[go: up one dir, main page]

WO2009074866A2 - Verification system - Google Patents

Verification system Download PDF

Info

Publication number
WO2009074866A2
WO2009074866A2 PCT/IB2008/003489 IB2008003489W WO2009074866A2 WO 2009074866 A2 WO2009074866 A2 WO 2009074866A2 IB 2008003489 W IB2008003489 W IB 2008003489W WO 2009074866 A2 WO2009074866 A2 WO 2009074866A2
Authority
WO
WIPO (PCT)
Prior art keywords
article
user
verification
identification code
information
Prior art date
Application number
PCT/IB2008/003489
Other languages
French (fr)
Other versions
WO2009074866A3 (en
Inventor
Daphne Roswita Hosp
Rüdiger HOSP
Original Assignee
Daphne Roswita Hosp
Hosp Ruediger
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Daphne Roswita Hosp, Hosp Ruediger filed Critical Daphne Roswita Hosp
Publication of WO2009074866A2 publication Critical patent/WO2009074866A2/en
Publication of WO2009074866A3 publication Critical patent/WO2009074866A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip

Definitions

  • the invention relates to the field of verification systems.
  • This object may be achieved by providing a verification arrangement, a verification method, a program element, and a computer- readable medium according to the independent claims.
  • a verification arrangement comprising an article (or a product, for instance a physical body or a human being or an animal) carrying (for instance in plaintext or in encoded form such as a barcode or a 2D/3D-matrix code, the latter introducing color as a third dimension in addition to two spatial dimensions) an alphanumeric article identification code (or any other human- or machine-readable article identification code), and a verification entity (which may have processing capabilities and/or memory capabilities) storing a number of approved identification codes and being adapted in such a manner that upon input of the article identification code by the user, the verification entity outputs (for instance displays) a response indicating whether the input article identification code is identical to one of the stored approved identification codes.
  • an article or a product, for instance a physical body or a human being or an animal
  • carrying for instance in plaintext or in encoded form such as a barcode or a 2D/3D-matrix code, the latter introducing color as a third dimension in addition to two spatial dimensions
  • a verification method comprising attaching an alphanumeric article identification code to an article, inputting the article identification code by the user, and outputting a response to the user indicating whether the input article identification code is identical to one of a number of stored approved identification codes.
  • a program element for instance a software routine, in source code or in executable code
  • a processor such as a microprocessor or a CPU
  • a computer-readable medium for instance a CD, a DVD, a USB stick, a floppy disk or a harddisk
  • a computer program is stored which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
  • Data processing which may be performed according to embodiments of the invention can be realized by a computer program, that is by software, or by using one or more special electronic optimization circuits, that is in hardware, or in hybrid form, that is by means of software components and hardware components.
  • the term "carrying” may particularly denote that the article mechanically carriers the alphanumeric article identification code so that the alphanumeric article identification code is physically provided on the article. Examples for such a physical provision are printing the alphanumeric article identification code on the article, engraving the alphanumeric article identification code in the article, etc.
  • the alphanumeric article identification code may be provided on the article in a manner that the alphanumeric article identification code (in plaintext or in an encoded manner) is directly perceivable by the user using a human sense (for instance visually, readable, etc.)- This would not cover a scenario in which the alphanumeric article identification code is stored electronically on the article without being sensible by a human sense, for instance with an RFID tag.
  • stored approved identification codes may particularly denote a plurality of identification codes included in a database or in a storage device of the verification entity or related thereto.
  • These approved identification codes may be codes provided by a genuine manufacturer of articles so that correspondence between an input identification code and a stored approved identification code indicates to the user that the article is genuine, i.e. relates to a genuine manufacturer.
  • a user may simply type an alphanumeric product code into an input mask of an Internet platform or via any other user interface, and in response to the provision of the alphanumeric product code, the Internet platform or the other user interface will inform the user whether the supplied alphanumeric product code has been authorized by the manufacturer or provider of the article to indicate that the article is genuine and originates from the manufacturer or provider of the article.
  • product imitations may be identified easily and essentially in real time, for instance before the user has bought the article.
  • the verification entity may be adapted to be accessible by the user via a communication network, particularly via the public Internet.
  • a communication network particularly via the public Internet.
  • a user may use the world wide web to verify whether a product is original or not.
  • the verification entity may be adapted for denying a response upon determining that the input article identification code has already been input by a user in the past (for instance be outputting information such as "error"). This may avoid misuse of the system, so that it can be prevented that a plagiarist simply places one and the same alphanumeric product code on all of his or her imitated products, based on the knowledge of one approved alphanumeric product code.
  • the verification entity may be adapted for denying a response upon determining that the provided input article identification code has already been input by a user in the past for a number of times which number exceeds a predefined threshold value. For instance, the system may allow for a specific number of queries related to a specific article identification code (for instance once or five times). If the threshold value is exceeded, the system will not allow any further access, for instance to reduce the risk of misuse.
  • This decision criteria may be combined with at least one further criteria.
  • the additional information may comprise a point of sale of the article, a geographic position of the article and/or user, a prize of the article, an expiry date of the article, a warranty regarding the article granted to the user by a seller of the article and/or a distribution level at which the article is offered to the user.
  • Packaging of the article, consistency of the product, position of the identifier on the article, etc. are other possible exemplary decision criteria.
  • the alphanumeric article identification code carried by each article may be unique. In such an embodiment, two different original articles will never carry the same alphanumeric product code, but each one will be provided/assigned with an individual alphanumeric product code.
  • the article may comprise one of the group consisting of a drug, a medication, a mobile phone, a credit card, a bank note, a document, a cosmetical product , a consumer electronics device, a medical device, jewellery, a work of art, wine, liquor, a gemstone, an animal, a human being, monetary notes, a gear article and a food article.
  • a drug a medication
  • a mobile phone a credit card
  • a bank note a document
  • a cosmetical product a consumer electronics device
  • a medical device jewellery, a work of art, wine, liquor, a gemstone, an animal, a human being, monetary notes, a gear article and a food article.
  • an Online Biometry Certificate may be denoted as a label that helps to identify mainly genuine products like pharmaceutical products such as drugs, consumer electronics such as MP3-players, digicams, phones, documents such as passports, driver's licenses, credit cards, luxury goods such as watches, instruments, gems, pearls, art, premium brands, CDs, gear articles, etc.
  • An OBC may include a licence to check on the product ID
  • the ID is a visual identifier that assists in determining whether or not the product which a user is checking is genuine. However, without it, the user might not ensure that the product is not genuine. An ID is never to be purchased by itself without the OBC it authenticates. This may help a user to verify the authenticity of the product ID the user acquired, to be sure that the product came with one of specific OBC contents.
  • imitations of products may be detected easily, since it is sufficient to provide a list of approved numbers in the world wide web.
  • This list is not directly accessible by a user, so a user may ask the system whether a specifically identified ID is contained in the list of reliable products, or not.
  • a user may type in the number printed on (the packaging of) a product via a keypad, and when the product is genuine, this may be indicated to the user via the world wide net.
  • some kind of "passport for objects" may be provided.
  • a product identity (PID) or BrandID may be provided in form of an alphanumeric code in connection with an online brand ID card (OBC) or product ID card.
  • OBC brand ID card
  • the manufacturer or provider assigns an ID to a product, for instance prints the ID on the product or attaches a label comprising the ID to the product.
  • the ID allows the unambiguous assignment to a pool of proved products. Only from there, the product receives the OBC, that is to say the product passport.
  • This OBC uniquely describing the product can be stored in a congruent/fitting manner to the ID on a website.
  • the OBC can be used for identifying the product by means of the product ID to be input by a user.
  • the access to the OBC can be made dependent on the provision of user data (for instance provided during a registration procedure) via the requesting entity such as age, sex, family status, job (for example branch of trade), profession (for example field of professional activity), name, native languages, residence, telephone number, e-mail address, etc. Further criteria or data which may be requested are reason for request, consumer status, distributor status, manufacturer status, custom/police status, health authority status, airline status, airline authority status, insurance status, etc.
  • a product in an OBC can be the type of the product, origin/manufacturer, manufacturing number, manufacturing year, generic name of the product, brand name, medication code, packaging information, formulation, date of expiry, distribution country, photos of the original packaging, weight/density, sizes and dimensions, material, ingredients, colour, surface disposal, manual, etc.
  • the format of the identification information may be an engraving, a branding, a print, a pendant, a sticker, an (DNA)-RFID tag, a barcode, a 2-D-matrix code, a 3-D-matrix code, a hologram, a fingerprint reader, etc.
  • the provision of the OBC may be performed via the coupling of the PID to an online system.
  • the assigned OBC can be provided online, alternatively via e-mail, via mobile instant messaging (MIM), text message (SMS) to a mobile phone number/e-mail address provided for that purpose beforehand, for instance during registration or request.
  • the OBC may be a document freely designable by a manufacturer and can be adjusted in accordance with corresponding instructions.
  • the registered and verifiable product may be less prone to imitations, which is of particularly importance for products from premium brands and for pharmaceutical products.
  • the option of a unique reproduction and identification also provides protection against expiry of the date, theft, mix-up, incorrect disposal, copies and imitations, recognition of the product origin, verification of the product biometry, matching of single products and manufacture products, data accumulation for statistical reasons, insurance protection etc.
  • the OBC allows, based on product biometry, monitoring the authenticity, origin and other product specific parameters before the product is sold or administered, used, disposed, cleared with the customs authorities, shipped, insured etc. This may support anti-counterfeiting.
  • each product efficiently has a product passport (mobile phone, pharmacological product, etc.). Even after unintentional removal of the PID, the OBC may remain in the web. Vice versa, it may be impossible to apply an ID in an arbitrary manner, since the assigned OBC can only be stored in the web in a controlled manner. By taking this measure, products may be verified using a certificate indicating authenticity.
  • the PIDs and online OBCs allow for a secure manufacture control.
  • the system according to exemplary embodiment of the invention may be operated without a reading device, since the sole provision of the alphanumeric identification number via telephone, Internet or any other communication network is sufficient.
  • a possible exemplary workflow for establishing such a system is the following:
  • limitations and quantities may be determined (for instance 3 times, 5 times, 9 times, always, etc.)
  • OBC visually direct or via e-mail/text message (SMS) in an indirect manner.
  • user and/or manufacturer i.e. any party providing an OBC and/or recalling an OBC
  • the option to perform procedures of switching on, switching off, invalidating/deactivating can be made dependent on time, expiry of a best before date, a number of made recalls, the event of the identification as a finder/user, or after authentication of an email address or another code.
  • a result may show that an enquirer has entered a country/location where the requested product is not supposed to be distributed according to the information given in the OBC.
  • a so-called "Quick Response” Code (compare for instance http://bloq.kaywa.com/files/Kaywareader-PR.pdf or http://de.wikipedia.org/wiki/OR Code or http://en.wikipedia.org/wiki/QR Code) being a two-dimensional (for instance matrix) bar code readable by a camera of a mobile phone may be implemented in the verification system.
  • the mobile phone may derive an article code and a link to an Internet page from the two-dimensional matrix/bar code. This provides a possibility to link a user in a fast way to an Internet page.
  • the article may carry the alphanumeric article identification code in a human readable form.
  • the alphanumeric article identification code may be directly readable from a surface of the article. Hence, no encoding being non-interpretable by a human being is connected with such an embodiment.
  • the article carries the alphanumeric article identification code in a machine-readable form.
  • Machine-readable form may particularly denote a form which allows a machine, knowing a decoding algorithm, to derive the alphanumeric article identification code in plaintext from an encoded form of the alphanumeric article identification code, for instance in the form of a one- or two- or three- dimensional matrix/bar code.
  • a machine can decrypt or decode an encrypted alphanumeric article identification code and may use this identification code for any desired purposes, such as displaying it to a user or a communicatively coupled communication partner.
  • the verification arrangement may comprise a reader machine adapted for reading the alphanumeric article identification code.
  • Such a reader machine may be operated by a user so that the (for instance decoded alphanumeric article identification code in machine- readable form) is read by the machine and is converted into the alphanumeric article identification code in plaintext.
  • a reader machine may be a barcode scanner or a portable device such as mobile phone having an image sensor for detecting the necessary data.
  • the reader machine may be adapted for displaying the read alphanumeric article identification code in a human-readable form.
  • the reader machine may have a display such as an LCD display on which the decoded plaintext alphanumeric article identification code is displayed for a user so that the user can subsequently input the alphanumeric article identification code in a separate system (for instance a computer) connected via a communication network to the verification unit for deriving information regarding the article.
  • a separate system for instance a computer
  • the reader machine may be adapted for transmitting the read alphanumeric article identification code (directly) to the verification entity and for receiving and displaying the response output by the verification entity.
  • the user may perform any action apart from operating the reader machine to read the alphanumeric article identification code which is provided in a machine-readable form (i.e. plaintext to decoded).
  • the reader machine may then derive the alphanumeric article identification code which has to be provided to the verification entity so that the latter can check in its database whether the input alphanumeric article identification code is valid or not.
  • the verification entity may then answer to the reader machine by a specific communication message.
  • a wired or a wireless communication is possible.
  • a wired embodiment there may be a wired connection between the user side and the verification arrangement side.
  • a wireless embodiment a wireless network such as a Bluetooth network, a mobile telecommunication network, etc. may be used. Combinations between wired and wireless networks, such as the public Internet, are possible.
  • the reader machine may be a portable device. In other words, it is possible that the reader machine can be carried along by a user. Thus, the user can carry the reader machine with her or him so that the user can always, by using the portable reader machine, check or verify originality of a product. More particularly, the reader machine may be a mobile phone.
  • Such a mobile phone may be equipped with a camera which can be used for detecting the (for instance encoded) alphanumeric article identification code.
  • the reader machine may then have processing capabilities to process the correspondingly read data and to derive the alphanumeric article identification code from the captured data. This can then be used for output to a user or for communication with the verification entity.
  • the reader machine may also be a personal digital assistant (PDA).
  • PDA personal digital assistant
  • the verification arrangement may be adapted for determining originality of the article. Therefore, the information or data output by the verification entity may be indicative of the information whether the article is genuine (i.e. relates to a specific manufacturer) or not (i.e. relates to any other manufacturer).
  • the verification arrangement may also be adapted as an antiforgery system.
  • the verification arrangement can also act as an anticounterfeiting system.
  • the verification entity may be adapted for, before communicating with the user, being accessed by a genuine article provider and for providing the number of approved identification codes to the genuine article provider upon request of the genuine article provider. Therefore, the system may be used by any genuine article provider which may access the verification entity via the same network or via another network as the user.
  • the genuine article provider particularly after having performed the successful authorization procedure, may then order a number of identification codes which can be stored in the system.
  • the genuine article provider may then apply a corresponding alphanumeric article identification code to each of its product, for instance by a label. Therefore, since the identification codes approved by the system are not known to the public in advance, a reliable check of a user is possible whether a certain article belongs to the genuine article provider or not.
  • the verification arrangement may comprise an information provision unit adapted for outputting information (which may be related to the article) to the user upon determining that the input article identification code is identical to one of the stored approved identification codes.
  • information which may be related to the article
  • the system may further provide additional information to the user. So, the system may be used as an information provision system as well.
  • the output information may comprise information regarding an identity of a manufacturer of the article, a local representative (for instance a distributor for a specific region or jurisdiction) representing the article, a distributor of the article (for instance an identity of a company distributing the article with agreement of the genuine manufacturer), a shipper of the article (that is a company shipping the article from a manufacturer site to stores), an expiration date of the article (for instance a date up to which the article such as a medication may be used by a consumer), product information of the article (any more detailed information regarding the article, such as composition, etc.), an image of the article (for instance one or more photos or drawings thereof) and/or operating instructions regarding the article (for instance an operating manual can be downloaded via a communication network with such a system).
  • a local representative for instance a distributor for a specific region or jurisdiction
  • a distributor of the article for instance an identity of a company distributing the article with agreement of the genuine manufacturer
  • a shipper of the article that is a company shipping the article from a manufacturer site to stores
  • the information provision unit (which may provide the OBC) may be adapted for dynamically updating information related to the article over a lifetime of the article, for instance when things change during the lifetime of the article, for instance an instruction manual which has been updated, etc.
  • the dynamic updating of the information may also relate to a scenario in which a medication is in a state in which the expiration date has not yet expired, but an expiration date will approach soon. In such a scenario, the remaining time for using the medication may be indicated to the user to alert the user regarding the upcoming expiration date.
  • the information provision unit (which may provide the OBC) may be accessible to and manageable by a manufacturer of the product.
  • the information provision unit may be adapted for outputting information related to the article by directly transmitting the information to a user communication entity operable by the user for inputting the article identification code.
  • a user communication entity may, for instance, be a computer or a mobile phone or any other communication device which is operated by a user and via which a user provides the alphanumeric article identification code. This data can be directly sent to the user for display, printout etc.
  • the information provision unit outputs information related to the article by transmitting a link to an information source to a user communication entity operable by the user for inputting the article identification code.
  • the system only provides the user communication entity with information where the data can be accessed.
  • Such a link can be an URL, etc. Therefore, it is possible that the system is also used with a user communication entity having low processing and storage capabilities, since there is no need that the information provided to the user is stored on the user communication entity.
  • another advantage of such an embodiment is that a user may decide whether storage and processing capabilities are presently used for downloading the material or whether the user is not interested to download the specific information at a present time.
  • the information provision unit may be adapted for outputting information related to the article by transmitting the information to an information display unit (for instance of a mobile phone) differing from a user communication entity operable by the user for inputting the article identification code.
  • the verification arrangement may comprise a number (for instance more than one hundred) of articles (at the manufacturer side) each carrying exactly one alphanumeric article identification code (particularly each carrying a unique article identification code) corresponding to exactly one of the number of stored approved identification codes in the database assigned to this manufacturer.
  • a number for instance more than one hundred
  • articles at the manufacturer side
  • each carrying exactly one alphanumeric article identification code particularly each carrying a unique article identification code
  • an unambiguous assignment between an article and an improved identification code is possible.
  • Such a system is failure-safe.
  • the verification entity may be adapted for outputting the response indicating a number of times the corresponding identification code has been queried in the past. This may be related to a number of accesses of all users to this code, or may be related to a number of accesses of a specific user to this code. This information may be useful for a user to obtain information regarding originality. If a specific identification code has been used many times in the past, particularly by different users, this may be an indication that the product is not genuine. Additionally or alternatively, one or more other decision criteria may be implemented.
  • the verification entity may be adapted for establishing a probability of a counterfeit of the article and for outputting the response indicating the probability of a counterfeit of the article. Therefore, the verification entity may quantify a probability that the article is not original. This allows a user to get an intuitive impression regarding a possible lack of originality.
  • the verification entity may be adapted for estimating the probability of a counterfeit of the article based on a product type of the article (for instance high value articles may be more prone to forgery), a manufacturer of the article, a number of times the corresponding identification code has been queried in the past (a large number of queries may be an indicator for misuse), statistical counterfeit data regarding the article (for instance the system may collect statistical data to derive information in which scenario a counterfeit is probable), statistical counterfeit data regarding the manufacturer article, a value of the article (for instance high value articles may be more prone to counterfeit than low price articles), and a regional origin of the article (a regional origin of a high appreciation or reputation may be more prone to counterfeits).
  • a product type of the article for instance high value articles may be more prone to forgery
  • a manufacturer of the article a number of times the corresponding identification code has been queried in the past (a large number of queries may be an indicator for misuse)
  • statistical counterfeit data regarding the article for instance the system may collect statistical data to derive information in which scenario
  • the verification entity may be adapted for visually outputting the response indicating the probability of a counterfeit of the article for instance as a color code.
  • a "red” color may indicate a high probability of a counterfeit
  • a "yellow” color may indicate a medium probability of a counterfeit
  • a "green” color may indicate a low probability of a counterfeit.
  • a "black” color may indicate a high probability of a counterfeit
  • a "red” color may indicate a medium probability of a counterfeit
  • a "green” color may indicate a low probability of a counterfeit.
  • a bar plot may be used, the extension of the bar indicating a probability of a counterfeit.
  • the probability level may be also indicated verbally, for instance by displaying a statement such as "high risk”, “medium risk”, “safe”, etc.
  • the verification entity may be adapted for removing the approved identification code from the stored number of approved identification codes after expiry of an expiration date of the article assigned to the respective identification code.
  • Such an embodiment may involve a further safety feature, for instance when the article is a medication or a food stuff.
  • the system may warn a user that the product or article cannot be used any longer since the expiration date has expired. Therefore, compliance of patients may be improved.
  • a specific company can upload a number of brand identifiers to a website after a previous authentication and declaration. This company may then attach the brand identifiers as labels on their products.
  • Such a brand ID may be visible (for instance by providing an alphanumerical code, i.e. a code formed of letters and/or numbers) and may therefore be optically readable. It may be optically readable only for a human user or only by a reader device, or may be readable by a user and a reader device.
  • a reader device may comprise a camera which may be capable of reading certain data, for instance a quick response (QR) code. Therefore, any person involved in a distribution chain of an article may be enabled to check at any time whether a project is genuine. For instance, a user or consumer may query originality at a point of sale. Optionally, further information can be derived from the system.
  • a (for instance virtual) brand ID card may be sent from the verification database to the user.
  • a brand ID card may include electronic information regarding manufacturer, representative in a specific country, shipper, seller, regional origin, route of transport, itinerary, expiration date, etc. It is also possible that one or more criteria for exclusion may be defined and/or one or more criteria for acceptance.
