GB2416418A

GB2416418A - Verification of identity

Info

Publication number: GB2416418A
Application number: GB0416241A
Authority: GB
Inventors: D A Corder; D Evans
Original assignee: TECHNOLOGY SOLUTIONS
Current assignee: TECHNOLOGY SOLUTIONS
Priority date: 2004-07-21
Filing date: 2004-07-21
Publication date: 2006-01-25
Anticipated expiration: 2024-07-21
Also published as: GB0416241D0; GB2416418B

Abstract

Access to a controlled area (such as commercially sensitive premises) is controlled by a guard who is required to verify the identity of personnel before allowing them access. Each person carries a pass device which interacts with a check device. This initiates a verification routine in which memory (preferably in the pass device) , is interrogated to recover a record of past use of the device and a verification routine is chosen according to the past use. For example, the record of past use may reveal a pattern of routine, and identify variations from the routine, resulting in more complex verification routines being effected.

Description

Method and Apparatus for Verification of Identity The present invention

relates to identity verification.

Many situations exist in which it is necessary to verify the identity of an individual. For example, many commercial premises restrict access by providing security passes to authorised individuals, and a guard to monitor personnel entering or leaving the premises, who may be required to show their security pass to the guard. It is found that in many commercial situations, such as commercial premises with large numbers of employees, security may be compromised at peak times because guards may seek to increase the speed of their checks in order to avoid queues building up.

The present invention provides a security system for use in identity verification, comprising: at least one pass device carried by personnel, and a check device which interacts with a pass device presented to it, to initiate a verification routine; and wherein the pass device comprises memory means in which a record of past use of the pass device is stored; and wherein the check device is operable to effect a plurality of verification routines, and uses the stored record to choose the verification routine to be used.

Preferably the choice of verification routine depends, at least in part, on an analysis of the stored record to reveal a pattern of routine in the past use, and to identify variation from the routine.

The choice of verification routine may depend, at least in part, on the frequency of checks conducted previously, or on the time elapsed since a previous check or on the time elapsed since a previous check of specified thoroughness.

The choice of verification routine may depend, at least in part, on a security status applying to the location at which the verification is made.

The check device may be operable to select a verification question to be posed to the bearer, the answer to the question being contained within the stored information. A verification question may relate to the time, date, location or nature of a previous check. A verification question may relate to a pattern of routine established by the record of past use.

The check device may maintain a verification record relating to verification routines effected by it. The check device is preferably operable to pass the verification record to a remote location. The remote location is preferably operable to receive verification records from a plurality of check devices.

The invention also provides a check device for a security system as defined above, the device comprising: interface means operable to interact with a pass device to read a past use record stored in the pass device; processing means operable in dependence on the contents of the record to choose a verification routine from a plurality of available verification routines to be used with the pass device or bearer.

The invention also provides a method of identity verification, in which: the or each member of personnel is provided with a pass device; at least one check device is provided, operable to interact with a pass device presented to it, to initiate a verification routine; and wherein, upon presentation of a pass device to it, the check device reads a record of past use of the pass device, stored in the pass device, and chooses a verification routine from a plurality of verification routines to be used, the choice being made, at least in part, in accordance with the content of the record of past use, and the chosen verification routine being executed to verify the identity of the bearer of the pass device.

Preferably, a verification question to be posed to the bearer is selected as part of the verification routine, the answer to the question being contained within the stored information. A verification question may relate to the time, date, location or nature of a previous check. A verification question may relate to a pattern of routine established by the record of past use.

In a further aspect, the invention provides a security system for use in identity verification, comprising: a check device operable to initiate a verification routine for personnel; and memory means operable to store a record of past verification routines; and wherein the check device is operable to analyse the stored record of past verification routines to reveal a pattern of routine in the past use, and to identify variation from the routine, and to choose a verification routine from a plurality of available verification routines, in accordance with the analysis.

Preferably, the system includes at least one pass device carried by personnel, the check device interacting, in use, with a pass device presented to it, to initiate a verification routine. The memory means is preferably incorporated in the pass device.

In a further aspect, the invention provides a method of identity verification, in which: at least one check device is provided, operable to initiate a verification routine; and memory means are provided, operable to store a record of past verification routines; and wherein the stored record of past verification routines is analysed by the check device to reveal a pattern of routine in the past use, and to identify variation from the routine, and to choose a verification routine from a plurality of available verification routines, in accordance with the analysis.

