[go: up one dir, main page]

WO2018134812A1 - System and methods for biometric authentication assisted by proximity device - Google Patents

System and methods for biometric authentication assisted by proximity device Download PDF

Info

Publication number
WO2018134812A1
WO2018134812A1 PCT/IL2018/050058 IL2018050058W WO2018134812A1 WO 2018134812 A1 WO2018134812 A1 WO 2018134812A1 IL 2018050058 W IL2018050058 W IL 2018050058W WO 2018134812 A1 WO2018134812 A1 WO 2018134812A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data
identification system
user data
given
Prior art date
Application number
PCT/IL2018/050058
Other languages
French (fr)
Inventor
Ofir Friedman
Shahar Belkin
Original Assignee
Fst21 Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fst21 Ltd. filed Critical Fst21 Ltd.
Publication of WO2018134812A1 publication Critical patent/WO2018134812A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the presently disclosed subject matter relates to a solution for identifying users.
  • Many applications require the identification of users. For example, airports, or payment systems, require the identification of users in order to ensure security of individuals and/or of transactions.
  • an identification system comprising a communication unit configured to communicate wirelessly with at least a device of a user, for receiving user data from the device only when the device is within a predefined range of the communication unit, said user data comprising at least, for each user: data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, a storage unit configured to store at least a set of user data, said set of user data comprising a plurality of user data received for users whose device is within the predefined range of the communication system, and a processing unit configured to obtain at least one picture comprising a given user and taken by at least one camera operating in conjunction with the identification system, search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identify the given user by determining the ID associated with the identified VA data.
  • the processing unit is configured to, while a given user is in motion, obtain a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system, search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and identify the given user by determining the ID associated with the identified VA data.
  • the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software.
  • the processing unit is configured to identify a given user upon entry into a first zone, provide at least a first subset of the user data of said given user, identify the given user upon entry into a second zone, different from the first zone, and provide at least a second subset of the user data of said given user.
  • said user data comprise at least one of at least one frontal face picture of the user, at least one picture of the iris of the user, user's credit card information, user's name, physical descriptors of the user, behavioural descriptors of the user, and an encryption key.
  • the user data are encrypted by a private key which is specific to each user and stored in the device of the user.
  • the processing unit is configured to receive the private key via the communication unit and to decrypt the user data based on said private key. According to some embodiments, the processing unit is configured to decrypt the user data based on a public key associated to the private key and stored beforehand in the storage unit.
  • the set of user data stored in the storage unit comprises at least a first subset of user data, said first subset of user data comprising user data received for users whose device is currently within the predefined range of the communication unit, and a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currently within the predefined range of the communication unit.
  • the second subset of user data is determined by identifying the recurrent users based on at least one of the number of times each user was identified by the identification system, and the number of times the device of each user has been present within the predefined range of the communication unit.
  • the second subset of user data is received by the identification system from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information.
  • the identification system is further configured to determine at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user.
  • the identification system is further configured to update at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and send at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user.
  • the identification system further comprises said at least one camera.
  • a device comprising at least a communication unit configured to communicate wirelessly with at least an identification system, at least a storage unit configured to store at least user data, said user data comprising at least data representative of the visual aspect of the user of the device, and unique identification data of the user of the device, and a processing unit configured to send, through the communication unit, said user data to the identification system only when the device is within a predefined range of the identification system, for allowing subsequent identification of the user of the device based at least on a comparison between data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and data representative of the visual aspect of all users whose device is within the predefined range of the identification system
  • the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software.
  • an identification method comprising receiving, by a communication unit, user data only from a device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least, for each user data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, obtaining at least one picture comprising a given user and taken by at least one camera, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identifying the given user by determining the ID associated with the identified VA data.
  • VA data visual aspect of the user
  • ID unique identification data
  • the method comprises, while a given user is in motion: obtaining a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and identifying the given user by detennining the ID associated with the identified VA data.
  • the user data can be defined and modified in the device of the user only by a program configured to be stored on the device of the user and/or by the identification system.
  • the method further comprises identifying a given user upon entry into a first zone, providing at least a first subset of the user data of said given user, identifying the given user upon entry into a second zone, different from the first zone, and providing at least a second subset of the user data of said given user.
  • said user data comprise at least one of at least one frontal face picture of the user, at least one picture of the iris of the user, user's credit card information, user's name, physical descriptors of the user, behavioural descriptors of the user, and an encryption key.
  • the user data are encrypted by a private key which is specific to each user and stored in the device of the user.
  • the processing unit receives the private key via the communication unit and decrypts the user data based on said private key. According to some embodiments, the processing unit decrypts the user data based on a public key associated to the private key and stored beforehand in the storage unit.
  • the method comprises storing the set of user data in a storage unit, said set of user data comprising at least a first subset of user data, said first subset of user data comprising the user data received for the users whose device is currendy within the predefined range of the communication unit, and a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currendy within the predefined range of the communication unit
  • the second subset of user data is determined by identifying the recurrent users based on at least one of the number of times each user has been identified by the identification system, and the number of times the device of each user has been present within the predefined range of the communication unit
  • the second subset of user data is received by from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information.
  • the method further comprises determining at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of mis given user.
  • the method further comprises updating at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and sending at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing mem into the V A data of this given user.
  • an identification method comprising sending, by a communication unit of a device of a user, user data to an identification system only when the device is within a predefined range of the identification system, the user data comprising data representative of the visual aspect of the user of the device, and unique identification data of the user of the device, for allowing subsequent identification of the user of the device based at least on a comparison between data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and data representative of the visual aspect of all users whose device is within the predefined range of the identification system
  • a non-transitory storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform an identification method comprising receiving, by a communication unit, user data from each device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, obtaining at least one picture comprising a given user and taken by at least one camera, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identifying the given user by determining the ID associated with the identified VA data.
  • VA data visual aspect of the user
  • ID unique identification data
  • the proposed solution provides an efficient way to identify users.
  • the proposed solution can identify users while they are in motion.
  • the proposed solution can reduce the time and the processing resources that are needed to identify users.
  • the proposed solution can provide an identification system which can identify users without storing data on the users beforehand.
  • the proposed solution can provide an identification system which can efficiently identify a large number of users.
  • the proposed solution can provide an identification system which ensures a level of security which complies with the necessary requirements.
  • the proposed solution can provide an identification system whose knowledge of the users is dynamic and evolves over time.
  • the proposed solution can propose an in- motion identification for many applications, such as identification of users in airports, stores, etc., and for various purposes, such as security of transactions, security in public places, improvement of transactions, improvement of the service provided to users, etc. These examples are however not limitative.
  • FIG. 1 illustrates a possible embodiment of an identification system
  • - Fig. 2 describes an embodiment of a device of a user, which can communicate with the identification system
  • FIG. 3 depicts an embodiment of user data than can be stored in a storage unit of the device of Fig.2;
  • - Fig.4 describes an embodiment of a method of defining user data in the device of the user
  • - Fig.5 describes an embodiment of a method of encryption of the user data
  • FIG. 8 illustrates an embodiment of an identification method of a user while the user is in motion
  • Fig. 9A illustrates possible steps that can be performed using the method of Fig. 8;
  • FIG. 9B illustrates an embodiment in which the user data stored in the device can be updated
  • FIG. 10 illustrates an embodiment of a particular scenario for identifying users
  • Fig. 11 illustrates another possible embodiment of user data that can be used for identifying users.
  • processing unit covers any computing unit or electronic unit that may perform tasks based on instructions stored in a memory, such as a computer, a server, a chip, a processor, etc. It encompasses a single processor or multiple processors, which may be located in the same geographical zone or may, at least partially, be located in different zones and may be able to communicate together.
  • non-transitory memory should be expansively construed to cover any volatile or non-volatile computer memory suitable to the presently disclosed subject matter.
  • Embodiments of the presently disclosed subject matter are not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the presently disclosed subject matter as described herein.
  • the invention contemplates a computer program being readable by a computer for executing one or more methods of the invention.
  • the invention further contemplates a machine-readable memory tangibly embodying a program of instructions executable by the machine for executing one or more methods of the invention.
  • Fig. 1 illustrates a possible embodiment of an identification system 1.
  • the identification system 1 can comprise a communication unit 2, which is configured to communicate wirelessly with at least a device 6 of a user.
  • the communication unit 2 can communicate wirelessly with a plurality of devices 6.
