WO2019046464A2 - A secure it ecosystem for implementing an automated person centric (biometric and biographic) profile platform - Google Patents

A secure it ecosystem for implementing an automated person centric (biometric and biographic) profile platform Download PDF

Info

Publication number
WO2019046464A2
WO2019046464A2 PCT/US2018/048604 US2018048604W WO2019046464A2 WO 2019046464 A2 WO2019046464 A2 WO 2019046464A2 US 2018048604 W US2018048604 W US 2018048604W WO 2019046464 A2 WO2019046464 A2 WO 2019046464A2
Authority
WO
WIPO (PCT)
Prior art keywords
profile
individual
data
biometric data
biometric
Prior art date
Application number
PCT/US2018/048604
Other languages
French (fr)
Other versions
WO2019046464A3 (en
Inventor
Kamran ATRI
Original Assignee
Id-Nas
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Id-Nas filed Critical Id-Nas
Publication of WO2019046464A2 publication Critical patent/WO2019046464A2/en
Publication of WO2019046464A3 publication Critical patent/WO2019046464A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/70Multimodal biometrics, e.g. combining information from different biometric modalities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present disclosure introduces systems, models and methods for providing Person Centric Profile views of an individual, including collected unified data points associated with the individual consisting of biometrics and biographies, as well as other key personally related datasets, which resides in a secure database infrastructure platform ecosystem that has a unique capability to synchronize with any approved and authorized Identity Management IT system managed by any approved/authorized government agency and allows for secure sharing, searching, transforming, matching, and integrating of datasets.
  • a platform for compiling and retrieving comprehensive identity management datasets for near instantaneous screening and verification of individuals and their relationships.
  • the secure and searchable identity management infrastructure is built on person centric datasets (including a unique combination of core biometric and biographic data) that can be linked based on established relationships between individuals.
  • the system captures, enrolls, searches, transforms, matches and, when required, alerts authorities via a decentralization Big Data architecture that allows for flexible data sharing, e.g., by replicating infrastructure nodes, thereby minimizing infrastructure requirements. Additional benefits include curtailing manual intervention in aggregating, updating, matching and sharing identity management data between entities (such as different approved governmental agencies, branches and divisions of law enforcement, judicial institutions, border control, etc.).
  • the platform provides rigorous searching, reporting, record matching, alerting and auditing capabilities that are cost effective and highly intuitive, while also providing
  • the systems and methods herein provide a reliable, redundant, scalable and cost-effective identity data management system that may be housed in a cloud computing environment or in any government-specified datacenters.
  • Biometric and biographic datasets are collected, verified and securely stored, fully complying with global standards such as National Information Exchange Model (NIEM).
  • NIEM National Information Exchange Model
  • the centralized compilation of person centric datasets, as well as a multi-faceted encryption protocol, enables expeditious and secure sharing, enrollment, analysis, transformation and matching, thereby
  • the coll ecti on and authentication of biometric data may be implemented as part of a multimodal biometric profile.
  • biometric data such as voice, facial, iris, fingerprint, DNA and or other biometric modalities data
  • the system leverages mainstream technology advances that allow DNA to be inexpensively and non-invasively collected from applicants (e.g., merely requiring a cheek swab) as quickly and easily as obtaining fingerprint data, but providing highly superior identity verification.
  • the system is able to (1) bolster confidence for kinship claims, reducing the occurrence of fraudulent claims for services; (2) strengthen identity verification; and (3) promptly and accurately identify potentially nefarious individuals.
  • a system includes a processing unit and a memory.
  • the memory stores computer executable instructions that, when executed by the processing unit, cause the system to perform one or more operations.
  • the one or more operations include receiving at least one of attributed data and biographical data for a first individual and receiving biometric data for the first individual.
  • the one or more operations further include determining whether the biometric data is validated and, in response to determining that the biometric data is validated, creating a first profile for the first individual.
  • the system identifies a familial relationship between the first individual a second individual and updates the first profile for the first individual to indicate the familial relationship with the second individual.
  • FIG. 1 A is a schematic diagram illustrating a first system for implementing a person centric (biometiic combined with biographic) profile database and search platform, in accordance with aspects of the disclosure.
  • FIG. IB is a schematic diagram illustrating a second system for implementing a person centric (biometric combined with biographic) profile database and search platform, in accordance with aspects of the disclosure.
  • FIG. 2 illustrates an exemplary method for incorporating and mashing biometric and biographic data into a person centric profile views, in accordance with aspects of the disclosure.
  • FIG. 3 illustrates an exemplar ' method for incorporating biometric data and verified familial relationships into a person centric profile views, in accordance with aspects of the disclosure.
  • FIG. 4 illustrates an exemplary method for searching and matching an unknown individual with data stored within a profile store, in accordance with aspects of the disclosure.
  • FIG. 5 illustrates an example login page of a graphical user interface (GUI) associated with a profile platform, according to an embodiment.
  • GUI graphical user interface
  • FIG. 6 illustrates an example of a landing page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 7A illustrates an example dropdown menu for a landing page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 7B illustrates a number of example dropdown menus for a landing page associated with a profile platform, according to an embodiment.
  • FIG. 8 illustrates an example of a biographic enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 9 illustrates an example of a relationship enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 10 illustrates an example of a person characteristics enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 11 illustrates an example of a documentation enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 12 illustrates an example of a review enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 13 illustrates an example of a biometric enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 14 illustrates an example of a social media enrollment page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 15 illustrates an example of a triage page of a GUI associated with a profile platform, according to an embodiment.
  • FIG. 16 illustrates one example of a suitable operating environment in which one or more of the present embodiments may be implemented.
  • FIG. 17 illustrates an information flow diagram, in accordance with aspects of the disclosure.
  • FIG. 18 illustrates a tiered architecture 1800 of the ID-NAS platform, in accordance with aspects of the disclosure.
  • FIG. 19 illustrates a services interface messaging feature of the disclosed ID- NAS platform, in accordance with aspects of the disclosure.
  • FIG. 20 illustrates a core data services framework, in accordance with aspects of the disclosure.
  • embodiments may take the form of a hardware implementation, an entirely software implementation, or an implementation combining software and hardware aspects.
  • the following detailed description is therefore not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims and their equivalents.
  • the disclosure generally relates to a platform and data structure for compiling and retrieving comprehensive identity management datasets to enable near instantaneous screening and verification of individuals and their relationships.
  • the system is built around robust, person-centric individual profiles, including biographic and multimodal biometrics datasets, which reside in a secure Big Data infrastructure that is compatible with existing government systems and protocols and facilitates prompt, accurate and secure data sharing and searching.
  • biographic and multimodal biometrics datasets which reside in a secure Big Data infrastructure that is compatible with existing government systems and protocols and facilitates prompt, accurate and secure data sharing and searching.
  • biometric data such as voice, facial, iris, fingerprint, and/or DNA data
  • biometric data such as voice, facial, iris, fingerprint, and/or DNA data
  • the system leverages mainstream technology advances that allow DNA to be inexpensively and non- invasively collected from applicants as quickly and easily as obtaining fingerprint data, but providing highly superior identity verification.
  • multimodal biometrics with near immediate authentication of an applicant's true identity (e.g., by leveraging known offender databases storing biometric DNA data)
  • the system is able to (1) bolster confidence for kinship claims, reducing the occurrence of fraudulent claims for services; (2) strengthen identity verification; and (3) promptly and accurately identify potentially nefarious individuals.
  • FIGS. 1 A and IB are schematic diagrams illustrating systems 100 A and 100B for implementing a person centric (biometric combined with biographic) profile database and search and match platform, in accordance with aspects of the disclosure.
  • one or more client computing devices 106 A and one or more client computing devices 106B may interface via API 158 with a profile platform 1 18 (e.g., within cloud computing environment 150) to enroll and query individuals in a multimodal biometric profile database (e.g., profile store 138).
  • a profile platform 1 18 e.g., within cloud computing environment 150
  • a multimodal biometric profile database e.g., profile store 138
  • the one or more client computing devices 106 A and 106B may be personal or handheld computers having both input elements and output elements for
  • the one or more client computing devices 106A and 106B may include one or more of: a mobile telephone; a smart phone; a tablet; a phablet; a smart watch; a wearable computer; a personal computer; a desktop computer; a laptop computer; a gaming device/computer; a television; and the like.
  • a mobile telephone a smart phone; a tablet; a phablet; a smart watch; a wearable computer; a personal computer; a desktop computer; a laptop computer; a gaming device/computer; a television; and the like.
  • client computing device for accessing the profile platform 118 may be utilized.
  • client computing devices 106A and 106B may be remotely located from one another; and in further aspects, client computing devices 106 A and 106B may be located internationally.
  • the one or more client computing devices 106A and 106B are operated by one or more users 104 A (e.g., an authorized process administrator and/or technician) and 104B (e.g., an authorized querying user).
  • users 104 A e.g., an authorized process administrator and/or technician
  • 104B e.g., an authorized querying user
  • a user 104A may access client computing device 106 A to input biographic data regarding an applicant 102 A into an enrollment interface provided by API 158 of profile platform 1 18.
  • Applicant 102 A may be of any age, ethnicity or gender.
  • a process administrator may capture rapid multimodal biometrics and biographic datasets from individuals (e.g., applicant 102 A) into an intuitive user friendly interface (e.g., API 158). This creates a unique, person-centric profiling view, which feeds into the larger profile platform 1 18.
  • the latest individual datasets e.g., person centric profile views
  • a ledger Big Data infrastructure in a profile store 138, which is maintained securely in a cloud environment 150.
  • the profile store 138 is managed by the profile platform 118 (e.g., via database layer 128 and/or data layer 130), which enables enrollment (e.g., applicant data input), searching and/or matching, validation and/or authentication, reporting, notifications and alerts (e.g., SIM), etc., (e.g., via business logic layer 132A and/or presentation layer 134B) regarding individuals.
  • profile platform 1 18 may comprise one or more of a database layer 128, a data layer 130, a business logic layer 132, and a presentation layer 134.
  • each layer of the profile platform 118 may involve one or more additional components, managers, APIs, etc.
  • the profile platform 1 18 is executed on one or more servers 108 within cloud environment 150.
  • the same or different user 104B may access client computing device 106B to enter a query via a search interface of API 158 regarding an unknown individual 102B into profile platform 118.
  • Unknown individual 102B may be a new applicant for benefits, an individual seeking access through a national border, an individual apprehended by law enforcement, and the like.
  • user 104B seeks to verify the identity and/or relationships of unknown individual 102B.
  • user 104B may determine whether profile store 138 includes a person centric profile views for the unknown individual 102B and/or whether other persons are related to the unknown individual 102B (e.g., by accessing the presentation layer 134 and/or the business logic layer 132).
  • biometric data may be collected from unknown individual 102B and used to identify matching biometric data stored by profile store 138. In this way, user 104B is able to verify the identity and/or relationships of unknown individual 102B.
  • client computing device 106A may be the same or different device as client computing device 106B. That is, API 158 may be accessible by the same or different client computing devices 106A and 106B.
  • data may be viewed on client computing devices 106 A and/or 106B via a dashboard provided by API 158 for profile platform 1 18.
  • profile platform 118 may be hosted on the memory and processing infrastructure of servers 108.
  • the data flowing into (e.g., via an enrollment interface provided by API 158) and out of (e.g., via a search interface provided by API 158) profile platform 118 is encrypted, e.g., in an XML Message Structure.
  • the system double encrypts the data in order to provide additional security protection for data at any stage, e.g., including input/enrollment, verification, compiling/storage, sharing, searching/matching, etc.
  • a four-tiered, key managed-based architecture for encryption including data encryption keys, database encryption keys, at least one cluster encryption key, and at least one master encryption key.
  • Data encryption keys encrypt data blocks in a cluster, where each data block is assigned a randomly-generated 256-bit key.
  • a cluster may refer to any isolated or partitioned set of data (e.g., maintained for a particular governmental agency, an international government or agency, etc.).
  • Database keys encrypts data encryption keys for a cluster. Each database key is a randomly-generated 256-bit key that is stored on disk in a separate network and encrypted by the master encryption key.
  • a cluster key encrypts the database key for a cluster, with the ID-NAS cluster having its own cluster key.
  • the master key encrypts each cluster key.
  • the master key encrypts the cluster-key-encrypted database key if the cluster key is stored by ID- NAS.
  • a trouble ticket may be opened. Additionally, statistical data reports may be generated by the business logic layer 132 and provided to users 104A and/or 104B via the dashboard associated with the presentation layer 134 of API 158, allowing for delivery of detailed analysis and statistical findings to authorized organizations.
  • the profile platform 118 may be implemented by one or more server computing devices 108, e.g., within a cloud-based computing environment 150.
  • the one or more client computing devices 106A/B and the one or more server computing devices 108 may communicate over a network.
  • the network may include multiple networks, e.g., an enterprise intranet, the Internet, etc.
  • the network may include a Local Area Network (LAN), a Wide Area Network (WAN), the Internet, and communication may be conducted via wireless and/or wired transmission mediums.
  • LAN Local Area Network
  • WAN Wide Area Network
  • the one or more client computing devices 106 A and/or 106B, the one or more server computing devices 108 may communicate with some components of the system via a local network (e.g., an enterprise intranet) and may communicate with other components of the system via a wide area network (e.g., the Internet).
  • a local network e.g., an enterprise intranet
  • a wide area network e.g., the Internet
  • the aspects and functionalities described herein may operate over distributed systems (e.g., a cloud-based computing environment 150), where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet.
  • each server computing device 108 may include at least a processing unit and a system memory for executing computer-executable instructions, e.g., a profile management application, for implementing the profile platform 118.
  • the profile platform 1 18 may provide one or more interfaces (e.g., via API 158) to enable users 104A and/or 104B to enroll applicants and/or query applicants in the multimodal biometric profile store 138.
  • system 100 A provides a testing instrument 110 (or a testing service 110) for providing results based on a biological sample from applicant 102A and/or unknown individual 102B.
  • the biological sample may be a cheek swab, hair sample, blood sample, saliva sample, voice sample, photograph, fingerprint, or otherwise.
  • the testing instrument 110 (or testing service 110) may be configured to analyze and verify the biological sample and provide a result (e.g., a DNA report, a blood type, a voice analysis, iris analysis, etc.).
  • the biological sample may be a cheek swab of applicant 102A conducted by user 104A (e.g., authorized process administrator or technician) and/or unknown individual 102B conducted by user 104B (e.g., authorized querying user).
  • the biological sample may be securely transported from the user 104 A (and/or user 104B) to the testing instrument 1 10 (or testing service 110).
  • the biological sample may be a cheek swab of applicant 102 A (and/or unknown individual 102B) conducted by an authorized technician (not shown) associated with and/or operating testing instrument 1 10.
  • the results may be securely delivered to client computing devices 106A or 106B (e.g., via encrypted transmission over a network) and then securely delivered to profile platform 118 (e.g., via encrypted transmission over a network), or the results may be securely and directly delivered to profile platform 1 18 (e.g., via encrypted transmission over a network) by testing instrument 1 10 (or testing service 110).
  • profile store 138 may be partitioned into two or more isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B, one for a first cluster and one for second cluster and or more, respectively.
  • different entities e.g., different governmental departments or agencies, different international governments, different municipalities or states, different law enforcement agencies, etc.
  • Information stored in isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B may be shared, but is not required to be shared, between entities.
  • An additional layer of the profile platform 118, cluster manager 154 may manage the isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B for different entities, and may also serve to facilitate sharing of profiles upon request and authorization between entities.
  • the isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B may be formatted with the same data structure (e.g., a person centric profile views structure).
  • profile data within either isolated cluster of Big Data infrastructure (multiple databases) 156A or 156B may be easily shared and/or queried, enabling cross-entity searches, matches, validation and reports on findings.
  • user 104B may utilize one or more client computing devices 106B to interface with profile platform 118 to query applicant profiles in one or more isolated cluster of Big Data infrastructure (multiple databases) 156A''B stored in profile store 138.
  • client computing devices 106B may utilize one or more client computing devices 106B to interface with profile platform 118 to query applicant profiles in one or more isolated cluster of Big Data infrastructure (multiple databases) 156A''B stored in profile store 138.
  • user 104A may utilize one or more client computing devices 106 A to interface with a profile platform 118 to enroll an applicant 102 A in a multimodal biometric profile database.
  • API 158 may be executed on the client computing device 106A. That is, a client version of a profile management application program interface (API) may be downloaded to client computing device 106A in order to interface with profile platform 1 18 executing within cloud computing environment 150. While for security and lightweight infrastructure reasons, it may be preferable to interface with the profile platform 1 18 via a browser (as illustrated by FIG. 1 A), other configurations (e.g., as illustrated by FIG.
  • API 158 may be a lightweight client installation that may facilitate security and communication between client device 106A (and or client device 106B).
  • users 104A/104B may input credentials that may be authenticated by a security module API (e.g., in communication with security module executing within profile platform 1 18).
  • API 158 may provide for receiving biographical and/or biometric datasets from user 104 A (e.g., about applicant 102A) and/or for receiving a query from user 104B (e.g., regarding unknown individual 102B, and/or for generating reports, analyzing statistics, etc.) and interfacing with various layers of the profile platform 1 18.
  • a biological sample collected from applicant 102 A may be analyzed by testing instrument 1 10 (or testing service 1 10) and the results may be securely delivered to client computing devices 106A/106B or directly delivered to profile platform 1 18.
  • API 158 may further provide a dashboard for presenting reports, alerts, results, etc., to user 104A and/or user 104B, in conjunction with functionality associated with business logic layer API 132B and/or presentation layer API 134B.
  • a trouble ticket may be accessed by user 104A and/or user 104B to report the issue, generate a request for another biological sample, etc.
  • the various components of API 158 may interface with profile platform 1 18, which may comprise a multi-tiered architecture including one or more of a database layer 128, a data layer 130, a business logic layer 132Aand/or a presentation layer 134A, as discussed with respect to FIG. 1A.
  • the profile platform 1 18 is executed on one or more servers 108 within cloud environment 150. As described with reference to FIG. 1 A, profile platform 118 may compile person centric profiles in profile store 138, which may be partitioned into a plurality of isolated entity databases for a plurality of entities (not shown).
  • the present methods and systems provide unique and comprehensive solutions.
  • the methods and systems describe a fundamental integration of biometric data with biographical data to easily create and quickly and accurately verify person centric profiles.
  • DNA testing may offer benefits over other biometric identifiers (e.g., fingerprints, iris recognition, voice recognition).
  • DNA analysis can reliably confirm or refute claimed biological relationships.
  • the unique and permanent person centric profile views data structure disclosed herein ensures objective and efficient border controls, eliminating questions of identity from manual and independent assessment by border guards or other officials to a neutral, robust and automated procedure. In this way, comprehensive person centric profile views can be used to detect nefarious individuals, document falsification, unlawful entry and transport of humans by traffickers, etc.
  • Proof of identity may be based on three classic types of identity attributes, including biometric datasets (e.g. fingerprints), attributed datasets (e.g. full name), and biographical data (e.g. education or employment history).
  • biometric datasets e.g. fingerprints
  • attributed datasets e.g. full name
  • biographical data e.g. education or employment history
  • biometric markers e.g., DNA markers
  • DNA markers have long identified criminals and may be similarly employed to identify potential terrorists, known human traffickers attempting to travel under false identities, etc.
  • DNA instruments analyze a predetermined set of markers (e.g., Short Tandem Repeats (STR) using 27 specific locations). The number of and type of location may be chosen according to any suitable protocol, algorithm, statistical analysis, or otherwise, to ensure that no physical traits, race, ethnicity, disease susceptibility, medical information, or any other sensitive information, may be concealed.
  • a DNA instrument e.g., testing instrument 1
  • PII personally identifiable information
  • DNA instrument e.g., testing instrument 1
  • components may merely involve a collection swab, an integrated biochip and the testing instrument itself.
  • Testing instrument 110 may be easily transportable and fully automated, from inserting the biological sample to obtaining the results.
  • DNA instruments may confirm parent-child relationships with a high degree of accuracy (up to 99.999999% probability of accurate confirmation), exposing false family- relationship claims (e.g., for requesting public benefits, etc.). Further, DNA testing allows for processing five samples at once, generating DNA results in as few as 90 minutes. Additionally, overall cost savings may be realized by reducing multi-million dollar laboratories into a portable field collection and processing device.
  • FIGS. 1 A and IB are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
  • FIG. 2 illustrates an exemplary method 200 for incorporating biometric datasets into a person centric profile views, in accordance with aspects of the disclosure.
  • Method 200 may begin with operation 202, where an enrollment application may be created.
  • a process administrator or technician e.g., user 104A
  • a profile platform e.g., profile platform 118.
  • the applicant may be an individual seeking public benefits, a passport or visa, entry into a national border facility, heightened security clearance, etc.
  • the enrollment interface may resemble interfaces illustrated by FIGS. 8-14, for example.
  • the process administrator e.g., user 104 A or a technician at a testing facility may capture biometric information for the applicant (e.g., applicant 102A).
  • the process administrator or a technician may collect a biological sample from the applicant.
  • the biological sample may be a cheek swab, hair sample, blood sample, saliva sample, voice sample, facial photograph, iris scan, or otherwise.
  • the process administrator may load the biometric sample into a secure vehicle.
  • a secure vehicle For example, if the process administrator is in the field (e.g., at a border facility, at a crime scene, or otherwise), it may be necessary to preserve the biological sample (e.g., from contamination, deterioration, etc.) and/or the chain of custody for the biological sample, during transport. Additionally, or alternatively, some testing devices may require a particular vehicle for delivering the biological sample to the device.
  • the secure vehicle may be a vacuum-sealed vial, a secure memory device (e.g., a secure/encrypted flash drive storing photographs, voice recordings, etc.), a secure biochip, etc.
  • loading the biological sample into a secure vehicle may be unnecessary (e.g., if the biological sample is collected by a technician at a testing facility and delivered directly to a testing instrument).
  • a process administrator or technician may load a secure biochip with multiple biological samples (e.g., multiple cheek swabs from different applicants) and may deliver the biochip to a DNA instrument.
  • the biological sample may be securely transported to a testing instrument.
  • a testing instrument e.g., a border facility, at a crime scene, or otherwise
  • the testing facility may be remote (e.g., a third-party laboratory) from the process
  • the testing instrument e.g., a DNA instrument
  • the testing instrument may be taken into the field and/or provided on-site within a governmental agency, hi this case, transport of the biological sample may not be necessary.
  • the testing instrument may be configured to analyze and verify the biological sample and provide results regarding the applicant.
  • results of analyzing the biological sample may be securely received from the testing instrument (or testing service).
  • the results may include, for example, a DNA report, a blood type, a voice analysis, iris map analysis, etc.
  • the results may be securely received by the process administrator or directly by the profile platform from the testing instrument (or testing service).
  • the results may be encrypted and transmitted over a secure network.
  • the results may suggest that the biological sample was contaminated, deteriorated (e.g., by heat exposure, sample age, etc.), or otherwise insufficient (e.g., sample size was insufficient for testing, etc.).
  • the results may suggest a discrepancy between other biological data for an individual (e.g., a claimed relationship may not be substantiated by the results).
  • the method may progress to open operation 214.
  • the results may be validated, i.e., the results may not suggest any issues with the biological sample and/or discrepancies with other biological data for the individual, and the method may progress to input operation 216.
  • a trouble ticket may be opened when results of testing the biological sample suggest a discrepancy.
  • discrepancies may occur for a variety of reasons. For example, issues may arise with respect to the biological sample itself - such as but not limited to an inadequate amount of the biological sample for testing, degraded biological sample (e.g., due to heat, light, age, etc.), contaminated sample, and the like. Alternatively, issues may arise with respect to human error, negligence, etc. - such as but not limited to violations with respect to chain of custody, improper laboratory testing protocols, improper collection techniques, inaccurate data entry or data transmission, and the like.
  • discrepancies may arise from nefarious human intervention - such as but not limited to switching the biological sample for that of another individual, purposefully altering results, purposefully inaccurately recording or inputting results, and the like.
  • the trouble ticket may call for different responsive actions, such as but not limited to recollection of a biological sample, retesting of the biological sample, verification of conflicting
  • the method may return to collect operation 204 for recollection of a biological sample.
  • the results may be input into pre-formatted fields of a person centric profile views. Such input may occur automatically upon verification of the results or may occur manually via data entry. In aspects, to minimize human error and/or illicit behavior, results may automatically populate the pre-formatted fields of the person centric profile via a direct transmission from the testing instrument itself (or the testing service). In this case, the results may be verified by one or more components of the profile platform, e.g., based on an expected type or array of result data, based on other biological data associated with a person centric profile, etc.
  • the biometric dataset associated with the results of testing a biological datasets sample may be stored in the person centric profile views for an applicant (e.g., applicant 102 A).
  • the person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in an encrypted cloud environment.
  • the profile store may be managed by the profile platform, which enables searching, matching, validation and reporting to be executed on the person centric profile.
  • FIG. 3 illustrates an exemplary method for incorporating biometric datasets and verified familial relationships into a person centric profile views, in accordance with aspects of the disclosure.
  • Method 300 may begin with operation 302, similar to operation 202, where an enrollment input may be received. As described above, upon receiving and
  • a process adminisuator or technician may initiate an enrollment application and input biographic data regarding an applicant (e.g., applicant 102A) into an enrollment interface of a profile platform (e.g., profile platform 1 18).
  • a profile platform e.g., profile platform 1 18
  • the applicant may be an individual seeking public benefits, a passport or visa, entry into a national border facility, heightened security clearance, etc.
  • the enrollment interface may resemble interfaces illustrated by FIGS. 8-14, for example.
  • biometric data may be received for an applicant.
  • Biometric data may include but is not limited to a voice analysis, facial mapping, iris mapping, fingerprint, and/or DNA report (e.g., based on a set of DNA markers).
  • the biometric datasets may be based on a tested biological sample of the individual that is securely transmitted to the profile platform, e.g., as described with reference to FIG. 2.
  • validation determination operation 306 similar to determination operation 212, it may be determined whether the biometric results are validated.
  • the results may suggest that the biological sample was contaminated, deteriorated (e.g., by heat or light exposure, sample age, etc.), or otherwise insufficient (e.g., sample size was insufficient for testing, etc.).
  • the results may suggest a discrepancy between other biological data for the individual (e.g., a claimed relationship may not be
  • the method may progress to open operation 308.
  • the results may be validated, i.e., the results may not suggest any issues with the biological sample and/or discrepancies with other biological datasets for the individual, and the method may progress to create operation 310.
  • a trouble ticket may be opened when results of testing the biological sample suggest a discrepancy. For example, as described above, issues may arise with respect to the biological sample itself, human error and/or negligence, nefarious human intervention, etc. Depending on the discrepancy, the trouble ticket may call for different responsive actions, such as but not limited to recollection of a biological sample, retesting of the biological sample, verification of conflicting biographical data, evaluation of testing protocol, investigation of the chain of custody, etc. In some cases, the method may optionally return to receive operation 304 for receiving supplemental biometric datasets.
  • a person centric profile may be created by the profile platform. For example, biographical data collected during enrollment may be combined with the validated biometric data to create a person centric profile.
  • a person centric profile may be created based on a pre-formatted set of fields provided by the profile platform. Such fields may be manually or automatically populated. For example, such pre-formatted fields of a person centric profile may be illustrated by FIGS. 8-1 1, 13- 14, described below.
  • familial determination operation 312 it may be determined whether the applicant has a familial relationship with other individual within the profile store (or other accessible third-party database).
  • a familial relationship may be defined as any
  • a familial relationship may include individuals within a single degree of blood relation, including grandparents, parents, and siblings.
  • a familial relationship may include individuals within a second degree of blood relation, additionally including aunts, uncles, and first cousins.
  • a familial relation may include a third degree of blood relation, e.g., great aunts, great uncles, second cousins.
  • first degree “second degree,” etc., are not intended to be limiting and may be defined in the system according to any suitable or desired designation.
  • a familial relationship of a certain degree may be determined based on a degree of matching between the biometric data of the applicant and biometric data of another individual within the profile store (or other accessible third-party database). For example, based on DNA matching, a familial relationship of a certain degree may be determined based on matching a percentage of DNA markers (or a type of DNA marker) between two individuals. As should be appreciated, a matching between the biometric data of different individuals may be based on any suitable protocol, algorithm, etc. If, based on an applicable definition, it is determined that a familial relationship exists with another individual, the method may progress to add operation 314. Alternatively, if a familial relationship is not identified with another individual, the method may progress to store operation 320.
  • the determined relationship may be added to the created person centric profile of the applicant.
  • the determined relationship may be automatically populated within the person centric profile of the applicant, hi other aspects, the determined relationship may validate an asserted familial relationship supplied by the applicant.
  • profile determination operation 316 it may be determined whether the individual having a familial relationship with the applicant is associated with another person centric profile within the profile database.
  • another person centric profile may be identified within the profile store based on biographical information of the related individual (e.g., name, address, social security number, etc.) and/or biometric data of the related individual stored within the person centric profile (e.g., in some cases, the biometric data used to identify the familial relationship). If the related individual is determined to have a person centric profile, the method may progress to link operation 318. If the related individual is determined not to have a person centric profile, the method may progress to store operation 320.
  • the applicant's person centric profile may be linked to the individual's person centric profile within the profile store. Linking may be
  • any suitable means e.g., index-based identifiers, pointers or references stored within the person centric profiles, etc.
  • searches, matches, validation and reporting executed on the profile store may include and/or follow such linkages.
  • the person centric profile views of the applicant may be stored in the profile store (e.g., for applicant 102A).
  • the applicant's person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in an encrypted cloud environment.
  • a person centric profile views for the related individual may be created, linked to the applicant's person centric profile views and stored in the profile store. In this case, the person centric profile views for the related individual may be incomplete with respect to at least some biographical information and/or biometric data.
  • the individual's person centric profile may be incomplete, the individual's person centric profile may be linked with the applicant's person centric profile and, during later searching, matching, validation and/or reporting, the individual's person centric profile may be automatically populated with additional information.
  • the related individual's person centric profile may be accessed and further populated during an enrollment process.
  • the profile store may be managed by the profile platform, which enables searching, matching, validation and reporting to be executed on the person centric profiles of the applicant and/or the related individual.
  • FIG. 4 illustrates an exemplary method for searching and matching an unknown individual with datasets stored within a profile store, in accordance with aspects of the disclosure.
  • datasets regarding an unknown individual may be received.
  • An "unknown individual” may be a new applicant for benefits or other access to the system, an individual seeking access through a national border, an individual apprehended by law enforcement, and the like.
  • Data associated with the unknown individual may include but is not limited to biographical information (e.g., name, address, etc.), identifying information (e.g., passport, driver's license, government identification, etc), a biological sample (e.g., cheek swab, hair sample, blood sample, saliva sample, voice sample, facial photograph, iris scan, fingerprint, etc.), biometric data (e.g., results of a tested biological sample including a blood type or profile, a DNA analysis or report, an iris mapping, fingerprint analysis, etc.), and the like. The data may be obtained voluntarily or under obligation or compulsion (e.g., by court order, warrant, etc.) by the unknown individual.
  • biographical information e.g., name, address, etc.
  • identifying information e.g., passport, driver's license, government identification, etc
  • a biological sample e.g., cheek swab, hair sample, blood sample, saliva sample, voice sample, facial photograph, iris scan, fingerprint, etc.
  • an authorized user of the profile platform may seek to verify the identity and/or relationships of unknown individual.
  • An authorized user may be an individual with validated credentials for access to the profile platform.
  • the authorized user may determine whether any data in a profile store matches the received data for the unknown person.
  • a match between the received data for the unknown individual and data within the profile store may be determined.
  • a match may be determined based on any suitable protocol and/or algorithm provided by the search engine of the profile platform.
  • searching the profile store may include searching for matching biographical information (e.g., matching name), matching identifying information (e.g., matching passport number and issuing nation), matching biometric data (e.g., a matching to a predefined set of DNA markers, a matching based on voice recognition technologies, a matching based on a fingerprint analysis and/or iris scan analysis, etc.). If received data from the unknown individual matches at least some data within the profile store, the method may progress to secondary determination operation 408.
  • biographical information e.g., matching name
  • matching identifying information e.g., matching passport number and issuing nation
  • biometric data e.g., a matching to a predefined set of DNA markers, a matching based on voice recognition technologies, a matching based on a fingerprint analysis and/or iris scan analysis,
  • the method may progress to create operation 414.
  • it may be determined whether the match between the received data and data within the profile store is an exact match or a familial match.
  • An exact match indicates that the received data from the unknown individual is a match to a person centric profile within the profile store for the same individual.
  • An exact match may be determined based on any suitable protocol and/or algorithm. For instance, an exact match may require a certain degree of matching (e.g., 99% match to DNA markers in a person centric profile) and/or a certain type of matching information (e.g., match with both biographical and biometric data), etc.
  • exact matching are not intended to be limiting and other metrics may be defined and implemented without departing from the present disclosure.
  • the method may progress to retrieve operation 410.
  • a familial match may be determined based on matching a subset or portion of data within the profile store. Determining a familial match may also be based on any suitable protocol and/or algorithm. For instance, a familial match may require at least a first degree of matching but less than a second degree of matching (e.g., at least 90% match to DNA markers but less than 97% match to DNA markers in a person centric profile). Such examples of familial matching are not intended to be limiting and other metrics may be defined and implemented without departing from the present disclosure. If a familial match is determined, the method may progress to create operation 414.
  • both an exact match e.g., to the individual's person centric profile
  • a familial match e.g., to a related individual's person centric profile
  • the method may progress to retrieve operation 410, as described above.
  • the method may optionally and additionally progress to retrieve operation 410 and/or link operation 418.
  • a person centric profile views for the unknown individual may be retrieved from the profile store and provided to the authorized user.
  • the person centric profile views may provide data in addition to the received data to the authorized person, e.g., additional biographical information, additional identifying information, additional biometric data, etc. In this way, the authorized user may verify the identity of the unknown individual.
  • a familial person centric profile for an individual in a familial relationship to the unknown individual may be retrieved from the profile store and provided to the authorized user.
  • a familial relationship may be verified from based on the familial person centric profile. For instance, if the unknown individual asserted a parent-child relationship with the familial individual and the biometric data associated with the familial person centric profile views suggests that the familial relationship is no closer than an aunt-niece relationship, the asserted familial relationship may be identified as false.
  • biometric data associated with the familial person centric profile could alternatively validate an asserted familial relationship.
  • other data may be obtained from the familial person centric profile, such as ethnicity, national origin and/or affiliation, etc.
  • a person centric profile may be created for the unknown individual by the profile platform.
  • the received data from the individual may be populated within preformatted field to create a person centric profile.
  • Such fields may be manually or automatically populated.
  • preformatted fields of a person centric profile may be illustrated by FIGS. 8-11, 13-14, described below.
  • the method may optionally return to receive operation 402 to obtain additional data for the unknown individual and/or to collect a biological sample for obtaining biometric data for the unknown individual. Additionally or alternatively, if a familial match was identified, the method may optionally progress to link operation 418.
  • the created person centric profile views of the unknown individual may be stored in the profile store (e.g., for unknown individual 102B).
  • the unknown individual's person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in a cloud environment. Additionally, if a familial relationship was determined and the related individual was associated with a familial person centric profile views, the unknown individual's person centric profile views may be linked to the familial person centric profile views and stored in the profile store.
  • the profile store may be managed by the profile platform (e.g., via a data manager), which enables searching, matching, validation and reporting to be executed on the person centric profile views of the unknown individual and/or the related individual.
  • link operation 418 similar to link operation 318, if it is determined that the unknown individual is associated with familial person centric profile views, the unknown individual's person centric profile views may be linked to the familial person centric profile views within the profile store. Linking may be accomplished via any suitable means, e.g., index-based identifiers, pointers or references stored within the person centric profile views, etc. In aspects, when person centric profile views are linked within the profile store, searches, matches, validation and reporting executed on the profile store may include and/or follow such linkages.
  • FIG. 5 illustrates an example login page of a graphical user interface (GUI) 500 associated with a profile platform, according to an embodiment.
  • GUI graphical user interface
  • the GUI 500 provides for logging into or creating an authorized account for accessing a multimodal biometric profile database (e.g., profile store) managed by a profile platform.
  • a multimodal biometric profile database e.g., profile store
  • the GUI 500 may provide encrypted access control (e.g., via user credential input fields 502) so as to provide secure access to profile information managed and stored by the profile platform.
  • FIG. 6 illustrates an example of a landing page of a GUI 600 associated with a profile platform, according to an embodiment.
  • GUI GUI
  • GUI 600 provides a menu bar 602, e.g., including options such as but not limited to “Enrollment,” “Administration,” “Search & Match,” “Exchange,” “Report,” “Contact Us,” “Help,” etc.
  • GUI 600 also includes suggested navigation topics within navigation pane 604, including but not limited to “Discover” content, “Explore Features,” “Getting Started,” etc.
  • the landing page may provide a high-level overview of the features and functionality provided by the profile platform.
  • FIG. 7A illustrates an example dropdown menu for a landing page of a GUI 700 associated with a profile platform, according to an embodiment.
  • GUI 700 provides a menu bar 702A, similar to menu bar 602, e.g., including options such as but not limited to “Enrollment,” “Administration,” “Search & Match,” “Exchange,” “Report,” “Contact Us,” “Help,” etc.
  • GUI 700 also provides a navigation pane 704 including suggested navigation topics such as but not limited to “Discover” content, “Explore Features,” “Getting Started,” etc.
  • a dropdown menu 706A for "Enrollment” is illustrated.
  • dropdown menu 706A provides various options for enrolling an applicant with the profile platform.
  • FIG. 7B illustrates a number of example dropdown menus for a landing page associated with a profile platform, according to an embodiment.
  • FIG. 7B provides a menu bar 702B, similar to menu bar 602, e.g., including options such as but not limited to "Enrollment,” “Administration,” “Search & Match,” “Exchange,” “Report,” “Contact Us,” “Help,” etc.
  • options associated with a number of dropdown menus are provided.
  • dropdown menu 706B is associated with the "Enrollment” option of menu bar 702B and, similar to dropdown menu 706A, provides options for enrolling an applicant with the profile platform.
  • Dropdown menu 708, associated with an "Administration” option along menu bar 702B provides options for triage and other administrative functions.
  • Dropdown menu 710 associated with a "Search & Match” option along menu bar 702B, provides options for search and match functions with respect to a profile store, as described above.
  • Dropdown menu 712 associated with a "Report” option along menu bar 702B, provides options for reporting on performance indicators, progress, inventory management, shipping and handling, and other reporting functions.
  • Dropdown menu 714 associated with an "Exchange” option along menu bar 702B, provides options for sharing data between entities, such as but not limited to agreements and authorization, documentation, international data exchange, etc.
  • FIG. 8 illustrates an example of a biographic enrollment page of a GUI 800 associated with a profile platform, according to an embodiment.
  • GUI 800 provides a menu bar 802, showing that the "Enrollment" option has been selected.
  • GUI 800 further provides a plurality of biographical input fields 804 associated with biographical information pane 806.
  • the plurality of biographical input fields 804 may collect biographical information such as but not limited to gender; first, middle, last name; date of birth; citizenship; address; phone; email; etc.
  • FIG. 9 illustrates an example of a relationship enrollment page of a GUI 900 associated with a profile platform, according to an embodiment.
  • GUI 900 provides a menu bar 902, showing that the "Enrollment" option has been selected.
  • GUI 900 further provides a plurality of relationship input fields 904 associated with family & relationships pane 906.
  • the plurality of relationship input fields 904 may collect relationship information such as but not limited to biographical information associated with an enrollee's father, mother, etc.
  • FIG. 10 illustrates an example of a person characteristics enrollment page of a GUI 1000 associated with a profile platform, according to an embodiment.
  • GUI 1000 provides a menu bar 1002, showing that the "Enrollment" option has been selected.
  • GUI 1000 further provides a plurality of person characteristic input fields 1004 associated with person characteristics pane 1006.
  • the plurality of person characteristic input fields 1004 may collect person characteristics information such as but not limited to ethnicity, height, weight, eye color, hair color, visible scars or other characteristics, marital history, etc.
  • FIG. 1 1 illustrates an example of a documentation enrollment page of a GUI 1 100 associated with a profile platform, according to an embodiment.
  • GUI 1100 provides a menu bar 1102, showing that the "Enrollment" option has been selected.
  • GUI 1 100 further provides a plurality of documentation input fields 1104 associated with documentation pane 1106. For example, the plurality of
  • documentation input fields 1 104 may collect documentation information such as but not limited to enrollment data, type, location, reason, etc.; biological sample (e.g., DNA) package number, technician name, test type, testing instrument number, etc.; and document types, numbers, issuing authorities, issue dates, etc.
  • biological sample e.g., DNA
  • FIG. 12 illustrates an example of a review enrollment page of a GUI 1200 associated with a profile platform, according to an embodiment.
  • GUI 1200 provides a menu bar 1202, showing that the "Enrollment" option has been selected.
  • GUI 1200 further provides information for review 1204 associated with review pane 1206.
  • the information for review 1204 may include information such as but not limited to the information collected with respect to enrollment pages of FIGS. 8-1 1 , e.g., biographical information, relationship information, person characteristics information, documentation information, etc.
  • FIG. 13 illustrates an example of a biometric enrollment page of a GUI 1300 associated with a profile platform, according to an embodiment.
  • GUI 1300 provides a menu bar 1302, showing that the "Enrollment" option has been selected.
  • GUI 1300 further provides a plurality of biometric input fields 1304.
  • the plurality of biometric input fields 1304 may include biological sample information such as but not limited to: a DNA package number, DNA capture date, DNA test administered by, DNA capture site, etc.; and/or a photograph name, photograph type, photograph issue date and/or expiration date, photograph description, etc.
  • FIG. 14 illustrates an example of a social media enrollment page of a GUI 1400 associated with a profile platform, according to an embodiment.
  • GUI 1400 provides a menu bar 1402, showing that the "Enrollment" option has been selected.
  • GUI 1400 further provides a plurality of social media input fields 1404 associated with social media pane 1406.
  • the plurality of social media input fields 1404 may include information such as but not limited to: social media names, types, capture data, parent site, etc.
  • GUI 1400 may further provide a plurality of native voice input fields 1408 associated with native voice pane 1410.
  • the plurality of native voice input fields 1408 may include information such as but not limited to: name in English, recording type, capture data, format type, etc.
  • FIG. 15 illustrates an example of a triage page of a GUI 1500 associated with a profile platform, according to an embodiment.
  • GUI 1500 provides a menu bar 1502, showing that the "Mission Triage" option has been selected.
  • GUI 1500 further provides a plurality of graphics 1504, including bar charts, pie charts, alerts, status charts, etc.
  • the plurality of graphics 1504 may visually represent and summarize data presented pane 1506.
  • the data presented in pane 1506 may provide day-to-day system management information and/or a list of actionable content or statistics. As should be appreciated, any appropriate data or information pertinent to triaging the profile platform may be presented.
  • FIG. 16 illustrates one example of a suitable operating environment in which one or more of the present embodiments may be implemented.
  • FIG. 16 and the additional discussion in the present specification are intended to provide a brief general description of a suitable computing environment in which the present invention and/or portions thereof may be implemented.
  • the embodiments described herein may be implemented as computer-executable instructions, such as by program modules, being executed by a computer, such as a client workstation or a server.
  • program modules include routines, programs, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types.
  • the invention and/or portions thereof may be practiced with other computer system configurations, including hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers and the like.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote memory storage devices.
  • Figure 16 illustrates one example of a suitable operating environment 1600 in which one or more of the present embodiments may be implemented. This is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality.
  • Other well-known computing systems
  • environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers, server computers, hand-held or laptop devices,
  • operating environment 1600 typically includes at least one processing unit 1602 and system memory 1604.
  • system memory 1604 storing, among other things, a profile platform 1608 (e.g., implemented by a profile management application) for performing the methods disclosed herein, etc.) may be volatile 1604 A (such as RAM), non-volatile 1604B (such as ROM, flash memory, etc.), or some combination of the two.
  • a profile platform 1608 e.g., implemented by a profile management application
  • This most basic configuration is illustrated in FIG. 16 by dashed line 1606.
  • environment 1600 may also include storage devices (removable 1610, and/or non-removable 1612) including, but not limited to, magnetic or optical disks or tape.
  • environment 1600 may also have input device(s) 1614 such as keyboard, mouse, pen, voice input, etc. and/or output device(s) 1616 such as a display, speakers, printer, etc. Also included in the environment may be one or more communication connections 1618, such as LAN, WAN, point to point, etc.
  • input device(s) 1614 such as keyboard, mouse, pen, voice input, etc.
  • output device(s) 1616 such as a display, speakers, printer, etc.
  • communication connections 1618 such as LAN, WAN, point to point, etc.
  • Operating environment 1600 typically includes at least some form of computer readable media.
  • Computer readable media can be any available media that can be accessed by processing unit 1602 or other devices comprising the operating
  • Computer readable media may comprise computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Computer storage media includes, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible medium which can be used to store the desired information.
  • Computer storage media does not include communication media.
  • Communication media embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
  • modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer readable media.
  • the operating environment 1600 may be a single computer operating in a netw r orked environment using logical connections to one or more remote computers 1620.
  • the remote computers 1620 may be personal computers, servers, routers, network PCs, peer devices or other common network node, or any combination thereof, and typically include many or all of the elements described above as well as others not so mentioned.
  • the logical connections may include any method supported by available communications media. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
  • FIG. 17 illustrates an information fiow r diagram 1700.
  • Flow diagram 1700 illustrates a flow of information from an applicant 1701 to various entities and individuals authorized for access to the system.
  • applicant 1701 may be an applicant for benefits or other access to the system, e.g., an individual seeking access through a national border, an individual apprehended by law enforcement, and the like.
  • Enrollment administrator 1702 may be an authorized individual for obtaining enrollment information from applicant 1701, including but not limited to biographic data.
  • enrollment administrator 1702 may capture one or more biometric samples or biometric data from applicant 1701 (e.g., finger prints, native voice, iris scan, DNA sample, etc.).
  • biometric samples and/or biometric data may be obtained by technician 1704, who may be an authorized technician internal to the ID-NAS organization or authorized under contract with various third party suppliers 1710 to the ID-NAS organization.
  • technician 1704 may provide biometric data to the ID-NAS platform 1706 and/or open a trouble ticket (e.g., when biometric data cannot be validated), technician 1704 may not have access to the ID-NAS platform 1706 for obtaining addition information regarding the applicant 1701 and/or searching other applicants.
  • Any biographic or biometric data obtained regarding applicant 1701 may be securely compiled within a Person Centric Profile views (not shown) for applicant 1701 and stored within one or more data structures of the ID-NAS platform 1706. Some or a portion of the identifying information stored in the Person Centric Profile views may be provided to applicant 1701 in the form of an enrollment card 1714, allowing for streamlined identification of applicant 1701 after enrollment (e.g., for obtaining border access, public benefits, etc.).
  • the ID-NAS platform 1706 may provide access to such data structures via one or more interfaces.
  • the interfaces enable authorized personnel (e.g., administrator 1702) and/or authorized entities (e.g., authorized organizations 1708) to access the Person Centric Profiles of the ID-NAS platform 1706.
  • enrollment administrator 1702 may utilize the interfaces to enroll applicants and conduct mission triage (e.g., identification of an unknown individual), search Person Centric Profile view r s for related individuals, match an individual with an existing Person Centric Profile, generate reports, conduct inventory management, etc.
  • authorized entities e.g., authorized organization 1708
  • the ID-NAS platform 1706 may further be associated with a services interface messaging (SIM) service 1710 for providing notifications to authorized individuals and/or entities.
  • SIM services interface messaging
  • FIG. 18 illustrates a tiered architecture 1800 of the ID-NAS platform.
  • Tiered architecture 1S00 illustrates a layered structure of the ID-NAS platform.
  • the second layer, data layer 1808 includes the core data services framework application program interfaces (APIs), which allow for operating on the data to ensure quality, validate authorizations, and conduct operations such as calculations, sorting, combining, connecting, etc.
  • APIs application program interfaces
  • Data layer 1808 also includes a number of managing applications or modules, including a transaction manager, metadata manager, and a compiler and process manager.
  • the third layer, business logic layer 1810 includes an error handling services API, document manager, biometrics match services API, component manager, workflow manager and interface mapping manager.
  • the fourth layer, presentation layer 1812 includes an audit and alert manager, web forms user interface (UI), event manager, secure access services API, report services API and user controls and configuration manager.
  • the sendees interface messaging 1804 communicates with each of the various layers to provide notifications and alerts to authorized individuals and entities, as will be described further below.
  • the tiered architecture of the disclosed ID-NAS platform provides a number of benefits and advantages. For example, based on the various APIs and interfaces provided, as well as the integration of security and verification of authorized individuals, the tiered architecture is service-oriented and available twenty-four hours a day, seven days a week.
  • the platform allows identity management services across the enterprise and offers interoperability with third-party stakeholders.
  • the modular system employs a local service bus to allow for plug-in integration and load balancing across datacenters (e.g., in a cloud computing environment).
  • the extensive operational architecture enables operations and maintenance (O&M) costs to remain low.
  • the integrated system allows for secure data storage and reporting.
  • the service-oriented architecture (SO A) is standard XML-based services enabled.
  • the tiered architecture further provides a path to NIEM compliance and may be fully integrated with current government-approved technologies .
  • FIG. 19 illustrates a services interface messaging system 1900 of the disclosed ID-NAS platform.
  • the sendees interface messaging (SIM) system 1900 provides a set of identity management sendees to authorized individuals and/or authorized entities. For example, SIM establishes common interfaces, specifications and mechanisms between the ID-NAS platform 1912 and other identity management systems and third-party biometrics providers (collectively, third party providers 1914). In aspects, SIM builds on the National Information Exchange Model (NIEM) 1918 as its standard XML-based messaging format, enabling international interoperability. Additionally, SIM leverages existing web services specifications 1916 (e.g., RESTful, SOAP, WSDL) for biographical and biometric data transmissions. SIM users may choose specific service levels for service requests and sendee responses and may customize such requests via a variety of user options.
  • NIEM National Information Exchange Model
  • SIM provides tool access 1902 by domain and by role (e.g., of an authorized administrator or other authorized user).
  • SIM further provides reports 1904, including but not limited to site statistics, scheduling conflicts, etc.
  • Alerts 1906 may be provided via workflow emails or other notification method.
  • An event manager 1908 e.g., for monitoring enrollments, searches, matches, etc.
  • An event manager 1908 may manage any number of create, read, update, delete (CRUD) events to the system.
  • a component manager 1910 integrates the system across authorized users, authorized organizations, domains, locations, etc.
  • FIG. 20 illustrates a core data sendees framework 2000.
  • the core data sendees framew r ork 2000 involves a number of interactive components.
  • an authorized individual 2002 e.g., enrollment administrator, technician, or other authorized user
  • may enter data into the system e.g., biographical data during enrollment, biometric test results, etc.
  • may search or otherwise access the system e.g., mission triage, matching, reporting, inventory management, etc.
  • Such authorized individual 2002 may interface with a business rules engine 2004 that is layered on and in communication with a database layer 2008.
  • the business rules engine 2004 may further include or communicate with various other components, such as a demand signal calculator, an integrated common vocabulary module, the services interface messaging (SIM) system, data type information, etc.
  • SIM services interface messaging
  • the database layer 2008 may include various manager applications and data structures, such as but not limited to a configuration manager, biometric property manager, content manager, search admin manager and data stores.
  • the business rules engine 2004 may further communicate with a demand signal component 2010, which includes demand estimates and leadership weighting factors.

Abstract

The system is built around robust, person-centric profile views, including biographic and multimodal biometrics data, which reside in a secure database (compatible with existing government systems and protocols) and facilitates prompt, accurate and secure data sharing and searching. In particular, the collection and authentication of biometric data is implemented as part of a multimodal biometric profile. For example, the system leverages mainstream technology advances that allow DNA to be inexpensively and non-invasively collected from applicants (e.g., a cheek swab) as quickly and easily as obtaining fingerprint data, but providing highly superior identity verification. By coupling multimodal biometrics with near immediate authentication of an applicant's true identity (e.g., by leveraging known offender databases storing biometric DNA datasets), the system is able to (1) bolster confidence for kinship claims, reducing the occurrence of fraudulent claims for services; (2) strengthen identity verification; and (3) promptly and accurately identify potentially nefarious individuals.

Description

A SECURE IT ECOSYSTEM FOR IMPLEMENTING AN AUTOMATED PERSON CENTRIC (BIOMETRIC AND BIOGRAPHIC) PROFILE PLATFORM
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is being filed on 29 August 2018, as a PCT International patent application, and claims priority to U.S. Provisional Patent Application No.
62/551 ,408, filed August 29, 2017, the disclosure of which is hereby incorporated by reference herein in its entirety.
BACKGROUND
[0002] Many nations in the international community face challenges in welcoming travelers and immigrants, while identifying and preventing entry by criminals, human traffickers, and other persons potentially posing a risk to national security. Current systems for screening and storing data regarding individuals are fragmented, non-uniform and incomplete, permitting and even facilitating fraud, human trafficking and terrorism. A secure and intraoperative system that ensures data integrity while providing robust search capabilities should be developed to address vetting and screening processes across the globe.
[0003] It is with respect to these and other general considerations that embodiments have been described. Also, although relatively specific problems have been discussed, it should be understood that the embodiments should not be limited to solving the specific problems identified in the background.
SUMMARY
[0004] The present disclosure introduces systems, models and methods for providing Person Centric Profile views of an individual, including collected unified data points associated with the individual consisting of biometrics and biographies, as well as other key personally related datasets, which resides in a secure database infrastructure platform ecosystem that has a unique capability to synchronize with any approved and authorized Identity Management IT system managed by any approved/authorized government agency and allows for secure sharing, searching, transforming, matching, and integrating of datasets.
[0005] The need for an effective and stable Identity Management System that enables data capture, enrollment, matching, transformation and searching has become an integral part of the information technology enterprise. These solutions boost productivity and bolster overall security postures. The unique IT solution described herein provides a robust, decentralized information technology ecosystem that enables the fusion of stable biometrics (utilizing voice, facial, iris, fingerprint, DNA and other biometric modality datasets), coupled with core sets of valuable unique biographic datasets, using the latest Big Data infrastructure architecture and engineering.
[0006] As described herein, a platform is provided for compiling and retrieving comprehensive identity management datasets for near instantaneous screening and verification of individuals and their relationships. The secure and searchable identity management infrastructure is built on person centric datasets (including a unique combination of core biometric and biographic data) that can be linked based on established relationships between individuals. The system captures, enrolls, searches, transforms, matches and, when required, alerts authorities via a decentralization Big Data architecture that allows for flexible data sharing, e.g., by replicating infrastructure nodes, thereby minimizing infrastructure requirements. Additional benefits include curtailing manual intervention in aggregating, updating, matching and sharing identity management data between entities (such as different approved governmental agencies, branches and divisions of law enforcement, judicial institutions, border control, etc.). Further, the platform provides rigorous searching, reporting, record matching, alerting and auditing capabilities that are cost effective and highly intuitive, while also providing
comprehensive and timely verification of individuals and their connections and relations.
[0007] The systems and methods herein provide a reliable, redundant, scalable and cost-effective identity data management system that may be housed in a cloud computing environment or in any government-specified datacenters. Biometric and biographic datasets are collected, verified and securely stored, fully complying with global standards such as National Information Exchange Model (NIEM). The centralized compilation of person centric datasets, as well as a multi-faceted encryption protocol, enables expeditious and secure sharing, enrollment, analysis, transformation and matching, thereby
establishing an individual's identity and relationships at the onset of adjudication for any benefit-type, strengthening border control, law enforcement and anti-terrorism efforts, and minimizing security and information gaps.
[0008] For instance, in light of the issues outlined above, the coll ecti on and authentication of biometric data (such as voice, facial, iris, fingerprint, DNA and or other biometric modalities data) may be implemented as part of a multimodal biometric profile. For example, the system leverages mainstream technology advances that allow DNA to be inexpensively and non-invasively collected from applicants (e.g., merely requiring a cheek swab) as quickly and easily as obtaining fingerprint data, but providing highly superior identity verification. By coupling multimodal biometrics with near immediate
authentication of an applicant's true identity (e.g., by leveraging known offender databases storing biometric DNA data), the system is able to (1) bolster confidence for kinship claims, reducing the occurrence of fraudulent claims for services; (2) strengthen identity verification; and (3) promptly and accurately identify potentially nefarious individuals.
[0009] In aspects, a system is provided that includes a processing unit and a memory. The memory stores computer executable instructions that, when executed by the processing unit, cause the system to perform one or more operations. The one or more operations include receiving at least one of attributed data and biographical data for a first individual and receiving biometric data for the first individual. The one or more operations further include determining whether the biometric data is validated and, in response to determining that the biometric data is validated, creating a first profile for the first individual. Additionally, based at least in part on the biometric data, the system identifies a familial relationship between the first individual a second individual and updates the first profile for the first individual to indicate the familial relationship with the second individual.
[0010] This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011] Non-limiting and non-exhaustive examples are described with reference to the following Figures.
[0012] FIG. 1 A is a schematic diagram illustrating a first system for implementing a person centric (biometiic combined with biographic) profile database and search platform, in accordance with aspects of the disclosure.
[0013] FIG. IB is a schematic diagram illustrating a second system for implementing a person centric (biometric combined with biographic) profile database and search platform, in accordance with aspects of the disclosure.
[0014] FIG. 2 illustrates an exemplary method for incorporating and mashing biometric and biographic data into a person centric profile views, in accordance with aspects of the disclosure. [0015] FIG. 3 illustrates an exemplar ' method for incorporating biometric data and verified familial relationships into a person centric profile views, in accordance with aspects of the disclosure.
[0016] FIG. 4 illustrates an exemplary method for searching and matching an unknown individual with data stored within a profile store, in accordance with aspects of the disclosure.
[0017] FIG. 5 illustrates an example login page of a graphical user interface (GUI) associated with a profile platform, according to an embodiment.
[0018] FIG. 6 illustrates an example of a landing page of a GUI associated with a profile platform, according to an embodiment.
[0019] FIG. 7A illustrates an example dropdown menu for a landing page of a GUI associated with a profile platform, according to an embodiment.
[0020] FIG. 7B illustrates a number of example dropdown menus for a landing page associated with a profile platform, according to an embodiment.
[0021] FIG. 8 illustrates an example of a biographic enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0022] FIG. 9 illustrates an example of a relationship enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0023] FIG. 10 illustrates an example of a person characteristics enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0024] FIG. 11 illustrates an example of a documentation enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0025] FIG. 12 illustrates an example of a review enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0026] FIG. 13 illustrates an example of a biometric enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0027] FIG. 14 illustrates an example of a social media enrollment page of a GUI associated with a profile platform, according to an embodiment.
[0028] FIG. 15 illustrates an example of a triage page of a GUI associated with a profile platform, according to an embodiment.
[0029] FIG. 16 illustrates one example of a suitable operating environment in which one or more of the present embodiments may be implemented. [0030] FIG. 17 illustrates an information flow diagram, in accordance with aspects of the disclosure.
[0031] FIG. 18 illustrates a tiered architecture 1800 of the ID-NAS platform, in accordance with aspects of the disclosure.
[0032] FIG. 19 illustrates a services interface messaging feature of the disclosed ID- NAS platform, in accordance with aspects of the disclosure.
[0033] FIG. 20 illustrates a core data services framework, in accordance with aspects of the disclosure.
DETAILED DESCRIPTION
[0034] In the following detailed description, references are made to the
accompanying drawings that form a part hereof, and in which are shown by way of illustrations specific embodiments or examples. These aspects may be combined, other aspects may be utilized, and structural changes may be made without departing from the present disclosure. Embodiments may be practiced as methods, systems or devices.
Accordingly, embodiments may take the form of a hardware implementation, an entirely software implementation, or an implementation combining software and hardware aspects. The following detailed description is therefore not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims and their equivalents.
[0035] As described above, the disclosure generally relates to a platform and data structure for compiling and retrieving comprehensive identity management datasets to enable near instantaneous screening and verification of individuals and their relationships. The system is built around robust, person-centric individual profiles, including biographic and multimodal biometrics datasets, which reside in a secure Big Data infrastructure that is compatible with existing government systems and protocols and facilitates prompt, accurate and secure data sharing and searching. In particular, the collection and
authentication of biometric data (such as voice, facial, iris, fingerprint, and/or DNA data) is implemented as part of a multimodal biometric profile. For example, the system leverages mainstream technology advances that allow DNA to be inexpensively and non- invasively collected from applicants as quickly and easily as obtaining fingerprint data, but providing highly superior identity verification. By coupling multimodal biometrics with near immediate authentication of an applicant's true identity (e.g., by leveraging known offender databases storing biometric DNA data), the system is able to (1) bolster confidence for kinship claims, reducing the occurrence of fraudulent claims for services; (2) strengthen identity verification; and (3) promptly and accurately identify potentially nefarious individuals.
[0036] FIGS. 1 A and IB are schematic diagrams illustrating systems 100 A and 100B for implementing a person centric (biometric combined with biographic) profile database and search and match platform, in accordance with aspects of the disclosure.
[0037] As illustrated by FIG. 1A, one or more client computing devices 106 A and one or more client computing devices 106B may interface via API 158 with a profile platform 1 18 (e.g., within cloud computing environment 150) to enroll and query individuals in a multimodal biometric profile database (e.g., profile store 138). In a basic configuration, the one or more client computing devices 106 A and 106B may be personal or handheld computers having both input elements and output elements for
communicating with the profile platform 1 18 over a network. For example, the one or more client computing devices 106A and 106B may include one or more of: a mobile telephone; a smart phone; a tablet; a phablet; a smart watch; a wearable computer; a personal computer; a desktop computer; a laptop computer; a gaming device/computer; a television; and the like. This list is exemplary only and should not be considered as limiting. Any suitable client computing device for accessing the profile platform 118 may be utilized. In at least some aspects, client computing devices 106A and 106B may be remotely located from one another; and in further aspects, client computing devices 106 A and 106B may be located internationally.
[0038] In a basic configuration, the one or more client computing devices 106A and 106B are operated by one or more users 104 A (e.g., an authorized process administrator and/or technician) and 104B (e.g., an authorized querying user). For example, upon entering appropriate security credentials which are validated by security module 122, a user 104A may access client computing device 106 A to input biographic data regarding an applicant 102 A into an enrollment interface provided by API 158 of profile platform 1 18. Applicant 102 A may be of any age, ethnicity or gender. In particular, a process administrator (e.g., user 104 A) may capture rapid multimodal biometrics and biographic datasets from individuals (e.g., applicant 102 A) into an intuitive user friendly interface (e.g., API 158). This creates a unique, person-centric profiling view, which feeds into the larger profile platform 1 18. Within the profile platform 118, the latest individual datasets (e.g., person centric profile views) are automatically registered, tagged and stored through a ledger Big Data infrastructure in a profile store 138, which is maintained securely in a cloud environment 150. The profile store 138 is managed by the profile platform 118 (e.g., via database layer 128 and/or data layer 130), which enables enrollment (e.g., applicant data input), searching and/or matching, validation and/or authentication, reporting, notifications and alerts (e.g., SIM), etc., (e.g., via business logic layer 132A and/or presentation layer 134B) regarding individuals. In particular, profile platform 1 18 may comprise one or more of a database layer 128, a data layer 130, a business logic layer 132, and a presentation layer 134. As described more fully with reference to FIG. 18, each layer of the profile platform 118 may involve one or more additional components, managers, APIs, etc. The profile platform 1 18 is executed on one or more servers 108 within cloud environment 150.
[0039] Additionally, the same or different user 104B (e.g., an authorized querying user), upon entering appropriate security credentials which are validated by security module 122, may access client computing device 106B to enter a query via a search interface of API 158 regarding an unknown individual 102B into profile platform 118. Unknown individual 102B may be a new applicant for benefits, an individual seeking access through a national border, an individual apprehended by law enforcement, and the like. In aspects, user 104B seeks to verify the identity and/or relationships of unknown individual 102B. By querying the profile platform 118, user 104B may determine whether profile store 138 includes a person centric profile views for the unknown individual 102B and/or whether other persons are related to the unknown individual 102B (e.g., by accessing the presentation layer 134 and/or the business logic layer 132). In some cases, biometric data may be collected from unknown individual 102B and used to identify matching biometric data stored by profile store 138. In this way, user 104B is able to verify the identity and/or relationships of unknown individual 102B. In aspects, client computing device 106A may be the same or different device as client computing device 106B. That is, API 158 may be accessible by the same or different client computing devices 106A and 106B.
[0040] In aspects, data may be viewed on client computing devices 106 A and/or 106B via a dashboard provided by API 158 for profile platform 1 18. In aspects, profile platform 118 may be hosted on the memory and processing infrastructure of servers 108. In further aspects, the data flowing into (e.g., via an enrollment interface provided by API 158) and out of (e.g., via a search interface provided by API 158) profile platform 118 is encrypted, e.g., in an XML Message Structure. For example, the system double encrypts the data in order to provide additional security protection for data at any stage, e.g., including input/enrollment, verification, compiling/storage, sharing, searching/matching, etc. In particular, a four-tiered, key managed-based architecture for encryption is provided, including data encryption keys, database encryption keys, at least one cluster encryption key, and at least one master encryption key. Data encryption keys encrypt data blocks in a cluster, where each data block is assigned a randomly-generated 256-bit key. In aspects, a cluster may refer to any isolated or partitioned set of data (e.g., maintained for a particular governmental agency, an international government or agency, etc.). Database keys encrypts data encryption keys for a cluster. Each database key is a randomly-generated 256-bit key that is stored on disk in a separate network and encrypted by the master encryption key. A cluster key encrypts the database key for a cluster, with the ID-NAS cluster having its own cluster key. The master key encrypts each cluster key. The master key encrypts the cluster-key-encrypted database key if the cluster key is stored by ID- NAS.
[0041] When data input cannot be verified or validated (e.g., due to contamination of a biometric sample, insufficient biometric sample, conflicting data, etc.), a trouble ticket may be opened. Additionally, statistical data reports may be generated by the business logic layer 132 and provided to users 104A and/or 104B via the dashboard associated with the presentation layer 134 of API 158, allowing for delivery of detailed analysis and statistical findings to authorized organizations.
[0042] As detailed above, the profile platform 118 may be implemented by one or more server computing devices 108, e.g., within a cloud-based computing environment 150. In some aspects, the one or more client computing devices 106A/B and the one or more server computing devices 108 may communicate over a network. For example, the network may include multiple networks, e.g., an enterprise intranet, the Internet, etc. In this regard, the network may include a Local Area Network (LAN), a Wide Area Network (WAN), the Internet, and communication may be conducted via wireless and/or wired transmission mediums. In further aspects, the one or more client computing devices 106 A and/or 106B, the one or more server computing devices 108, may communicate with some components of the system via a local network (e.g., an enterprise intranet) and may communicate with other components of the system via a wide area network (e.g., the Internet). In addition, the aspects and functionalities described herein may operate over distributed systems (e.g., a cloud-based computing environment 150), where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet. [0043] In a basic configuration, each server computing device 108 may include at least a processing unit and a system memory for executing computer-executable instructions, e.g., a profile management application, for implementing the profile platform 118. The profile platform 1 18 may provide one or more interfaces (e.g., via API 158) to enable users 104A and/or 104B to enroll applicants and/or query applicants in the multimodal biometric profile store 138.
[0044] Additionally, system 100 A provides a testing instrument 110 (or a testing service 110) for providing results based on a biological sample from applicant 102A and/or unknown individual 102B. The biological sample may be a cheek swab, hair sample, blood sample, saliva sample, voice sample, photograph, fingerprint, or otherwise. In aspects, the testing instrument 110 (or testing service 110) may be configured to analyze and verify the biological sample and provide a result (e.g., a DNA report, a blood type, a voice analysis, iris analysis, etc.). For instance, the biological sample may be a cheek swab of applicant 102A conducted by user 104A (e.g., authorized process administrator or technician) and/or unknown individual 102B conducted by user 104B (e.g., authorized querying user). Upon collection, the biological sample may be securely transported from the user 104 A (and/or user 104B) to the testing instrument 1 10 (or testing service 110). Alternatively, the biological sample may be a cheek swab of applicant 102 A (and/or unknown individual 102B) conducted by an authorized technician (not shown) associated with and/or operating testing instrument 1 10. In aspects, the results may be securely delivered to client computing devices 106A or 106B (e.g., via encrypted transmission over a network) and then securely delivered to profile platform 118 (e.g., via encrypted transmission over a network), or the results may be securely and directly delivered to profile platform 1 18 (e.g., via encrypted transmission over a network) by testing instrument 1 10 (or testing service 110).
[0045] As detailed above, the latest individual datasets are automatically registered, tagged and stored in profile store 138, which is maintained securely in a multitier cloud environment 150. Additionally, profile store 138 may be partitioned into two or more isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B, one for a first cluster and one for second cluster and or more, respectively. In this way, different entities (e.g., different governmental departments or agencies, different international governments, different municipalities or states, different law enforcement agencies, etc.) may maintain multimodal biometric profiles independently of other entities within an encrypted cluster. Information stored in isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B may be shared, but is not required to be shared, between entities. An additional layer of the profile platform 118, cluster manager 154, may manage the isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B for different entities, and may also serve to facilitate sharing of profiles upon request and authorization between entities. As should be appreciated, the isolated cluster of Big Data infrastructure (multiple databases) 156A and 156B may be formatted with the same data structure (e.g., a person centric profile views structure). In this case, profile data within either isolated cluster of Big Data infrastructure (multiple databases) 156A or 156B may be easily shared and/or queried, enabling cross-entity searches, matches, validation and reports on findings. For example, upon authorization, user 104B (e.g., authorized querying user) may utilize one or more client computing devices 106B to interface with profile platform 118 to query applicant profiles in one or more isolated cluster of Big Data infrastructure (multiple databases) 156A''B stored in profile store 138.
[0046] With reference to FIG. IB, user 104A (e.g., authorized process administrator) may utilize one or more client computing devices 106 A to interface with a profile platform 118 to enroll an applicant 102 A in a multimodal biometric profile database. In this case, API 158 may be executed on the client computing device 106A. That is, a client version of a profile management application program interface (API) may be downloaded to client computing device 106A in order to interface with profile platform 1 18 executing within cloud computing environment 150. While for security and lightweight infrastructure reasons, it may be preferable to interface with the profile platform 1 18 via a browser (as illustrated by FIG. 1 A), other configurations (e.g., as illustrated by FIG. IB) may be implemented without departing from the systems and methods described herein. In the embodiment illustrated by FIG. IB, API 158 may be a lightweight client installation that may facilitate security and communication between client device 106A (and or client device 106B). For instance, users 104A/104B may input credentials that may be authenticated by a security module API (e.g., in communication with security module executing within profile platform 1 18). API 158 may provide for receiving biographical and/or biometric datasets from user 104 A (e.g., about applicant 102A) and/or for receiving a query from user 104B (e.g., regarding unknown individual 102B, and/or for generating reports, analyzing statistics, etc.) and interfacing with various layers of the profile platform 1 18. As discussed with reference to FIG. 1 A, a biological sample collected from applicant 102 A (and/or unknown individual 102B, not shown) may be analyzed by testing instrument 1 10 (or testing service 1 10) and the results may be securely delivered to client computing devices 106A/106B or directly delivered to profile platform 1 18.
[0047] API 158 may further provide a dashboard for presenting reports, alerts, results, etc., to user 104A and/or user 104B, in conjunction with functionality associated with business logic layer API 132B and/or presentation layer API 134B. In cases where biometric data cannot be validated, a trouble ticket may be accessed by user 104A and/or user 104B to report the issue, generate a request for another biological sample, etc. In particular, the various components of API 158 may interface with profile platform 1 18, which may comprise a multi-tiered architecture including one or more of a database layer 128, a data layer 130, a business logic layer 132Aand/or a presentation layer 134A, as discussed with respect to FIG. 1A. The profile platform 1 18 is executed on one or more servers 108 within cloud environment 150. As described with reference to FIG. 1 A, profile platform 118 may compile person centric profiles in profile store 138, which may be partitioned into a plurality of isolated entity databases for a plurality of entities (not shown).
[0048] With reference to the above challenges associated with quickly and accurately identifying individuals and/or familial relationships of individuals, the present methods and systems provide unique and comprehensive solutions. For instance, the methods and systems describe a fundamental integration of biometric data with biographical data to easily create and quickly and accurately verify person centric profiles. In aspects, DNA testing may offer benefits over other biometric identifiers (e.g., fingerprints, iris recognition, voice recognition). For example, DNA analysis can reliably confirm or refute claimed biological relationships. The unique and permanent person centric profile views data structure disclosed herein ensures objective and efficient border controls, eliminating questions of identity from manual and independent assessment by border guards or other officials to a neutral, robust and automated procedure. In this way, comprehensive person centric profile views can be used to detect nefarious individuals, document falsification, unlawful entry and transport of humans by traffickers, etc.
[0049] Proof of identity (POI) may be based on three classic types of identity attributes, including biometric datasets (e.g. fingerprints), attributed datasets (e.g. full name), and biographical data (e.g. education or employment history). Traditionally, POI has primarily relied on attributed data and biographical datasets, but this approach has been undermined by an ability to easily compromise POI documentation. In contrast, biometric markers (e.g., DNA markers) have long identified criminals and may be similarly employed to identify potential terrorists, known human traffickers attempting to travel under false identities, etc.
[0050] In aspects, recent advancements in DNA testing allow for automating and integrating DNA testing processes employed by forensic laboratories with identity verification processes employed by various entities within a reasonable time frame. DNA instruments analyze a predetermined set of markers (e.g., Short Tandem Repeats (STR) using 27 specific locations). The number of and type of location may be chosen according to any suitable protocol, algorithm, statistical analysis, or otherwise, to ensure that no physical traits, race, ethnicity, disease susceptibility, medical information, or any other sensitive information, may be concealed. In aspects, a DNA instrument (e.g., testing instrument 1 10) may be brought to the field (e.g., associated with user 104A and/or user 104B) at the point of collection, reducing chain of custody, contamination and security issues associated with transport. Secure authentication of the technician (e.g., user 104A and/or user 104B) may be implemented, as well as encryption of any personally identifiable information (PII) fed into the machine.
[0051] In further aspects, DNA instrument (e.g., testing instrument 1 10) components may merely involve a collection swab, an integrated biochip and the testing instrument itself. Testing instrument 110 may be easily transportable and fully automated, from inserting the biological sample to obtaining the results. In addition to validating applicant identity, DNA instruments may confirm parent-child relationships with a high degree of accuracy (up to 99.999999% probability of accurate confirmation), exposing false family- relationship claims (e.g., for requesting public benefits, etc.). Further, DNA testing allows for processing five samples at once, generating DNA results in as few as 90 minutes. Additionally, overall cost savings may be realized by reducing multi-million dollar laboratories into a portable field collection and processing device.
[0052] As should be appreciated, the various devices, components, etc., described with respect to FIGS. 1 A and IB are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[0053] FIG. 2 illustrates an exemplary method 200 for incorporating biometric datasets into a person centric profile views, in accordance with aspects of the disclosure.
[0054] Method 200 may begin with operation 202, where an enrollment application may be created. As described above, upon receiving and authenticating security credentials, a process administrator or technician (e.g., user 104A) may initiate an enrollment application and input biographic datasets regarding an applicant (e.g., applicant 102A) into an enrollment interface of a profile platform (e.g., profile platform 118). For example, the applicant may be an individual seeking public benefits, a passport or visa, entry into a national border facility, heightened security clearance, etc. The enrollment interface may resemble interfaces illustrated by FIGS. 8-14, for example.
[0055] At collect operation 204, the process administrator (e.g., user 104 A) or a technician at a testing facility may capture biometric information for the applicant (e.g., applicant 102A). For instance, the process administrator (or a technician) may collect a biological sample from the applicant. The biological sample may be a cheek swab, hair sample, blood sample, saliva sample, voice sample, facial photograph, iris scan, or otherwise.
[0056] At optional load operation 206, the process administrator may load the biometric sample into a secure vehicle. For example, if the process administrator is in the field (e.g., at a border facility, at a crime scene, or otherwise), it may be necessary to preserve the biological sample (e.g., from contamination, deterioration, etc.) and/or the chain of custody for the biological sample, during transport. Additionally, or alternatively, some testing devices may require a particular vehicle for delivering the biological sample to the device. For example, the secure vehicle may be a vacuum-sealed vial, a secure memory device (e.g., a secure/encrypted flash drive storing photographs, voice recordings, etc.), a secure biochip, etc. In other aspects, loading the biological sample into a secure vehicle may be unnecessary (e.g., if the biological sample is collected by a technician at a testing facility and delivered directly to a testing instrument). In some aspects, a process administrator (or technician) may load a secure biochip with multiple biological samples (e.g., multiple cheek swabs from different applicants) and may deliver the biochip to a DNA instrument.
[0057] At optional transport operation 208, the biological sample may be securely transported to a testing instrument. For example, if the process administrator is in the field (e.g., at a border facility, at a crime scene, or otherwise), it may be necessary to securely transport the biological sample to a testing facility. Additionally, or alternatively, the testing facility may be remote (e.g., a third-party laboratory) from the process
administrator (e.g., associated with a governmental agency) and it may be necessary to securely transport the biological sample to the remote testing facility. In other aspects, the testing instrument (e.g., a DNA instrument) may be taken into the field and/or provided on-site within a governmental agency, hi this case, transport of the biological sample may not be necessary. In aspects, the testing instrument may be configured to analyze and verify the biological sample and provide results regarding the applicant.
[0058] At receive operation 210, results of analyzing the biological sample may be securely received from the testing instrument (or testing service). The results may include, for example, a DNA report, a blood type, a voice analysis, iris map analysis, etc. The results may be securely received by the process administrator or directly by the profile platform from the testing instrument (or testing service). For example, the results may be encrypted and transmitted over a secure network.
[0059] At determination operation 212, it may be determined whether the results are validated. In some cases, the results may suggest that the biological sample was contaminated, deteriorated (e.g., by heat exposure, sample age, etc.), or otherwise insufficient (e.g., sample size was insufficient for testing, etc.). In other cases, the results may suggest a discrepancy between other biological data for an individual (e.g., a claimed relationship may not be substantiated by the results). In this case, the method may progress to open operation 214. Alternatively, the results may be validated, i.e., the results may not suggest any issues with the biological sample and/or discrepancies with other biological data for the individual, and the method may progress to input operation 216.
[0060] At open operation 214, a trouble ticket may be opened when results of testing the biological sample suggest a discrepancy. In aspects, discrepancies may occur for a variety of reasons. For example, issues may arise with respect to the biological sample itself - such as but not limited to an inadequate amount of the biological sample for testing, degraded biological sample (e.g., due to heat, light, age, etc.), contaminated sample, and the like. Alternatively, issues may arise with respect to human error, negligence, etc. - such as but not limited to violations with respect to chain of custody, improper laboratory testing protocols, improper collection techniques, inaccurate data entry or data transmission, and the like. Alternatively still, discrepancies may arise from nefarious human intervention - such as but not limited to switching the biological sample for that of another individual, purposefully altering results, purposefully inaccurately recording or inputting results, and the like. Depending on the discrepancy, the trouble ticket may call for different responsive actions, such as but not limited to recollection of a biological sample, retesting of the biological sample, verification of conflicting
biographical data, evaluation of testing protocol, investigation of the chain of custody, etc. In at least some cases, the method may return to collect operation 204 for recollection of a biological sample.
[0061] At input operation 216, the results may be input into pre-formatted fields of a person centric profile views. Such input may occur automatically upon verification of the results or may occur manually via data entry. In aspects, to minimize human error and/or illicit behavior, results may automatically populate the pre-formatted fields of the person centric profile via a direct transmission from the testing instrument itself (or the testing service). In this case, the results may be verified by one or more components of the profile platform, e.g., based on an expected type or array of result data, based on other biological data associated with a person centric profile, etc.
[0062] At store operation 218, the biometric dataset associated with the results of testing a biological datasets sample may be stored in the person centric profile views for an applicant (e.g., applicant 102 A). The person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in an encrypted cloud environment. The profile store may be managed by the profile platform, which enables searching, matching, validation and reporting to be executed on the person centric profile.
[0063] As should be appreciated, operations 202-218 are described for purposes of illustrating the present methods and systems and are not intended to limit the disclosure to a particular sequence of steps, e.g., steps may be performed in differing order, additional steps may be performed, and disclosed steps may be excluded without departing from the present disclosure.
[0064] FIG. 3 illustrates an exemplary method for incorporating biometric datasets and verified familial relationships into a person centric profile views, in accordance with aspects of the disclosure.
[0065] Method 300 may begin with operation 302, similar to operation 202, where an enrollment input may be received. As described above, upon receiving and
authenticating security credentials, a process adminisuator or technician (e.g., user 104A) may initiate an enrollment application and input biographic data regarding an applicant (e.g., applicant 102A) into an enrollment interface of a profile platform (e.g., profile platform 1 18). For example, the applicant may be an individual seeking public benefits, a passport or visa, entry into a national border facility, heightened security clearance, etc. The enrollment interface may resemble interfaces illustrated by FIGS. 8-14, for example. [0066] At receive operation 304, biometric data may be received for an applicant. Biometric data may include but is not limited to a voice analysis, facial mapping, iris mapping, fingerprint, and/or DNA report (e.g., based on a set of DNA markers). In aspects, the biometric datasets may be based on a tested biological sample of the individual that is securely transmitted to the profile platform, e.g., as described with reference to FIG. 2.
[0067] At validation determination operation 306, similar to determination operation 212, it may be determined whether the biometric results are validated. In some cases, the results may suggest that the biological sample was contaminated, deteriorated (e.g., by heat or light exposure, sample age, etc.), or otherwise insufficient (e.g., sample size was insufficient for testing, etc.). In other cases, the results may suggest a discrepancy between other biological data for the individual (e.g., a claimed relationship may not be
substantiated by the results). In this case, the method may progress to open operation 308. Alternatively, the results may be validated, i.e., the results may not suggest any issues with the biological sample and/or discrepancies with other biological datasets for the individual, and the method may progress to create operation 310.
[0068] At open operation 308, similar to open operation 214, a trouble ticket may be opened when results of testing the biological sample suggest a discrepancy. For example, as described above, issues may arise with respect to the biological sample itself, human error and/or negligence, nefarious human intervention, etc. Depending on the discrepancy, the trouble ticket may call for different responsive actions, such as but not limited to recollection of a biological sample, retesting of the biological sample, verification of conflicting biographical data, evaluation of testing protocol, investigation of the chain of custody, etc. In some cases, the method may optionally return to receive operation 304 for receiving supplemental biometric datasets.
[0069] At create operation 310, a person centric profile may be created by the profile platform. For example, biographical data collected during enrollment may be combined with the validated biometric data to create a person centric profile. For example, a person centric profile may be created based on a pre-formatted set of fields provided by the profile platform. Such fields may be manually or automatically populated. For example, such pre-formatted fields of a person centric profile may be illustrated by FIGS. 8-1 1, 13- 14, described below.
[0070] At familial determination operation 312, it may be determined whether the applicant has a familial relationship with other individual within the profile store (or other accessible third-party database). A familial relationship may be defined as any
relationship within a pre-determined degree of blood relation. For instance, a familial relationship may include individuals within a single degree of blood relation, including grandparents, parents, and siblings. Alternatively, a familial relationship may include individuals within a second degree of blood relation, additionally including aunts, uncles, and first cousins. Alternatively, still, a familial relation may include a third degree of blood relation, e.g., great aunts, great uncles, second cousins. As should be appreciated, the designations of "first degree," "second degree," etc., are not intended to be limiting and may be defined in the system according to any suitable or desired designation. In aspects, a familial relationship of a certain degree may be determined based on a degree of matching between the biometric data of the applicant and biometric data of another individual within the profile store (or other accessible third-party database). For example, based on DNA matching, a familial relationship of a certain degree may be determined based on matching a percentage of DNA markers (or a type of DNA marker) between two individuals. As should be appreciated, a matching between the biometric data of different individuals may be based on any suitable protocol, algorithm, etc. If, based on an applicable definition, it is determined that a familial relationship exists with another individual, the method may progress to add operation 314. Alternatively, if a familial relationship is not identified with another individual, the method may progress to store operation 320.
[0071] At add operation 314, the determined relationship may be added to the created person centric profile of the applicant. In some aspects, the determined relationship may be automatically populated within the person centric profile of the applicant, hi other aspects, the determined relationship may validate an asserted familial relationship supplied by the applicant.
[0072] At profile determination operation 316, it may be determined whether the individual having a familial relationship with the applicant is associated with another person centric profile within the profile database. In aspects, another person centric profile may be identified within the profile store based on biographical information of the related individual (e.g., name, address, social security number, etc.) and/or biometric data of the related individual stored within the person centric profile (e.g., in some cases, the biometric data used to identify the familial relationship). If the related individual is determined to have a person centric profile, the method may progress to link operation 318. If the related individual is determined not to have a person centric profile, the method may progress to store operation 320.
[0073] At link operation 318, the applicant's person centric profile may be linked to the individual's person centric profile within the profile store. Linking may be
accomplished via any suitable means, e.g., index-based identifiers, pointers or references stored within the person centric profiles, etc. In aspects, when person centric profiles are linked within the profile store, searches, matches, validation and reporting executed on the profile store may include and/or follow such linkages.
[0074] At store operation 320, the person centric profile views of the applicant, including the biometric datasets and any identified familial relationships, may be stored in the profile store (e.g., for applicant 102A). The applicant's person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in an encrypted cloud environment. Additionally, if the related individual was determined not to have a person centric profile views, a person centric profile views for the related individual may be created, linked to the applicant's person centric profile views and stored in the profile store. In this case, the person centric profile views for the related individual may be incomplete with respect to at least some biographical information and/or biometric data. However, although the individual's person centric profile may be incomplete, the individual's person centric profile may be linked with the applicant's person centric profile and, during later searching, matching, validation and/or reporting, the individual's person centric profile may be automatically populated with additional information.
Additionally, if the related individual later applies for public services, a passport, a driver's license, etc., the related individual's person centric profile may be accessed and further populated during an enrollment process. As described above, the profile store may be managed by the profile platform, which enables searching, matching, validation and reporting to be executed on the person centric profiles of the applicant and/or the related individual.
[0075] As should be appreciated, operations 302-320 are described for purposes of illustrating the present methods and systems and are not intended to limit the disclosure to a particular sequence of steps, e.g., steps may be performed in differing order, additional steps may be performed, and disclosed steps may be excluded without departing from the present disclosure. [0076] FIG. 4 illustrates an exemplary method for searching and matching an unknown individual with datasets stored within a profile store, in accordance with aspects of the disclosure.
[0077] At receive operation 404, datasets regarding an unknown individual may be received. An "unknown individual" may be a new applicant for benefits or other access to the system, an individual seeking access through a national border, an individual apprehended by law enforcement, and the like. "Data" associated with the unknown individual may include but is not limited to biographical information (e.g., name, address, etc.), identifying information (e.g., passport, driver's license, government identification, etc), a biological sample (e.g., cheek swab, hair sample, blood sample, saliva sample, voice sample, facial photograph, iris scan, fingerprint, etc.), biometric data (e.g., results of a tested biological sample including a blood type or profile, a DNA analysis or report, an iris mapping, fingerprint analysis, etc.), and the like. The data may be obtained voluntarily or under obligation or compulsion (e.g., by court order, warrant, etc.) by the unknown individual.
[0078] In aspects, an authorized user of the profile platform (e.g., border official, law enforcement officer, public benefits administrator, etc.) may seek to verify the identity and/or relationships of unknown individual. An authorized user may be an individual with validated credentials for access to the profile platform. By querying the profile platform, the authorized user may determine whether any data in a profile store matches the received data for the unknown person.
[0079] At match determination operation 406, a match between the received data for the unknown individual and data within the profile store may be determined. A match may be determined based on any suitable protocol and/or algorithm provided by the search engine of the profile platform. For instance, searching the profile store may include searching for matching biographical information (e.g., matching name), matching identifying information (e.g., matching passport number and issuing nation), matching biometric data (e.g., a matching to a predefined set of DNA markers, a matching based on voice recognition technologies, a matching based on a fingerprint analysis and/or iris scan analysis, etc.). If received data from the unknown individual matches at least some data within the profile store, the method may progress to secondary determination operation 408. If received data from the unknown individual does not match at least some data within the profile store, the method may progress to create operation 414. [0080] At secondary determination operation 408, it may be determined whether the match between the received data and data within the profile store is an exact match or a familial match. An exact match indicates that the received data from the unknown individual is a match to a person centric profile within the profile store for the same individual. An exact match may be determined based on any suitable protocol and/or algorithm. For instance, an exact match may require a certain degree of matching (e.g., 99% match to DNA markers in a person centric profile) and/or a certain type of matching information (e.g., match with both biographical and biometric data), etc. Such examples of exact matching are not intended to be limiting and other metrics may be defined and implemented without departing from the present disclosure. If an exact match is determined, the method may progress to retrieve operation 410. Alternatively, a familial match may be determined based on matching a subset or portion of data within the profile store. Determining a familial match may also be based on any suitable protocol and/or algorithm. For instance, a familial match may require at least a first degree of matching but less than a second degree of matching (e.g., at least 90% match to DNA markers but less than 97% match to DNA markers in a person centric profile). Such examples of familial matching are not intended to be limiting and other metrics may be defined and implemented without departing from the present disclosure. If a familial match is determined, the method may progress to create operation 414.
[0081] As should be appreciated, in some cases, both an exact match (e.g., to the individual's person centric profile) and a familial match (e.g., to a related individual's person centric profile) may be determined. In this case, with respect to the exact match, the method may progress to retrieve operation 410, as described above. With respect to the familial match, the method may optionally and additionally progress to retrieve operation 410 and/or link operation 418.
[0082] At retrieve operation 410, a person centric profile views for the unknown individual may be retrieved from the profile store and provided to the authorized user. In aspects, the person centric profile views may provide data in addition to the received data to the authorized person, e.g., additional biographical information, additional identifying information, additional biometric data, etc. In this way, the authorized user may verify the identity of the unknown individual.
[0083] At retrieve operation 412, a familial person centric profile for an individual in a familial relationship to the unknown individual may be retrieved from the profile store and provided to the authorized user. In this case, a familial relationship may be verified from based on the familial person centric profile. For instance, if the unknown individual asserted a parent-child relationship with the familial individual and the biometric data associated with the familial person centric profile views suggests that the familial relationship is no closer than an aunt-niece relationship, the asserted familial relationship may be identified as false. As should be appreciated, biometric data associated with the familial person centric profile could alternatively validate an asserted familial relationship. Additionally, or alternatively, other data may be obtained from the familial person centric profile, such as ethnicity, national origin and/or affiliation, etc.
[0084] At create operation 414, e.g., where no match is found or only a familial match is found, a person centric profile may be created for the unknown individual by the profile platform. For example, the received data from the individual may be populated within preformatted field to create a person centric profile. Such fields may be manually or automatically populated. For example, such preformatted fields of a person centric profile may be illustrated by FIGS. 8-11, 13-14, described below. In some cases, upon populating the created person centric profile with the received data for the unknown individual, the method may optionally return to receive operation 402 to obtain additional data for the unknown individual and/or to collect a biological sample for obtaining biometric data for the unknown individual. Additionally or alternatively, if a familial match was identified, the method may optionally progress to link operation 418.
[0085] At store operation 416, the created person centric profile views of the unknown individual, including the received data and any identified familial relationships (e.g., based on link operation 418), may be stored in the profile store (e.g., for unknown individual 102B). The unknown individual's person centric profile views may be stored via any suitable means, e.g., in a profile store that is securely maintained in a cloud environment. Additionally, if a familial relationship was determined and the related individual was associated with a familial person centric profile views, the unknown individual's person centric profile views may be linked to the familial person centric profile views and stored in the profile store. As described above, the profile store may be managed by the profile platform (e.g., via a data manager), which enables searching, matching, validation and reporting to be executed on the person centric profile views of the unknown individual and/or the related individual.
[0086] At optional link operation 418, similar to link operation 318, if it is determined that the unknown individual is associated with familial person centric profile views, the unknown individual's person centric profile views may be linked to the familial person centric profile views within the profile store. Linking may be accomplished via any suitable means, e.g., index-based identifiers, pointers or references stored within the person centric profile views, etc. In aspects, when person centric profile views are linked within the profile store, searches, matches, validation and reporting executed on the profile store may include and/or follow such linkages.
[0087] As should be appreciated, operations 402-418 are described for purposes of illustrating the present methods and systems and are not intended to limit the disclosure to a particular sequence of steps, e.g., steps may be performed in differing order, additional steps may be performed, and disclosed steps may be excluded without departing from the present disclosure.
[0088] Figure 5 illustrates an example login page of a graphical user interface (GUI) 500 associated with a profile platform, according to an embodiment.
[0089] As illustrated, the GUI 500 provides for logging into or creating an authorized account for accessing a multimodal biometric profile database (e.g., profile store) managed by a profile platform. In aspects, the GUI 500 may provide encrypted access control (e.g., via user credential input fields 502) so as to provide secure access to profile information managed and stored by the profile platform.
[0090] FIG. 6 illustrates an example of a landing page of a GUI 600 associated with a profile platform, according to an embodiment.
[0091] As illustrated, upon verification of user credentials, a user may access GUI
600. GUI 600 provides a menu bar 602, e.g., including options such as but not limited to "Enrollment," "Administration," "Search & Match," "Exchange," "Report," "Contact Us," "Help," etc. GUI 600 also includes suggested navigation topics within navigation pane 604, including but not limited to "Discover" content, "Explore Features," "Getting Started," etc. In general, the landing page may provide a high-level overview of the features and functionality provided by the profile platform.
[0092] FIG. 7A illustrates an example dropdown menu for a landing page of a GUI 700 associated with a profile platform, according to an embodiment.
[0093] GUI 700 provides a menu bar 702A, similar to menu bar 602, e.g., including options such as but not limited to "Enrollment," "Administration," "Search & Match," "Exchange," "Report," "Contact Us," "Help," etc. As with GUI 600, GUI 700 also provides a navigation pane 704 including suggested navigation topics such as but not limited to "Discover" content, "Explore Features," "Getting Started," etc. In this case, a dropdown menu 706A for "Enrollment" is illustrated. In aspects, dropdown menu 706A provides various options for enrolling an applicant with the profile platform.
[0094] FIG. 7B illustrates a number of example dropdown menus for a landing page associated with a profile platform, according to an embodiment.
[0095] FIG. 7B provides a menu bar 702B, similar to menu bar 602, e.g., including options such as but not limited to "Enrollment," "Administration," "Search & Match," "Exchange," "Report," "Contact Us," "Help," etc. In this case, options associated with a number of dropdown menus are provided. For instance, dropdown menu 706B is associated with the "Enrollment" option of menu bar 702B and, similar to dropdown menu 706A, provides options for enrolling an applicant with the profile platform. Dropdown menu 708, associated with an "Administration" option along menu bar 702B, provides options for triage and other administrative functions. Dropdown menu 710, associated with a "Search & Match" option along menu bar 702B, provides options for search and match functions with respect to a profile store, as described above. Dropdown menu 712, associated with a "Report" option along menu bar 702B, provides options for reporting on performance indicators, progress, inventory management, shipping and handling, and other reporting functions. Dropdown menu 714, associated with an "Exchange" option along menu bar 702B, provides options for sharing data between entities, such as but not limited to agreements and authorization, documentation, international data exchange, etc.
[0096] FIG. 8 illustrates an example of a biographic enrollment page of a GUI 800 associated with a profile platform, according to an embodiment.
[0097] GUI 800 provides a menu bar 802, showing that the "Enrollment" option has been selected. GUI 800 further provides a plurality of biographical input fields 804 associated with biographical information pane 806. For example, the plurality of biographical input fields 804 may collect biographical information such as but not limited to gender; first, middle, last name; date of birth; citizenship; address; phone; email; etc.
[0098] FIG. 9 illustrates an example of a relationship enrollment page of a GUI 900 associated with a profile platform, according to an embodiment.
[0099] GUI 900 provides a menu bar 902, showing that the "Enrollment" option has been selected. GUI 900 further provides a plurality of relationship input fields 904 associated with family & relationships pane 906. For example, the plurality of relationship input fields 904 may collect relationship information such as but not limited to biographical information associated with an enrollee's father, mother, etc. [00100] FIG. 10 illustrates an example of a person characteristics enrollment page of a GUI 1000 associated with a profile platform, according to an embodiment.
[00101] GUI 1000 provides a menu bar 1002, showing that the "Enrollment" option has been selected. GUI 1000 further provides a plurality of person characteristic input fields 1004 associated with person characteristics pane 1006. For example, the plurality of person characteristic input fields 1004 may collect person characteristics information such as but not limited to ethnicity, height, weight, eye color, hair color, visible scars or other characteristics, marital history, etc.
[00102] FIG. 1 1 illustrates an example of a documentation enrollment page of a GUI 1 100 associated with a profile platform, according to an embodiment.
[00103] GUI 1100 provides a menu bar 1102, showing that the "Enrollment" option has been selected. GUI 1 100 further provides a plurality of documentation input fields 1104 associated with documentation pane 1106. For example, the plurality of
documentation input fields 1 104 may collect documentation information such as but not limited to enrollment data, type, location, reason, etc.; biological sample (e.g., DNA) package number, technician name, test type, testing instrument number, etc.; and document types, numbers, issuing authorities, issue dates, etc.
[00104] FIG. 12 illustrates an example of a review enrollment page of a GUI 1200 associated with a profile platform, according to an embodiment.
[00105] GUI 1200 provides a menu bar 1202, showing that the "Enrollment" option has been selected. GUI 1200 further provides information for review 1204 associated with review pane 1206. For example, the information for review 1204 may include information such as but not limited to the information collected with respect to enrollment pages of FIGS. 8-1 1 , e.g., biographical information, relationship information, person characteristics information, documentation information, etc.
[00106] FIG. 13 illustrates an example of a biometric enrollment page of a GUI 1300 associated with a profile platform, according to an embodiment.
[00107] GUI 1300 provides a menu bar 1302, showing that the "Enrollment" option has been selected. GUI 1300 further provides a plurality of biometric input fields 1304. For example, the plurality of biometric input fields 1304 may include biological sample information such as but not limited to: a DNA package number, DNA capture date, DNA test administered by, DNA capture site, etc.; and/or a photograph name, photograph type, photograph issue date and/or expiration date, photograph description, etc. [00108] FIG. 14 illustrates an example of a social media enrollment page of a GUI 1400 associated with a profile platform, according to an embodiment.
[00109] GUI 1400 provides a menu bar 1402, showing that the "Enrollment" option has been selected. GUI 1400 further provides a plurality of social media input fields 1404 associated with social media pane 1406. For example, the plurality of social media input fields 1404 may include information such as but not limited to: social media names, types, capture data, parent site, etc. Additionally, GUI 1400 may further provide a plurality of native voice input fields 1408 associated with native voice pane 1410. For example, the plurality of native voice input fields 1408 may include information such as but not limited to: name in English, recording type, capture data, format type, etc.
[00110] FIG. 15 illustrates an example of a triage page of a GUI 1500 associated with a profile platform, according to an embodiment.
[00111] GUI 1500 provides a menu bar 1502, showing that the "Mission Triage" option has been selected. GUI 1500 further provides a plurality of graphics 1504, including bar charts, pie charts, alerts, status charts, etc. The plurality of graphics 1504 may visually represent and summarize data presented pane 1506. The data presented in pane 1506 may provide day-to-day system management information and/or a list of actionable content or statistics. As should be appreciated, any appropriate data or information pertinent to triaging the profile platform may be presented.
[00112] As should be appreciated, the various methods, devices, components, etc., described with respect to FIGS. 5-15 are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[00113] FIG. 16 illustrates one example of a suitable operating environment in which one or more of the present embodiments may be implemented.
[00114] FIG. 16 and the additional discussion in the present specification are intended to provide a brief general description of a suitable computing environment in which the present invention and/or portions thereof may be implemented. Although not required, the embodiments described herein may be implemented as computer-executable instructions, such as by program modules, being executed by a computer, such as a client workstation or a server. Generally, program modules include routines, programs, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types. Moreover, it should be appreciated that the invention and/or portions thereof may be practiced with other computer system configurations, including hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers and the like. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
[00115] Figure 16 illustrates one example of a suitable operating environment 1600 in which one or more of the present embodiments may be implemented. This is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality. Other well-known computing systems,
environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers, server computers, hand-held or laptop devices,
multiprocessor systems, microprocessor-based systems, programmable consumer electronics such as smart phones, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
[00116] In its most basic configuration, operating environment 1600 typically includes at least one processing unit 1602 and system memory 1604. Depending on the exact configuration and type of computing device, system memory 1604 (storing, among other things, a profile platform 1608 (e.g., implemented by a profile management application) for performing the methods disclosed herein, etc.) may be volatile 1604 A (such as RAM), non-volatile 1604B (such as ROM, flash memory, etc.), or some combination of the two. This most basic configuration is illustrated in FIG. 16 by dashed line 1606. Further, environment 1600 may also include storage devices (removable 1610, and/or non-removable 1612) including, but not limited to, magnetic or optical disks or tape. Similarly, environment 1600 may also have input device(s) 1614 such as keyboard, mouse, pen, voice input, etc. and/or output device(s) 1616 such as a display, speakers, printer, etc. Also included in the environment may be one or more communication connections 1618, such as LAN, WAN, point to point, etc.
[00117] Operating environment 1600 typically includes at least some form of computer readable media. Computer readable media can be any available media that can be accessed by processing unit 1602 or other devices comprising the operating
environment. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible medium which can be used to store the desired information. Computer storage media does not include communication media.
[00118] Communication media embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer readable media.
[00119] The operating environment 1600 may be a single computer operating in a netwrorked environment using logical connections to one or more remote computers 1620. The remote computers 1620 may be personal computers, servers, routers, network PCs, peer devices or other common network node, or any combination thereof, and typically include many or all of the elements described above as well as others not so mentioned. The logical connections may include any method supported by available communications media. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
[00120] FIG. 17 illustrates an information fiowr diagram 1700.
[00121] Flow diagram 1700 illustrates a flow of information from an applicant 1701 to various entities and individuals authorized for access to the system. For instance, applicant 1701 may be an applicant for benefits or other access to the system, e.g., an individual seeking access through a national border, an individual apprehended by law enforcement, and the like. Enrollment administrator 1702 may be an authorized individual for obtaining enrollment information from applicant 1701, including but not limited to biographic data. Additionally, enrollment administrator 1702 may capture one or more biometric samples or biometric data from applicant 1701 (e.g., finger prints, native voice, iris scan, DNA sample, etc.). Additionally or alternatively, such biometric samples and/or biometric data may be obtained by technician 1704, who may be an authorized technician internal to the ID-NAS organization or authorized under contract with various third party suppliers 1710 to the ID-NAS organization. As shown, while technician 1704 may provide biometric data to the ID-NAS platform 1706 and/or open a trouble ticket (e.g., when biometric data cannot be validated), technician 1704 may not have access to the ID-NAS platform 1706 for obtaining addition information regarding the applicant 1701 and/or searching other applicants.
[00122] Any biographic or biometric data obtained regarding applicant 1701 may be securely compiled within a Person Centric Profile views (not shown) for applicant 1701 and stored within one or more data structures of the ID-NAS platform 1706. Some or a portion of the identifying information stored in the Person Centric Profile views may be provided to applicant 1701 in the form of an enrollment card 1714, allowing for streamlined identification of applicant 1701 after enrollment (e.g., for obtaining border access, public benefits, etc.). The ID-NAS platform 1706 may provide access to such data structures via one or more interfaces. The interfaces, as described previously, enable authorized personnel (e.g., administrator 1702) and/or authorized entities (e.g., authorized organizations 1708) to access the Person Centric Profiles of the ID-NAS platform 1706. For example, enrollment administrator 1702 may utilize the interfaces to enroll applicants and conduct mission triage (e.g., identification of an unknown individual), search Person Centric Profile viewrs for related individuals, match an individual with an existing Person Centric Profile, generate reports, conduct inventory management, etc. Additionally, authorized entities (e.g., authorized organization 1708), such as law enforcement agencies, border control, public benefits agencies, etc., may search the ID-NAS platform 1706 and generate reports associated with analysis, statistics, findings, etc. The ID-NAS platform 1706 may further be associated with a services interface messaging (SIM) service 1710 for providing notifications to authorized individuals and/or entities.
[00123] As should be appreciated, the various methods, devices, components, etc., described with respect to FIG. 17 are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[00124] FIG. 18 illustrates a tiered architecture 1800 of the ID-NAS platform. [00125] Tiered architecture 1S00 illustrates a layered structure of the ID-NAS platform. The first layer, database layer 1806, includes data stores (e.g., storing Person Centric Profile views for each enrolled individual), as well as a number of managing applications or modules for interacting with the stored data, including a configuration manager, a biometric property manager, a search admin manager and a content manager. The second layer, data layer 1808, includes the core data services framework application program interfaces (APIs), which allow for operating on the data to ensure quality, validate authorizations, and conduct operations such as calculations, sorting, combining, connecting, etc. Data layer 1808 also includes a number of managing applications or modules, including a transaction manager, metadata manager, and a compiler and process manager. The third layer, business logic layer 1810, includes an error handling services API, document manager, biometrics match services API, component manager, workflow manager and interface mapping manager. The fourth layer, presentation layer 1812, includes an audit and alert manager, web forms user interface (UI), event manager, secure access services API, report services API and user controls and configuration manager. The sendees interface messaging 1804 communicates with each of the various layers to provide notifications and alerts to authorized individuals and entities, as will be described further below.
[00126] As should be appreciated, the tiered architecture of the disclosed ID-NAS platform provides a number of benefits and advantages. For example, based on the various APIs and interfaces provided, as well as the integration of security and verification of authorized individuals, the tiered architecture is service-oriented and available twenty-four hours a day, seven days a week. The platform allows identity management services across the enterprise and offers interoperability with third-party stakeholders. The modular system employs a local service bus to allow for plug-in integration and load balancing across datacenters (e.g., in a cloud computing environment). The extensive operational architecture enables operations and maintenance (O&M) costs to remain low. The integrated system allows for secure data storage and reporting. The service-oriented architecture (SO A) is standard XML-based services enabled. The tiered architecture further provides a path to NIEM compliance and may be fully integrated with current government-approved technologies .
[00127] As should be appreciated, the various methods, devices, components, etc., described with respect to FIG. 18 are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[00128] FIG. 19 illustrates a services interface messaging system 1900 of the disclosed ID-NAS platform.
[00129] The sendees interface messaging (SIM) system 1900 provides a set of identity management sendees to authorized individuals and/or authorized entities. For example, SIM establishes common interfaces, specifications and mechanisms between the ID-NAS platform 1912 and other identity management systems and third-party biometrics providers (collectively, third party providers 1914). In aspects, SIM builds on the National Information Exchange Model (NIEM) 1918 as its standard XML-based messaging format, enabling international interoperability. Additionally, SIM leverages existing web services specifications 1916 (e.g., RESTful, SOAP, WSDL) for biographical and biometric data transmissions. SIM users may choose specific service levels for service requests and sendee responses and may customize such requests via a variety of user options.
[00130] As illustrated by FIG. 19, SIM provides tool access 1902 by domain and by role (e.g., of an authorized administrator or other authorized user). SIM further provides reports 1904, including but not limited to site statistics, scheduling conflicts, etc. Alerts 1906 may be provided via workflow emails or other notification method. An event manager 1908 (e.g., for monitoring enrollments, searches, matches, etc.) may manage any number of create, read, update, delete (CRUD) events to the system. A component manager 1910 integrates the system across authorized users, authorized organizations, domains, locations, etc.
[00131] As should be appreciated, the various methods, devices, components, etc., described with respect to FIG. 19 are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[00132] FIG. 20 illustrates a core data sendees framework 2000.
[00133] The core data sendees framewrork 2000 involves a number of interactive components. For instance, an authorized individual 2002 (e.g., enrollment administrator, technician, or other authorized user), may enter data into the system (e.g., biographical data during enrollment, biometric test results, etc.) or may search or otherwise access the system (e.g., mission triage, matching, reporting, inventory management, etc.). Such authorized individual 2002 may interface with a business rules engine 2004 that is layered on and in communication with a database layer 2008. The business rules engine 2004 may further include or communicate with various other components, such as a demand signal calculator, an integrated common vocabulary module, the services interface messaging (SIM) system, data type information, etc. The database layer 2008, as described above, may include various manager applications and data structures, such as but not limited to a configuration manager, biometric property manager, content manager, search admin manager and data stores. The business rules engine 2004 may further communicate with a demand signal component 2010, which includes demand estimates and leadership weighting factors.
[00134] As should be appreciated, the various methods, devices, components, etc., described with respect to FIG. 20 are not intended to limit the systems and methods to the particular components described. Accordingly, additional topology configurations may be used to practice the methods and systems herein and/or some components described may be excluded without departing from the methods and systems disclosed herein.
[00135] Aspects of the present disclosure, for example, are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to aspects of the disclosure. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the
functionahty/acts involved.
[00136] The description and illustration of one or more aspects provided in this application are not intended to limit or restrict the scope of the disclosure as claimed in any way. The aspects, examples, and details provided in this application are considered sufficient to convey possession and enable others to make and use the best mode of claimed disclosure. The claimed disclosure should not be construed as being limited to any aspect, example, or detail provided in this application. Regardless of whether shown and described in combination or separately, the various features (both structural and methodological) are intended to be selectively included or omitted to produce an embodiment with a particular set of features. Having been provided with the description and illustration of the present application, one skilled in the art may envision variations, modifications, and alternate aspects falling within the spirit of the broader aspects of the general inventive concept embodied in this application that do not depart from the broader scope of the claimed disclosure.