Preferably, each member of personnel is provided with a pass device, the check device being operable to interact with a pass device presented to it, to initiate a verification routine.

The memory means is preferably incorporated in the pass device.

A verification question may be selected to be posed to the bearer, the answer to the question being contained within the stored information. A verification question may relate to the time, date, location or nature of a previous check. A verification question may relate to a pattern of routine established by the record of past use.

A verification record may be maintained, relating to verification routines effected by the check device. The check device is preferably operable to pass the verification record to a remote location. The remote location is preferably operable to receive verification records from a plurality of check 1 5 devices.

Examples of the present invention, and their manner of use, will now be described in more detail, by way of example only, and with reference to the accompanying drawings, in which: Fig. 1 is a highly diagrammatic overview of an identity verification system in accordance with the present invention; Fig. 2 is a schematic diagram of key components of the system; Fig. 3 is a flow diagram of the system in use; and Fig. 4 is a plot illustrating statistics underlying the operation of the system.

Fig. 1 illustrates, highly schematically, the principal components of a system for use in identity verification. In this example, it is envisaged that i access to a controlled area (such as commercially sensitive premises) symbolised by a fence 10 and gate 12 is controlled by a guard 14 who is required to verify the identity of personnel 16, before allowing them access through the gate 12. Personnel 16 each carry a pass device 18. The guard carries a check device 20. The check device 20 and pass devices 18 can interact (at 22) when a pass device 18 is presented to the check device 20.

This initiates a verification routine, as will be described.

A central location 24 is provided for further record keeping and analysis purposes, but it is not necessary for the check device 20 to be in permanent communication with the location 24. It is envisaged that the check device 20 will be a portable hand-held device carried by the guard 14 and which includes adequate storage to retain information for subsequently uploading to the location 24, when next connected to it. Thus, the connection at 26 between the check device 20 and the central location 24 is shown broken in Fig.1, to illustrate that the connection 26 is not permanent.

The pass device 18 and check device 20 are shown in more detail in Fig.2.

The pass device 18 is preferably a small, readily portable article, such as a badge or credit card sized device. The device 18 may include visual information such as a photograph 28 and text 30. In particular, this allows a simple security check to be made without requiring access to the system being described.

The pass device 18 also includes memory 32 and interface components 34 suitable for providing an interface with the check device 20.

The interface 34 may be of any form capable of allowing two-way communication with the memory 32, such as electrical contacts or a l contactless arrangement based on radio frequency, optical or magnetic devices.

The check device 20 has a central processing unit 36 connected to a second interface 38 which is compatible with the interface 34, to allow communication to be established between the processor 36 and the memory 32.

JO The device 20 is also provided with a display 40 or other output devices and controls 42 (such as a keyboard) for use by the guard operating the device 20. Memory 44 is provided, allowing the unit 36 to store and retrieve information. A further interface 46 is provided, allowing the device 20 to communicate with the central location 24. The interface 46 may use any appropriate technology, such as computer network technology, and this choice of technology can be made to improve communication with the central location 24, independently of the choice of technology for the interfaces 34, 38.

An appropriate power supply 48 is provided within the device 20 and is preferably a battery, allowing the device 20 to be a readily portable, hand-held device.

The memory 32 is used to store a record of past use of the pass device. Thus, this information is available to the processor 36, by means of the interfaces 34, 38, when the device 18 is presented to the device 20, and regardless of whether or not the device 20 is connected to the central location 24.

When a pass device 18 is presented to the check device 20, the check device 20 detects the presence of a pass device 18 and establishes communication with the memory 32. This begins a process set out in the flow l chart of Fig. 3, as follows. It is to be understood that Fig. 3 primarily relates to the steps required for implementing the invention. Additional steps, particularly authentication and encryption/decryption steps can be included to make the process more secure.

At 50, the check device 20 determines that a pass device 18 is present, and establishes communication with the memory 32, as has been described.

The record of past use of the particular pass device 18, contained in the JO memory 32, is read at 52. A score S. used to assist decision making, is initialised at 54, being set to zero. The record from the memory 32 is assessed at 56 for any corruption which might indicate a faulty, tampered or forged device 18. If this is detected, the transaction is rejected at 58.

