EP2364491A1 - Caractéristique d'identification - Google Patents

Caractéristique d'identification

Info

Publication number
EP2364491A1
EP2364491A1 EP09756647A EP09756647A EP2364491A1 EP 2364491 A1 EP2364491 A1 EP 2364491A1 EP 09756647 A EP09756647 A EP 09756647A EP 09756647 A EP09756647 A EP 09756647A EP 2364491 A1 EP2364491 A1 EP 2364491A1
Authority
EP
European Patent Office
Prior art keywords
feature
identification
person
personal
identification feature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09756647A
Other languages
German (de)
English (en)
Inventor
Klaus Schröter
Ho B. Chang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanoident Technologies AG
Original Assignee
Nanoident Technologies AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanoident Technologies AG filed Critical Nanoident Technologies AG
Publication of EP2364491A1 publication Critical patent/EP2364491A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/40Indexing scheme relating to groups G07C9/20 - G07C9/29
    • G07C2209/41Indexing scheme relating to groups G07C9/20 - G07C9/29 with means for the generation of identity documents

Definitions

  • the invention relates to a personal identification feature for authenticated personal identification comprising a carrier layer, an authentication device with a storage means which is designed as a non-volatile, rewritable semiconductor memory, a person-related feature and a communication device with a communication kationsan gleich. Furthermore, the invention relates to an identification feature for authenticated personal identification comprising an electronic data record in which an electronic image of a person-related feature and a first electronic key are stored. The invention further relates to a method for identifying and authenticating a person with an identification feature.
  • Identification features for identifying a person are generally known and are usually based on a visual check of the correspondence of features of a person carrying the identification with him or presenting a verifying authority, with personal data, which are stored in the identification feature. This verification of compliance is usually performed by one person, but it is also known that an identification feature can be read out and processed, at least in part, by an automated system.
  • an identification feature can be read out and processed, at least in part, by an automated system.
  • the visual visual comparison test by a person is now also a major disadvantage of the known information features, since it is possible for a potential attacker to distort such a feature and thus to manipulate a valid identifier to the effect that it uses by another person in a misguided intent can be.
  • the evaluation criteria of the agreement depend on the partial subjective assessment of a person and, in particular, also depend on the current constitution of the day. An objective test can therefore not be ensured.
  • the following invention is based on the object to provide an identification feature with which the identity and authenticity of a person can be clearly ensured.
  • the object of the invention is achieved in that in the storage means of the identification feature, a first electronic key is stored, which is linked to the person-related feature.
  • This training now ensures in a particularly advantageous manner that a person-related feature is largely protected against manipulation, as a potential attacker would have to manipulate both the personal feature, as well as the link and possibly the first electronic key to succeed. Since the first electronic key is stored in the storage means and thus in the authentication device, a potential attacker would thus have to manipulate the authentication device, which, despite an extraordinarily high outlay, only brings low chances of success.
  • the first electronic key can be formed, for example, by a pseudo-random code, for example as an alphanumeric code.
  • a pseudo-random code for example as an alphanumeric code.
  • Such keys can be generated with an algorithm defined, but act on a viewer like a random arrangement of characters.
  • such unique electronic keys can be formed that can not be circumvented by a so-called brute-force attack.
  • the effort required to test all possible combinations of such a key would exceed the technical and temporal capabilities of an attacker.
  • the identification feature is advantageously designed such that a clear increase in the security of a clear personal identification or authentication is achieved.
  • a further embodiment of the identification feature also solves the problem of the invention with an electronic data record, the first electronic key being linked to the person-related feature here as well.
  • an electronic data record can be processed directly by an automated recording system, which preferably comprises a data processing device.
  • an identity Device for producing a communication connection with the identification feature is not required.
  • the identification feature can be distributed and processed by data technology. In particular, a multiplicity of known and widely used devices are thus available in order to be able to carry out an identification and / or authentication of a person based on the stored personal feature.
  • the carrier is designed as an identification document.
  • the identification feature can now be designed, for example, as a steering authorization for a vehicle, but it is also possible to train as a travel document for cross-border travel.
  • the identification feature can also be designed such that it can be processed by an automated detection device.
  • the personal feature can meet the requirements for machine-readable capture. For example, it is possible for an optical detection of a person-related feature to form it in such a way that feature components are applied in different spectral components.
  • a check of the personal feature for example, not only in the optically visible range possible, but it can also form feature components in the non-visible area and record for comparison, for example in the IR or UV range.
  • the training as a machine-readable identification document has the further advantage that the examination of the person-related feature always takes place according to the same reproducible criteria and thus a possible uncertainty factor is excluded by individual evaluation criteria of an assessor.
  • the carrier layer is designed as a check card-like data card, with a design as a chip card being particularly preferred.
  • the development according to the invention has the particular advantage that a check card is designed to be particularly compact and can thus be permanently carried along by a person without the freedom of movement being impaired on account of its size and / or shape.
  • the training has as a check card - A - the advantage that it can be accommodated in an object that is usually carried by a person always, for example, in a purse.
  • the carrier layer can also be formed by a mobile data memory, for example by a USB stick or a memory card, as are known to the person skilled in the art. Due to the technical progress, such mobile data memories are becoming more and more efficient with a reduced size, thus offering ever larger storage capacities. Therefore, these mobile data memories are already carried by a large number of users and thus offer themselves as a carrier layer for the identification feature according to the invention in a particularly advantageous manner.
  • a mobile data memory for example by a USB stick or a memory card
  • the personal feature is formed by an image of a person.
  • An image of a person in particular a photo, allows a very rapid control of the correspondence of the personal feature with the person presenting the identification feature.
  • the inventive link with the first electronic key a personal feature is developed so advantageous that a simple and faster visual comparison is possible, but the person-related feature or the identification feature is extremely difficult to manipulate.
  • a representation of the person-related feature is arranged on the carrier layer. This has the advantage that a quick visual control of the person is possible, in which the presentation is compared with the physically present person.
