 standard.
- the device 12 enables government agency officers to capture data from the documents of the subjects, or capture live fingerprints in the field. These data then can be processed to enable the officer to conduct searches related to the subject.
- the hardware required to perform data capture are integrated to the device 12, as previously described include: fingerprint reader, OCR reader, barcode reader, contactless chip reader and contact chip reader. To be able to use the sensor hardware, low level controlling software components must be present in the device 12.
- - Document reader component software parts are needed to perform capturing and processing the data embedded in various documents or the fingerprint capturing process. This component contains all the necessary knowledge to process a specific document.
- - Transaction control to perform searches or verifications of the collected data (either read from a document or acquired through user input) a transaction controller component is needed. This software part coordinates the execution of the queries either locally or remotely and processing the results of these transactions.
- the user interface components provide the means by which the operator can interact with the system.
- the system can communicate with the user through these user interfaces:
- the transaction control component resides in the data transfer medium 14 and the document reader component is located on the accessory device 12.
- the device 12 preferably is disposed to present a list of documents the device may read, and allows the operator to select one.
- the device 12 then executes the necessary steps to read all data from the document by operating the various sensor devices.
- the processed data captured by the device 12 is utilized to populate the data fields for the actual search.
- the operator may only access the features of the device 12 if a data connection is established between the accessory device 12 and the data transfer medium 14. Once a data connection is established, the device 12 may send a plurality of requests to a plurality of remote databases for the identification or verification of an individual and/or documents. The requests and the responses qenerated by the device 12 may be encoded in individual messaqes, and therein the device 12 is disposed to transmit a response message for most of the requests, but some requests do not generate a response, or may generate multiple response messages . Layers
- a communication channel between the accessory device 12 and the data transfer medium 14 is divided into separate layers. These layers include but are not limited to:
- Bluetooth® communication all the communication is transmitted through a Bluetooth® connection.
- TLS the communication channel is protected by TLS version 1.2.
- - Messaging layer this layer performs the necessary serialization/deserialization of the messages.
- the messages are ASN.1 DER encoded.
- Application layer messages are processed in this layer; this layer contains all the application and business logic.
- the device 12 is disposed to await a plurality of incoming connection requests, and then communicate using the following protocol phases, including, but not limited to:
- a TLS handshake operation is performed to establish secure communication through the open Bluetooth channel.
- the device 12 and the data transfer medium 14 should utilize the communication certificates distributed in the pairing process.
- the data transfer medium 14 may access the features provided by the device 12. This may be performed by exchanging messages through the secure channel. For most requests the device 12 generates a single response, but for some requests it may generate more or even zero response.
- the instant invention discloses a variety of unique solutions for the secure pairing and operation of between a device and a data transfer medium through a secure information exchange device located on the device, which is disposed to function as a trusted element that the device and the data transfer medium utilize to establish and to operate in a secure encrypted method.