  • the communication unit 2 can for example comprise an antenna, or any adapted device which can receive data (and if necessary also send data) through a wireless communication network.
  • wireless communication networks can include: Bluetooth, Bluetooth Low Energy, Wi-Fi, or a cellular communication network such as 3G or 4G. These examples are however not limitative.
  • the device 6 of the user will be further described with reference e.g. to Fig.2.
  • the identification system 1 can further comprise a storage unit 3 and a processing unit 4.
  • the storage unit 3 can comprise at least a non-transitory memory.
  • Fig. 1 Although the elements which are part of the identification system are depicted in Fig. 1 as being located in the same system 1, it is to be understood that, according to some embodiments, these elements can be at least partially located in different zones and can communicate together.
  • the identification system 1 can operate in conjunction with a camera 7, or with a plurality of cameras 7. As explained further in the specification, according to some embodiments, the identification system 1 can obtain, from the camera 7, a picture, or a plurality of pictures, and/or a video comprising at least one user who has to be identified.
  • the camera 7 is depicted in Fig.1 as being external to the identification system 1, it is to be understood that, according to some embodiments, the camera 7 or at least a part of a plurality of the cameras 7 can be part of the identification system 1.
  • the identification system 1 can communicate with a server 8, for example to obtain from this server 8 further user data or other relevant data. Communication with the server 8 can be carried out through a communication network such as e.g. Internet, or through any adapted wireless communication network.
  • the server 8 can comprise a cloud in some embodiments.
  • the identification system 1 can comprise an interface (not depicted) which can allow a user to interact with the identification system 1, for example to enter data or change settings (such as a screen associated with a keyboard, or a virtual interface which can be accessed by e.g. a phone of the user).
  • Fig. 2 describes an embodiment of a device (referred as device 20 in Fig. 2) of a user.
  • the device 20 can comprise a communication unit 21, which can send data to (and if necessary receive data from) the communication unit 2 of the identification system 1, through a wireless communication network.
  • the communication unit 21 can, for example, comprise an antenna, or any adapted device which can send data (and, if necessary, also receive data) through a wireless communication network.
  • wireless communication networks can include: Bluetooth, Bluetooth Low Energy, Wi-Fi, or a cellular communication network such as 3G or 4G. These examples are however not limitative.
  • the communication unit 21 can further communicate with a localization network (e.g. GPS, etc.) in order to obtain position data of the device.
  • a localization network e.g. GPS, etc.
  • the device 20 can further comprise a processing unit 23.
  • the storage unit 21 can store user data which are representative of the user of the device.
  • the storage unit 21 can store a program which is configured to, when executed by the processing unit, control the device 20 so as to communicate with the identification system 1 for identification purposes, as explained later in the specification.
  • Fig. 3 depicts an embodiment of user data 30 that can be stored in the storage unit 21 of the device 20.
  • the user data 30 can comprise unique identification data (ID) of the user.
  • Unique identification data include, for example, ID number (passport number, etc.) of the user, or any sequence of letters and/or figures and/or symbols that can represent the user in a unique way.
  • the user data 30 can further comprise data representative of the visual aspect of the user (V A data).
  • the VA data can include a picture of the user (such as a frontal face picture), or a plurality of pictures of the user (possibly taken from different angles of view). If necessary, at least part of the user data can be stored in compressed format (such as, but not limited to, JPEG). If necessary, at least part of the user data which are sent from the device to the identification system, can be sent in compressed format.
  • compressed format such as, but not limited to, JPEG.
  • the VA data can further comprise:
  • the physical descriptors of the user can comprise data representing the size and/or the proportions of parts of the user's body, height of the user, hair and eye colour, etc. This list is however not limitative.
  • the behavioural descriptors of the user can comprise data representing the gait of the user (such as walking speed, data representing the motion of the user's arms, etc.).
  • the user data can further comprise:
  • Data representative of the user in the context of the identification (for example, if the user has to be identified in a store, these data can comprise data representative of his buying preferences);
  • further user data can be stored in the device of the user.
  • the user data 30 (or at least part thereof) can be stored in the device of the user in a secure way, in order to prevent the user or any other unauthorized third party from modifying these data.
  • the user data 30 (or at least part thereof) can be stored in a portion of the storage unit 21 of the device which cannot be accessed by a user interface of the device (and can be accessed e.g. only by authorized software).
  • the user data 30 (or at least part thereof) can be stored in encrypted format to avoid corruption by the user or by any unauthorized third party.
  • the user data 30 (or at least part thereof) can be stored so as to be accessible only by using a protected password.
  • a plurality of subsets of user data can be stored in the device of each user, each subset being associated with a different predefined range. For example, a first subset of data is associated with a first predefined range and thus will be sent to the communication unit only when the device enters this first predefined range. A second subset of data is associated with a second predefined range and thus will be sent to the communication unit only when the device enters this second predefined range. This can be applied to more than two predefined ranges.
  • Fig, 4 describes an embodiment of a method of defining user data in the device of the user. This method may be seen as a registration phase in order to allow subsequent identification by the identification system. This method is however not limitative.
  • At least some of the steps of this method may be performed by a system comprising a processing unit and a storage unit on which a program, which is configured to execute these steps when executed by the processing unit, is stored. Alternatively, or in addition, at least some of these steps can be performed by the identification system 1.
  • the method can comprise a step 40 of obtaining visual identification data of the user.
  • the user can be positioned in front of a camera, in order to obtain a picture of the user.
  • the user can bring pictures or picture files (for example already stored in his device) which represent this user.
  • Step 40 can also comprise obtaining ID of the user.
  • the user can provide his ID number through an interface.
  • Step 41 can comprise checking the identity of the user.
  • a human operator checks e.g. an ID card of the user to verify that the VA data and the ID match this user.
  • the verification is made without an operator and using known authentication systems (such as based on the fingerprint of the user, etc.).
  • step 41 provides that there is a matching
  • the method can then comprise a step
  • the ID stored in the device is a sequence of bits which is generated by the system and is unique to the user.
  • some of the user data is stored in the device, and some of the user data is sent to a server for storage, such as the server 8 of Fig. 1.
  • the method of Fig. 4 can be applied similarly to the other user data of the user.
  • the device of the user can store an encryption key 31, and user data 30 which are encrypted by this encryption key 31.
  • This method can be performed by the identification system 1, or by another system comprising a processing unit and a storage unit on which a program is stored and which is configured to execute this method when executed by the processing unit.
  • This encryption can be performed e.g. upon registration of the user (see Fig.4), or at another stage.
  • the method can comprise a step 50 of generating a private key, a step 51 of encrypting the user data (or at least part thereof) using this private key and a step 52 of sending the encrypted user data and the private key to the device of the user. Then, according to some embodiments, the private key can be deleted and can be stored only in the device of the user.
  • the method of Fig.5 can be performed by the identification system 1.
  • the private key does not have to be stored by the identification system 1 after it has been sent to the device for encrypting the user data.
  • a private key and an associated public key can be generated (step 60). At least some of the user data can be encrypted using the private key (step 61). The encrypted user data and the private key can then be sent to the device of the user, while the public key can be kept in the storage unit of the identification system 1 (step 62).
  • Fig. 7 describes an identification method which can be based e.g. on the identification system 1 described in Fig. 1.
  • the method can comprise a step 70 of receiving, by the communication unit 2 of the identification system 1, user data from the device of each of a plurality of users which are within the predefined range of said communication unit 2.
  • user data can comprise data representative of the visual aspect of the user of the device (V A data), and unique identification data of the user of the device (ID).
  • V A data data representative of the visual aspect of the user of the device
  • ID unique identification data of the user of the device
  • the user data stored in the device of the user can comprise additional information.
  • the predefined range is represented by the reference number 9.
  • the communication unit 2 can receive data in a larger perimeter (for example because the antenna comprised in the communication unit 2 has a physical coverage which corresponds to this larger parameter), and that the predefined range 9 is defined as a sub-part of this larger perimeter.
  • predefined range does not exclude the fact that the range can be changed (e.g. by an operator of the identification system 1, or by the processing unit of the identification system 1), or that this range can dynamically evolve during use of identification system 1.
  • the devices 1 to N which are within the predefined range 9, will send user data to the communication unit 2, whereas devices N+l to N+M, which are out of the predefined range 9, will not send user data to the communication unit 2.
  • the communication of user data between the device 6 of each user which is located within the predefined range and the communication unit 2 can be performed in various ways.
  • a program or application stored in the storage unit of the device of the user can be executed by the processing unit of the device in order to perform at least some of the steps described below.
  • the device of each user regularly or continuously emits a signal (such as a Bluetooth signal, Wi-Fi signal, etc.) which is detected by the communication unit 2. Based on this signal, the processing unit of the identification system 1 can determine the position of the device. When the processing unit determines that the device is within the predefined range, it instructs the communication unit 2 to send a command to the device of the user, in order to command it to send back user data or at least some of the user data.
  • a signal such as a Bluetooth signal, Wi-Fi signal, etc.
  • the communication system regularly or continuously emits a signal, which can be sensed by the communication unit of the device of the user. Based on this signal, the device of the user can calculate its position with respect to the communication system 2.
  • the processing unit of the device determines that the device is within the predefined range of the communication system 2
  • the processing unit of the device causes the communication unit of the device to send at least some of the user data to the identification system 1.
  • the device of the user stores in its storage unit the position of the communication system 2 of the identification system 1.
  • the device of the user can determine its position using known localization techniques (e.g. GPS, 3G, etc.).
  • the processing unit of the device determines that it is within the predefined range of the communication system 2
  • the processing unit of the device causes the communication unit of the device to send at least some of the user data.
