WO2017163227A1 - User authentication using biometric information - Google Patents

User authentication using biometric information Download PDF

Info

Publication number
WO2017163227A1
WO2017163227A1 PCT/IB2017/051745 IB2017051745W WO2017163227A1 WO 2017163227 A1 WO2017163227 A1 WO 2017163227A1 IB 2017051745 W IB2017051745 W IB 2017051745W WO 2017163227 A1 WO2017163227 A1 WO 2017163227A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
biometric information
authentication
profile
identity document
Prior art date
Application number
PCT/IB2017/051745
Other languages
French (fr)
Inventor
Andrae RANDOLPH
Original Assignee
Randolph Andrae
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Randolph Andrae filed Critical Randolph Andrae
Publication of WO2017163227A1 publication Critical patent/WO2017163227A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification

Definitions

  • PCT Patent Cooperation Treaty
  • the present disclosure generally relates to user authentication. More specifically, the present disclosure relates to authentication using biometric information.
  • User authentication is a process in which the credentials provided by a user are compared to those on file in a record of authorized users.
  • Traditional methods of user identification rely on physical documentation. However, users often misplace physical documents. Further, the physical documents get damaged over time, and they can be forged as well. Accordingly, some authentication methods include the use of smart cards and keys, such as personal identification numbers (PIN's) or passwords. Again, it is easy to misplace the smart cards. Further, it is a hassle for users as they need to carry multiple smart cards along with them.
  • PIN's personal identification numbers
  • biometric authentication is sometimes used to authenticate users.
  • Biometric authentication is a process that relies on the unique biological characteristics of an individual to verify that she is who she says she is. Biometric authentication systems compare a biometric data capture to stored, confirmed authentic data in a database. If both samples of the biometric data match, authentication is confirmed. The biometric authentication lessens the threat of identity fraud. Additionally, biometric information cannot be lost or damaged over time. Some examples of biometric authentication technologies include voice prints, fingerprints and retina scans (iris recognition).
  • voice prints may not work in areas where there is a lot of noise.
  • the noise may make it difficult to obtain a good sample of user's voice.
  • fingerprint authentication often users are required to touch some devices using their fingers.
  • iris recognition suffers from the problem of live-tissue verification. Reliability of retinal scan depends on ensuring that the image acquired has actually been obtained from an alive person to be identified and is not a replica. For example, some iris-recognition systems can be easily fooled by presenting a high-quality photograph of a face instead of a real face, which makes such devices unsuitable for unsupervised applications, such as door access-control systems. Further, many biometric authentication systems just authenticate the user. They do not provide additional information about the user, such as age of the user.
  • the system includes a biometric scanner configured to capture a biometric information of the user. Further, the system includes a communication engine, which is configured to transmit the biometric information to a remote database comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a
  • the system includes a processor configured to authenticate the user based on the authentication result.
  • a method of facilitating authentication of users based on biometric information includes receiving, using a
  • the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. Yet further, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Moreover, the method includes storing, using the processor, the one or more profiles in a database.
  • a method of facilitating authentication of users based on biometric information includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. In addition, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Also, the method includes storing, using the processor, the one or more profiles in a database. Further, the method includes receiving, using the
  • the method includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Moreover, the method includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
  • a user authentication method correlates a digital representation of a user's unique facial structure to an identification card issued by a third party.
  • the disclosed method enables the user to access services and environments which require some form of identity verification. Further, the disclosed method may supplement traditional identification methods, such that a user's face is the only form of identification required.
  • the system may be configured to run on various devices such as smartphones, point of sales systems, ATMs, security gates, and the like. The disclosed method will enable disparate devices to remotely access the authentication information stored in the database.
  • a system for authenticating a user makes use of biometric facial images for user authentication.
  • biometric facial images By associating facial scans with government issued identification, the system creates a platform that can be integrated into various third party systems.
  • This platform includes a database that is used to authenticate users in many possible situations. For example, the age of a user can be verified by simply scanning the user's face. Additionally, access to a secured
  • the system integrates into third party systems to track user behavior and loyalty. Therefore, a user of the system will be able to forego the use of traditional identification methods by relying on biometric facial scans.
  • the system provides increased security as it is difficult to create an exact replica of a human face. Further, the system may employ one or more biometric technologies (such as retina scanning), in addition to the facial photos to make the system more secure.
  • biometric technologies such as retina scanning
  • FIG. 1 shows a block diagram of a system for authenticating a user, in accordance with various embodiments disclosed herein.
  • FIG. 2 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some embodiments.
  • FIG. 3 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some embodiments.
  • FIG. 4 is a block diagram of a system for authenticating a user, in accordance with some exemplary embodiments.
  • FIG. 5 illustrates a flowchart of a method of creating profiles of users, in accordance with some exemplary embodiments.
  • FIG. 6 illustrates a flowchart of a method of providing photos of users, in accordance with some exemplary embodiments.
  • FIG. 7 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some exemplary embodiments.
  • FIG. 8 illustrates a block diagram of a system for facilitating authentication of users based on biometric information, in accordance with some embodiment.
  • the present disclosure relates to a system for authenticating a user.
  • the system may be one or more of a smartphone, a Point Of Sale (POS) terminal, a self-service kiosk [e.g. an automated teller machine (ATM)] and a security gate.
  • the system includes a biometric scanner configured to capture a biometric information of the user.
  • the biometric scanner may include a facial scanner configured to capture a virtual representation of the user's face.
  • the system includes a communication engine, which is configured to transmit the biometric information to a remote database comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a corresponding user and one or more identity documents associated with the at least one biometric information and receive an authentication result from the remote database.
  • the one or more identity documents may be issued by a third party, such as a governmental organization. Further, the one or more identity documents may include a scan of a physical identification card. The one or more identity documents may be received from one or more users, wherein the one or more identity documents may be verified based on a communication with the third party.
  • the system includes a processor configured to authenticate the user based on the authentication result.
  • the authentication result may include an indication of a match between the biometric information captured from the user and the at last one biometric information comprised in a profile of the user.
  • the authentication result may include at least a portion of an identity document comprised in the profile of the user.
  • the portion of the identity document may include an age of the user.
  • a method of facilitating authentication of users based on biometric information includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the
  • the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Moreover, the method includes storing, using the processor, the one or more profiles in a database.
  • the method may further include receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information.
  • the at least one biometric information comprises one or more virtual representations of one or more faces of the one or more users. Further, the at least one biometric information may include multiple virtual representations of a face of a user, the method further comprising amalgamating, using the processor, the multiple virtual representations to generate a single virtual representation of the user' s face.
  • the method may include comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Yet further, the method may further include transmitting, using the
  • the communication engine an authentication result to the authentication device based on a result of the comparing.
  • the authentication result may further include at least a portion of an identity document.