  • a further development is of very particular advantage, according to which the image meets an internationally recognized standard for the depiction of persons.
  • the requirements of the International Civil Aviation Organization (ICAO) apply.
  • the ICAO determines how the face of a person is to be depicted and what requirements regarding the minimum of the person are to be met.
  • This internationally recognized standardization makes it possible, for example, to process personal images automatically.
  • Another significant advantage lies in the fact that international standardization universal applicability is ensured and thus globally uniform reference characteristics apply.
  • the personal feature may also be formed by a biometric feature, which has the advantage that biometric features are extremely difficult or impossible to manipulate and thus a very high security of personal identification or Provide authentication.
  • a biometric feature for example, a fingerprint, an iris image, a skin or vein structure or even the voice can be used. The biometric feature is thereby converted into an electronic representation in order to be deposited on the identification feature according to the invention can.
  • the first key is formed by a key of an authentication or certification device.
  • Such organizations are mostly internationally recognized organizations which, in particular, meet a very high standard of electronic key issuance and management. It is essential, however, that such facilities carry out the allocation of keys and administration independently of other organizations and thus ensure a very high degree of autonomy and thus a very low degree of influence.
  • the first electronic key may be part of a so-called public key system, wherein a key part is publicly known, but the private key part is known only to the registered user of the authentication and certification device.
  • the first electronic key or the link can now be designed in such a way that a potential attacker irreversibly destroys the first key or the link by means of a manipulation attempt.
  • the authentication device Since the first key and the person-related feature are stored in the storage means of the authentication device, it is advantageous if the authentication device has a data processing device or a cryptography module, since direct access to the stored features can thus be prevented. For safety reasons, it is of particular importance if an external test device, for example a automated personal identification device, does not have direct access to the stored key, the personal feature or the link.
  • the stored features can be encrypted in such a way that a potential attacker can not gain any advantage from them.
  • the training has the advantage that the stored features can be kept largely hidden and thus the possibility of improper access is prevented.
  • the electronic key can be encrypted using a one-way crypto-algorithm.
  • the personal identification device of the authentication device When accessing the identification feature for checking the personal feature, therefore, the personal identification device of the authentication device must present the correct key result in order to allow data-technical access to the identification feature.
  • the authentication device can activate a protection mechanism which, for example, completely blocks the access and necessitates a reconnection of the first electronic key with the personal feature.
  • the authentication device makes the identification feature unusable, for example, in which the first key and / or the person-related feature is destroyed.
  • the communication port is designed for wireless communication.
  • the detection device wirelessly communicates with the authentication device via the communication device and thus exchanges or verifies, for example, the first key and / or further personal characteristics become.
  • this training has the particular advantage that the flow of people is not slowed by a presentation of the identification feature.
  • the persons pass through the detection device, which reads out the relevant features and optionally carries out an automated personal identification or authentication.
  • the detection device could be connected, for example, to a data processing device which, after reading out or checking the first electronic key, accesses a central data storage device and reads there reference data of the identification feature. These reference features can then be displayed to a control person who compares these features with those of the person currently present.
  • a special increase in the security of the identification feature is achieved if a second electronic key is stored.
  • This can be stored in a first training in the storage means of the authentication device, or be deposited in a second training in the electronic data set.
  • This second electronic key is independent of the first electronic key and thus makes it possible, by means of a further authentication or certification device, to deposit an additional security feature on the identification feature.
  • a control entity has the option of being able to independently check two electronic keys and thus of identifying and authenticating a person with increased security.
  • This training also makes it much more difficult for a potential attacker to manipulate the identification feature according to the invention, since he would now have to manipulate two electronic keys simultaneously and in a defined manner so as to be able to simulate a false identity.
  • the link can be designed, for example, in such a way that a non-reversible key product is formed, that is, it can not be concluded from the result of the link to the two subkeys.
  • the linking of the personal feature with the first key can be formed by a one-way operation in which the result of the link can not be used to return to the original source products. In the case of a one-way link, in particular only the result of the link is stored.
  • the link is again established or generated by an authentication station by means of a corresponding test algorithm, for example, and compared with the stored link. This makes it possible to check for a clear match without having to check the specific and safety-related essential characteristics.
  • the first and / or second electronic key is formed by an electronic key of a legal authority.
  • a legal authority for example, is a lawyer or notary, or at least a person who, by virtue of his legal status, can make a legally binding statement about the authenticity of an identification feature.
  • a person will present the identification feature of a legal authority that, after having legitimized the person by depositing his own electronic key, clearly confirms the identification feature to a person. It is essential that is determined by this one-time confirmation by a legal authority, a clear and traceable assignment of the identification feature to a person and this unique assignment in subsequent identification or Authentif ⁇ kationsvorêt the person is uniquely retrievable. It is thus possible for a third party, by checking the identification feature, to unambiguously and reliably identify and authenticate a person who presents such an identification feature; in particular, a legally binding identification and authentication is possible.
  • the legal authority may in particular be formed by any institution which can make a highly recognized and in particular legally binding statement about the identity of a person. For example, this can also be done by a nationally and / or internationally active authorization or certification facility.
  • a further development is of very particular advantage, according to which a digital image of the person-related feature is stored in the memory. is deposited.
  • a potential attacker could manipulate the carrier layer of the identification feature in such a way that an adulterated person-related feature is applied or arranged.
  • a reference image which can be compared with the feature currently arranged on the carrier layer is always available for later access for authenticating a person and thus immediately makes a manipulation attempt recognizable.