  • the communication unit 2 receives user data from all devices which are within the physical detection range of the communication unit 2 (which can be larger than the predefined range 9), and that the processing unit of the identification system 1 will discard (based e.g. on some position information sent by each of the devices) the user data of the devices which are not within the predefined range 9, and will store in the storage unit 3 the user data of the devices which are within the predefined range 9.
  • the identification system 1 can receive user data from the N users present in the predefined range.
  • a set of user data is thus obtained, which can be stored in the storage unit 3 of identification system 1.
  • the set of user data is regularly updated, depending on the entry of users into the predefined range, and the exit of users from this predefined range.
  • the processing unit of the identification system 1 obtains information that a user who carries device J has left the predefined range, it can erase the user data of this user from the storage unit.
  • the communication unit of the identification system 1 receives user data of a user who carries device N+l, since this user has entered the predefined range, it can store the user data of this user in the storage unit.
  • the communication unit of the device of the user sends regularly, or continuously, a signal which can be received by the communication unit of the identification system. Based on this signal, the processing unit of the identification system can calculate the position of the device, or this signal can itself comprise the position of the device. Thus, it is possible to detect the exit of the user.
  • the device can calculate its position (based e.g. on GPS signals, or other localization systems) and the processing unit of the device can be configured to send a signal to the communication unit of the identification system whenever it exits the predefined range.
  • the identification system 1 can receive and store only the user data of users who are currently within the predefined range.
  • the device of the user stores the ID of the user (and does not store VA data), and sends this ID to the identification system 1, which in turn downloads VA data and if necessary additional user data from the server 8.
  • the identification system 1 can decrypt the user data obtained from the server 8, using a private key sent by the device, or using a public key stored in the identification system 1 (as explained later in the specification).
  • the identification method can further comprise a step 71 of obtaining at least one picture comprising a given user and taken by at least one camera 7. According to some embodiments, a plurality of pictures are obtained and/or a video is obtained.
  • the identification method can further comprise a step 72 of searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture.
  • the processing unit 4 can extract, using image processing algorithms, the image of the user from the obtained picture.
  • the processing unit 4 can then compare the extracted image to the N pictures of the users stored in the set of user data (as mentioned, in the example of Fig.1, a number N of VA data are stored in the set of user data).
  • cross-correlation methods can be used to compare the extracted image of the N pictures of the users.
  • the user is identified (step 73) e.g. by determining the ID associated with the identified VA data.
  • the communication unit of the identification system is located in a first location, and the camera which takes a picture of the user is located in a second location, which can be different and even remote from the first location.
  • a plurality of users can be detected in the predefined range by a communication unit located at the entrance of an airport, and then a given user among this plurality of users can be imaged by a camera at the boarding gates of the airport, in order to identify the given user among said plurality of users, and to allow him to pass through the gates.
  • various components of the identification system 1 can inter-communicate data wirelcssly.
  • the processing unit of the identification system 1 can perform various tasks.
  • the processing unit of the identification system 1 can provide the ID of this given user to another system in communication with the identification system
  • the processing unit of the identification system 1 can provide the ID and other user data of this user to another system in communication with the identification system
  • the processing unit of the identification system 1 can send a signal to the device 6 and/or to the server 8 in order to extract further user data from the device 6 and/or from the server 8. For example, it can instruct the device 6 and/or to the server 8 to send the user's credit card number, etc., in order to allow a payment.
  • the processing unit of the identification system receives from the device 6 a private key (as mentioned above with reference to Fig.5) and uses it to decrypt encrypted user data stored in the server 8.
  • the processing unit of the identification system receives from the device 6 and/or the server 8 encrypted user data, and uses a public key stored in the storage unit 3 in order to decrypt these encrypted user data. In this case, a private key stored in the device 6 is not transmitted to the identification system
  • the processing unit can send a signal to another system with which the given user is willing to interact, in order to inform this other system that the given user has been identified.
  • the processing unit can send a signal to an access point system in order to authorize access of the given user to a secure zone.
  • the processing unit can send a failure signal or a failure message indicating that the given user cannot be identified.
  • This failure signal can also be sent to various systems in communication with the identification system. This failure signal can have consequences such as preventing the given user from entering a secure zone, or preventing the given user from performing a transaction.
  • a user can be identified by the identification system 1 while he is in motion.
  • the method can comprise a step 80 of obtaining a video comprising the given user and taken by said at least one camera 7 operating in conjunction with the identification system 1.
  • the method can further comprise a step 81 of searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video.
  • the method can further comprise a step 82 of identifying the given user by determining the ID associated with the identified VA data.
  • Steps 80, 81 and 82 can be performed while the user is in motion, mat it to say that it is not mandatory that the user stops at a given identification point in order to be identified.
  • the method of Fig.9A can comprise a step 90 of detecting motion in the video taken by the camera 7.
  • the method can comprise a step 91 of detecting a human body and a face among the elements that are in motion in the video.
  • Image processing algorithms can be used to detect a human body and a face in the video. If many faces and/or bodies are present in the video, in some embodiments, the face and the body which are closest to the camera can be considered as belonging to the given user who has to be identified. This is however not limitative.
  • the method can then comprise a step 92 of extracting VA data from the part of the video comprising the human body and the face.
  • the extracted VA data can comprise one or more of the following data:
  • a processing unit can compare (step 93) the extracted VA data to the VA data stored in the set of user data (which correspond to the users currently in the predefined range).
  • the VA data stored in the set of user data can comprise a picture of the users, behavioural descriptors and physical descriptors of the users present in the predefined range.
  • a comparison can thus be performed for each kind of user data: the picture extracted from the video is compared to the pictures stored in the user data, the behavioural descriptors extracted from the video are compared to the behavioural descriptors stored in the set of user data, and/or the physical descriptors extracted from the video are compared to the physical descriptors stored in the set of user data.
  • the processing unit can then aggregate the results of these comparisons, in order to provide an identification of the matching user among the users present in the set of user data.
  • the processing unit can then identify the given user, based e.g. on his ID stored in the user data (step 94).
  • a user is entering an airport, wherein his device sends his user data to the identification system (together with all devices of the users which are present in the predefined range).
  • the identification system sends a signal for opening the gates or allowing the motion of the turnstile.
  • the identification system when it extracts behavioural descriptors from the video, it can send (e.g. after identification of the user) the extracted behavioural descriptors to the device of the given user, for updating the behavioural descriptors present in his device (see steps 95 and 96 of Fig.9B).
  • the identification system can update the behavioural descriptors of the given user, each time the given user is identified by the identification system, and can send the updated data to the device of the user, for storing these data into the VA data of this given user.
  • the updated behavioural descriptors can be stored in addition to the old user data, or as replacement data.
  • the update is performed each time the user is identified by the identification system.
  • FIG. 10 describes a particular scenario for identifying users.
  • the identification system 101 receives user data from all users present in the predefined range 109.
  • a first camera 107 takes a picture or a video of him, and he is identified by the identification system 101 using the various methods described above.
  • the identification system 101 can provide at least a first subset of the user data of said given user, for example data that are relevant for this position of the user. This first subset can be obtained from the device of the user and/or from the server 108.
  • the identification system 101 can provide at least a second subset of the user data of said given user, for example data that are relevant for an interaction that has to be performed by the user at this location. This second subset can be obtained from the device of the user and/or from the server 108.
  • identification in the first and second zones can be performed while the user is in motion (as explained e.g. with reference to Figs.8 and 9).
  • a non-limitative example of the embodiment of Fig. 10 can be illustrated with respect to a store location.
  • a plurality of customers enter the vicinity of a store which comprises an identification system
  • the phone of the customers send user data to the identification system
  • a given customer enters the store (e.g. first zone 111) he is identified, based on a picture or a video taken by a first camera (e.g. camera 107).
  • the identification system can send, to the phone of all salesmen of the store, information indicating e.g. the ID of the given customer who has just entered the store (e.g. for allowing VIP treatment).
  • the identification system can identify him again using a second camera that is installed on the counter. Upon identification, the identification system can provide to a screen on the counter the credit card number and the name of the given customer, for completion of the transaction.
  • Fig. 11 describes another possible embodiment for identifying users.
  • the storage unit 110 of the identification system can store: - a first subset 111 of user data, said first subset of user data comprising user data received for users whose device is currently within the predefined range of the communication unit of the identification system, and
  • the identification system can identify him, based on the picture or video taken by the camera, since the identification system stores in advance the user data of this given user.
  • the list of recurrent users and the corresponding user data can be obtained in different ways.
  • the list of recurrent users can be based on at least the number of times each user has been identified by the identification system
  • the identification system can store a first counter which counts, for each user, the number of times he has been identified. When this first counter is above a given threshold, the identification system can integrate the user data of this user into the user data of the recurrent users.
  • the identification system can store a second counter which counts for each user the number of times the device of each user has been present within the predefined range of the communication unit. When this second counter is above a given threshold, the identification system can integrate the user data of this user into the user data of the recurrent users.
  • an aggregation of the first and second counters can be performed in order to decide whether the user is a recurrent user.
  • the second subset of user data is received by the identification system from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information.
  • an internal database of recurrent clients based on purchase statistics, can be used to communicate to the identification system the list of recurrent customers and corresponding user data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