  • the method may include tracking, using the processor, behaviour of a user based on the authentication request and a profile associated with the user.
  • the method may include transmitting, using the communication engine, a verification request to a third party for verifying validity of the one or more identity documents. Yet further, the method may include receiving, using the communication engine, a verification response from the third party, wherein the generating of the one or more profiles is based on the verification response from the third party.
  • the third party may be a governmental organization.
  • a method of facilitating authentication of users based on biometric information includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. In addition, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Also, the method includes storing, using the processor, the one or more profiles in a database. Further, the method includes receiving, using the
  • the method includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Moreover, the method includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
  • FIG. 1 is a block diagram of a system 100 for authenticating a user, in accordance with various embodiments disclosed herein.
  • the system 100 may be one or more of a smartphone, a Point Of Sale (POS) terminal, a self- service kiosk (e.g. an ATM) and a security gate.
  • the system 100 may include a biometric scanner 102 configured to capture a biometric information of the user.
  • the biometric scanner 102 may include a facial scanner configured to capture a virtual representation of the user's face.
  • the system 100 may include a communication engine 104, which may be configured to transmit the biometric information to a remote database 106 comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a corresponding user and one or more identity documents associated with the at least one biometric information.
  • the one or more identity documents may be issued by a third party, such as a governmental organization. Further, the one or more identity documents may include a scan of a physical identification card.
  • the one or more identity documents may be received from one or more users, wherein the one or more identity documents may be verified based on a communication with the third party. This is explained in further detail in conjunction with FIG. 4 below.
  • the term engine is used herein to refer to collections of programs which are grouped based upon function.
  • a remote authentication server (not shown) may include the database 106.
  • the communication engine 104 may be configured to receive an authentication result from the remote database 106.
  • the authentication result may include an indication of a match between the biometric information captured from the user and the at last one biometric information comprised in a profile of the user.
  • the authentication result may further include at least a portion of an identity document comprised in the profile of the user.
  • the portion of the identity document may include an age of the user.
  • system 100 may include a processor 108 configured to authenticate the user based on the authentication result.
  • FIG. 2 illustrates a flowchart of a method 200 of facilitating authentication of users based on biometric information, in accordance with some embodiments.
  • the method 200 may be performed on the authentication server comprising the database 106.
  • the authentication server may include a communication engine and a processor.
  • the method 200 includes receiving, using the communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners.
  • the communication engine may receive at least one biometric information associated with the one or more users from one or more user devices including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices.
  • the at least one biometric information may include one or more virtual representations of the face(s) of the one or more users.
  • the at least one biometric information may include multiple virtual representations of a face of a user.
  • the method 200 may further include amalgamating, using the processor, the multiple virtual representations to generate a single virtual representation of the user's face.
  • the single virtual representation of the user's face may be a 3D model of the user's face.
  • the method 200 includes receiving, using the communication engine, one or more identity documents associated with the one or more users from the one or more user devices.
  • the one or more identity documents may include a scan of a physical identification card, such as a driving license, a passport, an academic certificate, a library card, a birth certificate, social security cards, credit card and a bank card.
  • the method 200 includes generating, using the processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user.
  • the method 200 includes storing, using the processor, the one or more profiles in the database 106.
  • the method 200 may further include receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request includes a biometric information.
  • the authentication device may be any device that has been verified and allowed to access the one or more profiles stored in the database 106.
  • the method 200 may include comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles stored in the database 106.
  • the method 200 may include transmitting, using the communication engine 104, an authentication result to the authentication device based on a result of the comparing.
  • the authentication result may further include at least a portion of an identity document.
  • the method 200 may further include tracking, using the processor 108, behaviour of a user based on the authentication request and a profile associated with the user.
  • the method 200 may further include transmitting, using the communication engine, a verification request to a third party for verifying validity of the one or more identity documents.
  • the third party may be a governmental organization.
  • the method 200 may include receiving, using the communication engine, a verification response from the third party, wherein the generating of the one or more profiles (at 206 above) may be based on the verification response from the third party.
  • FIG. 3 illustrates a flowchart of a method 300 of facilitating authentication of users based on biometric information, in accordance with some embodiments.
  • the method 300 may be performed on the authentication server comprising the database 106.
  • the authentication server may include a communication engine and a processor.
  • the method 300 includes receiving, using the communication engine, at least one biometric information associated with the one or more users from at least one biometric scanners, such as the biometric scanner 102.
  • the communication engine may receive at least one biometric information associated with the one or more users from one or more user devices including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices.
  • the method 300 includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices.
  • the method 300 includes generating, using the processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user.
  • the method 300 includes storing, using the processor, the one or more profiles in the database 106.
  • the method 300 includes receiving, using the communication engine, an authentication request from an authentication device, such as the system 100. Further, the authentication request comprises a biometric information, which may be generated by the biometric scanner 102.
  • the method 300 includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles stored in the database 106.
  • the method 300 includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing. The authentication result may be transmitted to the communication engine 104.
  • FIG. 4 is a block diagram of a system 400 for authenticating a user, in accordance with some exemplary embodiments.
  • the system 400 may include a communications engine 402, an authentication engine 404, a database 406 and an application program interface (API) engine 408.
  • the database 406 may include multiple profiles of users.
  • One or more authorized third party devices 410 may access the system 400 via the API engine 408.
  • the API engine 408 works in concert with the communications engine 402 to access the information stored in the database 406.
  • the one or more authorized third party devices 410 may initiate authentication process by scanning one or more of a user's face or the user's identity document (herein referred to as, scanned information).
  • the scanned information may be collected by an image processing engine and transferred to the authentication engine 404 via the communications engine 402.
  • the authentication engine 404 may then cross-reference the scanned information with the profile records in the database 406. This cross-referencing operation may be then used to determine if there are any verified profiles that match the supplied scanned information. Once the correct profile is found, the authentication engine 404 may generate a positive match message which is transferred to the third party device, in the one or more authorized third party devices 410, which generated the authentication request.
  • the users are required to create a unique profile in the system 400.
  • the users may use one or user devices 412 to create a unique profile in the system 400.
  • the one or more user devices 412 including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices
  • the system 400 may include a user interface (UI) engine and a profile engine (not shown). Accordingly, a user may access the UI engine to create a profile in the system 400.
  • UI user interface
  • One or both of the UI engine and the image processing engine may be employed to scan a physical identity document of a user, via a user device in the one or more user devices 412. The scanned document may be sent to the communications engine 402, which may then contact the third party entity (such as a governmental institution) responsible for issuing the identification card to verify the validity of the identification card.