Abstract
Description
Claims
Priority Applications (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/390,113 US9183364B2 (en) | 2009-08-13 | 2010-08-13 | Intelligent peripheral device and system for the authentication and verification of individuals and/or documents through a secure multifunctional authentication service with data storage capability |
IN2027DEN2012 IN2012DN02027A (en) | 2009-08-13 | 2010-08-13 | |
MX2012001768A MX338335B (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability. |
AU2010282394A AU2010282394B2 (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability |
EP10808809.7A EP2465075A4 (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability |
BR112012003212A BR112012003212A8 (en) | 2009-08-13 | 2010-08-13 | intelligent peripheral device and system for authenticating and verifying individuals and / or documents through a secure multifunctional authentication service with data storage capability. |
RU2012108483/08A RU2012108483A (en) | 2009-08-13 | 2010-08-13 | INTELLIGENT PERIPHERAL DEVICE AND SYSTEM FOR AUTHENTICATION AND VERIFICATION OF PERSONALITY AND / OR DOCUMENT BY THE PROTECTED SERVICE OF MULTIFUNCTIONAL AUTHENTICATION WITH THE POSSIBILITY OF SAVING DATA |
CN2010800463249A CN102713927A (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability |
CA2770406A CA2770406C (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability |
ZA2012/01728A ZA201201728B (en) | 2009-08-13 | 2012-03-09 | An intelligent peripheral device and system for the authentication and verification of individuals and/or documents through a secure multifunctional authentication services with data storage capability |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US27413909P | 2009-08-13 | 2009-08-13 | |
US61/274,139 | 2009-08-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011019996A1 true WO2011019996A1 (en) | 2011-02-17 |
Family
ID=43586516
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2010/045443 WO2011019996A1 (en) | 2009-08-13 | 2010-08-13 | An intelligent peripheral device and system for the authentication and verification of individuals and/ or documents through a secure multifunctional authentication service with data storage capability |
Country Status (13)
Country | Link |
---|---|
US (1) | US9183364B2 (en) |
EP (1) | EP2465075A4 (en) |
CN (1) | CN102713927A (en) |
AR (1) | AR078235A1 (en) |
AU (1) | AU2010282394B2 (en) |
BR (1) | BR112012003212A8 (en) |
CA (1) | CA2770406C (en) |
CO (1) | CO6511235A2 (en) |
IN (1) | IN2012DN02027A (en) |
MX (1) | MX338335B (en) |
RU (1) | RU2012108483A (en) |
WO (1) | WO2011019996A1 (en) |
ZA (1) | ZA201201728B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8447273B1 (en) | 2012-01-09 | 2013-05-21 | International Business Machines Corporation | Hand-held user-aware security device |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0117418D0 (en) * | 2001-07-17 | 2001-09-12 | Storm Mason R | Litecam |
US9984157B2 (en) | 2010-12-01 | 2018-05-29 | Aware Inc. | Relationship detection within biometric match results candidates |
US8763914B2 (en) * | 2012-01-17 | 2014-07-01 | On Track Innovations Ltd. | Decoupled contactless bi-directional systems and methods |
US9722811B2 (en) | 2012-09-10 | 2017-08-01 | Samsung Electronics Co., Ltd. | System and method of controlling external apparatus connected with device |
KR102177830B1 (en) | 2012-09-10 | 2020-11-11 | 삼성전자주식회사 | System and method for controlling external apparatus connenced whth device |
US9906535B2 (en) | 2013-09-10 | 2018-02-27 | Arthur P. GOLDBERG | Methods for rapid enrollment of users of a secure, shared computer system via social networking among people on a selective list |
US20150235046A1 (en) * | 2014-02-14 | 2015-08-20 | Canon Kabushiki Kaisha | Operation terminal apparatus for manufacturing apparatus, and manufacturing system including the same |
CN103984606B (en) * | 2014-05-27 | 2017-11-14 | 深圳大成创安达电子科技发展有限公司 | A kind of ID search systems and method for exploring special electronic chip |
US11461567B2 (en) * | 2014-05-28 | 2022-10-04 | Mitek Systems, Inc. | Systems and methods of identification verification using hybrid near-field communication and optical authentication |
US9665754B2 (en) | 2014-05-28 | 2017-05-30 | IDChecker, Inc. | Identification verification using a device with embedded radio-frequency identification functionality |
US11640582B2 (en) | 2014-05-28 | 2023-05-02 | Mitek Systems, Inc. | Alignment of antennas on near field communication devices for communication |