An identification system comprises a communication unit configured to communicate wirelessly with a device of a user, for receiving user data from the device only when the device is within a predefined range of the communication unit, said user data comprising, for each user, data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, a storage unit configured to store at least a set of user data which comprises a plurality of user data received for users whose device is within said predefined range, and a processing unit configured to obtain at least one picture comprising a given user, search the set of user data to identify VA data of the given user based at least on a comparison with data related to the obtained picture, and identify the given user by determining the ID associated with the identified VA data.

Description

SYSTEM AND METHODS FOR BIOMETRIC AUTHENTICATION ASSISTED BY PROXIMITY DEVICE
TECHNICAL FIELD
The presently disclosed subject matter relates to a solution for identifying users. BACKGROUND Many applications require the identification of users. For example, airports, or payment systems, require the identification of users in order to ensure security of individuals and/or of transactions.
There exists a need to propose new methods and systems for efficiently identifying users.
GENERAL DESCRIPTION
In accordance with certain aspects of the presently disclosed subject matter, there is provided an identification system comprising a communication unit configured to communicate wirelessly with at least a device of a user, for receiving user data from the device only when the device is within a predefined range of the communication unit, said user data comprising at least, for each user: data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, a storage unit configured to store at least a set of user data, said set of user data comprising a plurality of user data received for users whose device is within the predefined range of the communication system, and a processing unit configured to obtain at least one picture comprising a given user and taken by at least one camera operating in conjunction with the identification system, search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identify the given user by determining the ID associated with the identified VA data.
According to some embodiments, the processing unit is configured to, while a given user is in motion, obtain a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system, search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and identify the given user by determining the ID associated with the identified VA data. According to some embodiments, the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software. According to some embodiments, the processing unit is configured to identify a given user upon entry into a first zone, provide at least a first subset of the user data of said given user, identify the given user upon entry into a second zone, different from the first zone, and provide at least a second subset of the user data of said given user. According to some embodiments, said user data comprise at least one of at least one frontal face picture of the user, at least one picture of the iris of the user, user's credit card information, user's name, physical descriptors of the user, behavioural descriptors of the user, and an encryption key. According to some embodiments, the user data are encrypted by a private key which is specific to each user and stored in the device of the user. According to some embodiments, the processing unit is configured to receive the private key via the communication unit and to decrypt the user data based on said private key. According to some embodiments, the processing unit is configured to decrypt the user data based on a public key associated to the private key and stored beforehand in the storage unit. According to some embodiments, the set of user data stored in the storage unit comprises at least a first subset of user data, said first subset of user data comprising user data received for users whose device is currently within the predefined range of the communication unit, and a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currently within the predefined range of the communication unit. According to some embodiments, the second subset of user data is determined by identifying the recurrent users based on at least one of the number of times each user was identified by the identification system, and the number of times the device of each user has been present within the predefined range of the communication unit. According to some embodiments, the second subset of user data is received by the identification system from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information. According to some embodiments, the identification system is further configured to determine at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user. According to some embodiments, the identification system is further configured to update at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and send at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user. According to some embodiments, the identification system further comprises said at least one camera.
These embodiments can be combined according to any of their possible technical combination.
In accordance with some aspects of the presently disclosed subject matter, there is provided a device comprising at least a communication unit configured to communicate wirelessly with at least an identification system, at least a storage unit configured to store at least user data, said user data comprising at least data representative of the visual aspect of the user of the device, and unique identification data of the user of the device, and a processing unit configured to send, through the communication unit, said user data to the identification system only when the device is within a predefined range of the identification system, for allowing subsequent identification of the user of the device based at least on a comparison between data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and data representative of the visual aspect of all users whose device is within the predefined range of the identification system According to some embodiments, the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software.
In accordance with some aspects of the presently disclosed subject matter, there is provided an identification method comprising receiving, by a communication unit, user data only from a device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least, for each user data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, obtaining at least one picture comprising a given user and taken by at least one camera, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identifying the given user by determining the ID associated with the identified VA data. According to some embodiments, the method comprises, while a given user is in motion: obtaining a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and identifying the given user by detennining the ID associated with the identified VA data. According to some embodiments, the user data can be defined and modified in the device of the user only by a program configured to be stored on the device of the user and/or by the identification system. According to some embodiments, the method further comprises identifying a given user upon entry into a first zone, providing at least a first subset of the user data of said given user, identifying the given user upon entry into a second zone, different from the first zone, and providing at least a second subset of the user data of said given user. According to some embodiments, said user data comprise at least one of at least one frontal face picture of the user, at least one picture of the iris of the user, user's credit card information, user's name, physical descriptors of the user, behavioural descriptors of the user, and an encryption key. According to some embodiments, the user data are encrypted by a private key which is specific to each user and stored in the device of the user. According to some embodiments, the processing unit receives the private key via the communication unit and decrypts the user data based on said private key. According to some embodiments, the processing unit decrypts the user data based on a public key associated to the private key and stored beforehand in the storage unit. According to some embodiments, the method comprises storing the set of user data in a storage unit, said set of user data comprising at least a first subset of user data, said first subset of user data comprising the user data received for the users whose device is currendy within the predefined range of the communication unit, and a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currendy within the predefined range of the communication unit According to some embodiments, the second subset of user data is determined by identifying the recurrent users based on at least one of the number of times each user has been identified by the identification system, and the number of times the device of each user has been present within the predefined range of the communication unit According to some embodiments, the second subset of user data is received by from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information. According to some embodiments, the method further comprises determining at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of mis given user. According to some embodiments, the method further comprises updating at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and sending at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing mem into the V A data of this given user.
These embodiments can be combined according to any of their possible technical combination.
In accordance with some aspects of the presently disclosed subject matter, there is provided an identification method comprising sending, by a communication unit of a device of a user, user data to an identification system only when the device is within a predefined range of the identification system, the user data comprising data representative of the visual aspect of the user of the device, and unique identification data of the user of the device, for allowing subsequent identification of the user of the device based at least on a comparison between data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and data representative of the visual aspect of all users whose device is within the predefined range of the identification system
In accordance with some aspects of the presently disclosed subject matter, there is provided a non-transitory storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform an identification method comprising receiving, by a communication unit, user data from each device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least data representative of the visual aspect of the user (VA data), and unique identification data (ID) of the user, obtaining at least one picture comprising a given user and taken by at least one camera, searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and identifying the given user by determining the ID associated with the identified VA data.
According to some embodiments, the proposed solution provides an efficient way to identify users.
According to some embodiments, the proposed solution can identify users while they are in motion.
According to some embodiments, the proposed solution can reduce the time and the processing resources that are needed to identify users. According to some embodiments, the proposed solution can provide an identification system which can identify users without storing data on the users beforehand.
According to some embodiments, the proposed solution can provide an identification system which can efficiently identify a large number of users.