  • Such a brand ID card may be denoted as a passport for a product which can be constant over time or which may be updated or extended over the lifetime of the product. For instance, a change of a proprietor of the product may be input in the system. Moreover, individual product parameters, changes of values, etc. may be reported by the brand identifier card.
  • the brand identifier card may be presented to a user for instance via a window on a computer.
  • the information may also be provided indirectly, so that for instance only a link to a site may be sent where the information can be taken from (for instance only after previous successful identification of a user). It is also possible to upload product photos into the brand ID card by a manufacturer.
  • the brand ID card may also include information which features the product does not offer.
  • a payment system such as PayPal or WorldPay may be integrated in the system.
  • emails and/or text messages such as SMS or MMS (multi media message) or MIM (mobile instant messaging) may be integrated in the system.
  • Log files may be created to collect statistics about user groups, age, access time, etc. to continuously improve reliability.
  • the verification entity may be adapted in such a manner that upon input of the article identification code by the user, the verification entity requests additional information from a user inputting the article identification code for determining whether the article is genuine.
  • This additional information to be requested may be specifically determined by the verification entity to broaden the basis of information based on which the probability of forgery may be estimated qualitatively or quantitatively (for instance by applying mathematical algorithms or empirical rules). If there remain doubts at the side of the verification entity (for instance since it is determined that the article identification code has already been input extensively in the past), specific additional questions may be asked to the user, for instance by sending a corresponding communication message to the communication device operated by the user. This request and answer sequence may be repeated, if desired, until the verification entity has sufficient information for a reasoned estimation of the probability that the article is genuine.
  • the verification entity may be adapted in such a manner that upon receipt of the additional information, the verification entity outputs a result indicative of a probability whether the article is genuine.
  • a result indicative of a probability whether the article is genuine This may be a verbal output (for instance "high reliability”, “medium reliability”, “low reliability”) or a quantitative result (for instance "80% reliability”) which may be based on empiric data or a calculation based on a theoretical model.
  • the verification entity may be adapted for determining the result depending on both the article identification code and the additional information.
  • this information may be synergetically combined with additional information to increase reliability of the result.
  • the additional information may comprise a point of sale of the article, a geographic position of the user, a prize of the article, an expiry date of the article, a warranty regarding the article granted to the user by a seller of the article and/or a distribution level at which the article is offered to the user.
  • the verification entity has the information in which countries a genuine manufacturer sells products and in which countries a genuine manufacturer does not sell products, the indication of one of the latter countries may be considered as a significant indication that the article is not genuine.
  • positive decision criteria may be used for evaluating a probability that the product is genuine
  • negative decision criteria may be used for evaluating a probability that the product is genuine.
  • the presence of such a negative decision criteria may result in the result that the article is not genuine.
  • a negative decision criteria point of sale indicated by user s outside of countries in which a genuine manufacturer does sell products
  • Another additional or alternative identification criteria whether the article can be considered or classified as genuine is a serial number or a manufacturer number of the article which can be printed on the article and can be assigned to the article on the brand ID card, i.e. which may form also part of the "additional information" regarding the product.
  • serial numbers may be consecutive or successive numbers provided by a manufacturer individually to each article.
  • WO 87/00659 discloses a patient identification system for hospitals for correctly assigning elements (such as medication to be administered) to a patient and for ensuring that an identified element, in fact, relates to a specific patient.
  • a biometric identification item comprising a biometric sensor adapted for sensing biometric data of a (for instance human) user, a determining unit adapted for determining whether the sensed biometric data is in accordance with reference (for instance pre-stored) biometric data of an authorized (for instance human) user, and an output unit adapted for outputting identification information if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data.
  • a method of managing identification information comprising sensing biometric data of a (for instance human) user, determining whether the sensed biometric data is in accordance with reference (for instance pre- stored) biometric data of an authorized (for instance human) user, and outputting identification information upon determining that the sensed biometric data is in accordance with the reference biometric data.
  • an arrangement comprising a control unit, a database and a biometric identification item having the above mentioned features, wherein the biometric identification item comprises unique identification information (which may be provided by the output unit of the biometric identification item) and is adapted to be assigned to a user.
  • the database is accessible to the user to provide user data for registering the user in connection with the biometric identification item.
  • the control unit is accessible to a finder of the biometric identification item assigned to the user to inform the control unit, based on the unique identification information, that the finder has found the biometric identification item assigned to the user.
  • the control unit is adapted to provide the finder with the user data in case the finder has noticed that the finder has found the biometric identification item.
  • a method of providing a finder of a biometric identification item having the above mentioned features with user data comprises assigning unique identification information of the biometric identification item to a user, providing, by the user, the data for registering the user in connection with the biometric identification item, a finder noticing the biometric identification item and that the finder has found the biometric identification item, the finder providing the unique identification information, and providing the finder with the user data when the finder has noticed that the finder has found the biometric identification item.
  • the term "identification item” may particularly denote a device or a member which can serve as a secure carrier of identification information.
  • the biometric identification item may store or contain identification information which is provided only to a user when the user has proved her or his authorization by biometry.
  • biometric sensor may particularly denote any detection unit which is capable of distinguishing between an authorized user and other users based on biometry.
  • biometric or anatomical properties related unambiguously to a body of a user may be analyzed with such a biometric sensor.
  • authorized (human) user may particularly denote a specific individual user who has registered herself or himself beforehand with the biometric identification item so that biometric data provided by this user is stored by the biometric identification item as reference biometric data, thereby personalizing or individualizing the biometric identification item in accordance with one specific authorized human being.
  • a biometric identification item such as a plate-like element is provided which may be adapted for use in a finder system. Identification information contained in the biometric identification item is only perceivably provided for a human being by the biometric identification item after having checked biometrically whether the user requesting access to this information is in fact the authorized user.
  • the high degree of security of this identification system may be obtained by providing a biometric sensor ensuring that only an authorized user who authorizes herself or himself according to biometry gets access to the identification information.
  • This identification information may in turn enable access to user data (particularly medical user data) stored in a central database (of an arrangement apart from the biometric identification item) which is accessible, for instance, via the Internet. To get access to such user-specific medical data, knowledge of the identification information is necessary. Therefore, the identification information may also be denoted as an access code or a password. Since the medical data of the authorized user is highly confidential, access to such data shall only be provided to an authorized person.
  • Such an authorized person may be the user him/herself or may be a first aid attendant, paramedic, medic, or ambulance staff finding an unconscious user in a medical emergency case and desiring access to the medical user data stored in the central database.
  • a first aid attendant puts the user's finger on a fingerprint sensor (as an example of the biometric sensor) of the biometric identification item, thereby forcing the. output unit such as an LCD to display the identification information.
  • the first aid attendant may then go via the Internet to a page providing the medical user data, such as an allergy of the user to a specific drug, etc.
  • the biometric sensor may sense a biometric data set. Since DNA sequences or other biometric parameters are (essentially) unique for individual human beings, a forgery proof system may be provided. Particularly, a fingerprint sensor may be combined with a processing unit such as an integrated circuit (optionally provided with an RFID tag also enabling wireless communication). Therefore, for a rescue finder system, a high degree of data security may be provided.
  • a processing unit such as an integrated circuit (optionally provided with an RFID tag also enabling wireless communication). Therefore, for a rescue finder system, a high degree of data security may be provided.
  • An example of a fingerprint sensor which may be implemented according to an exemplary embodiment of the invention is a foil-like fingerprint sensor offered by the company Fidelica (www.fidelica.com), which may have a thickness of 0.5 mm.
  • a fingerprint sensor may have the capability of storing data representing one or several fingerprints, for instance twenty fingerprints, so that the fingerprint sensor may also be used by a group of authorized persons sharing a common identification item.
  • the energy supply of such a biometric identification item may be realized via solar cells or a battery or an energy harvesting system (for instance transponders for producing energy from an electromagnetic field in the environment).
  • the biometric identification item may be shaped and designed as a key pendant or a credit card so that the biometric identification item may be carried easily by a user together with keys.
  • the user may put her or his finger onto the fingerprint sensor.
  • An integrated circuit compares the biometric data of the user with pre-stored reference biometric data indicative of the fingerprint of an authorized person who has registered beforehand. Only when a proper accordance between the detected data and the pre-stored data is found, may the system provide the desired code in a visibly or audibly or touchably perceivable manner to a user. With such a code, the person can enter a central data management system in order to get access to user data stored in this central system.
  • the procedure of outputting identification information in response to a successful biometric recognition of the authorized user may be stored as an event or in a history in the biometric identification item, thereby allowing retracing afterwards of the access request (for instance when the user has been unconscious during the access request and wishes to retrace if and when the information has been supplied).
  • the danger that the user data is read out without legitimation, that is to say by misuse may be reduced.
  • Mounting an IC-controlled biometric sensor on a rescue finder pendant does not require a permanently visible identification or verification number on the pendant.
  • the identification number is normally stored hidden from view, and will only be displayed after successful biometric recognition of the authorized user, for instance by conditioning a sensor by providing fingerprint information or by providing saliva DNA in the case of a DNA biometry sensor.
  • the integrated circuit or processing unit of the identification item may recognize the specific DNA code of the saliva (or any other body fluid) and - when the DNA code/sequence of the authorized user has been provided during registration of the biometric identification item - the biometric identification item may check whether the identification number shall be provided in a perceivable manner, or not.
  • Such a DNA biometry sensor may be sensitive to a specific DNA sequence of a user's gene, and the individual DNA sequence of a user may be read in as a code on the biometry sensor and can be evaluated by the processing unit connected to the biometry sensor, so that the processing unit can be programmed or conditioned using the DNA code.
  • Such primary conditioning of the biometric identification item may serve as a key for getting access to the identification information.
  • an electric current path may be closed and the biometric identification item can be output for a predetermined amount of time of, for instance, several seconds.
  • reading out the identification information can only be performed in a controlled and secure manner, since providing other than the user's DNA to the biometric sensor will not result in an output of the identification information.
  • biometric identification item Next, further exemplary embodiments of the biometric identification item will be explained. However, these embodiments also apply to the method of managing identification information, to the arrangement and to the method of providing a finder of a biometric identification item with user data.
  • the biometric sensor may comprise a fingerprint sensor, a DNA sensor, a saliva sensor, a retina sensor, a face sensor, a hand veins sensor, an iris sensor, a signature sensor, a voice sensor, a facial thermogram sensor, an odor sensor, or an ear recognition sensor. It is also possible that the biometric sensor comprises two or more of these or other biometric sensor components, to further improve the reliability and security. Any other biometric sensor may be used which is based on an unambiguous biological property or anatomical property of the authorized user.
  • the determining unit may be adapted for determining whether the sensed biometric data deviates less than a pre-defined threshold value from the reference biometric data of an authorized human user.
  • the output unit may be adapted for outputting the identification information if the determining unit has determined that the sensed biometric data deviates less than a pre-defined threshold value from the reference biometric data of an authorized user.
  • the output unit may be adapted for not outputting the identification information if the determining unit has determined that the sensed biometric data deviates more than a pre-defined threshold value from the reference biometric data of an authorized user.
  • the output unit may be adapted for outputting the identification information in a visual manner, in an audible manner, or in a tactile manner, or by triggering the generation of an RFID response message (i.e. an RFID tag will answer to a read request only upon successful biometric identification).
  • the output unit may be an optical display unit such as a liquid crystal display (LCD) or a light emitting diode (LED) display or an RFID tag sending a corresponding response message including identification information. Any other display is possible, wherein the described displays are specifically appropriate due to their small amount of energy consumption.
  • the identification information may be output to the user so that the user can hear the identification information such as the number.
  • a braille code may be formed on a surface of the output unit selectively in the case of a proper accordance between the pre-stored biometric sensor and the user-defined biometric sensor.
  • the output unit may be adapted to output a message, particularly a transponder message, the message comprising the identification information, if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data.
  • the output unit may trigger generation of an electronic message to be transmitted to a recipient in a wireless or in a wired manner, the electronic message comprising the identification information, for instance in plain text or encrypted.
  • an RFID tag may be provided which allows communication with a read and/or write unit only in case of a previous successful authorisation test.
  • the identification information may be unique identification information. In other words, there may be an unambiguous correlation between the identification information and a set of (for instance medical) user data stored in the central system of the finder system or of the medical emergency system, so that it may be ensured that specific identification information may only provide access to the medical data of one specific human being.
  • the identification information may be a key required to get access to user data related to the authorized user and stored in a database being external from (or internal, for instance in case of a USB stick) the biometric identification item. Such a database may be run in accordance with the distribution of identification items to different users, so that the code stored in the biometric identification item may also be stored in the database, however in the database related to the user data to which access is possible via the identification information.
  • the output unit may be adapted for outputting the identification information only or exclusively if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data. Therefore, when such correspondence or accordance cannot be determined, the output of the identification information will be denied.
  • the biometric identification item may further comprise an input unit adapted for enabling a user to input data for storage in the biometric identification item.
  • an input unit may comprise a button, a keypad, a pin, a switch, or even a microphone of a voice recognition system and may allow a user to provide the biometric identification item with data, for instance during registering or programming the biometric identification item.
  • a registration unit may be provided and adapted for enabling registration of a user as the authorized user by providing the reference biometric data to the biometric sensor.
  • the user may provide her or his biometric data to the biometric sensor, for instance by putting her or his finger onto a fingerprint sensor.
  • the registration unit will then register this data as the reference biometric data which will later, during normal use, be compared to biometric data provided to a user desiring access to the identification information.
  • a data interface may be provided for data communication with a communicatively couplable computer for registering a user by the registration unit.
  • Such a data interface may be a wired data interface such as a USB interface or may be a wireless interface, for instance for Bluetooth, infrared or RFID communication between the data interface and the coupled computer (such as a laptop or PC) which should have a corresponding data interface capable of communicating with the data interface of the biometric identification item.
  • the biometric identification item may be an independent system operable without a communicatively couplable or coupled computer. This may allow for a very safe system without any danger that data security deteriorates. In such a configuration, the system may be free of any electronic data interface to be accessed by a user.
  • the data interface may be one of the group consisting of a USB interface, a WI-FI interface, a wireless Bluetooth interface, a ZigBee interface, an RFID interface, and a WiMax interface.
  • the biometric identification item may further comprise a switch or a button adapted to be switched or operated by a user.
  • the output unit may then be adapted for outputting the identification information if the switch is switched by the user and simultaneously the reference biometric data is not yet available in the identification system. Therefore, before registering or programming an identification item (that is to say before providing the identification item with the reference biometric data), the biometric identification item may simply serve as a system which, upon being switched on by any user, outputs the identification information without access control. After registering, the secure system may then be used with access control.
  • the biometric identification item may comprise an energy supply interface adapted for connecting the biometric identification item to an external energy supply, for instance for charging an accumulator of the biometric identification item.
  • An energy supply unit of the biometric identification item may be adapted for supplying components (or parts thereof) of the biometric identification item with energy.
  • a wired connection to a power source such as a PC or a socket may be provided, or the energy supply unit of the biometric identification item may be provided internally (by a (for instance thin) battery, an accumulator, an inductive RF energy harvesting system, a mechanical energy harvesting system, a thermal energy harvesting system, a power paper printed battery system (compare: www.powerpaper.com), a solar cell, an electromagnetic resonance system generating energy from electromagnetic fields by induction, environmental heat energy harvesting, energy harvesting based on mechanical motion energy, etc.) allowing the biometric identification item to be operated as a self- sufficient device.
  • a power source such as a PC or a socket
  • the energy supply unit of the biometric identification item may be provided internally (by a (for instance thin) battery, an accumulator, an inductive RF energy harvesting system, a mechanical energy harvesting system, a thermal energy harvesting system, a power paper printed battery system (compare: www.powerpaper.com), a solar cell, an electromagnetic resonance system
  • the identification information may be a sequence of letters, a sequence of numbers, or an alphanumerical code.
  • the identification information may be a five digit code (or more or less digits) which can simply be input via a keypad of a computer to get access to an Internet page of the emergency finder system to thereby get the desired access to the user data.
  • the identification item may comprise a plate on and/or in which the biometric sensor, the determining unit, and the output unit are arranged.
  • the identification item may comprise a substrate on/in which at least a part of the components are integrated. More particularly, the biometric identification item may comprise a plate on and/or in which the biometric sensor, the determining unit, and/or the output unit are arranged.
  • the biometric identification item has the design of a pendant, a label, a sticker, a credit card, a wristband, or a tag and may therefore be easily carried by a user or be connected to elements which are usually carried with a user, such as a mobile phone.
  • the biometric sensor and the output unit may be arranged on opposing sides of the plate.
  • biometric identification item may be convenient particularly in the case of a fingerprint sensor, since putting the finger on the backside of the biometric identification item onto the fingerprint sensor may allow (in an anatomically appropriate manner) to simultaneously see the result of the detection/the identification information on the front side of the biometric identification item visible to the eyes of the user (or as a credit card on which a finger is put when the credit card is inserted into a reader so that access is only granted upon successful biometric authentication). This may allow operation of the biometric identification item with only one hand so that the other hand can be used, for instance to type the identification information in a computer or to write down the identification information.
  • the biometric identification item may comprise an inscription (for instance an imprint or an engraving) indicative of the usable qualities of the biometric identification item in the context of a finder system, particularly in the context of a medical emergency system, more particularly in the context of an arrangement which will be described in the following in more detail.
  • the output unit may be adapted for outputting a message, particularly a transponder message, the message comprising the identification information if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data.
  • these embodiments also apply to the method of providing a finder of a biometric identification item with user data, and to the biometric identification item and the method of managing identification information.
  • a user identifies himself or herself in connection with a unique identifier of an identification item, like a key ring pendant or the like. Such an identifier may be obtained by an authorized user via a biometric identification item as described above.
  • the user While carrying out the registration in the system, which may be performed via the Internet, the user may provide a database with medical data of the user which may be of interest in a medical emergency in a scenario in which the user has had an accident, such as a car accident, and is not capable of communicating the medical data of the user (for example blood group) to a physician.
  • the physician called in a medical emergency may find the user in her/his car, and may find the key ring pendant or sticker with an inscription like "Emergency Finder" or "Rescue Finder".
  • the physician may get the unique identifier (for instance by putting a finger of the injured person onto the fingerprint sensor of the biometric identification item so that the identifier will be displayed on the biometric identification item) and may call a central station of the data management system.
  • This data management system may then provide the physician with the medical user data which may allow the physician to take the correct actions to save the life of the user.
  • the control unit may be adapted to provide the finder with the user data only if the user has agreed to provide the finder with user data in case the finder has noticed that the finder has found the biometric identification item. For example, when the user registers herself/himself in the database, the user may be asked to approve that medical data may be provided to a physician in an emergency case.
  • the control unit may be adapted to provide the finder with user data only in an emergency case, particularly in case of an accident or in a medical emergency.
  • an emergency may be a car accident, a sports accident or a work-related accident.
  • committing the user to a hospital may be considered an emergency case as well.
  • the control unit may be adapted to provide the finder with user data only in case the finder has been authorized before, during or after registration to be provided with the user data.
  • the control unit may be adapted to provide the finder with user data only if authorization has been granted to the finder by the user during the registration process. For example, a group of finders may be registered or defined in the database who are deemed to have authorized access to the user's medical data. For example, all physicians working with an emergency medical service corporation may potentially be granted authorization through this registration.
  • the user data may comprise medical information related to the user.
  • medical information may comprise at least one of the group consisting of an image showing the user, the blood type of the user, a disease the user may have, (for example AIDS, diabetes), an allergy the user may have, an allergy to a medication, information regarding a medication which must be administered to the user (for example insulin), information regarding possible organ donation of the user, and any of the user's medical emergency related information, (i.e. any parameter of interest in case of an emergency).
  • the control unit may be accessible to the finder via at least one of the group consisting of a computer network, a radio communication network and a telecommunication network.
  • a computer network For example, an emergency medical service corporation may use its own internal (radio) communication system.
  • the control unit may comprise a computer and/or a call center.