  • This training has the particular advantage that a so-called offline authentication of a person becomes possible because the reference feature to be checked or compared is present on the identification feature and thus no communication connection to a central certification or authorization device is required.
  • the authentication device By means of a corresponding access protection of the authentication device, it can additionally be ensured, for example, that access to this reference feature is possible only by reading, in particular that writing access by technical features and security devices of the authentication device is prevented.
  • the authentication device could also be designed in such a way that a writer accesses the stored feature to destroy the deposited information, the linkage and possibly also the destruction of the identification feature.
  • a particularly advantageous development is obtained when the first electronic key is stored encoded in the digital image.
  • such coding can be carried out by means of a steganographic method, which has the advantage that the first electronic key is deposited in the digital image in such a way that the coded key does not appear when optically viewing the stored image.
  • Another advantage is that the digital image can not be manipulated because any manipulation attempt would automatically invalidate the linkage of the personal feature with the first electronic key.
  • this embodiment has the particular advantage that such a coding method is usually not reversible, ie that it is not possible for manipulation purposes to cancel the coding that is per- To change sonen lakee feature and then perform the coding or the link again.
  • the electronic data record is stored in a storage means of a data processing device.
  • the data processing device may, for example, be arranged in a security area to which only a selected group of people has access. If necessary, several electronic data records can now also be stored in the data processing device. For example, so electronic records several people can be managed.
  • the data processing device has a communication connection, which is designed to allow a remote data counter to access the electronic data record.
  • the data processing device can be formed by a server which has deposited a plurality of different electronic data sets as identification labels and is accessible via a global communication network.
  • a plurality of identification and authentication devices can access the identification features and thus perform the personal identification or authentication.
  • the identification feature according to the invention is to be preferably carried, a further development is advantageous, according to which the electronic data record is stored in a mobile data memory.
  • mobile data storages already predominantly belong to devices of daily use and are therefore usually carried along.
  • the object of the invention is also achieved by a method for identifying and authenticating a person, which encompasses the method steps described below.
  • an identification feature is created that can be carried by a user or is always accessible and at any time allows identification of the person. To ensure the identity of a person, this is legitimized by a legal authority. This can be done, for example, by the person presenting the legal authority with a legally valid document proving the identity of the person.
  • the person can subsequently authenticate the identity authenticated by presenting the identification feature.
  • the identification feature When the identification feature is presented to a third party, it can thus assume, in particular legally binding, that this person clearly corresponds to the one assigned by the legal authority to this specific identification feature.
  • the presentation of the identification feature can now, after the first embodiment of the identification feature, mean that the carrier layer of a test person and / or a test device is presented.
  • the tester or examiner can be presented with a reference to the storage location of the data record, after which the identification feature can be accessed via a communication path.
  • an embodiment is advantageous in which a second electronic key of a
  • This training also allows the realization of different security levels. For example, the authentification by means of the second key can be sufficient for simpler, safety-critical, uncritical application. If increased security is required, the first key can also be checked.
  • This external memory unit could be formed, for example, by a central data processing device which is connected to devices in order to be able to read out personal features or electronic keys as well as their encryption products from identification features.
  • the reference sentence may have an image of the person-related features of the identification feature, which means that in the case of a person authentication, it is always possible to access the original feature set that was linked to the person-related feature when legitimized by the legal authority.
  • a potential attacker could manipulate the identification feature, has no access to the stored reference sentence, so that the manipulation attempt would be recognized immediately on the next person authentication. To authenticate a person is thus always a no or only extremely difficult to manipulate reference sentence available, resulting in a significant increase in the security and reliability of the identification of a person for a third party.
  • this reference sentence can of course be encrypted or correspondingly encoded, for example by way of a one-way encryption, which represents a further security hurdle for a potential attacker.
  • the identification and authentication of a person is compared with a detected feature.
  • This comparison can be carried out by a control person and / or an automated control device, in particular this check is carried out when a person who carries an identification feature or presents a reference presents it to a third party and wants to identify and authenticate himself.
  • a detection device can then record personal features, transmit them to a processing device or a control person, who compares the currently acquired data with stored reference data. In case of correspondence, it is thus ensured that the currently present physical person agrees with the person for whom the identification feature was confirmed or assigned by a legal authority.
  • a further particular increase in the security of collecting the personal feature for filing and linking with the first electronic key is that the personal feature is recorded in real time before or through the Legal Authority, thereby increasing the authenticity of the personal characteristic covered. is clearly confirmed. Since the personal feature is the essential feature of the identification feature, this training brings a very special increase in security, since the detected feature is detected under supervision and deposited without the possibility of manipulation and linked to the key.
  • Fig. 1 shows an embodiment of the identification feature according to the invention
  • Fig. 2 The process steps for forming an identification feature for unique
  • Fig. 3 A device for access security checking the identity of a person
  • FIG. 4 shows a device for authenticating an identity feature.
  • the identification feature 1 shows an embodiment of the identification feature 1 according to the invention, comprising a carrier layer 2, a personal feature 3, in particular an image of the person, and an authentication device 4 with a storage means 5 in which a first electronic key 6 is stored.
  • the identification feature 1 additionally has a communication device 7 with a communication connection 8.
  • further personal or institutional features 9 can be arranged and / or integrated.