Claims

CLAIMS What is claimed is:
1. A system comprising:
at least one processing unit; and
at least one memory storing computer executable instructions that, when executed by the at least one processing unit, cause the system to perform a method, the method comprising:
receive at least one of attributed data and biographical data for a first individual;
receive biometric data;
determine whether the biometric data is validated;
in response to determining that the biometric data is validated, create a first profile for the first individual;
based at least in part on the biometric data, identify a familial relationship between the first individual a second individual; and
update the first profile for the first individual to indicate the familial relationship with the second individual.
2. The system of claim 1, further comprising:
determine whether the second individual is associated with a second profile.
3. The system of claim 2, further comprising:
in response to determining that the second individual is associated with a second profile, link the first profile and the second profile in a database.
4. The system of claim ί , further comprising:
in response to determining that the second individual is not associated with a second profile, create a second profile for the second individual; and
update the second profile to indicate the familial relationship with the first individual.
5. The system of claim 4, further comprising:
link the first profile and the second profile in a database.
6. The system of claim 1, further comprising:
in response to determining that the biometric data is not validated, create a trouble ticket.
7. The system of claim 3, further comprising:
receive a query to the database, wherein the query requests a match between collected biometric data and stored biometric data.
8. The system of claim 7, further comprising:
identify a match between the collected biometric data and the stored biometric data; and
determine a familial relationship between a third individual and the first individual.
9. The system of claim 7, further comprising:
identify a match between the collected biometric data and the stored biometric data; and
identify the first profile in the database.
10. A method of updating a personal profile based on identifying a familial relationship, the method comprising:
receiving at least one of attributed data and biographical data for a first individual; receiving biometric data;
determining whether the biometric data is validated;
in response to determining that the biometric data is validated, creating a first profile for the first individual;
based at least in part on the biometric data, identifying a familial relationship between the first individual a second individual;
updating the first profile for the first individual to indicate the familial relationship with the second individual; and
based at least in part on the first profile, verifying an identity of the second individual.
11. The method of claim 10, further comprising:
determining whether the second individual is associated with a second profile.
12. The method of claim 11, further comprising:
in response to determining that the second individual is associated with a second profile, linking the first profile and the second profile in a database.
13. The method of claim 11, further comprising:
in response to determining that the second individual is not associated with a second profile, creating a second profile for the second individual: and
updating the second profile to indicate the familial relationship with the first individual.
14. The method of claim 13, further comprising:
linking the first profile and the second profile in a database.
15. The method of claim 10, further comprising:
in response to determining that the biometric data is not validated, creating a trouble ticket.
16. The method of claim 10, further comprising:
receiving a query to the database, wherein the query requests a match between collected biometric data and stored biometric data.
17. The method of claim 16, further comprising:
identifying a match between the collected biometric data and the stored biometric data; and
determining a familial relationship between a third individual and the first individual. IS. The method of claim 16, further comprising:
identifying a match between the collected biometric data and the stored biometric data; and
identifying the first profile in the database.
PCT/US2018/048604 2017-08-29 2018-08-29 A secure it ecosystem for implementing an automated person centric (biometric and biographic) profile platform WO2019046464A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762551408P 2017-08-29 2017-08-29
US62/551,408 2017-08-29

Publications (2)

Publication Number Publication Date
WO2019046464A2 true WO2019046464A2 (en) 2019-03-07
WO2019046464A3 WO2019046464A3 (en) 2019-04-04

Family

ID=65526067

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2018/048604 WO2019046464A2 (en) 2017-08-29 2018-08-29 A secure it ecosystem for implementing an automated person centric (biometric and biographic) profile platform

Country Status (1)

Country Link
WO (1) WO2019046464A2 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8335654B2 (en) * 2006-06-30 2012-12-18 Jpl Innovations, Llc Method of generating an identification element
GB2454384A (en) * 2006-08-04 2009-05-06 Auckland Uniservices Ltd Biophysical virtual model database and applications
US9235733B2 (en) * 2006-08-11 2016-01-12 J. Douglas Birdwell Mobile biometrics information collection and identification
US9582639B2 (en) * 2006-08-11 2017-02-28 University Of Tennessee Research Foundation Method and apparatus for mobile disaster victim identification
WO2008052344A1 (en) * 2006-11-01 2008-05-08 0752004 B.C. Ltd. Method and system for genetic research using genetic sampling via an interactive online network

Also Published As

Publication number Publication date
WO2019046464A3 (en) 2019-04-04

Similar Documents

Publication Publication Date Title
US20240006038A1 (en) Team-based tele-diagnostics blockchain-enabled system
US20210073736A1 (en) Computer implemented system and associated methods for management of workplace incident reporting
US20180373890A1 (en) Data processing systems for identity validation of data subject access requests and related methods
US10296187B1 (en) Process action determination
US20200211305A1 (en) Authorized access evaluation and remediation system
US11625647B2 (en) Methods and systems for facilitating analysis of a model
US20210193297A1 (en) Methods, Systems and Computer Program Products for Retrospective Data Mining
US10672251B1 (en) Contextual assessment of current conditions
Greenberg Strengthening sociological research through public records requests
US20140058756A1 (en) Methods and apparatus for responding to request for clinical information
US20140173422A1 (en) Document template auto discovery
Niland et al. An informatics blueprint for healthcare quality information systems
Alhussan et al. A unified forensic model applicable to the database forensics field
Chao et al. Big data-driven public health policy making: Potential for the healthcare industry
Finlay et al. The criminal justice administrative records system: A next-generation research data platform
Zhang Blockchain-based solutions for clinical trial data management: a systematic review
Saldanha et al. Transparency and accountability of government algorithms: the case of the Brazilian electronic voting system
Essah et al. A Bibliometric Overview of IoT-Based Digital Voting
Kosa Towards measuring privacy
WO2019046464A2 (en) A secure it ecosystem for implementing an automated person centric (biometric and biographic) profile platform
Khanna et al. Automated Medical Document Verification on Cloud Computing Platform: Blockchain-Based Soulbound Tokens
CN115668178A (en) Methods, systems, and computer program products for retrospective data mining
Amin et al. A decade of experience in the development and implementation of tissue banking informatics tools for intra and inter-institutional translational research
Barboi et al. Client registries: identifying and linking patients
Vishwa MediBlock-A Privacy-aware Blockchain to store patients data and effective diagnosis methods

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18851498

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18851498

Country of ref document: EP

Kind code of ref document: A2