  • An object to which the biometric identification item may be connected may be at least one of the group consisting of a car, a door of an apartment or a house, a key, a laptop, a motorcycle helmet, a crash helmet, a phone, a portable entertainment device, a suitcase, diving equipment, a travellers device, a credit card, and a person.
  • the biometric identification item may be connected to any object which is likely to be noticed or found by an emergency medical service in case of an emergency.
  • the database may be protected against unauthorized access to the user data.
  • the control unit may be adapted to inform the user (including reverse information about a legitimation/authorization procedure) that the finder is provided with the user data (before or after transmitting the user data to the finder), for instance via a text message, an SMS, an MMS, an email, a telephone call, a letter, and/or a facsimile. This may ensure privacy and may avoid misuse of the system.
  • the finder may be provided with the user data only after having performed a successful legitimation procedure. For example, in case of a human emergency, a physician or another person related to authorized medical staff has to become authorized before getting access to medical data of a user. This may ensure that confidential personal information is provided only to authorized persons.
  • a corresponding authorization procedure may include the answer to one or a plurality of questions (for instance with regard to a hospital to which the finder belongs, a name of the finder, a telephone number, etc.).
  • Emergency case data can only be accessed in case the user has agreed to the accessibility during registration and in case the finder (a physician or a member of a medical staff) has proven his or her authorization before getting access to the user data.
  • a legitimation procedure may include answering questions. The answers to the questions may be emailed to the user so that the user can understand at any time who has access at which time to which information, where and why. This may allow detection of misuse.
  • the method may comprise informing the user that the finder will be (in the future) or has already been (in the past) provided with the user data. After having provided a finder with data of the user, the transmission of this user information may be brought to the attention of the user.
  • a further control mechanism is triggered to ensure that non-authorized persons do not get access to the user data.
  • a further control mechanism is triggered to ensure that non-authorized persons, even when they get access to the user data, can be traced.
  • the method may comprise providing the user data to a company for economic purposes or for marketing purposes.
  • the method may comprise forcing, by the finder, the user to provide biometric data to the biometric sensor of the identification item.
  • a fingerprint module is provided which makes it very difficult to impossible to read out information which is not requested by an unauthorized user.
  • a DNA or a fingerprint sensor may be provided. Only upon successful detection of the presence of the authorized user interacting with this biometric sensor will the latter trigger an electric circuit to be closed so that current can flow, and only this current can signal the output of information stored in an RFID tag which may be part of the biometric identification item.
  • a biometrically induced RFID tag activation/read out may be made possible according to an exemplary embodiment of the invention.
  • the biometric identification item may or may not have access to an interface such as an interface connected via a USB cable. It is possible to implement rechargeable batteries or single-use batteries (disposable), for instance lasting 3 to 5 years, for powering power to the identification item. It may be possible that an empty battery or an almost empty battery (i.e. having remaining energy below a threshold value) is indicated by a blinking LED or a similar indication unit.
  • the biometric identification may or may not be connectable to the public Internet or an intranet.
  • An energy-saver switch may be provided on the biometric identification item which automatically switches the biometric identification item to an idle or power-safe mode, for instance when the biometric identification item is not in operation for longer than a predetermined threshold time interval, for instance 30 seconds.
  • biometric identification system It may be possible to register oneself in the biometric identification system via a personal computer. Alternatively, it may be possible that enrolment is done independently from any PC or any other connection or device, simply via data communication between a user to be enrolled and the biometric identification item. Touching a surface of the biometric identification item by a user may stimulate the display. However, since this activation of the biometric identification item may be an energy- consuming process, the biometric identification item may be configured to be activated after a time delay after it has been touched. Only when the touching remains for longer than a threshold value, is the display activated. It is possible to provide a manual switch to allow a user to turn the biometric identification item on/off.
  • the fingerprint sensor array may have a 12.8 mm x 12.8 mm surface.
  • the option to activate the system via button actuation may be indicated to a user by an inscription such as "press here".
  • Such instructions may be provided (printed, engraved, etc.) on a surrounding plastic/metal surface or directly on the surface of the sensor array.
  • the display may be configured to display the verification number only after successful biometric authentication and when there has been pre-enrollment.
  • An enrollment procedure may be possible in a wireless manner (for instance without involving any cables), and without the need of further periphery devices.
  • the fingerprint sensor may have a mechanism to make it not too sensitive to avoid unintentional activation.
  • the fingerprint sensor array may be switched off to save energy, under certain circumstances.
  • the verification number may be displayed continuously on the display or when touching a dedicated portion (sensor array) of the biometric identification item with any finger.
  • a dedicated portion sensor array
  • the system may be wireless, i.e. without external cable, so no connection to the computer or any network may be necessary. It is possible to provide one or more switches for power and basic communication.
  • the identification item may be usable over its entire lifetime without recharging. Enrollment and authentication may be possible without communicating with a PC.
  • An input mechanism may be provided which tells the token that a user wants to enroll. For enrolling, one button may be provided and programmed to do everything.
  • Enrolment may take place which may involve a check, a re-enrolment, and a close enrolment session operation mode.
  • Enrolment may include providing fingerprints of ten fingers.
  • a robust and simple way to handle enrolment is to use one, two or three impressions of user's fingers, including impressions of at least two different fingers (for instance index and thumb).
  • biometric identification item resistant to respect to any type of shock, such as dropping, mechanical shocks an or temperature fluctuations.
  • any type of shock such as dropping, mechanical shocks an or temperature fluctuations.
  • a user wants to enroll he or she first presses a power button and then presses an enrol button one or more times (once is easy, but may lead to accidental pressing). Then, the user has the opportunity to enrol. Enrolment may be a one-time process.
  • the user cannot re-enrol.
  • the user wants to authenticate the user just presses the power button and has the opportunity to authenticate. Only upon successful authentication, is the rescue finder number shown.
  • Fig. 1 to Fig. 3 illustrate verification systems according to exemplary embodiments of the invention.
  • Fig. 4A and Fig. 4B show a schematic overview over a verification system according to an exemplary embodiment of the invention.
  • Fig. 5 to Fig. 9 show biometric identification items according to exemplary embodiments.
  • Fig. 10 shows an arrangement for providing a finder of a biometric identification item with user data according to an exemplary embodiment in a first operation state.
  • Fig. 11 shows the arrangement for providing the finder of the biometric identification item with the user data according to the exemplary embodiment in a second operation state.
  • Fig. 12 shows the arrangement for providing the finder of the biometric identification item with the user data according to the exemplary embodiment in a third operation state.
  • Fig. 1 illustrates a verification arrangement 900 according to an exemplary embodiment of the invention.
  • the verification arrangement 900 comprises an article 902 (such as a product, for instance a medication) having a label 904 attached (for instance adhered) to the article 902.
  • Label 904 carries an alphanumeric article identification code 906.
  • a user can use the verification arrangement 900 to check whether the product or article 902 a user desires to buy in a store is genuine.
  • the user may use a user communication device 908 such as a mobile phone or a computer.
  • the communication device 908 comprises an input unit 910 via which a user may input the ID 906 which a user has read on the article 902.
  • This input information 906 may be forwarded to a communication unit 912 such as an antenna for communication via a communication network 914 such as the public Internet to a verification control system 916.
  • the alphanumeric article identification code 906 may be communicated from the user communication device 908 to the verification system 916.
  • the verification system 916 also has a communication unit 918 such as a communication antenna.
  • the communication antenna 918 may forward the supplied alphanumeric article identification code 906 to a verification entity 920.
  • This verification entity 920 stores a number of approved identification codes in a coupled storage device or database 922.
  • the verification entity 920 Upon receipt of the article identification code 906, the verification entity 920 outputs a response to the communication unit 918 indicating whether the input article identification code 906 is identical to one of stored approved identification codes.
  • the corresponding information may be transmitted back via the communication unit 918, the communication network 914, the communication unit 912 to an output unit 924.
  • the output unit 924 may for instance be a display device such as an LCD which may output originality information 926, i.e. an indication whether the verification entity 920 has recognized that the product 902 having the unique identifier 906 relates to a manufacturer having previously supplied the approved identification codes to the verification unit 920 or to the storage unit 922.
  • originality information 926 i.e. an indication whether the verification entity 920 has recognized that the product 902 having the unique identifier 906 relates to a manufacturer having previously supplied the approved identification codes to the verification unit 920 or to the storage unit 922.
  • the user When the user receives the originality information 926, the user knows whether or not the product 902 is genuine. If the same identifier 906 has already been used in the past, this may be an indication that the product 902 is not genuine and that the product 902 relates to an unauthorized manufacturer.
  • an information provision unit 928 of the verification system 916 provides further information regarding the article 902 to the output unit 924 via the network 914, which additional information may then be optionally output as article information 930.
  • a manufacturer communication unit 934 may communicate with the verification system 916.
  • the manufacturer communication unit 934 comprises a communication unit 936 such as a communication antenna. It also comprises a control unit 938 having processing capabilities.
  • the control unit 938 (for instance a central processing unit or a microprocessor) may communicate with a memory unit 940 serving as a database for storing information.
  • this manufacturer may, via the manufacturer communication system 934 register itself at the verification system 916 and will then receive a number of approved identification codes which the manufacturer 934 may then attach to its products 902.
  • Fig. 2 illustrates a verification arrangement 940 according to another exemplary embodiment of the invention.
  • Fig. 2 shows that the label 942 is attached to the product 902 which label 942 comprises the alphanumeric article identification code in plaintext 944 as well as in encoded form 906.
  • the encoded form 906 is a two-dimensional barcode (for instance a quick response (QR) system code).
  • the input unit 910 may be a keypad of a mobile phone 908.
  • the mobile phone 908 may also comprise a camera 946 for automatically capturing the machine-readable barcode 906.
  • a user may input the ID 944 via the keypad 910 into the mobile phone 908.
  • the reader machine 908 reads the alphanumeric article identification code 906 and transmits the read alphanumeric article identification code 906 to the verification entity (not shown) of the verification system 916.
  • the verification system 916 then transmits back information that the product 902 is genuine when the verification system 916 detects that never before a user has input this identification information 906. A corresponding information "product genuine" may then be displayed on a display unit 924 of the mobile phone 908.
  • a QR code 906 allows for a quick access to data by automatically reading this code (a two dimensional barcode), for instance with camera 946 of mobile phone 908 or with any other reader device.
  • a brand ID 944 provides exact product information via a brand ID card. The brand ID 944 and the QR code 906 provide security. Such a system is forgery-proof since the online brand ID card knows the product. Moreover, the product knows the inquirer. Warnings may be generated at the end of the life cycle of the product 902 .
  • FIG. 3 An alternative embodiment of a verification arrangement 950 is shown in Fig. 3.
  • the user communication device 908 is a laptop into which a user may manually input the alphanumeric article identification code 906.
  • Fig. 4A shows a verification arrangement 960 according to another exemplary embodiment.
  • the communication entities 902, 908, 916, 934 are the same as in Figs. 1 to 3, some additional features are provided which can be taken from Fig. 4A.
  • FIG. 4B Another overview over such a verification arrangement 960 is shown in Fig. 4B.
  • Fig. 5 shows an overview over a detailed implementation according to an exemplary embodiment of the invention.
  • the corresponding procedures are denoted with 4a, 4b, 4c, 4d, ... and are shown in the subsequent figures.
  • emails denoted as OBICl to OBICIl may be generated.
  • the biometric identification item 100 comprises a metal or plastic plate 101 as a substrate on and/or in which the various components of the biometric identification item 100 are provided or integrated, as will be described below in more detail.
  • a fingerprint sensor 102 is provided which is adapted for sensing fingerprint data of a user.
  • the dimension of the biometric sensor 102 may essentially equal a central portion of a finger such as a forefinger or a thumb of a user.
  • the fingerprint sensor 102 may sense the fingerprint data of the user and may send them to a connected processing unit 103.
  • the processing unit 103 may be a microprocessor or a CPU (central processing unit) and may be capable of determining whether the biometric data sensed by the biometric sensor 102 is in accordance with reference biometric data of an authorized human user provided during a registration phase of the device 100 and stored in a non-volatile memory 104. Therefore, the determining unit 103 compares the measured data provided by the biometry sensor 102 with data pre-stored in the memory unit 104.
  • the determining unit 103 will read an identification code from the memory 104 and will trigger an LCD display 105 (or an LED display) to output the code for a predetermined time of, for instance, several seconds.
  • an authorized user is capable of displaying the identification information on the liquid crystal display unit
  • the identification information may be a five key digit (or may have more digits) which is output to the user and can serve to get access to medical user data stored in a system, as will be described below in more detail referring to Fig. 10 to Fig. 12.
  • buttons buttons, via which a user may program the device 100.
  • CPU 103 may also serve as a registration unit which receives registration data via a USB interface 107 (which, in an alternative embodiment, may be omitted).
  • An energy supply interface 108 allows to connection of the biometric identification item 100 to an electric power source such as a socket or a USB connection of a PC to (re-)charge an accumulator (not shown) of the biometric identification item 100.
  • the energy supply may be provided by a solar cell 109 (or a battery, an accumulator, an energy harvesting entity, etc.) which can generate electric energy based on impinging sunlight.
  • the solar cell 109 may also power the IC 103 directly or may contribute charging the accumulator (not shown).
  • a biometric rescue finder may be provided as a secure and efficient rescue finder.
  • a keychain fob-sized token may display a tracking number in a dynamic and not only static manner so that the tracking number may be output by an output unit only upon successful fingerprint identification.
  • An identification number and a user name may be provided statically on the token and may be etched or engraved into the token body. Alternatively, these numbers may also be displayed dynamically only upon successful fingerprint identification.
  • a full biometric system may be integrated in a small package, and a five digit tracking number may be displayed only after a successful fingerprint authentication.
  • the tracking number (as an example for identification information) may be the same every time for a given token, and it can be displayed on the backside of the token.
  • an OTP (one time password) system may be provided. Upon each authentication procedure, a new password may be activated.
  • the biometric rescue finder plate 200 may be designed with a specification of 60 mm x 31 mm x 2.0 mm (minus tapered edges).
  • the biometric rescue finder plate 200 may, as shown in Fig. 7, contain a fingerprint sensor 201 (for instance Fidelica's 3002 fingerprint sensor), and the electronic design may be based on Fidelica's FIM-3002 fingerprint authentication module. Successful fingerprint authentication will result in a display of a five digit tracking number on a display unit 500, as shown in Fig. 9.
  • Fig. 8 shows a front side and Fig. 9 shows a backside of a biometric identification item 400. Further information may be inscribed on a static display area 300 shown in Fig. 7 and Fig. 8.
  • a biometric rescue finder system may, as shown in Fig. 7, contain a fingerprint sensor 201 (for instance Fidelica's 3002 fingerprint sensor), and the electronic design may be based on Fidelica's FIM-3002 fingerprint authentication module.
  • Successful fingerprint authentication will result in a display of a five digit tracking number on a display unit 500, as shown in Fig. 9.
  • Fig. 8 shows a front side
  • a user may enrol herself or himself on the biometric rescue finder token 400 using a USB cable (with specialized connector) and downloadable software.
  • the token 400 may be not be secured, and will display the five digit tracking number upon the presence of any fingerprint, not only in the presence of a fingerprint of an authorized user.
  • a complete cable-free embodiment without USB cable is possible, as well as a wireless embodiment being able to communicate wireless.
  • the biometric rescue finder 400 may be powered by rechargeable batteries, and the same USB cable that is used for communication during the enrolment process can also be used for recharging the batteries.
  • the biometric rescue finder 400 will fit the basic design shown in Fig. 6, with a maximum width of 31 mm and a maximum length of 60 mm. As shown in Fig. 7, the size will fit Fidelica's FID-3002 fingerprint sensor. Consequently, the fingerprint sensor active area may be located off-center of the token 400, as shown in Fig. 8.
  • the token 400 front side may show the fingerprint sensor 201 and a ten digits statically displayed identification number 300.
  • the token 400 can also include one or more LEDs for user feedback.
  • the token backside shown in Fig. 9 may show a five digit tracking number only after successful fingerprint authentication, displayed on the display 500 which may be an LCD or LED segmented display to enhance security and potential for configurability.
  • the display 500 which may be an LCD or LED segmented display to enhance security and potential for configurability.
  • Fig. 6 shows the dimension of the rescue finder substrate 200.
  • a fingerprint sensor 201 overlaid on the rescue finder plate 200 is shown in Fig. 7.
  • Fig. 42 shows a front side of a rescue finder 400 illustrating a fingerprint sensor active area 201.
  • Fig. 9 shows a backside of the token 400 with a verification number display 500.
  • the biometric rescue finder item 400 may be powered by a thin, rechargeable battery (or with a single-use disposable battery, or with a solar power system). Such a battery may be recharged through contacts on the token surface (not shown in Fig. 6 to Fig. 9). It is possible that there are four contacts to accommodate charging and USB connection, each size in the order of 1.0 mm x 2.0 mm. The usage cycle between recharges may be dependent on the size of the battery that can fit into the token 400. A 50 mAhr battery may allow for approximately 1000 authentication attempts between recharges.
  • Fidelica's FIM-3002 fingerprint authentication module which is based on a 32 bit microcontroller with 64 kB on chip RAM and 256 kB on chip flash memory, may be implemented in the biometric rescue finder 400. This may allow for approximately 100 kB of personal data to be saved on the token 400, if so desired.
  • This microcontroller may be designed to support USB, amongst other interfaces, so the interface design may be robust and fully featured.
  • the biometric rescue finder 400 can be provided with a custom USB cable to connect to the enrolment and charging pads, and the user may be provided with a URL from which enrolment and configuration software can be downloaded.
  • the FIM-3002 authentication module can handle enrollment for multiple users or multiple fingers from multiple users of a single token 400. These options can be configurable by the original design specification, a centralized management system, or by the users themselves. An option is to configure the biometric rescue finder 400 to be highly secure after fingerprint enrollment, but still usable if fingerprint enrolment infrastructure is not available (for instance no Internet access, PC, USB availability, etc.). In this case, prior to enrolment, the fingerprint sensor 201 will merely act as a tactile switch, and the five digit tracking number will be displayed any time any user touches the sensor 201.
  • the biometric rescue finder item 400 may be designed to allow for simple and straightforward authentication fully independent of any connection to power or host computer. A user needs only to place her or his finger on the fingerprint sensor 201, and after approximately 1 second, if the fingerprint is accepted, the tracking number will appear on the display 500 on the backside of the token 400, as shown in Fig. 9. After a predefined period of time, the display 500 will turn off, and there will be no indication of the tracking number.
  • the arrangement 600 comprises a server computer 601 (which may also be denoted as a control unit), a storage unit 602 including a database, and a call center 604.
  • server computer 601 which may also be denoted as a control unit
  • storage unit 602 including a database
  • the server computer 601 is connectable via the Internet 605 to any other computer connected to the Internet 605. Furthermore, the server 601 has access to the database 602 and can communicate with the call center 604.
  • Fig. 11 shows the arrangement 600 in a second operation state.
  • a client computer 606 (or any other computer) is connected via the Internet 605 to the server computer 601.
  • the client computer 606 may be operated by a user 607 of the finder system shown in Fig. 10 and Fig. 11.
  • an object 608, for instance a key has been connected with a biometric identification item 400 by the user 607.
  • the biometric identification item 400 comprises an alphanumeric code as unique identification information displayed on a display unit 500 only after successful identification of the user 607 via a fingerprint sensor 201 (see also Fig. 8 and Fig. 9).
  • Fig. 11 shows a connection 610 between the object 608 and the biometric identification item 400.
  • This connection 610 can be a mechanical connection such as a connection of the biometric identification item 400 with a key ring of the key 608.
  • the user 607 may access the database 602 via the client computer 606, the Internet 605 or the server computer 601.
  • the user 607 may provide user data to register in the database 602 and in the server computer 601 to connect the object 608 to the biometric identification item 400.
  • This may include that the user 607 indicates her or his name and other personal and medical data and that the biometric identification item 400 with the corresponding alphanumerical identification code (displayed on the display 500 only on demand) has been connected to the key 608.
  • the user 607 may log into a finding system homepage which may be indicated on the biometric identification item 400.
  • the user 607 may provide medical data when registering in the database 602, like an image showing the user 607 (which the user 607 may send to the database 602 as digital data, for example as a jpg-file), the blood type of the user 607, a disease the user 607 may have, an allergy the user 607 may have, a medication to which the user 607 is allergic, information regarding a medication which must be administered to the user 607 regularly and/or information regarding possible organ donations of the user 607.
  • the user 607 may declare that she or he agrees to provide a finder of the user 607 with medical user data in case the finder has noticed that the finder has found the biometric identification item 400, in case of an emergency such as an accident.
  • the correlation between the unique identification information (displayed on the display 500 only on demand) and the provided user information is stored in the database 602.
  • Fig. 12 shows the arrangement 600 in a third operation state.
  • the user 607 has had an accident and is unconscious.
  • a finder 611 finds the unconscious user 607 carrying the key 608 connected to the biometric identification item 400 (alternatively, the biometric identification item 400 can be attached to a helmet, a car window, or a house/flat door of the user 607)
  • the finder 611 can gather identification information from the biometric identification item 400 by putting a finger of the user 607 on the fingerprint sensor 201 of the biometric identification item 400 and by reading the identification information which is displayed on the display 500 only in response to the successful identification of the read fingerprint information. Notice may be given to the finder system 600 that the finder 611 has found the key 608 connected to the biometric identification item 400, and carried by the user 607 in the present emergency situation.
  • the server computer 601 can be accessed via a client computer 612 of the finder 611 and via the Internet 605 so that the finder 611 of the object 608 connected to the biometric identification item 400 gives notice by providing the unique identification information which may be indicated on the biometric identification item 400, that she/he has found the key 608 connected to the biometric identification item 400 and is being carried by the unconscious user 607.
  • the finder may additionally request medical data of the user 607.
  • the server computer 601 may check whether the medical data may be provided to the finder 611. The medical data are provided only if the user 607 has indicated -during registration - that the user agrees that the finder 611 is to be provided with the user data in a medical emergency case. If this is the case, the finder 611 is provided with the medical user data.
  • the finder 611 may minimize the likelihood of medical errors or may take the correct actions to help the user 607, without losing valuable time during an unnecessary examination of the user 607 or without wasting time calling for authorisation.
  • the biometric identification item 400 shown in Fig. 12 is a key pendent.
  • the biometric identification item 400 can be a sticker to be attached to a helmet, a car window, or a house/flat door of the user 607. Such a sticker may be employed in any potentially dangerous environment (workplace, apartment, car, motorcycle, bicycle, etc.).
  • a pendent may be connected to a key
  • a sticker may be connected to a motorcycle helmet
  • a sticker may be connected to a bicycle helmet
  • a sticker may be connected to a house door
  • a sticker may be connected to a motorcycle
  • a sticker may be connected to a bicycle
  • a sticker may be connected to a vehicle (window), to a credit card, etc.
  • an indication or signal sticker may be attached to a car window indicating where the actual identification item can be found (for instance "life saving medical records on key chain").