  • the identification feature 1, in particular the carrier layer, is preferably designed as a document of identification in order to enable a carrier of this identification feature access or access to areas or information that are not generally accessible. Since the identification feature according to the invention may have to be permanently carried along, the carrier layer is preferably formed like a check card, so that there can be no restriction of freedom of movement or no structural threat to the identification feature due to the personal movement. In particular, a check card-type design has the advantage that the identification feature can be arranged in a passport or wallet that is usually carried along.
  • Training as a chip card has the further particular advantage that such cards are particularly widespread and therefore are particularly cost-effective and in particular have components or modules which are of particular importance for carrying out the identification and authentication method according to the invention and thus of a detection device need not be provided for identity or authenticity check.
  • a person-related feature 3, 9, in particular the image of the person assigned to the identification feature can be manipulated in an abusive manner and thus the identification feature can be used to presage a false identity.
  • a person-related feature 3 can be manipulated in an abusive manner and thus the identification feature can be used to presage a false identity.
  • it can be in an optical examination of a Personnel-related feature by a control person to errors, whereby an attacker access to sensitive areas may create.
  • the very particular advantage of the inventive identification feature lies in the fact that the first electronic key 6 is linked to the person-related feature 3 and optionally to another feature 9.
  • the personal feature 3 is preferably formed by an image of the person, which has the advantage that in addition a visual comparison of the person presenting the identification feature, with the deposited image 3 is possible.
  • the linking of the electronic key 6 with the personal feature 3 takes place, for example, in that an electronic representation of the person-related feature 3 is generated and, for example, stored encrypted in the memory means 5 with the first electronic key 6.
  • an embodiment is preferred in which a digital representation of a personal image 3 is stored in the storage means 5 and the digital image is linked to the first electronic key 6 by means of a steganographic process, whereby the first electronic key is hidden in the digital image becomes.
  • a checksum is determined, which is encrypted with the first electronic key and then hidden in the digital image.
  • the identification feature For data-related communication of the identification feature 1 with a detection device, the identification feature has a communication means 7 with a communication connection 8.
  • the identification feature has a communication means 7 with a communication connection 8.
  • the preferred embodiment as a credit card-type smart
  • the arrangement of the communication port 8 on the carrier layer 2, and the formation of the carrier layer itself is set.
  • the communication connection 8 can, in addition to contact-type training, also be be be trained and thus allows a performance of the authentication without the identification feature must be arranged in a detection device.
  • the standard ISO / IEC 14443 specifies the training for contactless readable chip cards.
  • the authentication device 4 can now be designed to provide characteristic features of the link between the personal-related feature 3 and the first electronic key 6, via the communication device 7 of a detection device. However, it is also possible for the authentication device to compare a currently recorded personal feature with the stored personal feature and to transmit a recognized match to the capture device. In this embodiment, no feature of the link or the first key from the identification feature is transmitted to the outside in an advantageous manner.
  • the authentication device 4 has a data processing device or a cryptography module 10 according to a development.
  • the authentication device 4 can be designed to secure the stored features or electronic keys in such a way that an attacker, even when accessing the stored features or keys, has no advantage from this
  • Gain access This is achieved for example by a one-way encryption, which is performed by a cryptography module and can not be deduced from the result of the backup on the original features.
  • the authentication device can also assume complex tasks, for example a multi-level feature check with an optionally required determination of person-specific features, it being advantageous if the authentication device comprises a data processing device, since such a device can perform mostly complex processing steps.
  • training as a chip card or smart card has the advantage that such a data processing device is usually an integrated part of such a card.
  • a second electronic key 11 can be arranged in the storage means 5 of the authentication device 4.
  • the essence of the first and / or second electronic key is that it is issued or provided by an authentication or certification authority, this certification or authorization device complies with a high international standard regarding the reliability of the generated electronic key. In particular, such devices meet special requirements for the creation and management of user data for the generation of electronic keys.
  • FIG. 2 shows a schematic diagram of the method for forming an identification feature 1 according to the invention, which enables unambiguous identification and authentication of a person.
  • an unpersonalized identification feature 13 is personalized with personal features 3, 9, ie the features 3, 9 are arranged or deposited on the identification feature 13.
  • the user 15 brings the personalized identification feature 16 together with a constitutionally valid document 17 for determining the identity of the person 15 of an authorization authority 18.
  • the authorization authority 18 is preferably formed by a legal authority, for example by a lawyer or notary. This checks the identity of the person 15 by means of the attached document 17 and then stores his own first electronic key 6 in the personalized identification feature 16, in particular in the storage means, whereby this is legitimized.
  • the essential step of the method according to the invention lies in the fact that the authentication authority 18 links the first electronic key 6 deposited in the identification feature 16 with a personal feature 3, 9 and thus forms an irrevocable connection 19.
  • the method steps for carrying out the personalization 12 or the authorization 14 of the identification feature require that the identification feature be arranged in an access control and control device (not shown), which may be formed by a data processing device having a communicatively coupled communication device which is connected via the communication port 8 establishes a data connection with the authentication device 4.
  • the essential technical effect of this process according to the invention lies in the fact that an identification feature 1 is created which links a personal feature 3 with a first electronic key 6 in such a way that this manipulation results in a manipulation of the Identification is as far as possible prevented and thus the identity and authenticity of a person is clearly and legally valid.
  • the personalization 12 of the identification feature 13 can also comprise a step in which a second electronic key 11 is stored in the storage means 5 of the authentication device 4.
  • the first 6 and possibly second 11 electronic keys are preferably provided or managed by an external certification or authorization device 20, 21.
  • this device has a high degree of acceptance of its security with regard to the generation or management of the electronic keys. Examples of such devices are: RSA or VeriSign.
  • These devices manage a set of electronic keys that is uniquely associated with a registered user.
  • a key phrase is used after a so-called public key system, which consists of a private and a public key. A detailed description is omitted here, since public key systems are known to the skilled person.
  • the advantage of such key systems lies in the fact that it is always possible for third parties to determine the authenticity of an electronic key from an independent certification and authentication device 20, 21.