GB201608859D0 (en) * | 2016-03-08 | 2016-07-06 | Continental Automotive Systems | Secure smartphone based access and start authorization system for vehicles |
US11036969B1 (en) * | 2017-02-08 | 2021-06-15 | Robert Kocher | Group identification device |
US11516673B2 (en) * | 2017-05-22 | 2022-11-29 | Becton, Dickinson And Company | Systems, apparatuses and methods for secure wireless pairing between two devices using embedded out-of-band (OOB) key generation |
US11354762B2 (en) | 2017-12-01 | 2022-06-07 | Mastercard International Incorporated | Digital passport systems and methods |
US10742417B2 (en) * | 2018-10-22 | 2020-08-11 | King Abdulaziz University | Secured biometric systems and methods |
US10523671B1 (en) | 2019-04-03 | 2019-12-31 | Alclear, Llc | Mobile enrollment using a known biometric |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030215114A1 (en) * | 2002-05-15 | 2003-11-20 | Biocom, Llc | Identity verification system |
US20040139329A1 (en) * | 2002-08-06 | 2004-07-15 | Abdallah David S. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US20040233040A1 (en) * | 2002-11-23 | 2004-11-25 | Kathleen Lane | Secure personal RFID documents and method of use |
US20060157559A1 (en) * | 2004-07-07 | 2006-07-20 | Levy Kenneth L | Systems and methods for document verification |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7716098B2 (en) * | 1997-07-15 | 2010-05-11 | Silverbrook Research Pty Ltd. | Method and apparatus for reducing optical emissions in an integrated circuit |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US6996720B1 (en) * | 1999-12-17 | 2006-02-07 | Microsoft Corporation | System and method for accessing protected content in a rights-management architecture |
US7003669B2 (en) * | 2001-12-17 | 2006-02-21 | Monk Bruce C | Document and bearer verification system |
EP1473899A1 (en) * | 2003-04-28 | 2004-11-03 | Telefonaktiebolaget LM Ericsson (publ) | Security in a communications network |
CN1809849A (en) * | 2003-06-17 | 2006-07-26 | 联合安全应用Id有限公司 | Electronic security system for monitoring and recording activity and data relating to cargo |
DE112005001597T5 (en) * | 2004-07-06 | 2007-05-24 | Viisage Technology, Inc., Billerica | Document classification and authentication |
US9137012B2 (en) * | 2006-02-03 | 2015-09-15 | Emc Corporation | Wireless authentication methods and apparatus |
US8615663B2 (en) * | 2006-04-17 | 2013-12-24 | Broadcom Corporation | System and method for secure remote biometric authentication |
US20070260886A1 (en) * | 2006-05-02 | 2007-11-08 | Labcal Technologies Inc. | Biometric authentication device having machine-readable-zone (MRZ) reading functionality and method for implementing same |
US7860268B2 (en) * | 2006-12-13 | 2010-12-28 | Graphic Security Systems Corporation | Object authentication using encoded images digitally stored on the object |
US7797309B2 (en) * | 2007-06-07 | 2010-09-14 | Datamaxx Applied Technologies, Inc. | System and method for search parameter data entry and result access in a law enforcement multiple domain security environment |
-
2010
- 2010-08-13 CN CN2010800463249A patent/CN102713927A/en active Pending
- 2010-08-13 MX MX2012001768A patent/MX338335B/en active IP Right Grant
- 2010-08-13 AU AU2010282394A patent/AU2010282394B2/en not_active Ceased
- 2010-08-13 BR BR112012003212A patent/BR112012003212A8/en not_active Application Discontinuation
- 2010-08-13 CA CA2770406A patent/CA2770406C/en active Active
- 2010-08-13 RU RU2012108483/08A patent/RU2012108483A/en not_active Application Discontinuation
- 2010-08-13 EP EP10808809.7A patent/EP2465075A4/en not_active Withdrawn
- 2010-08-13 AR ARP100102998A patent/AR078235A1/en not_active Application Discontinuation
- 2010-08-13 WO PCT/US2010/045443 patent/WO2011019996A1/en active Application Filing
- 2010-08-13 US US13/390,113 patent/US9183364B2/en active Active
- 2010-08-13 IN IN2027DEN2012 patent/IN2012DN02027A/en unknown
-
2012
- 2012-03-09 ZA ZA2012/01728A patent/ZA201201728B/en unknown
- 2012-03-13 CO CO12043697A patent/CO6511235A2/en not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030215114A1 (en) * | 2002-05-15 | 2003-11-20 | Biocom, Llc | Identity verification system |
US20040139329A1 (en) * | 2002-08-06 | 2004-07-15 | Abdallah David S. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US20040233040A1 (en) * | 2002-11-23 | 2004-11-25 | Kathleen Lane | Secure personal RFID documents and method of use |