If the record is not rejected as corrupt, a sequence of steps 60, 62, 64 are undertaken in this example. First, the device 20 checks the record to establish how frequently the identity of the bearer has been verified during a previous period, such as a week or a month. If the identity has been verified frequently, there is a reduced risk that a problem will arise if any individual verification is less thorough than others. Accordingly, step 60 checks if the frequency of verification is below a minimum frequency required and if it is, the score is incremented at 66.

At step 62, the record of past use is assessed to determine the time elapsed since the pass was last used for identity verification. If verification has not recently been completed, the risk increases that a relevant factor may have changed and thus that an incorrect identity verification might be made.

Accordingly, if the time elapsed since the previous verification is greater than a preset maximum value, the score S is incremented at 68.

Step 64 reviews the current security state or any other general factors which apply to all identity verification actions and if the security state is higher i than normal, an appropriate increment to the score S (represented by the value N) is applied at step 70.

Step 72 is used to interrogate the record of past use in more detail, to determine one or more aspects of the record which illustrate routine behaviour of the bearer. For example, in many commercial environments, a particular member of personnel will routinely arrive at a particular time each morning, for example 9.00am. The actual time of arrival of any employee may vary slightly from this typical time but we have found that for many employees, variations are likely to be relatively small. This is illustrated in Fig. 4, which illustrates the number of times (n) a particular employee has appeared at the entrance to commercial premises to undergo the identity verification process, at various times in the morning. It is clear from the curve 74 that the normal routine of that member of personnel is to arrive at 9.00am, or a few minutes earlier or later. Consequently, step 76 can determine whether current behaviour is normal or abnormal by comparing the current actual time with the curve 74.

For example, if the current actual time is 08:59 (78), the curve 74 indicates that this is consistent with the normal routine of the bearer. However, if current actual time is 09:14 (80), comparison of the time 80 with the curve 74 readily illustrates that the bearer is not following their normal routine.

A similar analysis can be obtained from data relating to many other parameters of normal behaviour. For example, on large commercial sites with multiple access points, many personnel will routinely enter through the same access point on each occasion. If the record of past use records the access point used each time identity verification is achieved, abnormal behaviour, such as the use of a different access point, is readily identified. Many other examples of simple parameters which could be checked in this way can be devised, such as time, location, vehicle used, patterns of attendance and absence, groupings of personnel in a single vehicle, and method of entry (on foot, by bicycle, by vehicle etc.) . r

It is apparent from the above that the determination of normal behaviour patterns can be made from these parameters in a methodical, repeatable manner which does not require human intervention or judgement.

For example, relatively simple rules can be provided to the device 20 (stored in the memory 44), to determine how to analyse the parameters of past use, and how to compare current parameters with the stored history, and how to adjudicate for normal or abnormal behaviour.

If behaviour is determined at 76 to be abnormal (or unacceptably outside normal routine), the score S is incremented at 82.

Step 84 uses the score S accumulated from the previous steps, to select an appropriate verification routine. Thus, the device 20 has a range of different verification routines available to it, stored in the memory 44. These may vary from each other in various ways, particularly in relation to the thoroughness of the verification achieved. For example, if the accumulated score S is low, this indicates that few factors are abnormal. For example, the identity has been frequently verified recently, thorough checks have recently been made, behaviour is consistent with routine behaviour and the current security state is not elevated above normal. If this is the situation identified at 84, the processor 36 makes a decision (under appropriate, predetermined rules) to choose a verification routine which is relatively low in thoroughness.

Alternatively, if a high score S is accumulated, this suggests that all or several of the factors are of concern. In particular, this may indicate that behaviour is not routine, or that there is an abnormally high security state, both of which suggest that identity verification should proceed more carefully. Furthermore, if identity has not been thoroughly verified recently, or not verified frequently, additional thoroughness may also be indicated.

Other factors could be used to influence the manner in which the score S is accumulated. For example, high risk categories such as temporary workers or personnel with access to high security areas may be given an initial score which is higher than the initial score given to lower risk categories of personnel, so that the thoroughness of checks for these groups will tend to be higher. The score could be influenced by factors such as the number of times an employee has failed to complete a security procedure such as a renewal of security clearance, or have not presented an appropriate vehicle parking permit or failed to attend for a medical check. Thus, the score can be influenced by any of a wide range of factors which are considered to contribute to the risk profile presented by the bearer of the device 20. The accumulated score could also be used to identify personnel who would benefit from incentives to correct or improve behaviour, such as to improve timekeeping.

When incrementing the score S. the increment size could be fixed or could depend on the history recorded in the device 20. Thus, if a thorough verification has recently been undertaken, each increment to the score could be relatively small, whereas if a thorough verification has not recently been undertaken, higher increments could be made to the score S. It is important to note that the degree of thoroughness is chosen by the device 20, and depends on the contents of the memory 32. Thus, the choice is not influenced by the guard or pass bearer, resulting in consistency of decisions, which are all made in accordance with the rules contained within the device 20.

The verification routine can then be implemented by the processor 36.

This may, for example, include the generation of an additional question (step 85) based on information in the record of past use. For example, the question could be "When was your identity last verified?", or "At which access gate was your identity last verified?". The questions can be simply based on the information retrieved from the card, such as data of birth, employee number etc., or may be more complex questions generated by an algorithm or rule which depends in part on the score S and thus be more complex or difficult to answer, as the score S increases.

Verification then takes place at 86. If a question has been generated at 85, this is displayed to the guard 14 on the display 40, allowing the guard to ask the question of personnel 16. The keyboard 42 allows the answer to be entered in the device 20 or alternatively, the guard 14 could be provided with the correct answer on the display 40 for comparison with the answer received from the personnel 16. Other forms of verification would involve the device 20 being used for verification such as fingerprint or iris scanning for comparison with corresponding information held on the device 18, in the memory 32.

Thus, many different checks can be used alone or in combination. Other examples of checks include hand geometry or other biometric or analytical data checks. Employee details could be checked. This allows a relatively simple verification to be executed by using a small number of these parameters, or a much more thorough verification to be achieved by checking a larger number of these parameters.

After the verification has been concluded at 86, the result is provided to the guard 14 at step 88, for example by means of the display 40. In the example described above, the guard 14 is then able to open the gate 12.

Before the device 18 is removed from the device 20, the record of past use in the memory 32 is updated by the processor 36, so that future identity verification operations have appropriate details of the operation which has just been concluded. This is done at step 90, which requires the processor 36 to write to the memory 32. If an additional verification question has been asked at 86, the question and the answer may be recorded in the memory 32.

Details of the concluded operation are also stored in the memory 44 of the device 20.

Having concluded the identity verification procedure, the flow diagram of Fig. 3 reverts to step 50, to await the introduction of a further pass device 18.

Fig. 3 also shows step 92, which is a step of reporting to the central location 24. This occurs only when the device 20 is in communication with the location 24. For example, a guard could stand by a line of traffic, holding the hand-held device 20, verifying the identity of personnel in cars and then periodically returning to an office in order to connect the device 20 to appropriate infrastructure to establish communication with the central location 24. Details of transactions completed since the last communication with the location 24 can then be read from the memory 44 and uploaded to the location 24.

In a practical application, there are ilkely to be a large number of pass devices 18 (typically one for each member of personnel), and a significant number of check devices 20 (typically one for each guard 14 or each access location). The information collected at the central location 24 allows analysis to be made of all of the identification verification procedures which have been undertaken. This may be for purely statistical reasons or for other reasons.

For example, analysis could identify how many identification verification steps have been taken and how thoroughly identity has been checked for each, allowing a measure to be made of confidence concerning security. This level of confidence may, in turn, be used to influence the security state value (N) used at step 70. Thus, if many verification operations are being carried out simply, because of the history contained in each pass, the value of N can be increased, to instruct a general increase in thoroughness. Again, these decisions can be made consistently, on the basis of predetermined rules.

Analysis may also reveal information about the speed at which individual guards 14 are processing the verification procedures, or how many they are processing, to ensure efficient use of guard staff. In a further alternative, communication with the central location 24 may result in an instruction being sent to the device 20, alerting the device 20 to an increase in the security required, either to ensure that a high score is allocated at step 72, or to override the identification verification process which has been described, to require the most thorough verification to be undertaken until further notice.

The system and methods which have been described have various advantages, as follows. Identity verification can be provided at fixed locations, such as access points, as described, but the self-contained nature of the device 20 means that additional checks can be made at random, at any place. On many occasions, the identification verification will be less thorough than the most thorough verification available, but those chosen for the less thorough verification will have been chosen according to a structured, repeatable procedure whose rules can be written to ensure that adequate confidence is retained in the results, for example by identifying those factors which reduce confidence, and ensuring that the thoroughness of verification increases when those factors increase. By reducing thorough checks in situations where thoroughness is predictably not required, the overall throughput of personnel is increased, thus helping to reduce queues of personnel or vehicles being checked, particularly at peak times. This technical effect is achieved by means of the invention, without any unpredictable reduction in the quality of the verification.