  • FIG. 3 shows an application of the method according to the invention for the unambiguous identification and authentication of a person 15 by means of the identification feature 1 according to the invention.
  • the access to a device that is not generally accessible can be secured by means of an access control device 22.
  • a clear identification and authentication of a person 15 is required.
  • the person 15 presents the identification feature 1 of a detection device 23, which evaluates this.
  • the identification feature 1 is arranged in a read-out device 24, wherein a communication connection with the authentication device is established via the communication connection 8.
  • the detection device 23 can now be embodied, for example, for the automated identification and authentication of a person, for example by detecting an image of the person with a detection means 25, preferably an optical image detection device, and an evaluation and comparison module 26 with the identification feature 1 stored personal characteristics is compared.
  • a personal Feature 3 is preferably formed as an image according to an internationally recognized standard, in particular according to ICAO, the evaluation and comparison module 26 predominantly fully automatically perform a comparison of the currently acquired image with the stored personal feature.
  • the detection device 23 can be used in an external certification or.
  • Authorization 21 check the validity and authenticity of the first electronic key 6. Likewise, it is also possible to test a second electronic key 11 by means of a further certification or authorization device 20.
  • identification feature 1 personal features deposited on the identification feature 1 are not read out by the capture device 23, but that a currently captured image of the person is processed and processed, for example by a cryptography module 27 of the capture device 23, and subsequently to the Identification 1 transmitted.
  • the authentication device of the identification feature 1 checks whether the detected and correspondingly processed image of the person matches the stored personal characteristic 3 and generates a corresponding release signal based thereon, which is transmitted back to the detection device 23, which then releases the access control device 22 ,
  • FIG. 4 shows a device for forming the identification feature 1 according to the invention, in particular in order to associate a person-related feature with a first electronic key and deposit it on the identification feature.
  • the method steps for personalization and authentication of an identification feature are preferably carried out by means of a data processing device 28, since such a device is widely used and, in particular, a generally configured feature is designed for processing electronic or digital information units.
  • a data processing device 28 comprises an image processing module 29, which transfers an image of a person 15 captured by an image capture device 30 into a further-processing display form 31.
  • the image capture device 30, for example a camera is connected to the data processing device 28 via a communication port.
  • the image rendering module 29 can control the image capture device 30 to achieve the standard required image becomes.
  • the image processing module preferably converts the acquired image information into a standardized image data format which can be processed by a plurality of data processing systems.
  • An essential feature of the inventive identification feature or of the method is that an electronic key, which meets high requirements with regard to a tamper-proof security, is linked to the person-related feature, in particular the image.
  • an electronic key which meets high requirements with regard to a tamper-proof security
  • the first electronic key 6 can be arranged in digital image data by means of a steganographic method.
  • a characteristic reference value for example a hash value
  • This cryptographic result can now be formed in such a way that it can not be deduced from the original image data or the electronic key.
  • This training has the advantage that after authenticating the identification feature by an authority, the person-related feature need not be retrieved, but that in a subsequent identification and authentication of a person by a third party an image of the person is detected, and by means of same cryptographic encryption method, again resulting in a cryptographic result.
  • This result can now be compared with the cryptographic result stored on the identification feature in order to be able to authenticate the identity of the person.
  • the authentication device 4 of the identification feature 1 or the storage means of the authentication device can also be designed in such a way that access to stored personal characteristics in order to be able to modify or process them is only possible for an authority who owns the first electronic key.
  • the first electronic key 6 can be part of a key system, which is dependent on a certification Authorization device is provided and / or managed.
  • This Zertaimssl. Authorization device can now be part of the data processing device 28 or be connected to it locally 33.
  • a remote certification and authorization device 21 is also possible, which is communicatively connected to the data processing device 28 via a public communication medium, for example the Internet .
  • a so-called public key system can be used here, wherein the authority in the authentication of the identification feature links the image with his private key and deposited on the identification feature. Since a potential attacker never knows the private key of the authority, a manipulation of the personal feature is not possible, as this would also invalidate the link with the first electronic key.
  • a third party can now determine the identity and authenticity of a person who presents the identification feature by, for example, presenting the encrypted personal image of the certification and authorization device 21, which can automatically confirm the authenticity of the personal feature deposited on the identification feature.
  • the identity of the physically present person can now be clearly authenticated.
  • the identification feature 1 is arranged in an access device 34, which via the communication device and in particular via the communication port 8, a data connection between the data processing device 26 and the authentication device 4 of the identification feature 1 produces.
  • a further embodiment of the identification feature according to the invention can also be that the assigned person himself authenticates further features.
  • the person can, for example, capture an image by means of an image capture device of a data processing device and, by comparison with the stored feature, authenticate his own identity. It does not matter whether it is an identification feature according to the training with a carrier layer, or an electronic record. After successful authentication, the person can, for example, another identification feature create.
  • a widely used data processing device usually has all the necessary components in order to be able to carry out the method steps according to this development.
  • the exemplary embodiments show possible embodiments of the identification feature or of the method for authenticated identification of a person, wherein it should be noted at this point that the invention is not limited to the specifically illustrated embodiments of the same, but rather various combinations of the individual embodiments are possible with each other and this possibility of variation is due to the teaching of technical action by objective invention in the skill of those skilled in this technical field. So are all conceivable embodiments, which are possible by combinations of individual details of the illustrated and described embodiment variant, includes the scope of protection.
  • FIGS. 1 to 4 can form the subject of independent solutions according to the invention.
  • the relevant tasks and solutions according to the invention are to be found in the detailed descriptions of these figures. Reference design