  • the profile engine may create a unique record of the individual user. The user may then take multiple photos of her face, using the user device in the one or more user devices 412.
  • These photos may be then amalgamated by the image processing engine and used to generate a virtual representation of the user's face.
  • This virtual representation may be appended to the user's profile.
  • the profile engine may pass this information to the communications engine 402, which may transmit the profile to the database 406 for storage.
  • system 400 allows external devices and applications to authenticate a user's identity within their proprietary ecosystem.
  • system 400 may track user activity. The user tracking enables authorized parties to generate reports about one or both of customer behavior and regional demographics.
  • FIG. 5 illustrates a flowchart of a method 500 of creating profiles of users, in accordance with some exemplary embodiments.
  • a user may initiate profile creation; for example, by using the UI engine and the profile engine in the system 400.
  • the user may scan an identity document; for example, by using one or both of the UI engine and the image processing engine.
  • the identification document may be verified with the issuing entity of the identity document. Then, at 508, it is determined if the identity document has been verified. If it is determined that the identity document has not been verified, then the method 500 goes to step 510, wherein a failure message is generated.
  • the method 500 goes to step 512, wherein the profile engine may populate a profile with the verified information.
  • the user may capture one or more photos of their face. This is explained in further detail in conjunction with FIG. 6 below. These photos may be then amalgamated by the image processing engine and used to generate a virtual representation of the user's face at 516.
  • the profile engine may pass this information to the database 406 for storage at 518.
  • FIG. 6 illustrates a flowchart of a method of providing photos of a user, in accordance with some exemplary embodiments.
  • the user may take a photo of the face at 602. Then at 604, it is determined if an appropriate number of facial photos have been acquired. If it is determined that an appropriate number of facial photos have not been acquired, then the method 600 goes to step 602. However, if it is determined that an appropriate number of facial photos have been acquired, then the method 600 goes to step 606.
  • the user may be required to slightly move their head along a direction before each subsequent photo is clicked. For example, an image of a head in a certain orientation may be shown to the user, such that user can place her head in the similar orientation before a photo is clicked. This will ensure that the user's head is photographed from all angles. Alternatively, a video may be recorded with the user moving her head along a direction.
  • a virtual representation of the user's face is generated based on the facial photos of the user.
  • a virtual representation of the user's face is generated based on the video of the user's head.
  • the facial photos and the virtual facial representation are included in the profile.
  • FIG. 7 illustrates a flowchart of a method 700 of facilitating authentication of users based on biometric information, in accordance with some exemplary embodiments.
  • it is determined if a user has an identity document.
  • the method 700 goes to step 704.
  • a failure message may be generated.
  • the identity document is scanned.
  • the profile database 406 is queried using the identity document.
  • a failure message is generated at 710.
  • the method 700 goes to step 712.
  • a facial scan of the user is obtained.
  • a failure message is generated at 710.
  • the method 700 goes to step 716.
  • a verification message is generated.
  • a system consistent with an embodiment of the disclosure may include a computing device, such as authentication system 800.
  • the authentication system 800 may include at least one biometric sensor 801, at least one processor 802 and a system memory 804.
  • the at least one biometric sensor 801 may be configured for sensing one or more biometric characteristics of a user, such as, but not limited to, facial scan, palm print, an iris pattern, a retinal pattern, a vascular pattern, a tongue print, a teeth print and an ear print. Accordingly, in some instances, the biometric sensor 801 may be an integrated biometric sensor configured for sending multiple biometric characteristics of the user.
  • system memory 804 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination.
  • System memory 804 may include operating system 805, one or more programming modules 806, and may include a program data 807. Operating system 805, for example, may be suitable for controlling authentication system 800' s operation.
  • programming modules 806 may include authentication module, key generation module, encryption module, decryption module and so on.
  • embodiments of the disclosure may be practiced in conjunction with a graphics library, other operating systems, or any other application program and are not limited to any particular application or system. This basic configuration is illustrated in FIG. 8 by those components within a dashed line 808.
  • Authentication system 800 may have additional features or functionality.
  • the authentication system 800 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape.
  • additional storage is illustrated in FIG. 8 by a removable storage 809 and a non-removable storage 810.
  • Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • System memory 804, removable storage 809, and non-removable storage 810 are all computer storage media examples (i.e., memory storage.)
  • Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store information and which can be accessed by authentication system 800. Any such computer storage media may be part of device 800.
  • Authentication system 800 may also have input device(s) 812 such as a keyboard, a mouse, a pen, a sound input device, a touch input device, etc.
  • Output device(s) 814 such as a display, speakers, a printer, etc. may also be included. The aforementioned devices are examples and others may be used.
  • Authentication system 800 may also contain a communication connection 816 that may allow device 800 to communicate with other computing devices 818, such as over a network in a distributed computing environment, for example, an intranet or the Internet.
  • Communication connection 816 is one example of communication media.
  • Communication media may typically be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media.
  • modulated data signal may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal.
  • communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
  • wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media.
  • RF radio frequency
  • computer readable media may include both storage media and communication media.
  • program modules and data files may be stored in system memory 804, including operating system 805.
  • programming modules 806 e.g., authentication system application 820
  • processes including, for example, one or more of methods 200 and 700A to 700C's stages as described above.
  • processor 802 may perform other processes.
  • Other programming modules that may be used in accordance with embodiments of the present disclosure may include electronic mail and contacts applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
  • program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types.
  • embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor- based or programmable consumer electronics, minicomputers, mainframe computers, and the like.
  • Embodiments of the disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote memory storage devices.
  • embodiments of the disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors.
  • Embodiments of the disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies.
  • embodiments of the disclosure may be practiced within a general purpose computer or in any other circuits or systems.
  • Embodiments of the disclosure may be implemented as a computer process (method), a computing system, or as an article of manufacture, such as a computer program product or computer readable media.
  • the computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process.
  • the computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process.
  • the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.).
  • embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system.
  • a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • the computer-usable or computer-readable medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM).
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • CD-ROM portable compact disc read-only memory
  • the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
  • Embodiments of the present disclosure are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure.
  • the functions/acts noted in the blocks may occur out of the order as shown in any flowchart.
  • two blocks shown in succession may, in fact, be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Disclosed is a system for authenticating a user. The system includes a biometric scanner configured to capture a biometric information of the user. Further, the system includes a communication engine, which is configured to transmit the biometric information to a remote database comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a corresponding user and one or more identity documents associated with the at least one biometric information and receive an authentication result from the remote database. Moreover, the system includes a processor configured to authenticate the user based on the authentication result.