According to some embodiments, the proposed solution can provide an identification system which ensures a level of security which complies with the necessary requirements.
According to some embodiments, the proposed solution can provide an identification system whose knowledge of the users is dynamic and evolves over time.
According to some embodiments, the proposed solution can propose an in- motion identification for many applications, such as identification of users in airports, stores, etc., and for various purposes, such as security of transactions, security in public places, improvement of transactions, improvement of the service provided to users, etc. These examples are however not limitative.
BRIEF DESCRIPTION OF THE DRAWINGS
In order to understand the invention and to see how it can be carried out in practice, embodiments will be described, by way of non-limiting examples, with reference to the accompanying drawings, in which:
- Fig. 1 illustrates a possible embodiment of an identification system;
- Fig. 2 describes an embodiment of a device of a user, which can communicate with the identification system;
- Fig. 3 depicts an embodiment of user data than can be stored in a storage unit of the device of Fig.2;
- Fig.4 describes an embodiment of a method of defining user data in the device of the user;
- Fig.5 describes an embodiment of a method of encryption of the user data;
- Fig.6 illustrates an embodiment of an encryption method;
- Fig.7 illustrates an embodiment of an identification method;
- Fig. 8 illustrates an embodiment of an identification method of a user while the user is in motion; Fig. 9A illustrates possible steps that can be performed using the method of Fig. 8;
- Fig. 9B illustrates an embodiment in which the user data stored in the device can be updated;
- Fig. 10 illustrates an embodiment of a particular scenario for identifying users; and
- Fig. 11 illustrates another possible embodiment of user data that can be used for identifying users. DETAILED DESCRIPTION
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the presently disclosed subject matter may be practiced without these specific details. In other instances, well-known methods have not been described in detail so as not to obscure the presently disclosed subject matter.
Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated mat throughout the specification discussions utilizing terms such as "receiving", "obtaining", "searching", "identifying", "providing", "decrypting", "encrypting", "detennining", "sending", "updating", "searching", or the like, refer to the action(s) and/or process(es) of a processor that manipulate and/or transform data into other data, said data represented as physical, such as electronic, quantities and/or said data representing the physical objects.
The term "processing unit" covers any computing unit or electronic unit that may perform tasks based on instructions stored in a memory, such as a computer, a server, a chip, a processor, etc. It encompasses a single processor or multiple processors, which may be located in the same geographical zone or may, at least partially, be located in different zones and may be able to communicate together.
The term "non-transitory memory" as used herein should be expansively construed to cover any volatile or non-volatile computer memory suitable to the presently disclosed subject matter.
Embodiments of the presently disclosed subject matter are not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the presently disclosed subject matter as described herein. The invention contemplates a computer program being readable by a computer for executing one or more methods of the invention. The invention further contemplates a machine-readable memory tangibly embodying a program of instructions executable by the machine for executing one or more methods of the invention.
Fig. 1 illustrates a possible embodiment of an identification system 1. The identification system 1 can comprise a communication unit 2, which is configured to communicate wirelessly with at least a device 6 of a user. In Fig. 1, the communication unit 2 can communicate wirelessly with a plurality of devices 6.
The communication unit 2 can for example comprise an antenna, or any adapted device which can receive data (and if necessary also send data) through a wireless communication network. Examples of wireless communication networks can include: Bluetooth, Bluetooth Low Energy, Wi-Fi, or a cellular communication network such as 3G or 4G. These examples are however not limitative.
The device 6 of the user will be further described with reference e.g. to Fig.2. The identification system 1 can further comprise a storage unit 3 and a processing unit 4.
The storage unit 3 can comprise at least a non-transitory memory.
Although the elements which are part of the identification system are depicted in Fig. 1 as being located in the same system 1, it is to be understood that, according to some embodiments, these elements can be at least partially located in different zones and can communicate together.
The identification system 1 can operate in conjunction with a camera 7, or with a plurality of cameras 7. As explained further in the specification, according to some embodiments, the identification system 1 can obtain, from the camera 7, a picture, or a plurality of pictures, and/or a video comprising at least one user who has to be identified.
Although the camera 7 is depicted in Fig.1 as being external to the identification system 1, it is to be understood that, according to some embodiments, the camera 7 or at least a part of a plurality of the cameras 7 can be part of the identification system 1.
According to some embodiments, the identification system 1 can communicate with a server 8, for example to obtain from this server 8 further user data or other relevant data. Communication with the server 8 can be carried out through a communication network such as e.g. Internet, or through any adapted wireless communication network. The server 8 can comprise a cloud in some embodiments. If necessary, the identification system 1 can comprise an interface (not depicted) which can allow a user to interact with the identification system 1, for example to enter data or change settings (such as a screen associated with a keyboard, or a virtual interface which can be accessed by e.g. a phone of the user).
Fig. 2 describes an embodiment of a device (referred as device 20 in Fig. 2) of a user.
The device 20 can comprise a communication unit 21, which can send data to (and if necessary receive data from) the communication unit 2 of the identification system 1, through a wireless communication network.
The communication unit 21 can, for example, comprise an antenna, or any adapted device which can send data (and, if necessary, also receive data) through a wireless communication network. Examples of wireless communication networks can include: Bluetooth, Bluetooth Low Energy, Wi-Fi, or a cellular communication network such as 3G or 4G. These examples are however not limitative.
According to some embodiments, the communication unit 21 can further communicate with a localization network (e.g. GPS, etc.) in order to obtain position data of the device.
The device 20 can further comprise a processing unit 23.
As explained further with reference to Fig.3, the storage unit 21 can store user data which are representative of the user of the device. In addition the storage unit 21 can store a program which is configured to, when executed by the processing unit, control the device 20 so as to communicate with the identification system 1 for identification purposes, as explained later in the specification.
Fig. 3 depicts an embodiment of user data 30 that can be stored in the storage unit 21 of the device 20.
The user data 30 can comprise unique identification data (ID) of the user. Unique identification data include, for example, ID number (passport number, etc.) of the user, or any sequence of letters and/or figures and/or symbols that can represent the user in a unique way.
The user data 30 can further comprise data representative of the visual aspect of the user (V A data).
The VA data can include a picture of the user (such as a frontal face picture), or a plurality of pictures of the user (possibly taken from different angles of view). If necessary, at least part of the user data can be stored in compressed format (such as, but not limited to, JPEG). If necessary, at least part of the user data which are sent from the device to the identification system, can be sent in compressed format.
According to some embodiments, the VA data can further comprise:
- physical descriptors of the user,
- behavioural descriptors of the user.
The physical descriptors of the user can comprise data representing the size and/or the proportions of parts of the user's body, height of the user, hair and eye colour, etc. This list is however not limitative.
The behavioural descriptors of the user can comprise data representing the gait of the user (such as walking speed, data representing the motion of the user's arms, etc.).
The user data can further comprise:
- User' s credit card information,
- User's personal data (name, address);
- Data representative of the user in the context of the identification (for example, if the user has to be identified in a store, these data can comprise data representative of his buying preferences); and
- An encryption key.
Depending on needs, further user data can be stored in the device of the user.
According to some embodiments, the user data 30 (or at least part thereof) can be stored in the device of the user in a secure way, in order to prevent the user or any other unauthorized third party from modifying these data.
According to some embodiments, the user data 30 (or at least part thereof) can be stored in a portion of the storage unit 21 of the device which cannot be accessed by a user interface of the device (and can be accessed e.g. only by authorized software).
According to some embodiments, the user data 30 (or at least part thereof) can be stored in encrypted format to avoid corruption by the user or by any unauthorized third party.
According to some embodiments, the user data 30 (or at least part thereof) can be stored so as to be accessible only by using a protected password.
According to some embodiments, a plurality of subsets of user data can be stored in the device of each user, each subset being associated with a different predefined range. For example, a first subset of data is associated with a first predefined range and thus will be sent to the communication unit only when the device enters this first predefined range. A second subset of data is associated with a second predefined range and thus will be sent to the communication unit only when the device enters this second predefined range. This can be applied to more than two predefined ranges.
Attention is now drawn to Fig, 4, which describes an embodiment of a method of defining user data in the device of the user. This method may be seen as a registration phase in order to allow subsequent identification by the identification system. This method is however not limitative.
At least some of the steps of this method may be performed by a system comprising a processing unit and a storage unit on which a program, which is configured to execute these steps when executed by the processing unit, is stored. Alternatively, or in addition, at least some of these steps can be performed by the identification system 1.
The method can comprise a step 40 of obtaining visual identification data of the user. For example, the user can be positioned in front of a camera, in order to obtain a picture of the user. In other embodiments, the user can bring pictures or picture files (for example already stored in his device) which represent this user.
Step 40 can also comprise obtaining ID of the user. For example, the user can provide his ID number through an interface.