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Collating Specific Patterns (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne une caractéristique d’identification (1) permettant l’identification authentifiée de personnes, comprenant une couche support (2) ; un dispositif d’authentification (4) doté d’un moyen de mémorisation (5) qui est conçu en tant que mémoire semi-conductrice non volatile, réinscriptible ; une caractéristique relative à la personne (3) ; un dispositif de communication (7) pourvu d’un raccord de communication (8). Une première clé électronique (6) est déposée dans le moyen de mémorisation (5) et est associée à la caractéristique relative à la personne (3). La présente invention concerne en outre une caractéristique d’identification permettant l’identification authentifiée de personnes, comportant un ensemble de données électroniques dans lequel sont déposées une reproduction électronique d’une caractéristique relative à la personne (3) et une première clé électronique (6), la première clé électronique (6) étant associée à la caractéristique relative à la personne. La présente invention concerne en outre un procédé permettant l’identification et l’authentification d’une personne avec une caractéristique d’identification.
EP09756647A 2008-10-07 2009-10-07 Caractéristique d'identification Withdrawn EP2364491A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AT0157008A AT507372A1 (de) 2008-10-07 2008-10-07 Identifikationsmerkmal
PCT/AT2009/000388 WO2010040162A1 (fr) 2008-10-07 2009-10-07 Caractéristique d’identification