Description

USER AUTHENTICATION USING BIOMETRIC INFORMATION
The current application is a Patent Cooperation Treaty (PCT) application and claims a priority to a U.S. provisional application serial number 62/313,609 filed on March 25, 2016.
FIELD OF THE INVENTION
The present disclosure generally relates to user authentication. More specifically, the present disclosure relates to authentication using biometric information.
BACKGROUND OF THE INVENTION
User authentication is a process in which the credentials provided by a user are compared to those on file in a record of authorized users. Traditional methods of user identification rely on physical documentation. However, users often misplace physical documents. Further, the physical documents get damaged over time, and they can be forged as well. Accordingly, some authentication methods include the use of smart cards and keys, such as personal identification numbers (PIN's) or passwords. Again, it is easy to misplace the smart cards. Further, it is a hassle for users as they need to carry multiple smart cards along with them.
Therefore, biometric authentication is sometimes used to authenticate users.
Biometric authentication is a process that relies on the unique biological characteristics of an individual to verify that she is who she says she is. Biometric authentication systems compare a biometric data capture to stored, confirmed authentic data in a database. If both samples of the biometric data match, authentication is confirmed. The biometric authentication lessens the threat of identity fraud. Additionally, biometric information cannot be lost or damaged over time. Some examples of biometric authentication technologies include voice prints, fingerprints and retina scans (iris recognition).
However, voice prints may not work in areas where there is a lot of noise. The noise may make it difficult to obtain a good sample of user's voice. For fingerprint authentication, often users are required to touch some devices using their fingers.
However, many users may not want to touch these devices because of hygiene issues. Further, iris recognition suffers from the problem of live-tissue verification. Reliability of retinal scan depends on ensuring that the image acquired has actually been obtained from an alive person to be identified and is not a replica. For example, some iris-recognition systems can be easily fooled by presenting a high-quality photograph of a face instead of a real face, which makes such devices unsuitable for unsupervised applications, such as door access-control systems. Further, many biometric authentication systems just authenticate the user. They do not provide additional information about the user, such as age of the user.
Accordingly, there is a need for improved user authentication systems and methods.
The foregoing objects and advantages of the invention are illustrative of those that can be achieved by the various exemplary embodiments and are not intended to be exhaustive or limiting of the possible advantages which can be realized. Thus, these and other objects and advantages of the various exemplary embodiments will be apparent from the description herein or can be learned from practicing the various exemplary embodiments, both as embodied herein or as modified in view of any variation which may be apparent to those skilled in the art. Accordingly, the present invention resides in the novel methods, arrangements, combinations, and improvements herein shown and described in various exemplary embodiments.
SUMMARY
Disclosed is a system for authenticating a user. The system includes a biometric scanner configured to capture a biometric information of the user. Further, the system includes a communication engine, which is configured to transmit the biometric information to a remote database comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a
corresponding user and one or more identity documents associated with the at least one biometric information and receive an authentication result from the remote database. Moreover, the system includes a processor configured to authenticate the user based on the authentication result. According to an aspect, a method of facilitating authentication of users based on biometric information is disclosed. The method includes receiving, using a
communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. Yet further, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Moreover, the method includes storing, using the processor, the one or more profiles in a database.
According to an aspect, a method of facilitating authentication of users based on biometric information. The method includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. In addition, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Also, the method includes storing, using the processor, the one or more profiles in a database. Further, the method includes receiving, using the
communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information. Yet further, the method includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Moreover, the method includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
According to some aspects, a user authentication method is disclosed. The user authentication method correlates a digital representation of a user's unique facial structure to an identification card issued by a third party. The disclosed method enables the user to access services and environments which require some form of identity verification. Further, the disclosed method may supplement traditional identification methods, such that a user's face is the only form of identification required. The system may be configured to run on various devices such as smartphones, point of sales systems, ATMs, security gates, and the like. The disclosed method will enable disparate devices to remotely access the authentication information stored in the database.
According to some aspects, a system for authenticating a user is disclosed. The system makes use of biometric facial images for user authentication. By associating facial scans with government issued identification, the system creates a platform that can be integrated into various third party systems. This platform includes a database that is used to authenticate users in many possible situations. For example, the age of a user can be verified by simply scanning the user's face. Additionally, access to a secured
environment can be granted to authorized individuals using the system. Further, the system integrates into third party systems to track user behavior and loyalty. Therefore, a user of the system will be able to forego the use of traditional identification methods by relying on biometric facial scans.
The system provides increased security as it is difficult to create an exact replica of a human face. Further, the system may employ one or more biometric technologies (such as retina scanning), in addition to the facial photos to make the system more secure. BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a block diagram of a system for authenticating a user, in accordance with various embodiments disclosed herein.
FIG. 2 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some embodiments.
FIG. 3 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some embodiments.
FIG. 4 is a block diagram of a system for authenticating a user, in accordance with some exemplary embodiments.
FIG. 5 illustrates a flowchart of a method of creating profiles of users, in accordance with some exemplary embodiments. FIG. 6 illustrates a flowchart of a method of providing photos of users, in accordance with some exemplary embodiments.
FIG. 7 illustrates a flowchart of a method of facilitating authentication of users based on biometric information, in accordance with some exemplary embodiments.
FIG. 8 illustrates a block diagram of a system for facilitating authentication of users based on biometric information, in accordance with some embodiment.
DETAILED DESCRIPTION OF THE INVENTION
All descriptions are for the purpose of showing selected versions of the present invention and are not intended to limit the scope of the present invention.
Non-limiting and non-exhaustive embodiments of the present invention are described with reference to the preceding figures, wherein like reference numerals refer to like parts throughout the various views unless otherwise precisely specified.