Step 41 can comprise checking the identity of the user. In some embodiments, a human operator checks e.g. an ID card of the user to verify that the VA data and the ID match this user. In other embodiments, the verification is made without an operator and using known authentication systems (such as based on the fingerprint of the user, etc.).
If step 41 provides that there is a matching, the method can then comprise a step
42 of storing the visual identification data and ID of the user in the device. In some embodiments, the ID stored in the device is a sequence of bits which is generated by the system and is unique to the user.
Once the user data have been stored in the device of the user, and according to some embodiments, it is thus not mandatory to keep the user data in the system which has performed the method of Fig. 4 (such as the identification system), since the user data are stored, upon completion of the method of Fig, 4, in the device of the user.
According to some embodiments, some of the user data is stored in the device, and some of the user data is sent to a server for storage, such as the server 8 of Fig. 1. The method of Fig. 4 can be applied similarly to the other user data of the user.
According to some embodiments, and as shown in Fig.3, the device of the user can store an encryption key 31, and user data 30 which are encrypted by this encryption key 31.
A method of encryption of the user data is described with reference to Fig. 5.
This method can be performed by the identification system 1, or by another system comprising a processing unit and a storage unit on which a program is stored and which is configured to execute this method when executed by the processing unit.
This encryption can be performed e.g. upon registration of the user (see Fig.4), or at another stage.
The method can comprise a step 50 of generating a private key, a step 51 of encrypting the user data (or at least part thereof) using this private key and a step 52 of sending the encrypted user data and the private key to the device of the user. Then, according to some embodiments, the private key can be deleted and can be stored only in the device of the user.
For example, the method of Fig.5 can be performed by the identification system 1. In this case, the private key does not have to be stored by the identification system 1 after it has been sent to the device for encrypting the user data.
According to other embodiments, and as shown in Fig. 6, a private key and an associated public key can be generated (step 60). At least some of the user data can be encrypted using the private key (step 61). The encrypted user data and the private key can then be sent to the device of the user, while the public key can be kept in the storage unit of the identification system 1 (step 62).
It is to be understood that other encryption methods can be used.
Attention is now drawn to Fig. 7, which describes an identification method which can be based e.g. on the identification system 1 described in Fig. 1.
The method can comprise a step 70 of receiving, by the communication unit 2 of the identification system 1, user data from the device of each of a plurality of users which are within the predefined range of said communication unit 2. These user data can comprise data representative of the visual aspect of the user of the device (V A data), and unique identification data of the user of the device (ID). In some embodiments, if further parts of the user data can be received (as mentioned above with reference e.g. to Fig. 3, the user data stored in the device of the user can comprise additional information). In the example of Fig, 1, the predefined range is represented by the reference number 9.
In practice, it is possible that the communication unit 2 can receive data in a larger perimeter (for example because the antenna comprised in the communication unit 2 has a physical coverage which corresponds to this larger parameter), and that the predefined range 9 is defined as a sub-part of this larger perimeter.
The expression "predefined range" does not exclude the fact that the range can be changed (e.g. by an operator of the identification system 1, or by the processing unit of the identification system 1), or that this range can dynamically evolve during use of identification system 1.
According to some embodiments, and as illustrated in the non-limiting example of Fig, 1, the devices 1 to N, which are within the predefined range 9, will send user data to the communication unit 2, whereas devices N+l to N+M, which are out of the predefined range 9, will not send user data to the communication unit 2.
The communication of user data between the device 6 of each user which is located within the predefined range and the communication unit 2 can be performed in various ways.
In at least some of these embodiments, a program or application stored in the storage unit of the device of the user, can be executed by the processing unit of the device in order to perform at least some of the steps described below.
According to some embodiments, the device of each user regularly or continuously emits a signal (such as a Bluetooth signal, Wi-Fi signal, etc.) which is detected by the communication unit 2. Based on this signal, the processing unit of the identification system 1 can determine the position of the device. When the processing unit determines that the device is within the predefined range, it instructs the communication unit 2 to send a command to the device of the user, in order to command it to send back user data or at least some of the user data.
According to some embodiments, the communication system regularly or continuously emits a signal, which can be sensed by the communication unit of the device of the user. Based on this signal, the device of the user can calculate its position with respect to the communication system 2. When the processing unit of the device determines that the device is within the predefined range of the communication system 2, the processing unit of the device causes the communication unit of the device to send at least some of the user data to the identification system 1. According to other embodiments, the device of the user stores in its storage unit the position of the communication system 2 of the identification system 1. The device of the user can determine its position using known localization techniques (e.g. GPS, 3G, etc.). When the processing unit of the device determines that it is within the predefined range of the communication system 2, the processing unit of the device causes the communication unit of the device to send at least some of the user data.
According to other embodiments, it is possible that the communication unit 2 receives user data from all devices which are within the physical detection range of the communication unit 2 (which can be larger than the predefined range 9), and that the processing unit of the identification system 1 will discard (based e.g. on some position information sent by each of the devices) the user data of the devices which are not within the predefined range 9, and will store in the storage unit 3 the user data of the devices which are within the predefined range 9.
Thus, the identification system 1 can receive user data from the N users present in the predefined range.
A set of user data is thus obtained, which can be stored in the storage unit 3 of identification system 1.
According to some embodiments, the set of user data is regularly updated, depending on the entry of users into the predefined range, and the exit of users from this predefined range.
For example, if the processing unit of the identification system 1 obtains information that a user who carries device J has left the predefined range, it can erase the user data of this user from the storage unit.
Similarly, if the communication unit of the identification system 1 receives user data of a user who carries device N+l, since this user has entered the predefined range, it can store the user data of this user in the storage unit.
Information that a user has left the predefined range can be obtained in several ways. According to some embodiments, and as mentioned above, the communication unit of the device of the user sends regularly, or continuously, a signal which can be received by the communication unit of the identification system. Based on this signal, the processing unit of the identification system can calculate the position of the device, or this signal can itself comprise the position of the device. Thus, it is possible to detect the exit of the user. In other embodiments, the device can calculate its position (based e.g. on GPS signals, or other localization systems) and the processing unit of the device can be configured to send a signal to the communication unit of the identification system whenever it exits the predefined range.
Thus, the identification system 1 can receive and store only the user data of users who are currently within the predefined range.
According to other embodiments (not depicted), the device of the user stores the ID of the user (and does not store VA data), and sends this ID to the identification system 1, which in turn downloads VA data and if necessary additional user data from the server 8. If necessary, the identification system 1 can decrypt the user data obtained from the server 8, using a private key sent by the device, or using a public key stored in the identification system 1 (as explained later in the specification).
As shown in Fig.7, the identification method can further comprise a step 71 of obtaining at least one picture comprising a given user and taken by at least one camera 7. According to some embodiments, a plurality of pictures are obtained and/or a video is obtained.
The identification method can further comprise a step 72 of searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture.
For example, the processing unit 4 can extract, using image processing algorithms, the image of the user from the obtained picture.
The processing unit 4 can then compare the extracted image to the N pictures of the users stored in the set of user data (as mentioned, in the example of Fig.1, a number N of VA data are stored in the set of user data). In some embodiments, cross-correlation methods can be used to compare the extracted image of the N pictures of the users.
If this comparison complies with a matching criterion (such as the comparison shows that the difference is below a given threshold), the user is identified (step 73) e.g. by determining the ID associated with the identified VA data.
According to some embodiments, the communication unit of the identification system is located in a first location, and the camera which takes a picture of the user is located in a second location, which can be different and even remote from the first location.
For example, a plurality of users can be detected in the predefined range by a communication unit located at the entrance of an airport, and then a given user among this plurality of users can be imaged by a camera at the boarding gates of the airport, in order to identify the given user among said plurality of users, and to allow him to pass through the gates.
It is to be noted that according to some embodiments, various components of the identification system 1 can inter-communicate data wirelcssly.
Upon identification of the given user, the processing unit of the identification system 1 can perform various tasks.
In some embodiments, the processing unit of the identification system 1 can provide the ID of this given user to another system in communication with the identification system
In some embodiments, the processing unit of the identification system 1 can provide the ID and other user data of this user to another system in communication with the identification system
In some embodiments, the processing unit of the identification system 1 can send a signal to the device 6 and/or to the server 8 in order to extract further user data from the device 6 and/or from the server 8. For example, it can instruct the device 6 and/or to the server 8 to send the user's credit card number, etc., in order to allow a payment.