Publications (1)

Publication Number Publication Date
EP2364491A1 true EP2364491A1 (fr) 2011-09-14

Family

ID=41507876

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09756647A Withdrawn EP2364491A1 (fr) 2008-10-07 2009-10-07 Caractéristique d'identification

Country Status (6)

Country Link
US (1) US8870067B2 (fr)
EP (1) EP2364491A1 (fr)
JP (1) JP5739336B2 (fr)
CN (1) CN102265311B (fr)
AT (1) AT507372A1 (fr)
WO (1) WO2010040162A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2500823B (en) 2013-03-28 2014-02-26 Paycasso Verify Ltd Method, system and computer program for comparing images
DE102014004673A1 (de) 2014-03-31 2015-10-01 Audi Ag Verfahren zum Ablegen einer Sendung in einem Kraftfahrzeug und zugehöriges Kraftfahrzeug
JP6603970B2 (ja) * 2018-03-20 2019-11-13 本田技研工業株式会社 電子キー管理装置、電子キー管理システム、電子キー管理方法、およびプログラム
US20220012501A1 (en) * 2018-12-14 2022-01-13 Xovis Ag Method and arrangement for determining a group of persons to be considered

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4879747A (en) 1988-03-21 1989-11-07 Leighton Frank T Method and system for personal identification
IT1269422B (it) * 1994-01-11 1997-04-01 Alfi Srl Procedimento per l'ottenimento di dispositivi di identificazione di autenticita' per la fruizione di servizi in genere, garantita senza ricorso al costruttore del dispositivo per assicurarne la validita', nonche' dispositivo ottenuto
US6900720B2 (en) 2001-12-27 2005-05-31 Micro Enhanced Technology, Inc. Vending machines with field-programmable locks
US6745936B1 (en) * 1996-08-23 2004-06-08 Orion Systems, Inc. Method and apparatus for generating secure endorsed transactions
US5872848A (en) * 1997-02-18 1999-02-16 Arcanvs Method and apparatus for witnessed authentication of electronic documents
DE19906388A1 (de) 1999-02-16 2000-08-24 Bundesdruckerei Gmbh Verfahren und Vorrichtung zur Personalisierung und Verifizierung von Identitäts- und Sicherheitsdokumenten sowie ein damit verwendbares Identitäts- und Sicherheitsdokument
US7664264B2 (en) * 1999-03-24 2010-02-16 Blue Spike, Inc. Utilizing data reduction in steganographic and cryptographic systems
AU777437B2 (en) * 1999-12-07 2004-10-14 Sun Microsystems, Inc. Secure photo carrying identification device, as well as means and method for authenticating such an identification device
JP4114032B2 (ja) 2000-09-26 2008-07-09 セイコーエプソン株式会社 個人認証装置
US20050132194A1 (en) * 2003-12-12 2005-06-16 Ward Jean R. Protection of identification documents using open cryptography
DE102004008840A1 (de) * 2004-02-20 2005-09-01 Bundesdruckerei Gmbh Verfahren zur Herstellung eines buchartigen Wertdokuments sowie ein buchartiges Wertdokument
EP1653395A3 (fr) 2004-10-01 2006-05-10 Axalto SA Procédé de sécurisation d'un objet portatif personnel
US20060136997A1 (en) * 2004-12-21 2006-06-22 Eastman Kodak Company Authentication system and method
US20070204162A1 (en) * 2006-02-24 2007-08-30 Rodriguez Tony F Safeguarding private information through digital watermarking
DE102006030406A1 (de) * 2006-06-29 2008-01-03 Bundesdruckerei Gmbh Wert- oder Sicherheitsdokument mit zumindest zwei Anzeigevorrichtungen
US7546671B2 (en) * 2006-09-26 2009-06-16 Micromechanic And Automation Technology Ltd. Method of forming an inlay substrate having an antenna wire
US7860268B2 (en) * 2006-12-13 2010-12-28 Graphic Security Systems Corporation Object authentication using encoded images digitally stored on the object