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Warehouses Or Storage Devices (AREA)

Abstract

A verification arrangement comprising an article carrying an alphanumeric article identification code and a verification entity storing a number of approved identification codes and being adapted in such a manner that upon input of the article identification code by the user, the verification entity outputs a response indicating whether the input article identification code is identical to one of the stored approved identification codes.

Description

Verification system
This application claims the benefit of the filing date of United States Provisional Patent Application No. 61/013,455 filed December 13, 2007, the disclosure of which is hereby incorporated herein by reference.
The invention relates to the field of verification systems.
Conventionally, it may be difficult or cumbersome for a consumer to decide whether an article (such as a medication to be bought in a drugstore) is really genuine.
It is an object of the invention to provide a reliable verification system for verifying originality of an article.
This object may be achieved by providing a verification arrangement, a verification method, a program element, and a computer- readable medium according to the independent claims.
According to an exemplary embodiment of the invention, a verification arrangement may be provided, comprising an article (or a product, for instance a physical body or a human being or an animal) carrying (for instance in plaintext or in encoded form such as a barcode or a 2D/3D-matrix code, the latter introducing color as a third dimension in addition to two spatial dimensions) an alphanumeric article identification code (or any other human- or machine-readable article identification code), and a verification entity (which may have processing capabilities and/or memory capabilities) storing a number of approved identification codes and being adapted in such a manner that upon input of the article identification code by the user, the verification entity outputs (for instance displays) a response indicating whether the input article identification code is identical to one of the stored approved identification codes. According to another exemplary embodiment of the invention, a verification method is provided, comprising attaching an alphanumeric article identification code to an article, inputting the article identification code by the user, and outputting a response to the user indicating whether the input article identification code is identical to one of a number of stored approved identification codes.
According to still another exemplary embodiment of the invention, a program element (for instance a software routine, in source code or in executable code) is provided, which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
According to yet another exemplary embodiment of the invention, a computer-readable medium (for instance a CD, a DVD, a USB stick, a floppy disk or a harddisk) is provided, in which a computer program is stored which, when being executed by a processor (such as a microprocessor or a CPU), is adapted to control or carry out a method having the above mentioned features.
Data processing which may be performed according to embodiments of the invention can be realized by a computer program, that is by software, or by using one or more special electronic optimization circuits, that is in hardware, or in hybrid form, that is by means of software components and hardware components.
The term "carrying" may particularly denote that the article mechanically carriers the alphanumeric article identification code so that the alphanumeric article identification code is physically provided on the article. Examples for such a physical provision are printing the alphanumeric article identification code on the article, engraving the alphanumeric article identification code in the article, etc. The alphanumeric article identification code may be provided on the article in a manner that the alphanumeric article identification code (in plaintext or in an encoded manner) is directly perceivable by the user using a human sense (for instance visually, readable, etc.)- This would not cover a scenario in which the alphanumeric article identification code is stored electronically on the article without being sensible by a human sense, for instance with an RFID tag.
The term "stored approved identification codes" may particularly denote a plurality of identification codes included in a database or in a storage device of the verification entity or related thereto. These approved identification codes may be codes provided by a genuine manufacturer of articles so that correspondence between an input identification code and a stored approved identification code indicates to the user that the article is genuine, i.e. relates to a genuine manufacturer. To further reduce the risk of an incorrect estimation of originality of the article, it is possible to combine the above decision criteria with at least one further item of information (for instance in the form of a parameter).
In an embodiment, a user may simply type an alphanumeric product code into an input mask of an Internet platform or via any other user interface, and in response to the provision of the alphanumeric product code, the Internet platform or the other user interface will inform the user whether the supplied alphanumeric product code has been authorized by the manufacturer or provider of the article to indicate that the article is genuine and originates from the manufacturer or provider of the article. Thus, product imitations may be identified easily and essentially in real time, for instance before the user has bought the article.
Next, further exemplary embodiments of the verification arrangement will be explained. However, these embodiments also apply to the method, to the program element and to the computer-readable medium.
The verification entity may be adapted to be accessible by the user via a communication network, particularly via the public Internet. Thus, a user may use the world wide web to verify whether a product is original or not.
The verification entity may be adapted for denying a response upon determining that the input article identification code has already been input by a user in the past (for instance be outputting information such as "error"). This may avoid misuse of the system, so that it can be prevented that a plagiarist simply places one and the same alphanumeric product code on all of his or her imitated products, based on the knowledge of one approved alphanumeric product code.
The verification entity may be adapted for denying a response upon determining that the provided input article identification code has already been input by a user in the past for a number of times which number exceeds a predefined threshold value. For instance, the system may allow for a specific number of queries related to a specific article identification code (for instance once or five times). If the threshold value is exceeded, the system will not allow any further access, for instance to reduce the risk of misuse.
This decision criteria may be combined with at least one further criteria. The additional information may comprise a point of sale of the article, a geographic position of the article and/or user, a prize of the article, an expiry date of the article, a warranty regarding the article granted to the user by a seller of the article and/or a distribution level at which the article is offered to the user. Packaging of the article, consistency of the product, position of the identifier on the article, etc. are other possible exemplary decision criteria.
The alphanumeric article identification code carried by each article may be unique. In such an embodiment, two different original articles will never carry the same alphanumeric product code, but each one will be provided/assigned with an individual alphanumeric product code.
The article may comprise one of the group consisting of a drug, a medication, a mobile phone, a credit card, a bank note, a document, a cosmetical product , a consumer electronics device, a medical device, jewellery, a work of art, wine, liquor, a gemstone, an animal, a human being, monetary notes, a gear article and a food article. However, this list is not exhaustive.
In the above context, an Online Biometry Certificate (OBC) may be denoted as a label that helps to identify mainly genuine products like pharmaceutical products such as drugs, consumer electronics such as MP3-players, digicams, phones, documents such as passports, driver's licenses, credit cards, luxury goods such as watches, instruments, gems, pearls, art, premium brands, CDs, gear articles, etc. An OBC may include a licence to check on the product ID
(identifier). The ID is a visual identifier that assists in determining whether or not the product which a user is checking is genuine. However, without it, the user might not ensure that the product is not genuine. An ID is never to be purchased by itself without the OBC it authenticates. This may help a user to verify the authenticity of the product ID the user acquired, to be sure that the product came with one of specific OBC contents.
With such a system, imitations of products may be detected easily, since it is sufficient to provide a list of approved numbers in the world wide web. This list is not directly accessible by a user, so a user may ask the system whether a specifically identified ID is contained in the list of reliable products, or not. A user may type in the number printed on (the packaging of) a product via a keypad, and when the product is genuine, this may be indicated to the user via the world wide net. Thus, some kind of "passport for objects" may be provided. By adjusting the system in such a manner that each number can be requested in the verification unit only once, the reliability of the system may be significantly increased, and misuse may be prevented.
According to an exemplary embodiment of the invention, a product identity (PID) or BrandID may be provided in form of an alphanumeric code in connection with an online brand ID card (OBC) or product ID card. The manufacturer or provider assigns an ID to a product, for instance prints the ID on the product or attaches a label comprising the ID to the product. The ID allows the unambiguous assignment to a pool of proved products. Only from there, the product receives the OBC, that is to say the product passport. This OBC uniquely describing the product can be stored in a congruent/fitting manner to the ID on a website. The OBC can be used for identifying the product by means of the product ID to be input by a user. The access to the OBC can be made dependent on the provision of user data (for instance provided during a registration procedure) via the requesting entity such as age, sex, family status, job (for example branch of trade), profession (for example field of professional activity), name, native languages, residence, telephone number, e-mail address, etc. Further criteria or data which may be requested are reason for request, consumer status, distributor status, manufacturer status, custom/police status, health authority status, airline status, airline authority status, insurance status, etc.
Features of a product in an OBC can be the type of the product, origin/manufacturer, manufacturing number, manufacturing year, generic name of the product, brand name, medication code, packaging information, formulation, date of expiry, distribution country, photos of the original packaging, weight/density, sizes and dimensions, material, ingredients, colour, surface disposal, manual, etc. The format of the identification information may be an engraving, a branding, a print, a pendant, a sticker, an (DNA)-RFID tag, a barcode, a 2-D-matrix code, a 3-D-matrix code, a hologram, a fingerprint reader, etc.
The provision of the OBC (for instance online (WAP, e-mail, text message (SMS), mobile instant messaging (MIM)) may be performed via the coupling of the PID to an online system. After input of the identification number, the assigned OBC can be provided online, alternatively via e-mail, via mobile instant messaging (MIM), text message (SMS) to a mobile phone number/e-mail address provided for that purpose beforehand, for instance during registration or request. The OBC may be a document freely designable by a manufacturer and can be adjusted in accordance with corresponding instructions.
By taking this measure, the registered and verifiable product may be less prone to imitations, which is of particularly importance for products from premium brands and for pharmaceutical products. The option of a unique reproduction and identification also provides protection against expiry of the date, theft, mix-up, incorrect disposal, copies and imitations, recognition of the product origin, verification of the product biometry, matching of single products and manufacture products, data accumulation for statistical reasons, insurance protection etc.
The OBC allows, based on product biometry, monitoring the authenticity, origin and other product specific parameters before the product is sold or administered, used, disposed, cleared with the customs authorities, shipped, insured etc. This may support anti-counterfeiting. By correlating a OBC to an ID under a certain URL, each product efficiently has a product passport (mobile phone, pharmacological product, etc.). Even after unintentional removal of the PID, the OBC may remain in the web. Vice versa, it may be impossible to apply an ID in an arbitrary manner, since the assigned OBC can only be stored in the web in a controlled manner. By taking this measure, products may be verified using a certificate indicating authenticity. The PIDs and online OBCs allow for a secure manufacture control.
This may provide advantages particularly for manufacturers in the pharmaceutical industry, since imitations may be recognized easily. Furthermore, the system according to exemplary embodiment of the invention may be operated without a reading device, since the sole provision of the alphanumeric identification number via telephone, Internet or any other communication network is sufficient.
A possible exemplary workflow for establishing such a system is the following:
- Generation of ID numbers
- Manufacture of pendants or stickers with the ID
- Apply stickers with the ID or engrave ID
- Store OBC congruent to the PID in an accessible database - Query time interval, limitations and quantities may be determined (for instance 3 times, 5 times, 9 times, always, etc.)
- Implement a product verification/check product ID platform
- Input: identification number, request limitations Yes/No, additional information such as age, sex, etc.
- Display of OBC visually direct or via e-mail/text message (SMS) in an indirect manner. According to an embodiment, user and/or manufacturer (i.e. any party providing an OBC and/or recalling an OBC) may have the opportunity to switch the OBC on/off or to invalidate or deactivate it. The option to perform procedures of switching on, switching off, invalidating/deactivating can be made dependent on time, expiry of a best before date, a number of made recalls, the event of the identification as a finder/user, or after authentication of an email address or another code. After request, a result may show that an enquirer has entered a country/location where the requested product is not supposed to be distributed according to the information given in the OBC. In an embodiment, a so-called "Quick Response" Code (compare for instance http://bloq.kaywa.com/files/Kaywareader-PR.pdf or http://de.wikipedia.org/wiki/OR Code or http://en.wikipedia.org/wiki/QR Code) being a two-dimensional (for instance matrix) bar code readable by a camera of a mobile phone may be implemented in the verification system. The mobile phone may derive an article code and a link to an Internet page from the two-dimensional matrix/bar code. This provides a possibility to link a user in a fast way to an Internet page.
The article may carry the alphanumeric article identification code in a human readable form. In such an embodiment, the alphanumeric article identification code may be directly readable from a surface of the article. Hence, no encoding being non-interpretable by a human being is connected with such an embodiment.
However, it is also possible that the article carries the alphanumeric article identification code in a machine-readable form. Machine-readable form may particularly denote a form which allows a machine, knowing a decoding algorithm, to derive the alphanumeric article identification code in plaintext from an encoded form of the alphanumeric article identification code, for instance in the form of a one- or two- or three- dimensional matrix/bar code. In such an embodiment, not a human being, but a machine can decrypt or decode an encrypted alphanumeric article identification code and may use this identification code for any desired purposes, such as displaying it to a user or a communicatively coupled communication partner. Particularly, the verification arrangement may comprise a reader machine adapted for reading the alphanumeric article identification code. Such a reader machine may be operated by a user so that the (for instance decoded alphanumeric article identification code in machine- readable form) is read by the machine and is converted into the alphanumeric article identification code in plaintext. Such a reader machine may be a barcode scanner or a portable device such as mobile phone having an image sensor for detecting the necessary data.
Particularly, the reader machine may be adapted for displaying the read alphanumeric article identification code in a human-readable form. For instance, the reader machine may have a display such as an LCD display on which the decoded plaintext alphanumeric article identification code is displayed for a user so that the user can subsequently input the alphanumeric article identification code in a separate system (for instance a computer) connected via a communication network to the verification unit for deriving information regarding the article.
Additionally or alternatively, the reader machine may be adapted for transmitting the read alphanumeric article identification code (directly) to the verification entity and for receiving and displaying the response output by the verification entity. In such an embodiment, it is not necessary that the user performs any action apart from operating the reader machine to read the alphanumeric article identification code which is provided in a machine-readable form (i.e. plaintext to decoded). The reader machine may then derive the alphanumeric article identification code which has to be provided to the verification entity so that the latter can check in its database whether the input alphanumeric article identification code is valid or not. The verification entity may then answer to the reader machine by a specific communication message.
In an embodiment, a wired or a wireless communication is possible. In a wired embodiment, there may be a wired connection between the user side and the verification arrangement side. In a wireless embodiment, a wireless network such as a Bluetooth network, a mobile telecommunication network, etc. may be used. Combinations between wired and wireless networks, such as the public Internet, are possible. Particularly, the reader machine may be a portable device. In other words, it is possible that the reader machine can be carried along by a user. Thus, the user can carry the reader machine with her or him so that the user can always, by using the portable reader machine, check or verify originality of a product. More particularly, the reader machine may be a mobile phone.
Such a mobile phone may be equipped with a camera which can be used for detecting the (for instance encoded) alphanumeric article identification code. The reader machine may then have processing capabilities to process the correspondingly read data and to derive the alphanumeric article identification code from the captured data. This can then be used for output to a user or for communication with the verification entity. Alternatives to mobile phones are possible, for instance the reader machine may also be a personal digital assistant (PDA). The verification arrangement may be adapted for determining originality of the article. Therefore, the information or data output by the verification entity may be indicative of the information whether the article is genuine (i.e. relates to a specific manufacturer) or not (i.e. relates to any other manufacturer). The verification arrangement may also be adapted as an antiforgery system. Such an antiforgery system may prevent any misuse with an article which can be checked regarding a specific criteria. The verification arrangement can also act as an anticounterfeiting system. In an embodiment, the verification entity may be adapted for, before communicating with the user, being accessed by a genuine article provider and for providing the number of approved identification codes to the genuine article provider upon request of the genuine article provider. Therefore, the system may be used by any genuine article provider which may access the verification entity via the same network or via another network as the user. The genuine article provider, particularly after having performed the successful authorization procedure, may then order a number of identification codes which can be stored in the system. The genuine article provider may then apply a corresponding alphanumeric article identification code to each of its product, for instance by a label. Therefore, since the identification codes approved by the system are not known to the public in advance, a reliable check of a user is possible whether a certain article belongs to the genuine article provider or not.
The verification arrangement may comprise an information provision unit adapted for outputting information (which may be related to the article) to the user upon determining that the input article identification code is identical to one of the stored approved identification codes. In addition to the information whether the article has already been queried beforehand, i.e. is genuine or not, the system may further provide additional information to the user. So, the system may be used as an information provision system as well.
Particularly, the output information may comprise information regarding an identity of a manufacturer of the article, a local representative (for instance a distributor for a specific region or jurisdiction) representing the article, a distributor of the article (for instance an identity of a company distributing the article with agreement of the genuine manufacturer), a shipper of the article (that is a company shipping the article from a manufacturer site to stores), an expiration date of the article (for instance a date up to which the article such as a medication may be used by a consumer), product information of the article (any more detailed information regarding the article, such as composition, etc.), an image of the article (for instance one or more photos or drawings thereof) and/or operating instructions regarding the article (for instance an operating manual can be downloaded via a communication network with such a system). The information provision unit (which may provide the OBC) may be adapted for dynamically updating information related to the article over a lifetime of the article, for instance when things change during the lifetime of the article, for instance an instruction manual which has been updated, etc. The dynamic updating of the information may also relate to a scenario in which a medication is in a state in which the expiration date has not yet expired, but an expiration date will approach soon. In such a scenario, the remaining time for using the medication may be indicated to the user to alert the user regarding the upcoming expiration date.
The information provision unit (which may provide the OBC) may be accessible to and manageable by a manufacturer of the product.
Hence, an original manufacturer of the product may have direct access to the information provision unit and can therefore, without consulting an operator of the verification entity, flexibly change information regarding the product in the system. The information provision unit may be adapted for outputting information related to the article by directly transmitting the information to a user communication entity operable by the user for inputting the article identification code. A user communication entity may, for instance, be a computer or a mobile phone or any other communication device which is operated by a user and via which a user provides the alphanumeric article identification code. This data can be directly sent to the user for display, printout etc.