US20060157559A1 (en) * | 2004-07-07 | 2006-07-20 | Levy Kenneth L | Systems and methods for document verification |
Non-Patent Citations (1)
Title |
---|
See also references of EP2465075A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8447273B1 (en) | 2012-01-09 | 2013-05-21 | International Business Machines Corporation | Hand-held user-aware security device |
Also Published As
Publication number | Publication date |
---|---|
MX2012001768A (en) | 2012-05-08 |
ZA201201728B (en) | 2012-11-28 |
US9183364B2 (en) | 2015-11-10 |
IN2012DN02027A (en) | 2015-07-31 |
EP2465075A4 (en) | 2014-01-08 |
CA2770406C (en) | 2018-10-02 |
BR112012003212A2 (en) | 2016-03-01 |
CA2770406A1 (en) | 2011-02-17 |
CN102713927A (en) | 2012-10-03 |
AU2010282394A1 (en) | 2012-03-29 |
AR078235A1 (en) | 2011-10-26 |
EP2465075A1 (en) | 2012-06-20 |
AU2010282394B2 (en) | 2014-11-20 |
US20120139703A1 (en) | 2012-06-07 |
RU2012108483A (en) | 2013-09-20 |
BR112012003212A8 (en) | 2016-05-17 |
CO6511235A2 (en) | 2012-08-31 |
MX338335B (en) | 2016-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9183364B2 (en) | Intelligent peripheral device and system for the authentication and verification of individuals and/or documents through a secure multifunctional authentication service with data storage capability | |
CN1972186B (en) | A mobile identity authentication system and its authentication method | |
US10810816B1 (en) | Information-based, biometric, asynchronous access control system | |
JP2022512123A (en) | Identity authentication method, device and server | |
US6850147B2 (en) | Personal biometric key | |
US7454624B2 (en) | Match template protection within biometric security systems | |
US20030156740A1 (en) | Personal identification device using bi-directional authorization for access control | |
EP4007968A1 (en) | Systems and methods of identification verification using hybrid near-field communication and optical authentication | |
US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
US20080120698A1 (en) | Systems and methods for authenticating a device | |
US20060170530A1 (en) | Fingerprint-based authentication using radio frequency identification | |
US20170180361A1 (en) | Mobile device-based authentication with enhanced security measures providing feedback on a real time basis | |
US10440014B1 (en) | Portable secure access module | |
CN104756135A (en) | System and method for biometric authentication in connection with camera equipped devices | |
EP2965250A1 (en) | Instant mobile device based data capture and credentials issuance system | |
CA3014738A1 (en) | Method, system, device and software programme product for the remote authorization of a user of digital services | |
US20160196509A1 (en) | Ticket authorisation | |
US20230308881A1 (en) | System and method for encounter identity verification | |
US20200295948A1 (en) | System for generation and verification of identity and a method thereof | |
US20200334431A1 (en) | Systems and methods of identification verification using hybrid near-field communication and optical authentication | |
WO2005054977A2 (en) | A method and system to electronically identify and verify an individual presenting himself for such identification and verification | |
Orandi | Mobile ID Device Best Practice Recommendation, Version 1. 0 | |
KR100455311B1 (en) | The detection method of a counterfeited identification card | |
JP6690686B2 (en) | Account opening system, account opening method, and program | |
US20230155836A1 (en) | Secure serverless multi-factor authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080046324.9 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10808809 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2770406 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2012/001768 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13390113 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010282394 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2027/DELNP/2012 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010808809 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012108483 Country of ref document: RU Ref document number: 12043697 Country of ref document: CO |
|
ENP | Entry into the national phase |
Ref document number: 2010282394 Country of ref document: AU Date of ref document: 20100813 Kind code of ref document: A |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112012003212 Country of ref document: BR |