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2010040162A1 *

Also Published As

Publication number Publication date
CN102265311B (zh) 2016-03-30
US8870067B2 (en) 2014-10-28
AT507372A1 (de) 2010-04-15
CN102265311A (zh) 2011-11-30
JP5739336B2 (ja) 2015-06-24
US20110220716A1 (en) 2011-09-15
WO2010040162A1 (fr) 2010-04-15
JP2012517626A (ja) 2012-08-02

Similar Documents

Publication Publication Date Title
DE69938500T2 (de) Authentifizierungskartensystem mit einer entfernten zertifizierungsinstanz
DE69415053T2 (de) Verfahren und Vorrichtung zur Kreditkartenechtheitsprüfung
EP2949094B1 (fr) Procédé d'authentification d'un usager vis-à-vis d'un distributeur automatique
EP1188151B1 (fr) Dispositifs et procede pour l'authentification biometrique
DE19860177C2 (de) Verfahren und Vorrichtung zur benutzerkontrollierten Freischaltung von Chipkartenfunktionen
EP1706957B1 (fr) Authentification biométrique
EP3182317A1 (fr) Dispositif et procédé de fourniture personnalisée d'une clé
WO2007104423A1 (fr) Procédé et appareillage permettant de traiter en toute sécurité des informations sensibles
DE10353853A1 (de) Autorisierung einer Transaktion
EP2364491A1 (fr) Caractéristique d'identification
DE102007050480A1 (de) Dokument mit einer Anzeigevorrichtung, Lesegerät für ein Dokument und Verfahren zum Lesen eines Dokuments
EP1686541A2 (fr) Système d'identification
DE19851074C2 (de) System und Verfahren zur sicheren Identifikation und Registrierung von Personen sowie eine hierfür geeignete Registriereinrichtung
EP3252643B1 (fr) Appareil de lecture pour une carte à puce et système informatique
DE102009000404A1 (de) Verfahren zur Freischaltung einer Chipkartenfunktion, Lesegerät für eine Chipkarte und Chipkarte
DE102008001149A1 (de) Dokument mit einem Speicher und Empfänger-Gerät
WO2017036455A2 (fr) Dispositif et procédé d'authentification et d'autorisation de personnes
DE19806295A1 (de) Zugangsberechtigungs- oder Identifikationsmedium und Verfahren zu seiner Herstellung
DE102010054061B4 (de) Tragbares System aus Datenträger und Eingabemittelträger, Verwendung und Verfahren des Systems
DE102016110274B4 (de) Verfahren für ein biometrisch basiertes Auslösen einer Nutzaktion mittels einem Nutzer zugeordneten ID-Tokens
EP2053569A2 (fr) Procédé destiné à la sécurité à base de PIN d'un support de données portable contre l'utilisation non autorisée
DE102020123755B4 (de) Verfahren zum Authentifizieren mit einem optoelektronisch lesbaren Code sowie Funktionsfreigabeeinrichtung und Computerprogramm hierzu
WO2003071492A2 (fr) Procede pour constater le droit d'une personne a utiliser un support de donnees portatif
DE102012200299B4 (de) Verfahren und Vorrichtung zur Erhöhung der Sicherheit bei der Unterzeichnung eines Dokuments
EP3552189A1 (fr) Puce-implant présentant une authentification à deux facteurs

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20110504

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
18D Application deemed to be withdrawn

Effective date: 20120112

19U Interruption of proceedings before grant

Effective date: 20110509

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

D18D Application deemed to be withdrawn (deleted)
19W Proceedings resumed before grant after interruption of proceedings

Effective date: 20210901

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

R18D Application deemed to be withdrawn (corrected)

Effective date: 20220302