However, alternatively, it is also possible that the information provision unit outputs information related to the article by transmitting a link to an information source to a user communication entity operable by the user for inputting the article identification code. In such a scenario, the system only provides the user communication entity with information where the data can be accessed. Such a link can be an URL, etc. Therefore, it is possible that the system is also used with a user communication entity having low processing and storage capabilities, since there is no need that the information provided to the user is stored on the user communication entity. Furthermore, another advantage of such an embodiment is that a user may decide whether storage and processing capabilities are presently used for downloading the material or whether the user is not interested to download the specific information at a present time.
The information provision unit may be adapted for outputting information related to the article by transmitting the information to an information display unit (for instance of a mobile phone) differing from a user communication entity operable by the user for inputting the article identification code. By splitting the destination of the output information and the user communication entity via which the alphanumeric article identification code is input, it is possible that the information is sent to a third party or communication entity, thereby increasing the flexibility of the system.
The verification arrangement may comprise a number (for instance more than one hundred) of articles (at the manufacturer side) each carrying exactly one alphanumeric article identification code (particularly each carrying a unique article identification code) corresponding to exactly one of the number of stored approved identification codes in the database assigned to this manufacturer. In such an embodiment, an unambiguous assignment between an article and an improved identification code is possible. Such a system is failure-safe.
The verification entity may be adapted for outputting the response indicating a number of times the corresponding identification code has been queried in the past. This may be related to a number of accesses of all users to this code, or may be related to a number of accesses of a specific user to this code. This information may be useful for a user to obtain information regarding originality. If a specific identification code has been used many times in the past, particularly by different users, this may be an indication that the product is not genuine. Additionally or alternatively, one or more other decision criteria may be implemented.
The verification entity may be adapted for establishing a probability of a counterfeit of the article and for outputting the response indicating the probability of a counterfeit of the article. Therefore, the verification entity may quantify a probability that the article is not original. This allows a user to get an intuitive impression regarding a possible lack of originality.
The verification entity may be adapted for estimating the probability of a counterfeit of the article based on a product type of the article (for instance high value articles may be more prone to forgery), a manufacturer of the article, a number of times the corresponding identification code has been queried in the past (a large number of queries may be an indicator for misuse), statistical counterfeit data regarding the article (for instance the system may collect statistical data to derive information in which scenario a counterfeit is probable), statistical counterfeit data regarding the manufacturer article, a value of the article (for instance high value articles may be more prone to counterfeit than low price articles), and a regional origin of the article (a regional origin of a high appreciation or reputation may be more prone to counterfeits). However, other criteria are possible.
The verification entity may be adapted for visually outputting the response indicating the probability of a counterfeit of the article for instance as a color code. A "red" color may indicate a high probability of a counterfeit, a "yellow" color may indicate a medium probability of a counterfeit, and a "green" color may indicate a low probability of a counterfeit. Alternatively, a "black" color may indicate a high probability of a counterfeit, a "red" color may indicate a medium probability of a counterfeit, and a "green" color may indicate a low probability of a counterfeit. Also a bar plot may be used, the extension of the bar indicating a probability of a counterfeit. The probability level may be also indicated verbally, for instance by displaying a statement such as "high risk", "medium risk", "safe", etc.
The verification entity may be adapted for removing the approved identification code from the stored number of approved identification codes after expiry of an expiration date of the article assigned to the respective identification code. Such an embodiment may involve a further safety feature, for instance when the article is a medication or a food stuff. When the expiration date has been expired, input of the corresponding number will not result in a positive answer or may result in the information that the article should not be used any longer. Hence, the system may warn a user that the product or article cannot be used any longer since the expiration date has expired. Therefore, compliance of patients may be improved. In an embodiment, a specific company can upload a number of brand identifiers to a website after a previous authentication and declaration. This company may then attach the brand identifiers as labels on their products. Such a brand ID may be visible (for instance by providing an alphanumerical code, i.e. a code formed of letters and/or numbers) and may therefore be optically readable. It may be optically readable only for a human user or only by a reader device, or may be readable by a user and a reader device. Such a reader device may comprise a camera which may be capable of reading certain data, for instance a quick response (QR) code. Therefore, any person involved in a distribution chain of an article may be enabled to check at any time whether a project is genuine. For instance, a user or consumer may query originality at a point of sale. Optionally, further information can be derived from the system. After typing in the alphanumerical identification code or by inputting the alphanumerical identification code automatically by a machine, a (for instance virtual) brand ID card may be sent from the verification database to the user. Such a brand ID card may include electronic information regarding manufacturer, representative in a specific country, shipper, seller, regional origin, route of transport, itinerary, expiration date, etc. It is also possible that one or more criteria for exclusion may be defined and/or one or more criteria for acceptance.
Such a brand ID card may be denoted as a passport for a product which can be constant over time or which may be updated or extended over the lifetime of the product. For instance, a change of a proprietor of the product may be input in the system. Moreover, individual product parameters, changes of values, etc. may be reported by the brand identifier card.
The brand identifier card may be presented to a user for instance via a window on a computer. The information may also be provided indirectly, so that for instance only a link to a site may be sent where the information can be taken from (for instance only after previous successful identification of a user). It is also possible to upload product photos into the brand ID card by a manufacturer.
In an embodiment, only the manufacturer has success to the brand ID card and manages the brand ID card. The brand ID card may also include information which features the product does not offer.
A payment system such as PayPal or WorldPay may be integrated in the system. Furthermore, emails and/or text messages such as SMS or MMS (multi media message) or MIM (mobile instant messaging) may be integrated in the system. Log files may be created to collect statistics about user groups, age, access time, etc. to continuously improve reliability.
The verification entity may be adapted in such a manner that upon input of the article identification code by the user, the verification entity requests additional information from a user inputting the article identification code for determining whether the article is genuine. This additional information to be requested may be specifically determined by the verification entity to broaden the basis of information based on which the probability of forgery may be estimated qualitatively or quantitatively (for instance by applying mathematical algorithms or empirical rules). If there remain doubts at the side of the verification entity (for instance since it is determined that the article identification code has already been input extensively in the past), specific additional questions may be asked to the user, for instance by sending a corresponding communication message to the communication device operated by the user. This request and answer sequence may be repeated, if desired, until the verification entity has sufficient information for a reasoned estimation of the probability that the article is genuine.
The verification entity may be adapted in such a manner that upon receipt of the additional information, the verification entity outputs a result indicative of a probability whether the article is genuine. This may be a verbal output (for instance "high reliability", "medium reliability", "low reliability") or a quantitative result (for instance "80% reliability") which may be based on empiric data or a calculation based on a theoretical model.
The verification entity may be adapted for determining the result depending on both the article identification code and the additional information. In a scenario in which the article identification code is not considered as reliable enough to verify originality of the article, this information may be synergetically combined with additional information to increase reliability of the result.
The additional information may comprise a point of sale of the article, a geographic position of the user, a prize of the article, an expiry date of the article, a warranty regarding the article granted to the user by a seller of the article and/or a distribution level at which the article is offered to the user. For instance, when the verification entity has the information in which countries a genuine manufacturer sells products and in which countries a genuine manufacturer does not sell products, the indication of one of the latter countries may be considered as a significant indication that the article is not genuine. Hence, positive decision criteria may be used for evaluating a probability that the product is genuine, and also negative decision criteria may be used for evaluating a probability that the product is genuine. For instance, the presence of such a negative decision criteria (point of sale indicated by user s outside of countries in which a genuine manufacturer does sell products) may result in the result that the article is not genuine. Different of the above and other criteria may be combined using an analytical or numerical model, for instance implementing Fuzzy logic, neural networks, etc. Another additional or alternative identification criteria whether the article can be considered or classified as genuine is a serial number or a manufacturer number of the article which can be printed on the article and can be assigned to the article on the brand ID card, i.e. which may form also part of the "additional information" regarding the product. Such serial numbers may be consecutive or successive numbers provided by a manufacturer individually to each article.
In the following, another aspect of the present invention will be explained.
In the field of medicine, it may be of great importance that a medical treatment meets individual requirements of a user, for instance that an administered medication does not interfere with an allergy of the user. Thus, it must be reliably ensured that each patient is provided with correct individual medical treatment.
WO 87/00659 discloses a patient identification system for hospitals for correctly assigning elements (such as medication to be administered) to a patient and for ensuring that an identified element, in fact, relates to a specific patient.
It may be that a person is in an accident and needs immediate medical attention. In such a situation lack of medical information related to the person may cause a perilous situation for the person. However, such medical information is usually confidential.
There may be a need for a reliable and secure identification system.
This may be achieved by providing a biometric identification item, a method of managing identification information, and an arrangement for and a method of providing a finder of a biometric identification item with user data with the features described below.
According to an exemplary aspect, a biometric identification item is provided comprising a biometric sensor adapted for sensing biometric data of a (for instance human) user, a determining unit adapted for determining whether the sensed biometric data is in accordance with reference (for instance pre-stored) biometric data of an authorized (for instance human) user, and an output unit adapted for outputting identification information if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data.
According to another exemplary aspect, a method of managing identification information is provided: the method comprising sensing biometric data of a (for instance human) user, determining whether the sensed biometric data is in accordance with reference (for instance pre- stored) biometric data of an authorized (for instance human) user, and outputting identification information upon determining that the sensed biometric data is in accordance with the reference biometric data. According to a further exemplary aspect, an arrangement is provided comprising a control unit, a database and a biometric identification item having the above mentioned features, wherein the biometric identification item comprises unique identification information (which may be provided by the output unit of the biometric identification item) and is adapted to be assigned to a user. The database is accessible to the user to provide user data for registering the user in connection with the biometric identification item. The control unit is accessible to a finder of the biometric identification item assigned to the user to inform the control unit, based on the unique identification information, that the finder has found the biometric identification item assigned to the user. The control unit is adapted to provide the finder with the user data in case the finder has noticed that the finder has found the biometric identification item.
According to yet another exemplary aspect, a method of providing a finder of a biometric identification item having the above mentioned features with user data is provided. The method comprises assigning unique identification information of the biometric identification item to a user, providing, by the user, the data for registering the user in connection with the biometric identification item, a finder noticing the biometric identification item and that the finder has found the biometric identification item, the finder providing the unique identification information, and providing the finder with the user data when the finder has noticed that the finder has found the biometric identification item.
In this context, the term "identification item" may particularly denote a device or a member which can serve as a secure carrier of identification information. In other words, the biometric identification item may store or contain identification information which is provided only to a user when the user has proved her or his authorization by biometry.
The term "biometric sensor" may particularly denote any detection unit which is capable of distinguishing between an authorized user and other users based on biometry. In other words, one or more biometric or anatomical properties related unambiguously to a body of a user may be analyzed with such a biometric sensor.
The term "authorized (human) user" may particularly denote a specific individual user who has registered herself or himself beforehand with the biometric identification item so that biometric data provided by this user is stored by the biometric identification item as reference biometric data, thereby personalizing or individualizing the biometric identification item in accordance with one specific authorized human being. According to an exemplary aspect, a biometric identification item such as a plate-like element is provided which may be adapted for use in a finder system. Identification information contained in the biometric identification item is only perceivably provided for a human being by the biometric identification item after having checked biometrically whether the user requesting access to this information is in fact the authorized user. The high degree of security of this identification system may be obtained by providing a biometric sensor ensuring that only an authorized user who authorizes herself or himself according to biometry gets access to the identification information. This identification information may in turn enable access to user data (particularly medical user data) stored in a central database (of an arrangement apart from the biometric identification item) which is accessible, for instance, via the Internet. To get access to such user-specific medical data, knowledge of the identification information is necessary. Therefore, the identification information may also be denoted as an access code or a password. Since the medical data of the authorized user is highly confidential, access to such data shall only be provided to an authorized person. Such an authorized person may be the user him/herself or may be a first aid attendant, paramedic, medic, or ambulance staff finding an unconscious user in a medical emergency case and desiring access to the medical user data stored in the central database. In this context, it is for instance possible that such a first aid attendant puts the user's finger on a fingerprint sensor (as an example of the biometric sensor) of the biometric identification item, thereby forcing the. output unit such as an LCD to display the identification information. With this identification information, the first aid attendant may then go via the Internet to a page providing the medical user data, such as an allergy of the user to a specific drug, etc. Thus, a secure, simple and very reliable system of providing confidential user data only to authorized persons may be provided.
Thus, the biometric sensor may sense a biometric data set. Since DNA sequences or other biometric parameters are (essentially) unique for individual human beings, a forgery proof system may be provided. Particularly, a fingerprint sensor may be combined with a processing unit such as an integrated circuit (optionally provided with an RFID tag also enabling wireless communication). Therefore, for a rescue finder system, a high degree of data security may be provided.
An example of a fingerprint sensor which may be implemented according to an exemplary embodiment of the invention is a foil-like fingerprint sensor offered by the company Fidelica (www.fidelica.com), which may have a thickness of 0.5 mm. Such a fingerprint sensor may have the capability of storing data representing one or several fingerprints, for instance twenty fingerprints, so that the fingerprint sensor may also be used by a group of authorized persons sharing a common identification item. The energy supply of such a biometric identification item may be realized via solar cells or a battery or an energy harvesting system (for instance transponders for producing energy from an electromagnetic field in the environment).
The biometric identification item may be shaped and designed as a key pendant or a credit card so that the biometric identification item may be carried easily by a user together with keys.
To operate such a biometric identification item, the user may put her or his finger onto the fingerprint sensor. An integrated circuit compares the biometric data of the user with pre-stored reference biometric data indicative of the fingerprint of an authorized person who has registered beforehand. Only when a proper accordance between the detected data and the pre-stored data is found, may the system provide the desired code in a visibly or audibly or touchably perceivable manner to a user. With such a code, the person can enter a central data management system in order to get access to user data stored in this central system. The procedure of outputting identification information in response to a successful biometric recognition of the authorized user may be stored as an event or in a history in the biometric identification item, thereby allowing retracing afterwards of the access request (for instance when the user has been unconscious during the access request and wishes to retrace if and when the information has been supplied). Thus, when operating such a rescue system, the danger that the user data is read out without legitimation, that is to say by misuse, may be reduced. Mounting an IC-controlled biometric sensor on a rescue finder pendant, does not require a permanently visible identification or verification number on the pendant. In contrast to this, the identification number is normally stored hidden from view, and will only be displayed after successful biometric recognition of the authorized user, for instance by conditioning a sensor by providing fingerprint information or by providing saliva DNA in the case of a DNA biometry sensor. The integrated circuit or processing unit of the identification item may recognize the specific DNA code of the saliva (or any other body fluid) and - when the DNA code/sequence of the authorized user has been provided during registration of the biometric identification item - the biometric identification item may check whether the identification number shall be provided in a perceivable manner, or not.
Such a DNA biometry sensor may be sensitive to a specific DNA sequence of a user's gene, and the individual DNA sequence of a user may be read in as a code on the biometry sensor and can be evaluated by the processing unit connected to the biometry sensor, so that the processing unit can be programmed or conditioned using the DNA code. Such primary conditioning of the biometric identification item may serve as a key for getting access to the identification information. By subsequent contact with the key DNA, an electric current path may be closed and the biometric identification item can be output for a predetermined amount of time of, for instance, several seconds. Thus, reading out the identification information can only be performed in a controlled and secure manner, since providing other than the user's DNA to the biometric sensor will not result in an output of the identification information.
Next, further exemplary embodiments of the biometric identification item will be explained. However, these embodiments also apply to the method of managing identification information, to the arrangement and to the method of providing a finder of a biometric identification item with user data.
The biometric sensor may comprise a fingerprint sensor, a DNA sensor, a saliva sensor, a retina sensor, a face sensor, a hand veins sensor, an iris sensor, a signature sensor, a voice sensor, a facial thermogram sensor, an odor sensor, or an ear recognition sensor. It is also possible that the biometric sensor comprises two or more of these or other biometric sensor components, to further improve the reliability and security. Any other biometric sensor may be used which is based on an unambiguous biological property or anatomical property of the authorized user. The determining unit may be adapted for determining whether the sensed biometric data deviates less than a pre-defined threshold value from the reference biometric data of an authorized human user. Depending on the specific biometric sensor used, it may be advantageous to define tolerances for accepting the user to be authorized even in the case of a sufficiently small deviation between the expected value and the actual value. This may allow use of the sensor even under harsh conditions, where measurement artefacts are present.