According to some embodiments, the processing unit of the identification system receives from the device 6 a private key (as mentioned above with reference to Fig.5) and uses it to decrypt encrypted user data stored in the server 8.
According to some embodiments, the processing unit of the identification system receives from the device 6 and/or the server 8 encrypted user data, and uses a public key stored in the storage unit 3 in order to decrypt these encrypted user data. In this case, a private key stored in the device 6 is not transmitted to the identification system
In some embodiments, the processing unit can send a signal to another system with which the given user is willing to interact, in order to inform this other system that the given user has been identified.
For example, the processing unit can send a signal to an access point system in order to authorize access of the given user to a secure zone.
If the comparison performed at step 72 does not comply with a matching criterion, the processing unit can send a failure signal or a failure message indicating that the given user cannot be identified. This failure signal can also be sent to various systems in communication with the identification system. This failure signal can have consequences such as preventing the given user from entering a secure zone, or preventing the given user from performing a transaction.
These examples are however not limitative.
According to some embodiments, a user can be identified by the identification system 1 while he is in motion.
An embodiment of a corresponding identification method is described in Fig.8.
The method can comprise a step 80 of obtaining a video comprising the given user and taken by said at least one camera 7 operating in conjunction with the identification system 1.
The method can further comprise a step 81 of searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video.
The method can further comprise a step 82 of identifying the given user by determining the ID associated with the identified VA data.
Steps 80, 81 and 82 can be performed while the user is in motion, mat it to say that it is not mandatory that the user stops at a given identification point in order to be identified.
A particular embodiment which can be used to carry out the method of Fig.8 is described with respect to Fig.9A.
As shown, the method of Fig.9A can comprise a step 90 of detecting motion in the video taken by the camera 7.
Once motion has been detected, the method can comprise a step 91 of detecting a human body and a face among the elements that are in motion in the video.
Image processing algorithms can be used to detect a human body and a face in the video. If many faces and/or bodies are present in the video, in some embodiments, the face and the body which are closest to the camera can be considered as belonging to the given user who has to be identified. This is however not limitative.
The method can then comprise a step 92 of extracting VA data from the part of the video comprising the human body and the face. The extracted VA data can comprise one or more of the following data:
- The face of the user; - Behavioural descriptors (such as data which describe the gait of the user in the video);
- Physical descriptors of the user (e.g. data representing the size and/or the proportions of parts of the user's body, height of the user, etc.). A processing unit can compare (step 93) the extracted VA data to the VA data stored in the set of user data (which correspond to the users currently in the predefined range). As mentioned above, the VA data stored in the set of user data can comprise a picture of the users, behavioural descriptors and physical descriptors of the users present in the predefined range.
A comparison can thus be performed for each kind of user data: the picture extracted from the video is compared to the pictures stored in the user data, the behavioural descriptors extracted from the video are compared to the behavioural descriptors stored in the set of user data, and/or the physical descriptors extracted from the video are compared to the physical descriptors stored in the set of user data.
The processing unit can then aggregate the results of these comparisons, in order to provide an identification of the matching user among the users present in the set of user data.
The processing unit can then identify the given user, based e.g. on his ID stored in the user data (step 94).
Further embodiments for identifying the user based on various different data can be carried out using the systems and methods described in US patent 89S2810 of the Applicants, which is incorporated herein by reference.
In a possible application, a user is entering an airport, wherein his device sends his user data to the identification system (together with all devices of the users which are present in the predefined range). When this user approaches the boarding gates, he is identified remotely by the identification system in conjunction with a camera located in the vicinity of the boarding gates, while he is still walking towards the gates or the turnstile. The identification system then sends a signal for opening the gates or allowing the motion of the turnstile.
Attention is now drawn to Fig.9B.
As shown, when the identification system extracts behavioural descriptors from the video, it can send (e.g. after identification of the user) the extracted behavioural descriptors to the device of the given user, for updating the behavioural descriptors present in his device (see steps 95 and 96 of Fig.9B). According to some embodiments, the identification system can update the behavioural descriptors of the given user, each time the given user is identified by the identification system, and can send the updated data to the device of the user, for storing these data into the VA data of this given user.
The updated behavioural descriptors can be stored in addition to the old user data, or as replacement data.
According to some embodiments, the update is performed each time the user is identified by the identification system.
This can also be applied to the physical descriptors (size of the body, etc.) of the given user which can be extracted from the picture(s) (and/or video) taken by the camera, and can then be sent to the device of the user, in order to be stored in the device as updated physical descriptors in the V A data of the user data. If necessary, this update can also be done each time the user is identified by the identification system
Attention is now drawn to Fig. 10, which describes a particular scenario for identifying users.
In this embodiment, the identification system 101 receives user data from all users present in the predefined range 109. When the user enters a first zone 111, a first camera 107 takes a picture or a video of him, and he is identified by the identification system 101 using the various methods described above. The identification system 101 can provide at least a first subset of the user data of said given user, for example data that are relevant for this position of the user. This first subset can be obtained from the device of the user and/or from the server 108.
When the user enters a second zone 112, different from the first zone 111, he is identified again by the identification system 101. The identification system 101 can provide at least a second subset of the user data of said given user, for example data that are relevant for an interaction that has to be performed by the user at this location. This second subset can be obtained from the device of the user and/or from the server 108.
In some embodiments, identification in the first and second zones can be performed while the user is in motion (as explained e.g. with reference to Figs.8 and 9).
A non-limitative example of the embodiment of Fig. 10 can be illustrated with respect to a store location. A plurality of customers enter the vicinity of a store which comprises an identification system The phone of the customers send user data to the identification system When a given customer enters the store (e.g. first zone 111) he is identified, based on a picture or a video taken by a first camera (e.g. camera 107). The identification system can send, to the phone of all salesmen of the store, information indicating e.g. the ID of the given customer who has just entered the store (e.g. for allowing VIP treatment).
Once the given customer approaches the counter in order to proceed to payment (e.g. second zone 112), the identification system can identify him again using a second camera that is installed on the counter. Upon identification, the identification system can provide to a screen on the counter the credit card number and the name of the given customer, for completion of the transaction.
This example is however not limitative.
Fig. 11 describes another possible embodiment for identifying users.
In this embodiment, the storage unit 110 of the identification system can store: - a first subset 111 of user data, said first subset of user data comprising user data received for users whose device is currently within the predefined range of the communication unit of the identification system, and
- a second subset 112 of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currently within the predefined range of the communication unit of the identification system
As a consequence, if a given user belongs to the list of recurrent users and attempts to be identified by the identification system, even if this given user does not currently carry his device comprising his user data, the identification system can identify him, based on the picture or video taken by the camera, since the identification system stores in advance the user data of this given user.
The list of recurrent users and the corresponding user data can be obtained in different ways.
According to some embodiments, the list of recurrent users can be based on at least the number of times each user has been identified by the identification system The identification system can store a first counter which counts, for each user, the number of times he has been identified. When this first counter is above a given threshold, the identification system can integrate the user data of this user into the user data of the recurrent users.
Alternatively, or in addition, the identification system can store a second counter which counts for each user the number of times the device of each user has been present within the predefined range of the communication unit. When this second counter is above a given threshold, the identification system can integrate the user data of this user into the user data of the recurrent users.
In some embodiments, an aggregation of the first and second counters can be performed in order to decide whether the user is a recurrent user.
According to some embodiments, the second subset of user data is received by the identification system from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information.
For example, in a store, an internal database of recurrent clients, based on purchase statistics, can be used to communicate to the identification system the list of recurrent customers and corresponding user data.
It is to be noted that the various features described in the various embodiments may be combined according to all possible technical combinations.
It is to be understood that the invention is not limited in its application to the details set forth in the description contained herein or illustrated in the drawings. The invention is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for designing other structures, methods, and systems for carrying out the several purposes of the presently disclosed subject matter.
Those skilled in the art will readily appreciate that various modifications and changes can be applied to the embodiments of the invention as hereinbefore described without departing from its scope, defined in and by the appended claims.