The present disclosure relates to a system for authenticating a user. They system may be one or more of a smartphone, a Point Of Sale (POS) terminal, a self-service kiosk [e.g. an automated teller machine (ATM)] and a security gate. The system includes a biometric scanner configured to capture a biometric information of the user. The biometric scanner may include a facial scanner configured to capture a virtual representation of the user's face. Further, the system includes a communication engine, which is configured to transmit the biometric information to a remote database comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a corresponding user and one or more identity documents associated with the at least one biometric information and receive an authentication result from the remote database. The one or more identity documents may be issued by a third party, such as a governmental organization. Further, the one or more identity documents may include a scan of a physical identification card. The one or more identity documents may be received from one or more users, wherein the one or more identity documents may be verified based on a communication with the third party.
Moreover, the system includes a processor configured to authenticate the user based on the authentication result. The authentication result may include an indication of a match between the biometric information captured from the user and the at last one biometric information comprised in a profile of the user. Further, the authentication result may include at least a portion of an identity document comprised in the profile of the user. For example, the portion of the identity document may include an age of the user.
Further, a method of facilitating authentication of users based on biometric information is disclosed. The method includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the
communication engine, one or more identity documents associated with the one or more users from one or more user devices. The one or more identity document may include a scan of a physical identification card. Yet further, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Moreover, the method includes storing, using the processor, the one or more profiles in a database.
The method may further include receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information. The at least one biometric information comprises one or more virtual representations of one or more faces of the one or more users. Further, the at least one biometric information may include multiple virtual representations of a face of a user, the method further comprising amalgamating, using the processor, the multiple virtual representations to generate a single virtual representation of the user' s face.
Moreover, the method may include comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Yet further, the method may further include transmitting, using the
communication engine, an authentication result to the authentication device based on a result of the comparing. The authentication result may further include at least a portion of an identity document. Moreover, the method may include tracking, using the processor, behaviour of a user based on the authentication request and a profile associated with the user.
Further, the method may include transmitting, using the communication engine, a verification request to a third party for verifying validity of the one or more identity documents. Yet further, the method may include receiving, using the communication engine, a verification response from the third party, wherein the generating of the one or more profiles is based on the verification response from the third party. The third party may be a governmental organization.
According to an aspect, a method of facilitating authentication of users based on biometric information. The method includes receiving, using a communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. Further, the method includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. In addition, the method includes generating, using a processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. Also, the method includes storing, using the processor, the one or more profiles in a database. Further, the method includes receiving, using the
communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information. Yet further, the method includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles. Moreover, the method includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
Referring now to figures, FIG. 1 is a block diagram of a system 100 for authenticating a user, in accordance with various embodiments disclosed herein. The system 100 may be one or more of a smartphone, a Point Of Sale (POS) terminal, a self- service kiosk (e.g. an ATM) and a security gate. The system 100 may include a biometric scanner 102 configured to capture a biometric information of the user. The biometric scanner 102 may include a facial scanner configured to capture a virtual representation of the user's face.
Further, the system 100 may include a communication engine 104, which may be configured to transmit the biometric information to a remote database 106 comprising multiple profiles associated with multiple users, wherein each profile comprises at least one biometric information of a corresponding user and one or more identity documents associated with the at least one biometric information. The one or more identity documents may be issued by a third party, such as a governmental organization. Further, the one or more identity documents may include a scan of a physical identification card. The one or more identity documents may be received from one or more users, wherein the one or more identity documents may be verified based on a communication with the third party. This is explained in further detail in conjunction with FIG. 4 below. The term engine is used herein to refer to collections of programs which are grouped based upon function. A remote authentication server (not shown) may include the database 106.
Further, the communication engine 104 may be configured to receive an authentication result from the remote database 106. The authentication result may include an indication of a match between the biometric information captured from the user and the at last one biometric information comprised in a profile of the user. Further, the authentication result may further include at least a portion of an identity document comprised in the profile of the user. For example, the portion of the identity document may include an age of the user.
Moreover, the system 100 may include a processor 108 configured to authenticate the user based on the authentication result.
FIG. 2 illustrates a flowchart of a method 200 of facilitating authentication of users based on biometric information, in accordance with some embodiments. The method 200 may be performed on the authentication server comprising the database 106. Further, the authentication server may include a communication engine and a processor.
At 202, the method 200 includes receiving, using the communication engine, at least one biometric information associated with the one or more users from one or more biometric scanners. For example, the communication engine may receive at least one biometric information associated with the one or more users from one or more user devices including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices. Further, the at least one biometric information may include one or more virtual representations of the face(s) of the one or more users. In some embodiments, the at least one biometric information may include multiple virtual representations of a face of a user. The method 200 may further include amalgamating, using the processor, the multiple virtual representations to generate a single virtual representation of the user's face. For example, the single virtual representation of the user's face may be a 3D model of the user's face.
Further, at 204, the method 200 includes receiving, using the communication engine, one or more identity documents associated with the one or more users from the one or more user devices. The one or more identity documents may include a scan of a physical identification card, such as a driving license, a passport, an academic certificate, a library card, a birth certificate, social security cards, credit card and a bank card.
At 206, the method 200 includes generating, using the processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user.
At 208, the method 200 includes storing, using the processor, the one or more profiles in the database 106.