The output unit may be adapted for outputting the identification information if the determining unit has determined that the sensed biometric data deviates less than a pre-defined threshold value from the reference biometric data of an authorized user.
The output unit may be adapted for not outputting the identification information if the determining unit has determined that the sensed biometric data deviates more than a pre-defined threshold value from the reference biometric data of an authorized user.
The output unit may be adapted for outputting the identification information in a visual manner, in an audible manner, or in a tactile manner, or by triggering the generation of an RFID response message (i.e. an RFID tag will answer to a read request only upon successful biometric identification). For example, the output unit may be an optical display unit such as a liquid crystal display (LCD) or a light emitting diode (LED) display or an RFID tag sending a corresponding response message including identification information. Any other display is possible, wherein the described displays are specifically appropriate due to their small amount of energy consumption. In the case of an output unit emitting acoustic waves indicative of the identification information, the identification information may be output to the user so that the user can hear the identification information such as the number. It is also possible to provide the output in a tactile manner by modifying a surface structure of the biometric identification item in such a manner that the user can recognize the identification information by touching the surface (for instance with a finger). For instance, to enable visually impaired persons to use the biometric identification item, a braille code may be formed on a surface of the output unit selectively in the case of a proper accordance between the pre-stored biometric sensor and the user-defined biometric sensor.
The output unit may be adapted to output a message, particularly a transponder message, the message comprising the identification information, if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data. Thus, upon successful biometric authentication, the output unit may trigger generation of an electronic message to be transmitted to a recipient in a wireless or in a wired manner, the electronic message comprising the identification information, for instance in plain text or encrypted. For instance, an RFID tag may be provided which allows communication with a read and/or write unit only in case of a previous successful authorisation test.
The identification information may be unique identification information. In other words, there may be an unambiguous correlation between the identification information and a set of (for instance medical) user data stored in the central system of the finder system or of the medical emergency system, so that it may be ensured that specific identification information may only provide access to the medical data of one specific human being. The identification information may be a key required to get access to user data related to the authorized user and stored in a database being external from (or internal, for instance in case of a USB stick) the biometric identification item. Such a database may be run in accordance with the distribution of identification items to different users, so that the code stored in the biometric identification item may also be stored in the database, however in the database related to the user data to which access is possible via the identification information.
The output unit may be adapted for outputting the identification information only or exclusively if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data. Therefore, when such correspondence or accordance cannot be determined, the output of the identification information will be denied.
The biometric identification item may further comprise an input unit adapted for enabling a user to input data for storage in the biometric identification item. Such an input unit may comprise a button, a keypad, a pin, a switch, or even a microphone of a voice recognition system and may allow a user to provide the biometric identification item with data, for instance during registering or programming the biometric identification item.
A registration unit may be provided and adapted for enabling registration of a user as the authorized user by providing the reference biometric data to the biometric sensor. When the biometric identification item is used for the first time or is reset, the user may provide her or his biometric data to the biometric sensor, for instance by putting her or his finger onto a fingerprint sensor. The registration unit will then register this data as the reference biometric data which will later, during normal use, be compared to biometric data provided to a user desiring access to the identification information. A data interface may be provided for data communication with a communicatively couplable computer for registering a user by the registration unit. Such a data interface may be a wired data interface such as a USB interface or may be a wireless interface, for instance for Bluetooth, infrared or RFID communication between the data interface and the coupled computer (such as a laptop or PC) which should have a corresponding data interface capable of communicating with the data interface of the biometric identification item. Alternatively, the biometric identification item may be an independent system operable without a communicatively couplable or coupled computer. This may allow for a very safe system without any danger that data security deteriorates. In such a configuration, the system may be free of any electronic data interface to be accessed by a user. The data interface may be one of the group consisting of a USB interface, a WI-FI interface, a wireless Bluetooth interface, a ZigBee interface, an RFID interface, and a WiMax interface.
The biometric identification item may further comprise a switch or a button adapted to be switched or operated by a user. The output unit may then be adapted for outputting the identification information if the switch is switched by the user and simultaneously the reference biometric data is not yet available in the identification system. Therefore, before registering or programming an identification item (that is to say before providing the identification item with the reference biometric data), the biometric identification item may simply serve as a system which, upon being switched on by any user, outputs the identification information without access control. After registering, the secure system may then be used with access control.
The biometric identification item may comprise an energy supply interface adapted for connecting the biometric identification item to an external energy supply, for instance for charging an accumulator of the biometric identification item. An energy supply unit of the biometric identification item may be adapted for supplying components (or parts thereof) of the biometric identification item with energy. Therefore, a wired connection to a power source such as a PC or a socket may be provided, or the energy supply unit of the biometric identification item may be provided internally (by a (for instance thin) battery, an accumulator, an inductive RF energy harvesting system, a mechanical energy harvesting system, a thermal energy harvesting system, a power paper printed battery system (compare: www.powerpaper.com), a solar cell, an electromagnetic resonance system generating energy from electromagnetic fields by induction, environmental heat energy harvesting, energy harvesting based on mechanical motion energy, etc.) allowing the biometric identification item to be operated as a self- sufficient device.
The identification information may be a sequence of letters, a sequence of numbers, or an alphanumerical code. For instance, the identification information may be a five digit code (or more or less digits) which can simply be input via a keypad of a computer to get access to an Internet page of the emergency finder system to thereby get the desired access to the user data. The identification item may comprise a plate on and/or in which the biometric sensor, the determining unit, and the output unit are arranged. The identification item may comprise a substrate on/in which at least a part of the components are integrated. More particularly, the biometric identification item may comprise a plate on and/or in which the biometric sensor, the determining unit, and/or the output unit are arranged. With such a plate-like arrangement, it is possible that the biometric identification item has the design of a pendant, a label, a sticker, a credit card, a wristband, or a tag and may therefore be easily carried by a user or be connected to elements which are usually carried with a user, such as a mobile phone. The biometric sensor and the output unit may be arranged on opposing sides of the plate. This may be convenient particularly in the case of a fingerprint sensor, since putting the finger on the backside of the biometric identification item onto the fingerprint sensor may allow (in an anatomically appropriate manner) to simultaneously see the result of the detection/the identification information on the front side of the biometric identification item visible to the eyes of the user (or as a credit card on which a finger is put when the credit card is inserted into a reader so that access is only granted upon successful biometric authentication). This may allow operation of the biometric identification item with only one hand so that the other hand can be used, for instance to type the identification information in a computer or to write down the identification information.
The biometric identification item may comprise an inscription (for instance an imprint or an engraving) indicative of the usable qualities of the biometric identification item in the context of a finder system, particularly in the context of a medical emergency system, more particularly in the context of an arrangement which will be described in the following in more detail. The output unit may be adapted for outputting a message, particularly a transponder message, the message comprising the identification information if the determining unit has determined that the sensed biometric data is in accordance with the reference biometric data. In the following, exemplary embodiments of the arrangement of providing a finder of a biometric identification item having the above- mentioned features with user data will be explained. However, these embodiments also apply to the method of providing a finder of a biometric identification item with user data, and to the biometric identification item and the method of managing identification information. In the context of an arrangement and a method of providing a finder of an identification item with user data, a user identifies himself or herself in connection with a unique identifier of an identification item, like a key ring pendant or the like. Such an identifier may be obtained by an authorized user via a biometric identification item as described above. While carrying out the registration in the system, which may be performed via the Internet, the user may provide a database with medical data of the user which may be of interest in a medical emergency in a scenario in which the user has had an accident, such as a car accident, and is not capable of communicating the medical data of the user (for example blood group) to a physician. When such an accident actually happens, the physician called in a medical emergency may find the user in her/his car, and may find the key ring pendant or sticker with an inscription like "Emergency Finder" or "Rescue Finder". From this identification item, the physician may get the unique identifier (for instance by putting a finger of the injured person onto the fingerprint sensor of the biometric identification item so that the identifier will be displayed on the biometric identification item) and may call a central station of the data management system. This data management system may then provide the physician with the medical user data which may allow the physician to take the correct actions to save the life of the user. The control unit may be adapted to provide the finder with the user data only if the user has agreed to provide the finder with user data in case the finder has noticed that the finder has found the biometric identification item. For example, when the user registers herself/himself in the database, the user may be asked to approve that medical data may be provided to a physician in an emergency case.
The control unit may be adapted to provide the finder with user data only in an emergency case, particularly in case of an accident or in a medical emergency. Such an emergency may be a car accident, a sports accident or a work-related accident. Furthermore, committing the user to a hospital may be considered an emergency case as well.
The control unit may be adapted to provide the finder with user data only in case the finder has been authorized before, during or after registration to be provided with the user data. The control unit may be adapted to provide the finder with user data only if authorization has been granted to the finder by the user during the registration process. For example, a group of finders may be registered or defined in the database who are deemed to have authorized access to the user's medical data. For example, all physicians working with an emergency medical service corporation may potentially be granted authorization through this registration.
Particularly, the user data may comprise medical information related to the user. Such medical information may comprise at least one of the group consisting of an image showing the user, the blood type of the user, a disease the user may have, (for example AIDS, diabetes), an allergy the user may have, an allergy to a medication, information regarding a medication which must be administered to the user (for example insulin), information regarding possible organ donation of the user, and any of the user's medical emergency related information, (i.e. any parameter of interest in case of an emergency).
The control unit may be accessible to the finder via at least one of the group consisting of a computer network, a radio communication network and a telecommunication network. For example, an emergency medical service corporation may use its own internal (radio) communication system. The control unit may comprise a computer and/or a call center.
An object to which the biometric identification item may be connected may be at least one of the group consisting of a car, a door of an apartment or a house, a key, a laptop, a motorcycle helmet, a crash helmet, a phone, a portable entertainment device, a suitcase, diving equipment, a travellers device, a credit card, and a person. Particularly, the biometric identification item may be connected to any object which is likely to be noticed or found by an emergency medical service in case of an emergency. The database may be protected against unauthorized access to the user data.
The control unit may be adapted to inform the user (including reverse information about a legitimation/authorization procedure) that the finder is provided with the user data (before or after transmitting the user data to the finder), for instance via a text message, an SMS, an MMS, an email, a telephone call, a letter, and/or a facsimile. This may ensure privacy and may avoid misuse of the system.
In the following, exemplary embodiments of the method of providing a finder of a biometric identification item having the above- mentioned features with user data will be explained. However, these embodiments also apply to the arrangement for providing a finder of a biometric identification item with user data, to the identification item, and to the method of managing identification information.
The finder may be provided with the user data only after having performed a successful legitimation procedure. For example, in case of a human emergency, a physician or another person related to authorized medical staff has to become authorized before getting access to medical data of a user. This may ensure that confidential personal information is provided only to authorized persons. A corresponding authorization procedure may include the answer to one or a plurality of questions (for instance with regard to a hospital to which the finder belongs, a name of the finder, a telephone number, etc.).
In the following, an example of a legitimation procedure will be explained. Emergency case data can only be accessed in case the user has agreed to the accessibility during registration and in case the finder (a physician or a member of a medical staff) has proven his or her authorization before getting access to the user data. Such a legitimation procedure may include answering questions. The answers to the questions may be emailed to the user so that the user can understand at any time who has access at which time to which information, where and why. This may allow detection of misuse.
The method may comprise informing the user that the finder will be (in the future) or has already been (in the past) provided with the user data. After having provided a finder with data of the user, the transmission of this user information may be brought to the attention of the user. By taking this measure, a further control mechanism is triggered to ensure that non-authorized persons do not get access to the user data. Alternatively, a further control mechanism is triggered to ensure that non-authorized persons, even when they get access to the user data, can be traced.
The method may comprise providing the user data to a company for economic purposes or for marketing purposes.
The method may comprise forcing, by the finder, the user to provide biometric data to the biometric sensor of the identification item. According to an exemplary embodiment of the invention, a fingerprint module is provided which makes it very difficult to impossible to read out information which is not requested by an unauthorized user. For example, a DNA or a fingerprint sensor may be provided. Only upon successful detection of the presence of the authorized user interacting with this biometric sensor will the latter trigger an electric circuit to be closed so that current can flow, and only this current can signal the output of information stored in an RFID tag which may be part of the biometric identification item. In other words, a biometrically induced RFID tag activation/read out may be made possible according to an exemplary embodiment of the invention. The biometric identification item may or may not have access to an interface such as an interface connected via a USB cable. It is possible to implement rechargeable batteries or single-use batteries (disposable), for instance lasting 3 to 5 years, for powering power to the identification item. It may be possible that an empty battery or an almost empty battery (i.e. having remaining energy below a threshold value) is indicated by a blinking LED or a similar indication unit. The biometric identification may or may not be connectable to the public Internet or an intranet. An energy-saver switch may be provided on the biometric identification item which automatically switches the biometric identification item to an idle or power-safe mode, for instance when the biometric identification item is not in operation for longer than a predetermined threshold time interval, for instance 30 seconds.
It may be possible to register oneself in the biometric identification system via a personal computer. Alternatively, it may be possible that enrolment is done independently from any PC or any other connection or device, simply via data communication between a user to be enrolled and the biometric identification item. Touching a surface of the biometric identification item by a user may stimulate the display. However, since this activation of the biometric identification item may be an energy- consuming process, the biometric identification item may be configured to be activated after a time delay after it has been touched. Only when the touching remains for longer than a threshold value, is the display activated. It is possible to provide a manual switch to allow a user to turn the biometric identification item on/off.
It is possible to display a five-digit verification number on the biometric identification item, and it is also possible to provide only letters, only numbers, or a combination of letters and numbers within such a verification number. The fingerprint sensor array may have a 12.8 mm x 12.8 mm surface. The option to activate the system via button actuation may be indicated to a user by an inscription such as "press here". Such instructions may be provided (printed, engraved, etc.) on a surrounding plastic/metal surface or directly on the surface of the sensor array. The display may be configured to display the verification number only after successful biometric authentication and when there has been pre-enrollment. An enrollment procedure may be possible in a wireless manner (for instance without involving any cables), and without the need of further periphery devices. The fingerprint sensor may have a mechanism to make it not too sensitive to avoid unintentional activation. The fingerprint sensor array may be switched off to save energy, under certain circumstances.
Before enrollment, the verification number may be displayed continuously on the display or when touching a dedicated portion (sensor array) of the biometric identification item with any finger. Once a user is enrolled, only the registered fingerprint of a user's finger will stimulate the verification number to appear on the display. It is possible to allow only one or several authentication attempts during the life of the token. The system may be wireless, i.e. without external cable, so no connection to the computer or any network may be necessary. It is possible to provide one or more switches for power and basic communication. The identification item may be usable over its entire lifetime without recharging. Enrollment and authentication may be possible without communicating with a PC. An input mechanism may be provided which tells the token that a user wants to enroll. For enrolling, one button may be provided and programmed to do everything. After opening an enrollment session, the enrolment may take place which may involve a check, a re-enrolment, and a close enrolment session operation mode. Once the enrolment is complete, it is possible for the sake of security that there is no further option for re-enrolment. In such an embodiment, it is possible to indicate to the user that he or she is making a serious decision by finishing enrolment. Enrolment may include providing fingerprints of ten fingers. A robust and simple way to handle enrolment is to use one, two or three impressions of user's fingers, including impressions of at least two different fingers (for instance index and thumb).
It may be possible to make the biometric identification item resistant to respect to any type of shock, such as dropping, mechanical shocks an or temperature fluctuations. For example, if a user wants to enroll, he or she first presses a power button and then presses an enrol button one or more times (once is easy, but may lead to accidental pressing). Then, the user has the opportunity to enrol. Enrolment may be a one-time process. According to an exemplary embodiment of the invention, once the user enrols, the user cannot re-enrol. From then on, if the user wants to authenticate, the user just presses the power button and has the opportunity to authenticate. Only upon successful authentication, is the rescue finder number shown.
It is possible to embed the sensor in plastic housing or in stainless steel housing or in glass housing or in zinc housing.
The aspects defined above and further aspects of the invention are apparent from the examples of embodiment to be described hereinafter and are explained with reference to these examples of embodiment.
The invention will be described in more detail hereinafter with reference to examples of embodiment but to which the invention is not limited.
Fig. 1 to Fig. 3 illustrate verification systems according to exemplary embodiments of the invention. Fig. 4A and Fig. 4B show a schematic overview over a verification system according to an exemplary embodiment of the invention.