Claims

1. An identification system comprising:
- a communication unit configured to communicate wirelessly with at least one device of a user, for receiving user data from the device only when the device is within a predefined range of the communication unit, said user data comprising at least, for each user
o data representative of the visual aspect of the user (VA data), and o unique identification data (ID) of the user,
- a storage unit configured to store at least a set of user data, said set of user data comprising a plurality of user data received for users whose device is within the predefined range of the communication system, and
- a processing unit configured to:
o obtain at least one picture comprising a given user and taken by at least one camera operating in conjunction with the identification system, o search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and o identify the given user by determining the ID associated with the identified
VA data.
2. The identification system of claim 1, wherein the processing unit is configured to, while a given user is in motion:
- obtain a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system,
- search the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and
- identify the given user by determining the ID associated with the identified VA data.
3. The identification system of any of claims 1 or 2, wherein the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software.
4. The identification system of any of claims 1 to 3, wherein the processing unit is configured to:
- identify a given user upon entry into a first zone,
- provide at least a first subset of the user data of said given user, - identify the given user upon entry into a second zone, different from the first zone, and
- provide at least a second subset of the user data of said given user.
5. The identification system of any of claims 1 to 4, wherein said user data comprise at least one of:
- at least one frontal face picture of the user,
- at least one picture of the iris of the user,
- user' s credit card information,
- user's name,
- physical descriptors of the user,
- behavioural descriptors of the user, and
- an encryption key.
6. The identification system of any of claims 1 to S, wherein the user data are encrypted by a private key which is specific to each user and stored in the device of the user.
7. The identification system of claim 6, wherein the processing unit is configured to receive the private key via the communication unit and to decrypt the user data based on said private key.
8. The identification system of claim 6, wherein the processing unit is configured to decrypt the user data based on a public key associated to the private key and stored beforehand in the storage unit.
9. The identification system of any of claims 1 to 8, wherein the set of user data stored in the storage unit comprises at least:
- a first subset of user data, said first subset of user data comprising user data received for users whose device is currently within the predefined range of the communication unit, and
- a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currently within the predefined range of the communication unit
10. The identification system of claim 9, wherein the second subset of user data is determined by identifying the recurrent users based on at least one of:
- the number of times each user was identified by the identification system, and - die number of times the device of each user has been present within the predefined range of the communication unit.
11. The identification system of claim 10, wherein the second subset of user data is received by the identification system from an operator and/or from an external device and/or is determined by the processing unit based on an additional source of information.
12. The identification system of any of claims 1 to 11, further configured to:
- determine at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and
- upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of mis given user.
13. The identification system of claim 12, further configured to:
- update at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and
- send at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user.
14. The identification system of any of claims 1 to 13, further comprising said at least one camera.
15. A device comprising:
- at least a communication unit configured to communicate wirelessly with at least an identification system,
- at least a storage unit configured to store at least user data, said user data comprising at least:
o data representative of the visual aspect of the user of the device, and o unique identification data of the user of the device,
- a processing unit configured to send, through the communication unit, said user data to the identification system only when the device is within a predefined range of the identification system, for allowing subsequent identification of the user of the device based at least on a comparison between: o data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and o data representative of the visual aspect of all users whose device is within the predefined range of the identification system.
16. The identification system of claim 15, wherein the user data can be defined and/or modified in the device of the user only by an authorized operator and/or through an authorized software.
17. An identification method comprising:
- receiving, by a communication unit, user data only from a device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least, for each user o data representative of the visual aspect of the user (V A data), and o unique identification data (ID) of the user,
- obtaining at least one picture comprising a given user and taken by at least one camera,
- searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and
- identifying the given user by detennining the ID associated with the identified VA data.
18. The method of claim 17, comprising, while a given user is in motion:
- obtaining a video comprising the given user and taken by said at least one camera operating in conjunction with the identification system,
- searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained video, and
- identifying the given user by detennining the ID associated with the identified VA data.
19. The method of any of claims 17 or 18, wherein the user data can be defined and modified in the device of the user only by a program configured to be stored on the device of the user and/or by the identification system.
20. The method of any of claims 17 to 19, further comprising:
- identifying a given user upon entry into a first zone,
- providing at least a first subset of the user data of said given user,
- identifying the given user upon entry into a second zone, different from the first zone, and - providing at least a second subset of the user data of said given user.
21. The method of any of claims 17 to 20, wherein said user data comprise at least one of:
- at least one frontal face picture of the user,
- at least one picture of the iris of the user,
- user's credit card information,
- user's name,
- physical descriptors of the user,
- behavioural descriptors of the user, and
- an encryption key.
22. The method of any of claims 17 to 21, wherein the user data are encrypted by a private key which is specific to each user and stored in the device of the user.
23. The method of claim 22, wherein the processing unit receives the private key via the communication unit and decrypts the user data based on said private key.
24. The method of claim 22, wherein the processing unit decrypts the user data based on a public key associated to the private key and stored beforehand in the storage unit.
25. The method of any of claims 17 to 24, comprising storing the set of user data in a storage unit, said set of user data comprising at least:
- a first subset of user data, said first subset of user data comprising the user data received for the users whose device is currently within the predefined range of the communication unit, and
- a second subset of user data, said second subset of user data comprising user data of recurrent users, said second subset of user data being stored in the storage unit even if the device of each of said recurrent users is not currently within the predefined range of the communication unit
26. The method of claim 25, wherein the second subset of user data is determined by identifying the recurrent users based on at least one of:
- the number of times each user has been identified by the identification system, and
- the number of times the device of each user has been present within the predefined range of the communication unit.
27. The method of claim 25, wherein the second subset of user data is received by from an operator and/or from an external device and/or is cLetermined by the processing unit based on an additional source of information.
28. Hie method of any of claims 17 to 27, further comprising:
- determining at least one of behavioural descriptors and physical descriptors of the given user based on at least one of pictures and a video taken by the camera, and
- upon identification of the given user, send at least one of these behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of mis given user.
29. The method of claim 28, further comprising:
- updating at least one of these behavioural descriptors and physical descriptors of the given user, each time the given user is identified by the identification system, and
- sending at least one of these updated behavioural descriptors and physical descriptors to the device of the user, for storing them into the VA data of this given user.
30. An identification method comprising:
- sending, by a communication unit of a device of a user, user data to an identification system only when the device is within a predefined range of the identification system, the user data comprising data representative of the visual aspect of the user of the device, and unique identification data of the user of the device, for allowing subsequent identification of the user of the device based at least on a comparison between:
o data related to at least one picture comprising said user and taken by a camera operating in conjunction with the identification system, and o data representative of the visual aspect of all users whose device is within the predefined range of the identification system.
31. A non-transitory storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform an identification method comprising:
- receiving, by a communication unit, user data from each device of each of a plurality of users who are within a predefined range of said communication unit, in order to build a set of user data, said user data comprising at least:
o data representative of the visual aspect of the user (V A data), and o unique identification data (ID) of the user, - obtaining at least one picture comprising a given user and taken by at least one camera,
- searching the set of user data to identify VA data of the given user, based at least on a comparison with data related to the obtained picture, and
- identifying the given user by determining the ID associated with the identified VA data.
PCT/IL2018/050058 2017-01-18 2018-01-16 System and methods for biometric authentication assisted by proximity device WO2018134812A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762447465P 2017-01-18 2017-01-18
US62/447,465 2017-01-18

Publications (1)

Publication Number Publication Date
WO2018134812A1 true WO2018134812A1 (en) 2018-07-26

Family

ID=62907783

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2018/050058 WO2018134812A1 (en) 2017-01-18 2018-01-16 System and methods for biometric authentication assisted by proximity device

Country Status (1)

Country Link
WO (1) WO2018134812A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070245158A1 (en) * 2005-11-30 2007-10-18 Giobbi John J Single step transaction authentication using proximity and biometric input
US20120249292A1 (en) * 2011-01-13 2012-10-04 Hong Kong Applied Science And Technology Research Institute Co., Ltd. Proximity based biometric identification systems and methods

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070245158A1 (en) * 2005-11-30 2007-10-18 Giobbi John J Single step transaction authentication using proximity and biometric input
US20120249292A1 (en) * 2011-01-13 2012-10-04 Hong Kong Applied Science And Technology Research Institute Co., Ltd. Proximity based biometric identification systems and methods

Similar Documents

Publication Publication Date Title
AU2019260125B2 (en) Biometric authentication method, system, and computer program
RU2718226C2 (en) Biometric data safe handling systems and methods
US20220078185A1 (en) Method and device for authenticating identity information, and server
US20210374387A1 (en) Mobile device-assisted facial recognition
JP2023111974A (en) Image masking device and image masking method
US20120032781A1 (en) Remote personal authentication system and method using biometrics
US10490001B2 (en) Process for verification of an access right of an individual
US20210089634A1 (en) Spectrum Authentication in Edge Devices
EP3655874B1 (en) Method and electronic device for authenticating a user
US20230222843A1 (en) Method and device for registering biometric feature
CN112016526A (en) Behavior monitoring and analyzing system, method, device and equipment for site activity object
JP5423740B2 (en) Video providing apparatus, video using apparatus, video providing system, video providing method, and computer program
CN114095211A (en) Trusted digital identity person verification method and system
CN110945508A (en) Information confidentiality processing method and device, access control robot and access control system
CN108932420B (en) Person certificate checking device, method and system and certificate deciphering device and method
CN113821780A (en) Video analysis method and device, electronic equipment and storage medium
WO2018134812A1 (en) System and methods for biometric authentication assisted by proximity device
KR101611522B1 (en) Personal certificatoin system and method preventing reuse of biometric information
US20250030545A1 (en) Information processing system, information processing method, and recording medium
US20230239291A1 (en) Multi step authentication method and system
JP2019211958A (en) Information processing system, information processing method, and program
CN110826460B (en) Abnormal testimony of a witness information identification method, device and storage medium
EP3484164B1 (en) A method to control the display of at least one content on a screen
US20220232007A1 (en) Methods and systems for trusted web authentication
CN113449621A (en) Biological feature recognition method, system and application thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18741762

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18741762

Country of ref document: EP

Kind code of ref document: A1