Secure identity and privilege system
First Claim
1. A process for generating a unique, secure printable identity document and for authenticating the use of the identity document, comprising:
- generating for an individual an identity certificate incorporating a pointer to biometric data and other identifying data for the individual, and including cryptographically hashed information and an encoded signature;
storing said identity certificate and biometric in a reference database;
performing a one-to-many biometric data search in a reference database to check said individual'"'"'s biometric data against biometric data previously stored in said reference database to determine whether said individual has a pre-existing identity already stored in said reference database, and, if said individual'"'"'s biometric data was not previously stored in said reference database,encoding said individual'"'"'s identity certificate, wherein the encoding includes generating a barcode;
producing a machine-readable encoded identity record incorporating said identity certificate; and
authenticating the use of said identity record by comparing said encoded identity with said stored identity certificate to authenticate the individual holding said identity record.
4 Assignments
0 Petitions
Accused Products
Abstract
A process for generating a unique, secure and printable identity document, for authenticating the use of the document, and for granting privileges based on the document, includes generating an identity certificate for an individual. This certificate incorporates a pointer to biometric and other identifying data for the individual which are stored in a reference database. The identity certificate is encoded to produce, for example, a machine-readable printable 2-dimensional barcode as an identity document. The identity document may then be used by the document holder for generation of an encoded privilege document and this, in turn, is compared with the stored reference data, including the stored biometric when the privilege is to be exercised.
102 Citations
28 Claims
-
1. A process for generating a unique, secure printable identity document and for authenticating the use of the identity document, comprising:
-
generating for an individual an identity certificate incorporating a pointer to biometric data and other identifying data for the individual, and including cryptographically hashed information and an encoded signature; storing said identity certificate and biometric in a reference database; performing a one-to-many biometric data search in a reference database to check said individual'"'"'s biometric data against biometric data previously stored in said reference database to determine whether said individual has a pre-existing identity already stored in said reference database, and, if said individual'"'"'s biometric data was not previously stored in said reference database, encoding said individual'"'"'s identity certificate, wherein the encoding includes generating a barcode; producing a machine-readable encoded identity record incorporating said identity certificate; and authenticating the use of said identity record by comparing said encoded identity with said stored identity certificate to authenticate the individual holding said identity record. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A process for generating a unique, secure printable privilege, comprising:
-
generating for an individual an identity certificate incorporating a pointer to biometric data and other identifying data for the individual, and including cryptographically hashed information and an encoded signature; storing said identity certificate and biometric data in a reference database in a location remote from locations where identity data is to be retrieved; retrieving identity data for an individual, including an encoded signature, data for identity and pointers to biometric data gathered from the remotely stored identity certificate; generating for said individual a privilege certificate incorporating reference to said identity certificate, cryptographically hashed privilege information, a pointer to existing biometric data, and an encoded signature; storing said privilege certificate and associated biometric data in a secure privilege database; producing a machine-readable encoded printable privilege document incorporating said privilege certificate; upon request for the granting of a privilege, comparing said encoded printable privilege document with said stored privilege certificate to biometrically authenticate the individual holding said printable privilege document; and detecting any revocation of the privilege prior to the granting of the requested privilege. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A process for generating a unique, secure privilege, comprising:
-
generating for an individual an identity certificate incorporating a pointer to biometric data and other identifying data for the individual, and including cryptographically hashed information and an encoded signature; storing said identity certificate and biometric data in a reference database in a location remote from locations where identity data is to be retrieved; retrieving identity data for an individual, including an encoded signature, data for identity and pointers to biometric data gathered from the remotely stored identity certificate; generating for said individual a privilege certificate incorporating reference to said identity certificate, cryptographically hashed privilege information, a pointer to existing biometric data, and an encoded signature; storing said privilege certificate and associated biometric in a secure privilege database; producing a machine-readable encoded privilege record incorporating said privilege certificate; upon request for the granting of a privilege, comparing said encoded privilege record with said stored privilege certificate to biometrically authenticate the individual holding said privilege record; and detecting any revocation of the privilege prior to the granting of the requested privilege. - View Dependent Claims (16, 17, 18)
-
-
19. A scalable method for generating a certified identity from a remotely accessible certifying entity or trusted identity authority (TIA) for a plurality of individuals, comprising:
-
(a) providing a secure data storage adapted to automatically receive, store and retrieve biometric data and identity information within the TIA; (b) identifying a minimum set of biometric data to be collected from each individual seeking a certified identity, wherein said biometric data comprises one or more unique physical identifiers and wherein said unique physical identifiers included in said minimum set comprise at least one identifier selected from a group including facial image feature data, iris scan data, retina scan data, voice print data, DNA data, footprint data or fingerprint data; (c) submitting to the TIA, for a first individual, pre-selected biometric data corresponding to said minimum set of biometric data; (d) submitting to the TIA, for said first individual, pre-selected identity information comprising name, date of birth and place of birth; (e) performing a one-to-many biometric data search of said TIA data storage to check said first individual'"'"'s biometric data against said biometric data in said TIA data storage to determine whether said first individual has a pre-existing identity already stored in said TIA data storage; (f) if said first individual does not have a pre-existing identity already stored in said TIA data storage, meaning said first individual'"'"'s biometric data is not already stored in said TIA data storage, then storing said first individual'"'"'s biometric data with said first individual'"'"'s identity information for future pre-existing identity checks; (g) hashing said first individual'"'"'s biometric data to allow detection of an unauthorized attempt to alter data stored in said TIA data storage; (h) generating a digital certificate of identity for said first individual;
said certificate being digitally signed by said TIA, said certificate of identity including (i) the first individual'"'"'s pre-selected identity information including name, date and place of birth, and (ii) a web address, URL or location data for said pre-selected biometric data, and associated hashes, permitting verifiably correct remote access to said certificate of identity by authorized entities;(i) storing said certificate of identity in a file in said TIA data storage, said file having a unique name; and (j) computing a hash code including said file'"'"'s unique name, and storing said file with said hash code. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification