Identity Verification System and Method
The present invention relates to identity verification systems, and to methods of identity verification.
There is a growing requirement for accurate, reliable and secure means to enable the identity of an individual to be verified. Identity verification may be needed for controlling country border or access to buildings etc, for determining whether an individual has the right to purchase age-restricted products, to control access to computer systems, and in many other areas.
Paper-based identity documents such as birth certificates and passports are no longer sufficiently secure, as they may be readily forged. As an alternative, electronic devices or similar personal tokens such as magnetically encoded cards may be used to store the identity of the individual to whom they have been issued. Although these devices are typically more difficult to forge than paper-based identity documents, they may be open to abuse if stolen. To increase security of these devices a personal identification number (PIN) may be required in order to operate them. However, PINs may be compromised in various ways.
Biometric technologies are being developed to increase security in verifying an individual's identity, but these technologies have not yet been widely adopted.
It is an aim of preferred embodiments of the invention to address at least one disadvantage of the prior art, whether identified herein or otherwise.
In a first aspect, the present invention provides a method of identity verification between an individual and an authenticator, the method using identification information in the form of an electronic indicator and/or a biometric indicator, and comprising the steps of: (a) registering the identification information with the authenticator, along with personal data identifying the individual; (b) forming a transaction between the individual and the authenticator, including obtaining a further input of identification information from the individual; (c) transmitting from the individual to the authenticator the identification information input at step (b); (d) comparing, at the authenticator, the identification information transmitted at step (c) with the identification information registered at step (a) to determine either a successful or failed identification of the individual; and (e) upon successful identification of the individual determined at step (d), retrieving the personal data, and transmitting the personal data for display to the user, or to a third party. In a second aspect, the present invention provides an identity verification system comprising: (a) a database of identification information identification in the form of an electronic indicator and/or a biometric indicator, and associated personal data; (b) an identification apparatus having an input portion for receiving identification information from a user; (c) communication lines operable to transmit identification information received from a user to the database; (d) a comparator for comparing identification information received from the communication lines against the identification information in the database; and (e) a feedback system for retrieving from the database personal data associated with the identification information, and for transmitting the personal data to the user for display.
According to the present invention there is provided an apparatus and method as set forth in the appended claims. Preferred features of the invention will be apparent from the dependent claims, and the description which follows.
For a better understanding of the invention, and to show how embodiments of the same may be carried into effect, reference will now be made, by way of example, to the accompanying diagrammatic drawings in which:
Figure 1 shows an identity verification system according to an example embodiment of the present invention; ,■ •
Figure 2 shows an example flow diagram illustrating a method of identity verification according to an example embodiment of the present invention; and
Figures 3A and 3B show a mobile electronic device according to an example embodiment of the present invention.
As shown in Figure 1, an identity verification system comprises a Party Identification
Apparatus (PIA) 100, communication lines 200 and a data processing centre (DPC) 300.
Working together, in example embodiments of the invention these components are used to an individual to verify his identity without the need for paper-based identity documents or the like to be presented again after an initial registration step.
The PIA 100 is in example embodiments a mobile communication device such as a mobile telephone, or a computing device such as a Personal Digital Assistant (PDA), or a computer terminal or the like. The PIA 100 in the example embodiment shown in Figure 1 is a mobile telephone connected to a wireless cellular network. The wireless cellular network forms part of the communication lines 200 between the PIA 10 and the DPC 300.
The PIA 100 provides a user interface for the system, and comprises a user input portion 110, and a display portion 120 in the form of a liquid crystal display. The user input portion 110 comprises a biometric sensor 112 and a data entry system in the form of a keypad 114. The user input portion 110 allows the PIA 100 to receive one or more of: biometric information detected by the biometric sensor 112, and PIN code or password information supplied via the keypad 114. Such biometric and/or code/password information comprises identification information personal to the user. The identification information in example embodiments may alternatively or in addition comprise one or more of: a digital certificate; and a product code such as an IMEI number identifying a particular PIA 100.
Within the PIA 100 is a processor 130 which enables a secure connection to be established over the communication lines 200 with the DPC 300, for example using encryption techniques.
The communication lines 200 are provided as digital data pathways, and in this example embodiment includes a wireless cellular network coupled to the internet. In other embodiments alternative communication lines 200 may be provided, over dedicated computer networks, wired telephony networks or one or more wireless networks such as GSM or UMTS.