The method 200 may further include receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request includes a biometric information. The authentication device may be any device that has been verified and allowed to access the one or more profiles stored in the database 106. Next, the method 200 may include comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles stored in the database 106. Then, the method 200 may include transmitting, using the communication engine 104, an authentication result to the authentication device based on a result of the comparing. The authentication result may further include at least a portion of an identity document. The method 200 may further include tracking, using the processor 108, behaviour of a user based on the authentication request and a profile associated with the user.
The method 200 may further include transmitting, using the communication engine, a verification request to a third party for verifying validity of the one or more identity documents. For example, the third party may be a governmental organization. Next, the method 200 may include receiving, using the communication engine, a verification response from the third party, wherein the generating of the one or more profiles (at 206 above) may be based on the verification response from the third party.
FIG. 3 illustrates a flowchart of a method 300 of facilitating authentication of users based on biometric information, in accordance with some embodiments. The method 300 may be performed on the authentication server comprising the database 106. Further, the authentication server may include a communication engine and a processor.
At 302, the method 300 includes receiving, using the communication engine, at least one biometric information associated with the one or more users from at least one biometric scanners, such as the biometric scanner 102. For example, the communication engine may receive at least one biometric information associated with the one or more users from one or more user devices including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices. At 304, the method 300 includes receiving, using the communication engine, one or more identity documents associated with the one or more users from one or more user devices. At 306, the method 300 includes generating, using the processor, one or more profiles corresponding to the one or more users, wherein a profile of a user comprises each of at least one biometric information of the user and one or more identity documents of the user. At 308, the method 300 includes storing, using the processor, the one or more profiles in the database 106. At 310, the method 300 includes receiving, using the communication engine, an authentication request from an authentication device, such as the system 100. Further, the authentication request comprises a biometric information, which may be generated by the biometric scanner 102. At 312, the method 300 includes comparing, using the processor, the biometric information with the at least one biometric information comprised in the one or more profiles stored in the database 106. At 314, the method 300 includes transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing. The authentication result may be transmitted to the communication engine 104.
FIG. 4 is a block diagram of a system 400 for authenticating a user, in accordance with some exemplary embodiments. The system 400 may include a communications engine 402, an authentication engine 404, a database 406 and an application program interface (API) engine 408. The database 406 may include multiple profiles of users.
One or more authorized third party devices 410 may access the system 400 via the API engine 408. The API engine 408 works in concert with the communications engine 402 to access the information stored in the database 406. The one or more authorized third party devices 410 may initiate authentication process by scanning one or more of a user's face or the user's identity document (herein referred to as, scanned information). The scanned information may be collected by an image processing engine and transferred to the authentication engine 404 via the communications engine 402. The authentication engine 404 may then cross-reference the scanned information with the profile records in the database 406. This cross-referencing operation may be then used to determine if there are any verified profiles that match the supplied scanned information. Once the correct profile is found, the authentication engine 404 may generate a positive match message which is transferred to the third party device, in the one or more authorized third party devices 410, which generated the authentication request.
The users are required to create a unique profile in the system 400. The users may use one or user devices 412 to create a unique profile in the system 400. The one or more user devices 412 including workstations, personal computers, laptops, desktop computers, tablet computers, smartphones, wearable computing devices or any other suitable computing devices
Further, the system 400 may include a user interface (UI) engine and a profile engine (not shown). Accordingly, a user may access the UI engine to create a profile in the system 400. One or both of the UI engine and the image processing engine may be employed to scan a physical identity document of a user, via a user device in the one or more user devices 412. The scanned document may be sent to the communications engine 402, which may then contact the third party entity (such as a governmental institution) responsible for issuing the identification card to verify the validity of the identification card. Once verified, the profile engine may create a unique record of the individual user. The user may then take multiple photos of her face, using the user device in the one or more user devices 412. These photos may be then amalgamated by the image processing engine and used to generate a virtual representation of the user's face. This virtual representation may be appended to the user's profile. After the user profile is populated with verified demographic information and a virtual facial representation, the profile engine may pass this information to the communications engine 402, which may transmit the profile to the database 406 for storage.
Further, the system 400 allows external devices and applications to authenticate a user's identity within their proprietary ecosystem. In addition to user authentication, the system 400 may track user activity. The user tracking enables authorized parties to generate reports about one or both of customer behavior and regional demographics.
FIG. 5 illustrates a flowchart of a method 500 of creating profiles of users, in accordance with some exemplary embodiments. At 502, a user may initiate profile creation; for example, by using the UI engine and the profile engine in the system 400. At 504, the user may scan an identity document; for example, by using one or both of the UI engine and the image processing engine. At 506, the identification document may be verified with the issuing entity of the identity document. Then, at 508, it is determined if the identity document has been verified. If it is determined that the identity document has not been verified, then the method 500 goes to step 510, wherein a failure message is generated. However, at 508, if it is determined that the identity document has been verified, then the method 500 goes to step 512, wherein the profile engine may populate a profile with the verified information. Next, at 514, the user may capture one or more photos of their face. This is explained in further detail in conjunction with FIG. 6 below. These photos may be then amalgamated by the image processing engine and used to generate a virtual representation of the user's face at 516. After the user profile is populated with verified demographic information and a virtual facial representation, the profile engine may pass this information to the database 406 for storage at 518.
FIG. 6 illustrates a flowchart of a method of providing photos of a user, in accordance with some exemplary embodiments. The user may take a photo of the face at 602. Then at 604, it is determined if an appropriate number of facial photos have been acquired. If it is determined that an appropriate number of facial photos have not been acquired, then the method 600 goes to step 602. However, if it is determined that an appropriate number of facial photos have been acquired, then the method 600 goes to step 606. The user may be required to slightly move their head along a direction before each subsequent photo is clicked. For example, an image of a head in a certain orientation may be shown to the user, such that user can place her head in the similar orientation before a photo is clicked. This will ensure that the user's head is photographed from all angles. Alternatively, a video may be recorded with the user moving her head along a direction.