Fig. 5 to Fig. 9 show biometric identification items according to exemplary embodiments. Fig. 10 shows an arrangement for providing a finder of a biometric identification item with user data according to an exemplary embodiment in a first operation state.
Fig. 11 shows the arrangement for providing the finder of the biometric identification item with the user data according to the exemplary embodiment in a second operation state.
Fig. 12 shows the arrangement for providing the finder of the biometric identification item with the user data according to the exemplary embodiment in a third operation state.
The illustration in the drawings is schematical. In different drawings, similar or identical elements are provided with the same reference signs.
Fig. 1 illustrates a verification arrangement 900 according to an exemplary embodiment of the invention. The verification arrangement 900 comprises an article 902 (such as a product, for instance a medication) having a label 904 attached (for instance adhered) to the article 902. Label 904 carries an alphanumeric article identification code 906.
A user (not shown) can use the verification arrangement 900 to check whether the product or article 902 a user desires to buy in a store is genuine. For this purpose, the user may use a user communication device 908 such as a mobile phone or a computer. The communication device 908 comprises an input unit 910 via which a user may input the ID 906 which a user has read on the article 902. This input information 906 may be forwarded to a communication unit 912 such as an antenna for communication via a communication network 914 such as the public Internet to a verification control system 916.
By this communication architecture, the alphanumeric article identification code 906 may be communicated from the user communication device 908 to the verification system 916. The verification system 916 also has a communication unit 918 such as a communication antenna. The communication antenna 918 may forward the supplied alphanumeric article identification code 906 to a verification entity 920. This verification entity 920 stores a number of approved identification codes in a coupled storage device or database 922. Upon receipt of the article identification code 906, the verification entity 920 outputs a response to the communication unit 918 indicating whether the input article identification code 906 is identical to one of stored approved identification codes. The corresponding information may be transmitted back via the communication unit 918, the communication network 914, the communication unit 912 to an output unit 924. The output unit 924 may for instance be a display device such as an LCD which may output originality information 926, i.e. an indication whether the verification entity 920 has recognized that the product 902 having the unique identifier 906 relates to a manufacturer having previously supplied the approved identification codes to the verification unit 920 or to the storage unit 922.
When the user receives the originality information 926, the user knows whether or not the product 902 is genuine. If the same identifier 906 has already been used in the past, this may be an indication that the product 902 is not genuine and that the product 902 relates to an unauthorized manufacturer.
Additionally, it is also possible, particularly upon positive determination of originality of the product 902, that an information provision unit 928 of the verification system 916 provides further information regarding the article 902 to the output unit 924 via the network 914, which additional information may then be optionally output as article information 930.
Via a further network 932 which may be the same network as the network 914 or another network, a manufacturer communication unit 934 may communicate with the verification system 916. Also the manufacturer communication unit 934 comprises a communication unit 936 such as a communication antenna. It also comprises a control unit 938 having processing capabilities. The control unit 938 (for instance a central processing unit or a microprocessor) may communicate with a memory unit 940 serving as a database for storing information.
When a manufacturer wishes to provide a user with the service to check originality of the products 902 via the verification system 900, this manufacturer may, via the manufacturer communication system 934 register itself at the verification system 916 and will then receive a number of approved identification codes which the manufacturer 934 may then attach to its products 902.
Fig. 2 illustrates a verification arrangement 940 according to another exemplary embodiment of the invention. Fig. 2 shows that the label 942 is attached to the product 902 which label 942 comprises the alphanumeric article identification code in plaintext 944 as well as in encoded form 906. In the described embodiment, the encoded form 906 is a two-dimensional barcode (for instance a quick response (QR) system code). The input unit 910 may be a keypad of a mobile phone 908.
However, the mobile phone 908 may also comprise a camera 946 for automatically capturing the machine-readable barcode 906. Alternatively, a user may input the ID 944 via the keypad 910 into the mobile phone 908. The reader machine 908 reads the alphanumeric article identification code 906 and transmits the read alphanumeric article identification code 906 to the verification entity (not shown) of the verification system 916. The verification system 916 then transmits back information that the product 902 is genuine when the verification system 916 detects that never before a user has input this identification information 906. A corresponding information "product genuine" may then be displayed on a display unit 924 of the mobile phone 908.
Again referring to reference numeral 942 shown in Fig. 2, such a system allows forgery recognition. A QR code 906 allows for a quick access to data by automatically reading this code (a two dimensional barcode), for instance with camera 946 of mobile phone 908 or with any other reader device. A brand ID 944 provides exact product information via a brand ID card. The brand ID 944 and the QR code 906 provide security. Such a system is forgery-proof since the online brand ID card knows the product. Moreover, the product knows the inquirer. Warnings may be generated at the end of the life cycle of the product 902 .
An alternative embodiment of a verification arrangement 950 is shown in Fig. 3.
In the embodiment of Fig. 3, the user communication device 908 is a laptop into which a user may manually input the alphanumeric article identification code 906.
Fig. 4A shows a verification arrangement 960 according to another exemplary embodiment. Although the communication entities 902, 908, 916, 934 are the same as in Figs. 1 to 3, some additional features are provided which can be taken from Fig. 4A.
Another overview over such a verification arrangement 960 is shown in Fig. 4B.
Fig. 5 shows an overview over a detailed implementation according to an exemplary embodiment of the invention. The corresponding procedures are denoted with 4a, 4b, 4c, 4d, ... and are shown in the subsequent figures. At specific events, emails denoted as OBICl to OBICIl may be generated.
In the following, referring to Fig. 5, a biometric identification item 100 according to an exemplary embodiment of the invention will be explained.
The biometric identification item 100 comprises a metal or plastic plate 101 as a substrate on and/or in which the various components of the biometric identification item 100 are provided or integrated, as will be described below in more detail. On a surface of the biometric identification item 101, in a tactile communication with a user, a fingerprint sensor 102 is provided which is adapted for sensing fingerprint data of a user. For instance, the dimension of the biometric sensor 102 may essentially equal a central portion of a finger such as a forefinger or a thumb of a user. When the user puts a finger on the fingerprint sensor 102, the fingerprint sensor 102 may sense the fingerprint data of the user and may send them to a connected processing unit 103.
The processing unit 103 may be a microprocessor or a CPU (central processing unit) and may be capable of determining whether the biometric data sensed by the biometric sensor 102 is in accordance with reference biometric data of an authorized human user provided during a registration phase of the device 100 and stored in a non-volatile memory 104. Therefore, the determining unit 103 compares the measured data provided by the biometry sensor 102 with data pre-stored in the memory unit 104. When these sets of data match properly, that is to say when the user providing the fingerprint data via the biometry sensor 102 is identical to the user having previously registered in the biometric identification item 100, the determining unit 103 will read an identification code from the memory 104 and will trigger an LCD display 105 (or an LED display) to output the code for a predetermined time of, for instance, several seconds. Thus, only an authorized user is capable of displaying the identification information on the liquid crystal display unit
105.
The identification information may be a five key digit (or may have more digits) which is output to the user and can serve to get access to medical user data stored in a system, as will be described below in more detail referring to Fig. 10 to Fig. 12.
As can further be taken from Fig. 5, various input elements 106 are provided, which may be buttons, via which a user may program the device 100.
For registering a user in the biometric identification item 100, the
CPU 103 may also serve as a registration unit which receives registration data via a USB interface 107 (which, in an alternative embodiment, may be omitted). An energy supply interface 108 allows to connection of the biometric identification item 100 to an electric power source such as a socket or a USB connection of a PC to (re-)charge an accumulator (not shown) of the biometric identification item 100.
Additionally or alternatively, the energy supply may be provided by a solar cell 109 (or a battery, an accumulator, an energy harvesting entity, etc.) which can generate electric energy based on impinging sunlight. Thus, the solar cell 109 may also power the IC 103 directly or may contribute charging the accumulator (not shown).
Thus, a biometric rescue finder may be provided as a secure and efficient rescue finder. A keychain fob-sized token may display a tracking number in a dynamic and not only static manner so that the tracking number may be output by an output unit only upon successful fingerprint identification.
An identification number and a user name may be provided statically on the token and may be etched or engraved into the token body. Alternatively, these numbers may also be displayed dynamically only upon successful fingerprint identification.
For such a biometric rescue finder, a full biometric system may be integrated in a small package, and a five digit tracking number may be displayed only after a successful fingerprint authentication. Thus, the tracking number (as an example for identification information) may be the same every time for a given token, and it can be displayed on the backside of the token. Alternatively, an OTP (one time password) system may be provided. Upon each authentication procedure, a new password may be activated. According to an exemplary embodiment as shown in Fig. 6, the biometric rescue finder plate 200 may be designed with a specification of 60 mm x 31 mm x 2.0 mm (minus tapered edges).
The biometric rescue finder plate 200 may, as shown in Fig. 7, contain a fingerprint sensor 201 (for instance Fidelica's 3002 fingerprint sensor), and the electronic design may be based on Fidelica's FIM-3002 fingerprint authentication module. Successful fingerprint authentication will result in a display of a five digit tracking number on a display unit 500, as shown in Fig. 9. Fig. 8 shows a front side and Fig. 9 shows a backside of a biometric identification item 400. Further information may be inscribed on a static display area 300 shown in Fig. 7 and Fig. 8. Thus, it is possible to implement the biometric identification item 400 in a biometric rescue finder system.
A user may enrol herself or himself on the biometric rescue finder token 400 using a USB cable (with specialized connector) and downloadable software. Optionally, prior to enrolment, the token 400 may be not be secured, and will display the five digit tracking number upon the presence of any fingerprint, not only in the presence of a fingerprint of an authorized user. Alternatively, a complete cable-free embodiment without USB cable is possible, as well as a wireless embodiment being able to communicate wireless. The biometric rescue finder 400 may be powered by rechargeable batteries, and the same USB cable that is used for communication during the enrolment process can also be used for recharging the batteries.
Next, the physical and electrical characteristics of the token 400 will be explained in more detail.
The biometric rescue finder 400 will fit the basic design shown in Fig. 6, with a maximum width of 31 mm and a maximum length of 60 mm. As shown in Fig. 7, the size will fit Fidelica's FID-3002 fingerprint sensor. Consequently, the fingerprint sensor active area may be located off-center of the token 400, as shown in Fig. 8.
The token 400 front side may show the fingerprint sensor 201 and a ten digits statically displayed identification number 300. The token 400 can also include one or more LEDs for user feedback.
The token backside shown in Fig. 9 may show a five digit tracking number only after successful fingerprint authentication, displayed on the display 500 which may be an LCD or LED segmented display to enhance security and potential for configurability. There are many options for display layout, one of which is shown in Fig. 9. This particular layout may be appropriate, but the display 500 could also be easily rotated by 90° or 180°.
Fig. 6 shows the dimension of the rescue finder substrate 200. A fingerprint sensor 201 overlaid on the rescue finder plate 200 is shown in Fig. 7. Fig. 42 shows a front side of a rescue finder 400 illustrating a fingerprint sensor active area 201. Fig. 9 shows a backside of the token 400 with a verification number display 500.
The biometric rescue finder item 400 may be powered by a thin, rechargeable battery (or with a single-use disposable battery, or with a solar power system). Such a battery may be recharged through contacts on the token surface (not shown in Fig. 6 to Fig. 9). It is possible that there are four contacts to accommodate charging and USB connection, each size in the order of 1.0 mm x 2.0 mm. The usage cycle between recharges may be dependent on the size of the battery that can fit into the token 400. A 50 mAhr battery may allow for approximately 1000 authentication attempts between recharges. Fidelica's FIM-3002 fingerprint authentication module, which is based on a 32 bit microcontroller with 64 kB on chip RAM and 256 kB on chip flash memory, may be implemented in the biometric rescue finder 400. This may allow for approximately 100 kB of personal data to be saved on the token 400, if so desired. This microcontroller may be designed to support USB, amongst other interfaces, so the interface design may be robust and fully featured.
In the following, fingerprint enrollment will be explained. It is possible to perform fingerprint enrollment to be administered by the users themselves using a standard PC. To that end, the biometric rescue finder 400 can be provided with a custom USB cable to connect to the enrolment and charging pads, and the user may be provided with a URL from which enrolment and configuration software can be downloaded.
After proper hardware and software installation, and relying on web-based user guides, individuals may be able to enrol in a straightforward manner. Such a registration process may offer the token 400 an additional high value vehicle from which to collect additional user information. Given an Internet connection, users can also update or manage their records or tracking numbers on the databases. The FIM-3002 authentication module can handle enrollment for multiple users or multiple fingers from multiple users of a single token 400. These options can be configurable by the original design specification, a centralized management system, or by the users themselves. An option is to configure the biometric rescue finder 400 to be highly secure after fingerprint enrollment, but still usable if fingerprint enrolment infrastructure is not available (for instance no Internet access, PC, USB availability, etc.). In this case, prior to enrolment, the fingerprint sensor 201 will merely act as a tactile switch, and the five digit tracking number will be displayed any time any user touches the sensor 201.
Once the user enrols on a token 400, only that enrolled fingerprint will be able to stimulate the five digit tracking number to appear on the display 500.
The biometric rescue finder item 400 may be designed to allow for simple and straightforward authentication fully independent of any connection to power or host computer. A user needs only to place her or his finger on the fingerprint sensor 201, and after approximately 1 second, if the fingerprint is accepted, the tracking number will appear on the display 500 on the backside of the token 400, as shown in Fig. 9. After a predefined period of time, the display 500 will turn off, and there will be no indication of the tracking number.
In the following, referring to Fig. IO through Fig. 12, an arrangement 600 for providing a finder of a biometric identification item 400 with user data according to an exemplary embodiment of the invention will be explained.
The arrangement 600 comprises a server computer 601 (which may also be denoted as a control unit), a storage unit 602 including a database, and a call center 604.
As can be seen from Fig. 10, the server computer 601 is connectable via the Internet 605 to any other computer connected to the Internet 605. Furthermore, the server 601 has access to the database 602 and can communicate with the call center 604.
Fig. 11 shows the arrangement 600 in a second operation state.
In this operation state, a client computer 606 (or any other computer) is connected via the Internet 605 to the server computer 601. The client computer 606 may be operated by a user 607 of the finder system shown in Fig. 10 and Fig. 11. In the context of this finding system, an object 608, for instance a key, has been connected with a biometric identification item 400 by the user 607. Although not shown in Fig. 11, the biometric identification item 400 comprises an alphanumeric code as unique identification information displayed on a display unit 500 only after successful identification of the user 607 via a fingerprint sensor 201 (see also Fig. 8 and Fig. 9).
Fig. 11 shows a connection 610 between the object 608 and the biometric identification item 400. This connection 610 can be a mechanical connection such as a connection of the biometric identification item 400 with a key ring of the key 608.
When the user 607 wishes to register the biometric information item 400 that she or he has connected to the object 608 in the server computer 601, then the user 607 may access the database 602 via the client computer 606, the Internet 605 or the server computer 601. The user 607 may provide user data to register in the database 602 and in the server computer 601 to connect the object 608 to the biometric identification item 400. This may include that the user 607 indicates her or his name and other personal and medical data and that the biometric identification item 400 with the corresponding alphanumerical identification code (displayed on the display 500 only on demand) has been connected to the key 608. To register, the user 607 may log into a finding system homepage which may be indicated on the biometric identification item 400.
The user 607 may provide medical data when registering in the database 602, like an image showing the user 607 (which the user 607 may send to the database 602 as digital data, for example as a jpg-file), the blood type of the user 607, a disease the user 607 may have, an allergy the user 607 may have, a medication to which the user 607 is allergic, information regarding a medication which must be administered to the user 607 regularly and/or information regarding possible organ donations of the user 607.
During registration, the user 607 may declare that she or he agrees to provide a finder of the user 607 with medical user data in case the finder has noticed that the finder has found the biometric identification item 400, in case of an emergency such as an accident.
The correlation between the unique identification information (displayed on the display 500 only on demand) and the provided user information is stored in the database 602.
Fig. 12 shows the arrangement 600 in a third operation state. In the scenario shown in Fig. 12, the user 607 has had an accident and is unconscious.
When a finder 611 (such as a physician of an emergency medical service) finds the unconscious user 607 carrying the key 608 connected to the biometric identification item 400 (alternatively, the biometric identification item 400 can be attached to a helmet, a car window, or a house/flat door of the user 607), then the finder 611 can gather identification information from the biometric identification item 400 by putting a finger of the user 607 on the fingerprint sensor 201 of the biometric identification item 400 and by reading the identification information which is displayed on the display 500 only in response to the successful identification of the read fingerprint information. Notice may be given to the finder system 600 that the finder 611 has found the key 608 connected to the biometric identification item 400, and carried by the user 607 in the present emergency situation. For this purpose, the server computer 601 can be accessed via a client computer 612 of the finder 611 and via the Internet 605 so that the finder 611 of the object 608 connected to the biometric identification item 400 gives notice by providing the unique identification information which may be indicated on the biometric identification item 400, that she/he has found the key 608 connected to the biometric identification item 400 and is being carried by the unconscious user 607. The finder may additionally request medical data of the user 607. The server computer 601 may check whether the medical data may be provided to the finder 611. The medical data are provided only if the user 607 has indicated -during registration - that the user agrees that the finder 611 is to be provided with the user data in a medical emergency case. If this is the case, the finder 611 is provided with the medical user data.
Based on these medical data, the finder 611 may minimize the likelihood of medical errors or may take the correct actions to help the user 607, without losing valuable time during an unnecessary examination of the user 607 or without wasting time calling for authorisation.
As an alternative to the communication of the finder 611 via the Internet 605, it is also possible that the finder 611 communicates via radio communication with the call center 604 to obtain the medical data of the user. The biometric identification item 400 shown in Fig. 12 is a key pendent. Alternatively, the biometric identification item 400 can be a sticker to be attached to a helmet, a car window, or a house/flat door of the user 607. Such a sticker may be employed in any potentially dangerous environment (workplace, apartment, car, motorcycle, bicycle, etc.). Particularly, a pendent may be connected to a key, a sticker may be connected to a motorcycle helmet, a sticker may be connected to a bicycle helmet, a sticker may be connected to a house door, a sticker may be connected to a motorcycle, a sticker may be connected to a bicycle, a sticker may be connected to a vehicle (window), to a credit card, etc. It is also possible that an indication or signal sticker may be attached to a car window indicating where the actual identification item can be found (for instance "life saving medical records on key chain").
It should be noted that the term "comprising" does not exclude other elements or steps and the "a" or "an" does not exclude a plurality. Also elements described in association with different embodiments may be combined.
It should also be noted that reference signs in the claims shall not be construed to man as limiting the scope of the claims.

Claims

C L A I M S
1. A verification arrangement, comprising an article carrying an alphanumeric article identification code; a verification entity storing a number of approved identification codes and being adapted in such a manner that upon input of the article identification code by the user, the verification entity outputs a response indicating whether the input article identification code is identical to one of the stored approved identification codes.
2. The verification arrangement of claim 1, wherein the verification entity is adapted to be accessible by a user via a communication network, particularly via the public Internet.
3. The verification arrangement of claim 1 or 2, wherein the verification entity is adapted for denying a response upon determining that the provided input article identification code has already been input by a user in the past.
4. The verification arrangement of claim 1 or 2, wherein the verification entity is adapted for denying a response upon determining that the provided input article identification code has already been input by a user in the past for a number, particularly for a plurality, of times which number exceeds a predefined threshold value.
5. The verification arrangement of any one of claims 1 to 4, wherein the alphanumeric article identification code carried by the article is unique.
6. The verification arrangement of any one of claims 1 to 5, wherein the article comprises one of the group consisting of a drug, a medication, a cosmetic product, a mobile phone, a credit card, a document,a consumer electronics device, a CD, a medical device, glass, jewellery, a work of art, wine, liquor, a gear article, a human being, an animal, pearls, gems, monetary notes, and a food article.
7. The verification arrangement of any one of claims 1 to 6, wherein the article carries the alphanumeric article identification code in a human-readable form.
8. The verification arrangement of any one of claims 1 to 7, wherein the article carries the alphanumeric article identification code in a machine-readable form.
9. The verification arrangement of claim 8, comprising a reader machine adapted for reading the alphanumeric article identification code from the article.
10. The verification arrangement of claim 9, wherein the reader machine is adapted for displaying the read alphanumeric article identification code in a human-readable form.
11. The verification arrangement of claim 9 or 10, wherein the reader machine is adapted for transmitting the read alphanumeric article identification code to the verification entity and for receiving and displaying the response output by the verification entity.
12. The verification arrangement of any one of claims 9 to 11, wherein the reader machine is a portable device.
13. The verification arrangement of claim 12, wherein the reader machine comprises one of the group consisting of a mobile phone, a personal digital assistant, and a watch.
14. The verification arrangement of any one of claims 1 to 13, adapted for determining originality of the article.
15. The verification arrangement of any one of claims 1 to 14, adapted as an antiforgery system or as an anticounterfeiting system.
16. The verification arrangement of any one of claims 1 to 15, wherein the verification entity is adapted for, before communicating with the user, being accessed by a genuine article provider and for providing the number of approved identification codes to the genuine article provider upon request of the genuine article provider.
17. The verification arrangement of claim 16, wherein the verification entity is adapted for providing the number of approved identification codes to the genuine article provider only after successful completion of an authorization procedure by the genuine article provider.
18. The verification arrangement of any one of claims 1 to 17, comprising an information provision unit adapted for outputting information related to the article to the user upon determining that the input article identification code is identical to one of the stored approved identification codes.
19. The verification arrangement of claim 18, wherein the output information comprises at least one of the group consisting of information indicative of a manufacturer of the article, information indicative of a local representative of the article, information indicative of a distributor of the article, information indicative of a shipper of the article, information indicative of an expiration date of the article, information indicative of product information of the article, information indicative of an image of the article, information indicative of operating instructions regarding the article, information indicative of a regional origin of the article, information indicative of a seller of the article, and information indicative of a trade channel of the article.
20. The verification arrangement of any one of claims 18 to 19, wherein the information provision unit is adapted for dynamically updating information related to the article over a lifetime of the article.
21. The verification arrangement of any one of claims 18 to 20, wherein the information provision unit is accessible to and manageable by a genuine article provider.
22. The verification arrangement of any one of claims 18 to 21, wherein the information provision unit is adapted for outputting information related to the article by directly transmitting the information to a user communication entity operable by the user for inputting the article identification code.
23. The verification arrangement of any one of claims 18 to 22, wherein the information provision unit is adapted for outputting information related to the article by transmitting a link to an information source to a user communication entity operable by the user for inputting the article identification code.
24. The verification arrangement of any one of claims 18 to 23, wherein the information provision unit is adapted for outputting information related to the article by transmitting the information to an information display unit differing from a user communication entity operable by the user for inputting the article identification code.
25. The verification arrangement of any one of claims 1 to 24, comprising a number of articles each carrying exactly one unique alphanumeric article identification code corresponding to exactly one of the number of stored approved identification codes.
26. The verification arrangement of any one of claims 1 to 25, wherein the verification entity is adapted for outputting the response indicating a number of times the corresponding identification code has been queried in the past.
27. The verification arrangement of any one of claims 1 to 26, wherein the verification entity is adapted for estimating a probability of a counterfeit of the article and for outputting the response indicating the probability of the counterfeit of the article.
28. The verification arrangement of claim 27, wherein the verification entity is adapted for estimating the probability of the counterfeit of the article based on at least one criteria of the group consisting of a product type of the article, a manufacturer of the article, a number of times the corresponding identification code has been queried in the past, statistical counterfeit data regarding the article, statistical counterfeit data regarding the manufacturer article, a value of the article, and a regional origin of the article.
29. The verification arrangement of any one of claims 27 to 28, wherein the verification entity is adapted for visually outputting the response indicating the probability of the counterfeit of the article as at least one of the group consisting of a color code, a bar plot, and a verbal probability level.
30. The verification arrangement of any one of claims 1 to 29, wherein the verification entity is adapted for removing an approved identification code from the stored number of approved identification codes after expiry of an expiration date of the article assigned to the approved identification code.
31. The verification arrangement of claim 30, wherein the article comprises one of the group consisting of a medication, a foodstuff, a luxury article, a cosmetic product, and a gemstone.
32. The verification arrangement of any one of claims 1 to 31, wherein the verification entity is adapted in such a manner that upon input of the article identification code by the user, the verification entity requests additional information from a user inputting the article identification code for determining whether the article is genuine.
33. The verification arrangement of claim 32, wherein the verification entity is adapted in such a manner that upon receipt of the additional information, the verification entity outputs a result indicative of a probability whether the article is genuine.
34. The verification arrangement of claim 33, wherein the verification entity is adapted for determining the result depending on both the article identification code and the additional information.
35. The verification arrangement of any one of claims 32 to 34, wherein the additional information comprises at least one of the group consisting of a point of sale of the article, a geographic position of the user and/or the article, a prize of the article, an expiry date of the article, a warranty regarding the article granted to the user by a seller of the article, a distribution level at which the article is offered to the user, and a serial number or a manufacturer number of the article.
36. A verification method, comprising attaching an alphanumeric article identification code to an article; inputting or reading the article identification code by the user or under control of the user; outputting a response to the user indicating whether the input article identification code is identical to one of a number of stored approved identification codes.
37. The verification method of claim 36, wherein the verification method is a method for determining whether the article is original.
38. A computer-readable medium, in which a computer program is stored, which computer program, when being executed by a processor, is adapted to carry out or control a verification method according to claim 36.
39. A program element, which program element, when being executed by a processor, is adapted to carry out or control a verification method according to claim 36.
PCT/IB2008/003489 2007-12-13 2008-12-12 Verification system WO2009074866A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US1345507P 2007-12-13 2007-12-13
US61/013,455 2007-12-13

Publications (2)

Publication Number Publication Date
WO2009074866A2 true WO2009074866A2 (en) 2009-06-18
WO2009074866A3 WO2009074866A3 (en) 2009-10-22

Family

ID=40627580

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/003489 WO2009074866A2 (en) 2007-12-13 2008-12-12 Verification system

Country Status (1)

Country Link
WO (1) WO2009074866A2 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011076411A1 (en) * 2011-05-24 2012-11-29 Schaeffler Technologies AG & Co. KG Method for authenticating product e.g. rolling bearing of engine, involves detecting identification of product using mobile terminal and transmitting to central data processing system
CN103714463A (en) * 2012-10-08 2014-04-09 埃森哲环球服务有限公司 Counterfeit detection
WO2015136426A1 (en) 2014-03-10 2015-09-17 Alessandro Caporusso Method of use of a unique product identification code
US9628270B2 (en) 2014-09-09 2017-04-18 Microsoft Technology Licensing, Llc Cryptographically-verifiable attestation label
US9721259B2 (en) 2012-10-08 2017-08-01 Accenture Global Services Limited Rules-based selection of counterfeit detection techniques
US10061980B2 (en) 2015-08-20 2018-08-28 Accenture Global Services Limited Digital verification of modified documents
US10116830B2 (en) 2016-09-15 2018-10-30 Accenture Global Solutions Limited Document data processing including image-based tokenization
CN114866252A (en) * 2022-04-26 2022-08-05 北京沃东天骏信息技术有限公司 Behavior identification method, verification request sending method and device
US11438330B2 (en) 2017-07-24 2022-09-06 Bernard GARCIA Biometric cloud authentication gateway database system and method of use
WO2024256575A1 (en) * 2023-06-14 2024-12-19 Veridos Gmbh Security document verification apparatus and method for examining a security document

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2816426B1 (en) * 2000-11-08 2003-09-19 Sequoias METHOD FOR AUTHENTICATING THE CORRESPONDENCE BETWEEN THE PRIMARY AND SECONDARY PACKAGING OF A PRODUCT
US20040034579A1 (en) * 2002-08-19 2004-02-19 Xu Jerry Zhi Combining the internet and bar code technologies, using random identification numbers to prevent counterfeit products
ITMI20040524A1 (en) * 2004-03-18 2004-06-18 Exp Box Madeinitaly Com S R L METHOD AND APPARATUS TO VERIFY THE AUTHENTICITY OF PRODUCTS
DE102006016830A1 (en) * 2006-04-07 2007-10-11 Martin Springer Branded product e.g. track shoe, protecting method, involves reading bar code in product using mobile telephone e.g. camera phone, and directly verifying authenticity of product with telephone by comparison with branded product data base

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011076411A1 (en) * 2011-05-24 2012-11-29 Schaeffler Technologies AG & Co. KG Method for authenticating product e.g. rolling bearing of engine, involves detecting identification of product using mobile terminal and transmitting to central data processing system
US9721259B2 (en) 2012-10-08 2017-08-01 Accenture Global Services Limited Rules-based selection of counterfeit detection techniques
CN103714463A (en) * 2012-10-08 2014-04-09 埃森哲环球服务有限公司 Counterfeit detection
EP2717195A1 (en) * 2012-10-08 2014-04-09 Accenture Global Services Limited Counterfeit detection
WO2015136426A1 (en) 2014-03-10 2015-09-17 Alessandro Caporusso Method of use of a unique product identification code
CN106415638A (en) * 2014-03-10 2017-02-15 A·卡波鲁索 Ways to use unique product identifiers
US20170076351A1 (en) * 2014-03-10 2017-03-16 Alessandro Caporusso Method of use of a unique product identification code
US9628270B2 (en) 2014-09-09 2017-04-18 Microsoft Technology Licensing, Llc Cryptographically-verifiable attestation label
US10061980B2 (en) 2015-08-20 2018-08-28 Accenture Global Services Limited Digital verification of modified documents
US10116830B2 (en) 2016-09-15 2018-10-30 Accenture Global Solutions Limited Document data processing including image-based tokenization
US11438330B2 (en) 2017-07-24 2022-09-06 Bernard GARCIA Biometric cloud authentication gateway database system and method of use
CN114866252A (en) * 2022-04-26 2022-08-05 北京沃东天骏信息技术有限公司 Behavior identification method, verification request sending method and device
WO2024256575A1 (en) * 2023-06-14 2024-12-19 Veridos Gmbh Security document verification apparatus and method for examining a security document

Also Published As

Publication number Publication date
WO2009074866A3 (en) 2009-10-22

Similar Documents

Publication Publication Date Title
WO2009074866A2 (en) Verification system
US9824186B2 (en) Medical and personal data retrieval system
US8800877B2 (en) RFID reporting personal health card and related systems
CN104487987B (en) System and method for fraud prevention
US7677459B2 (en) Dual-sided smart card reader
US20040050930A1 (en) Smart card with onboard authentication facility
US7013365B2 (en) System of secure personal identification, information processing, and precise point of contact location and timing
CN102812471B (en) The personal data of safety process and management system
US20130317848A1 (en) Electronic Medical Record Process
US20090224889A1 (en) System and method for universal identity verification of biological humans
US20220148726A1 (en) Secure Systems for Contactless Identification and Vital Sign Monitoring
JPWO2004111940A1 (en) Personal authentication device and system including personal authentication device
US20210295968A1 (en) Systems, devices and methods for securing, storing and accessing pet and veterinary information
US20180166160A1 (en) System and method for providing access to electronically stored medical information
US20120101840A1 (en) Apparatus and method for medication management
CA2930697A1 (en) Devices, systems, and methods for automated medical product or service delivery
JP2006527422A (en) Systems and information regarding secure personal authentication, information processing, and precise timing of contact location and timing
US20050029343A1 (en) Patient card
US20150100351A1 (en) Medical information device and system and method of use
WO2000043941A1 (en) Method, device and system for facilitating entry and update of multi-source medical information
JP3139635U (en) Denture information management system with built-in electronic tag
JP2008269464A (en) Medication management method and medication management system
US20170024554A1 (en) Self-powered, portable fingerprint-activated device for audibly outputting personal data
JP6713323B2 (en) Emergency information acquisition system and emergency information acquisition terminal
JP2021124773A (en) Medical information acquisition device, medical information management system, medical information acquisition method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08859065

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08859065

Country of ref document: EP

Kind code of ref document: A2