The DPC 300 serves to register and identify the individual, and to perform the steps which result in the verification and transmission of personal data relating to an identity. The DPC 300 includes an interface 328 which enables the DPC 300 to receive and transmit messages over the communication lines 200, and a database 310 in which identity information ■ of individuals known to the identity verification system is held, along with personal data of those individuals. The DPC 300 further includes a transaction processor 326 which controls the operation of the DPC 300 in response to messages received over the communication lines 200, which carries out the identity verification, and which controls the distribution of personal data from the DPC 300 to a PIA 100. A comparator engine 330 is also provided within the DPC 300 which in use identifies whether identification information received by the DPC 300 relates to a registered user, relates to an unknown user, such as for example a new user seeking to register with the DPC 300.
Operation of the system of Figure 1 will now be described.
Figure 2 shows a flow diagram illustrating the steps performed in an example method of identity verification, performed using the system of Figure 1. In the method, the DPC 300 plays the part of an authenticator. Firstly, in step S100 a user registers identification information with the DPC 300, along with personal data identifying him. As described above, the identification information takes the form of an electronic indicator and/or a biometric indicator, and is collected using the user input portion 110 of the PIA 100. In preferred embodiments an authorised attendant verifies the identity information and personal data, using traditional identity verification techniques. The identity information and the personal data is transmitted from the PIA 100 to the DPC 300 over the communication lines 200, and is stored with the DPC 300 in the database 310. Thereafter when an individual who has previously registered with the DPC 300 may use the PIA 100 or another compatible PIA of a third party to input his identification and initiate the formation of an identity verification transaction between him and the DPC 300, This is illustrated as step S200.
At step S300 the identity information input at step S200 is transmitted from the PIA 100 over the communication lines 200 to the DPC 300. At step S400 the comparator 330 of the DPC 300 compares the identification information transmitted at step S200 with the identification information registered in the database 310 to determine either a successful or failed identification of the individual. If there is no match and the identification fails, the method ends. However, upon successful identification of the individual, the personal data associated with the identification information is transmitted to the PIA 100 for display to the user, step S500. At step S600 the personal data is displayed on the display portion 120.
In embodiments of the present invention the personal data displayed on the display portion 120 is a pictorial and/or written description which confirms to viewers of the display portion 120 the identity of the individual that has presented his identity information to the user input portion of the PIA 100. The personal data for example comprises data in one of a number of formats, such as a photograph of the individual, or a photograph of the individual plus age/date of birth information, or a photograph of the individual plus address information, or any other another combination of any personal data held.
As an additional step, the DPC 300 may at step S400 first require the user to confirm which format of personal data is to be transmitted, by transmitting a suitable message to the PIA 100, and by the user providing suitable confirmation back to the DPC 300 by means of the PIA 100 and the communication lines 200. Figure 3A shows the an example PIA 100, in the first instance displaying an example of a message asking for confirmation of which format of personal data is to be transmitted, whereas Figure 3B shows the PIA 100 displaying personal data in the form of photograph and age information.
As another additional step, the DPC 300 may first require a user to confirm which set of personal data is to be provided from a set of personal data for more than one individual associated with the identification information. For example, where the identification information comprises a product code, and the product having that code is shared between a number of users the DPC 300 requires confirmation of which personal data is to be transmitted. As another example, irrespective of the type of identification information, multiple users may be associated with a piece of identification information, allowing the head of a family or the like to use the identity verification method to verify the identity of himself or of other family members, such as his children. In the embodiments described above the PIA 100 can be conveniently carried by a user, and if identity verification is required the user can demonstrate his credentials to a third party by using the PIA 100 to bring his personal data onto the display portion 120 to show to the third party.
In other embodiments, the PIA 100 is not associated with a particular user, but rather is under third party control. In such embodiments the PIA 100 is used by a third party to identify the identity of individuals, by way of individuals using the PIA 100 in the presence of the third party to bring the required personal data onto the display portion 120 for confirmation by the third party. In still further embodiments a user may provide identification to a first PIA 100, such as his own PIA 100, with instructions to the DPC 300 to return the personal data to a second PIA 100, such as the PIA 100 of a third party. The PIAs in such embodiments are suitably remote from one another.
Thus, as described above identification systems and methods according to the present invention provide an accurate, reliable and convenient method for ascertaining the identity of an individual based on personal data of the individual.
Although a few preferred embodiments have been shown and described, it will be appreciated by those skilled in the art that various changes and modifications might be made without departing from the scope of the invention, as defined in the appended claims.
Attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.
All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification (including any accompanying' claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
The invention is not restricted to the details of the foregoing embodiment(s). The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.