Then, at 608, a virtual representation of the user's face is generated based on the facial photos of the user. Alternatively, a virtual representation of the user's face is generated based on the video of the user's head. Thereafter, at 610, the facial photos and the virtual facial representation are included in the profile.
FIG. 7 illustrates a flowchart of a method 700 of facilitating authentication of users based on biometric information, in accordance with some exemplary embodiments. At 702, it is determined if a user has an identity document. At 702, if it is determined that the user has an identity document, then the method 700 goes to step 704. However, at 702, if it is determined that the user does not have an identity document, then a failure message may be generated.
At 704, the identity document is scanned. Next, at 706, the profile database 406 is queried using the identity document. Then, at 708, it is determined if the identity document is available in the profile database 406. At 708, if it is determined that the identity document is not available in the profile database, then a failure message is generated at 710. However, if it is determined that the identity document is available in the profile database, then the method 700 goes to step 712. At step 712, a facial scan of the user is obtained. Then, at 714, it is determined if the facial scan is available in the profile database 406. At 714, if it is determined that the facial scan is not available in the profile database 406, then a failure message is generated at 710. However, if it is determined that the facial scan is available in the profile database 406, then the method 700 goes to step 716. At 716, a verification message is generated.
With reference to FIG. 8, a system consistent with an embodiment of the disclosure may include a computing device, such as authentication system 800. In a basic configuration, the authentication system 800 may include at least one biometric sensor 801, at least one processor 802 and a system memory 804.
The at least one biometric sensor 801 may be configured for sensing one or more biometric characteristics of a user, such as, but not limited to, facial scan, palm print, an iris pattern, a retinal pattern, a vascular pattern, a tongue print, a teeth print and an ear print. Accordingly, in some instances, the biometric sensor 801 may be an integrated biometric sensor configured for sending multiple biometric characteristics of the user.
Depending on the configuration and type of authentication system, system memory 804 may comprise, but is not limited to, volatile (e.g. random access memory (RAM)), non-volatile (e.g. read-only memory (ROM)), flash memory, or any combination. System memory 804 may include operating system 805, one or more programming modules 806, and may include a program data 807. Operating system 805, for example, may be suitable for controlling authentication system 800' s operation. In one embodiment, programming modules 806 may include authentication module, key generation module, encryption module, decryption module and so on. Furthermore, embodiments of the disclosure may be practiced in conjunction with a graphics library, other operating systems, or any other application program and are not limited to any particular application or system. This basic configuration is illustrated in FIG. 8 by those components within a dashed line 808.
Authentication system 800 may have additional features or functionality. For example, the authentication system 800 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 8 by a removable storage 809 and a non-removable storage 810. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. System memory 804, removable storage 809, and non-removable storage 810 are all computer storage media examples (i.e., memory storage.) Computer storage media may include, but is not limited to, RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store information and which can be accessed by authentication system 800. Any such computer storage media may be part of device 800. Authentication system 800 may also have input device(s) 812 such as a keyboard, a mouse, a pen, a sound input device, a touch input device, etc. Output device(s) 814 such as a display, speakers, a printer, etc. may also be included. The aforementioned devices are examples and others may be used.
Authentication system 800 may also contain a communication connection 816 that may allow device 800 to communicate with other computing devices 818, such as over a network in a distributed computing environment, for example, an intranet or the Internet. Communication connection 816 is one example of communication media. Communication media may typically be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term "modulated data signal" may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared, and other wireless media. The term computer readable media as used herein may include both storage media and communication media.
As stated above, a number of program modules and data files may be stored in system memory 804, including operating system 805. While executing on processor 802, programming modules 806 (e.g., authentication system application 820) may perform processes including, for example, one or more of methods 200 and 700A to 700C's stages as described above. The aforementioned process is an example, and processor 802 may perform other processes. Other programming modules that may be used in accordance with embodiments of the present disclosure may include electronic mail and contacts applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.
Generally, consistent with embodiments of the disclosure, program modules may include routines, programs, components, data structures, and other types of structures that may perform particular tasks or that may implement particular abstract data types. Moreover, embodiments of the disclosure may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor- based or programmable consumer electronics, minicomputers, mainframe computers, and the like. Embodiments of the disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
Furthermore, embodiments of the disclosure may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. Embodiments of the disclosure may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, embodiments of the disclosure may be practiced within a general purpose computer or in any other circuits or systems.
Embodiments of the disclosure, for example, may be implemented as a computer process (method), a computing system, or as an article of manufacture, such as a computer program product or computer readable media. The computer program product may be a computer storage media readable by a computer system and encoding a computer program of instructions for executing a computer process. The computer program product may also be a propagated signal on a carrier readable by a computing system and encoding a computer program of instructions for executing a computer process. Accordingly, the present disclosure may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). In other words, embodiments of the present disclosure may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. A computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
The computer-usable or computer-readable medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific computer-readable medium examples (a non-exhaustive list), the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM). Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
Embodiments of the present disclosure, for example, are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may, in fact, be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
While certain embodiments of the disclosure have been described, other embodiments may exist. Furthermore, although embodiments of the present disclosure have been described as being associated with data stored in memory and other storage mediums, data can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, solid state storage (e.g., USB drive), or a CD-ROM, a carrier wave from the Internet, or other forms of RAM or ROM. Further, the disclosed methods' stages may be modified in any manner, including by reordering stages and/or inserting or deleting stages, without departing from the disclosure.
Although the invention has been explained in conjunction with a number of embodiments, it is evident that many alternatives, modifications, and variations would be or are apparent to those of ordinary skill in the applicable arts. Accordingly, applicant intends to embrace all such alternatives, modifications, equivalents and variations that are within the spirit and scope of this invention.

Claims

A system for authenticating a user, the system comprising:
a biometric scanner configured to capture a biometric information of the user;
a communication engine configured to:
transmit the biometric information to a remote database comprising a plurality of profiles associated with a plurality of users, wherein each profile comprises at least one biometric information of a corresponding user and at least one identity document associated with the at least one biometric information; and
receive an authentication result from the remote database; and a processor configured to authenticate the user based on the authentication result.
The system of claim is at least one of a smartphone, a Point Of Sale (POS) terminal, a self-service kiosk and a security gate.
The system of claim 1 , wherein the biometric scanner comprises a facial scanner configured to capture a virtual representation of the user's face.
The system of claim 1 , wherein the at least one identity document is issued by a third party.
The system of claim 4, wherein the third party is a governmental organization. The system of claim 1 , wherein the at least one identity document comprises a scan of a physical identification card.
The system of claim 4, wherein the at least one identity document is received from at least one user, wherein the at least one identity document is verified based on a communication with the third party.
The system of claim 1 , wherein the authentication result comprises an indication of a match between the biometric information captured from the user and the at last one biometric information comprised in a profile of the user.
The system of claim 8, wherein the authentication result further comprises at least a portion of an identity document comprised in the profile of the user.
10. The system of claim 9, wherein the portion of the identity document comprises an age of the user.
11. A method of facilitating authentication of users based on biometric information, the method comprising:
receiving, using a communication engine, at least one biometric information associated with the at least one user from at least one biometric scanner;
receiving, using the communication engine, at least one identity document associated with the at least one user from at least one user device;
generating, using a processor, at least one profile corresponding to the at least one user, wherein a profile of a user comprises each of at least one biometric information of the user and at least one identity document of the user; and
storing, using the processor, the at least one profile in a database;
12. The method of claim 11 further comprising:
receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information;
comparing, using the processor, the biometric information with the at least one biometric information comprised in the at least one profile; and
transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
13. The method of claim 11, wherein the at least one biometric information comprises at least one virtual representation of at least one face of the at least one user.
14. The method of claim 13, wherein the at least one biometric information comprises a plurality of virtual representations of a face of a user, the method further comprising amalgamating, using the processor, the plurality of virtual representations to generate a single virtual representation of the user's face.
15. The method of claim 11 further comprising:
transmitting, using the communication engine, a verification request to a third party for verifying the validity of the at least one identity document; and receiving, using the communication engine, a verification response from the third party, wherein the generating of the at least one profile is based on the verification response from the third party.
16. The method of claim 15, wherein the third party is a governmental organization.
17. The method of claim 11, wherein the at least one identity document comprises a scan of a physical identification card.
18. The method of claim 12, wherein the authentication result further comprises at least a portion of an identity document.
19. The method of claim 12 further comprising tracking, using the processor,
behaviour of a user based on the authentication request and a profile associated with the user.
20. A method of facilitating authentication of users based on biometric information, the method comprising:
receiving, using a communication engine, at least one biometric information associated with the at least one user from at least one biometric scanner;
receiving, using the communication engine, at least one identity document associated with the at least one user from at least one user device;
generating, using a processor, at least one profile corresponding to the at least one user, wherein a profile of a user comprises each of at least one biometric information of the user and at least one identity document of the user;
storing, using the processor, the at least one profile in a database; receiving, using the communication engine, an authentication request from an authentication device, wherein the authentication request comprises a biometric information;
comparing, using the processor, the biometric information with the at least one biometric information comprised in the at least one profile; and
transmitting, using the communication engine, an authentication result to the authentication device based on a result of the comparing.
PCT/IB2017/051745 2016-03-25 2017-03-27 User authentication using biometric information WO2017163227A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662313609P 2016-03-25 2016-03-25
US62/313,609 2016-03-25

Publications (1)

Publication Number Publication Date
WO2017163227A1 true WO2017163227A1 (en) 2017-09-28

Family

ID=59900005

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/051745 WO2017163227A1 (en) 2016-03-25 2017-03-27 User authentication using biometric information

Country Status (1)

Country Link
WO (1) WO2017163227A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115223283A (en) * 2022-06-17 2022-10-21 中国银行股份有限公司 Convenient passing method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090080708A1 (en) * 2007-09-24 2009-03-26 Accenture Smart identity system
US20130251214A1 (en) * 2012-03-26 2013-09-26 Amerasia International Technology, Inc. Biometric registration and verification system and method
US20130307670A1 (en) * 2012-05-15 2013-11-21 Jonathan E. Ramaci Biometric authentication system
US20160070121A1 (en) * 2014-09-05 2016-03-10 Vision Service Plan Systems, apparatus, and methods for using eyewear, or other wearable item, to confirm the identity of an individual

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090080708A1 (en) * 2007-09-24 2009-03-26 Accenture Smart identity system
US20130251214A1 (en) * 2012-03-26 2013-09-26 Amerasia International Technology, Inc. Biometric registration and verification system and method
US20130307670A1 (en) * 2012-05-15 2013-11-21 Jonathan E. Ramaci Biometric authentication system
US20160070121A1 (en) * 2014-09-05 2016-03-10 Vision Service Plan Systems, apparatus, and methods for using eyewear, or other wearable item, to confirm the identity of an individual

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115223283A (en) * 2022-06-17 2022-10-21 中国银行股份有限公司 Convenient passing method, device and system

Similar Documents

Publication Publication Date Title
US9946865B2 (en) Document authentication based on expected wear
US20230334476A1 (en) Using a contactless card to securely share personal data stored in a blockchain
US10678902B2 (en) Authentication based on changes in fingerprint minutia
JP2009543176A (en) Traceless biometric identification system and method
CN109426963B (en) Biometric system for authenticating biometric requests
KR20060018839A (en) Smart authenticating card
JP2017092857A (en) Secret information storage method, information processing terminal, and secret information storage program
US11521209B2 (en) Systems and methods for automated identity verification
US10212159B2 (en) Pharmacy authentication methods and systems
US20150269698A1 (en) Use of near field communication devices as proof of identity during electronic signature process
WO2017163227A1 (en) User authentication using biometric information
US20190087824A1 (en) System and method for mitigating effects of identity theft
CN110609987B (en) Document making and processing system
KR20070109378A (en) Method for paperless electronic contract based on certified electronic document repository
JP2008027177A (en) Split information processing apparatus, program and method
KR102564395B1 (en) Method of electronic documents authentication and storage
US12045327B2 (en) Methods and systems for facilitating authenticating of users
JP7344071B2 (en) Authentication system and authentication method
Ahamed et al. A review report on the fingerprint-based biometric system in ATM banking
Ninassi et al. Privacy Compliant Multi-biometric Authentication on Smartphones.
WO2024009285A1 (en) Methods, systems, apparatuses and devices for facilitating hands-free payments
KR20090031400A (en) Method for operating bio-information classified by cards

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17769555

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17769555

Country of ref document: EP

Kind code of ref document: A1