Whilst endeavouring in the foregoing specification to draw attention to those features of the invention believed to be of particular importance it should be understood that the Applicant claims protection in respect of any patentable feature or combination of features hereinbefore referred to and/or shown in the drawings whether or not particular emphasis has been placed thereon.

Claims

A security system for use in identity verification, comprising: at least one pass device carried by personnel, and a check device which interacts with a pass device presented to it, to initiate a verification routine; and wherein the pass device comprises memory means in which a record of past use of the pass device is stored; and wherein the check device is operable to effect a plurality of verification routines, and uses the stored record to choose the verification routine to be used. ë .e ë
2. A system according to claim 1, wherein the choice of verification 15. routine depends, at least in part, on an analysis of the stored record to reveal a pattern of routine in the past use, and to identify variation from the routine. .
3. A system according to claim 1 or 2, wherein the choice of verification routine depends, at least in part, on the frequency of checks conducted previously, or on the time elapsed since a previous check or on the time elapsed since a previous check of specified thoroughness.
4. A system according to claim 1, 2 or 3, wherein the choice of verification routine depends, at least in part, on a security status applying to the location at which the verification is made.
5. A system according to any preceding claim, wherein the check device is operable to select a verification question to be posed to the bearer, the answer to the question being contained within the stored information.
6. A system according to claim 5, wherein a verification question relates to the time, date, location or nature of a previous check.
7. A system according to claim 5 or 6, wherein a verification question relates to a pattern of routine established by the record of past use.
8. A system according to any preceding claim, wherein the check device maintains a verification record relating to verification routines effected by it.
9. A system according to claim 8, wherein the check device is operable to pass the verification record to a remote location.
10. A system according to claim 9, wherein the remote location is operable . to receive verification records from a plurality of check devices. e. e.. ë
11. A check device for a security system as defined above, the device ë : 5 comprising: :.

interface means operable to interact with a pass device to read a past use record stored in the pass device; processing means operable in dependence on the contents of the record to choose a verification routine from a plurality of available verification routines to be used with the pass device or bearer.
12. A method of identity verification, in which: the or each member of personnel is provided with a pass device; at least one check device is provided, operable to interact with a pass device presented to it, to initiate a verification routine; and wherein, upon presentation of a pass device to it, the check device reads a record of past use of the pass device, stored in the pass device, and chooses a verification routine from a plurality of verification routines to be used, the choice being made, at least in part, in accordance with the content of the record of past use, and the chosen verification routine being executed to verify the identity of the bearer of the pass device.
13. A method according to claim 12, wherein the choice of verification routine depends, at least in part, on an analysis of the stored record to reveal a pattern of routine in the past use, and to identify variation from the routine.
14. A method according to claim 12 or 13, wherein the choice of JO verification routine depends, at least in part, on the frequency of checks conducted previously, or on the time elapsed since a previous check or on the I. time elapsed since a previous check of specified thoroughness. . ..- ë
15. A method according to claim 12, 13 or 14, wherein the choice of verification routine depends, at least in part, on a security status applying to : the location at which the verification is made. . e
16. A method according to any of claims 12 to 15, wherein a verification question to be posed to the bearer is selected as part of the verification routine, the answer to the question being contained within the stored information.
17. A method according to claim 16, wherein a verification question may relate to the time, date, location or nature of a previous check.
18. A method according to claim 16 or 17, wherein a verification question relates to a pattern of routine established by the record of past use.
19. A method according to any of claims 12 to 18, wherein the check device maintains a verification record relating to verification routines effected by it.
20. A method according to claim 19, wherein the check device is operable to pass the verification record to a remote location.
21. A method according to claim 20, wherein the remote location is operable to receive verification records from a plurality of check devices.
22. A security system for use in identity verification, comprising: l O a check device operable to initiate a verification routine for personnel; and I. memory means operable to store a record of past verification routines; ë- and wherein the check device is operable to analyse the stored record .

of past verification routines to reveal a pattern of routine in the past use, and to identify variation from the routine, and to choose a verification routine from a plurality of available verification routines, in accordance with the analysis. .
23. A system according to claim 22, wherein the system includes at least one pass device carried by personnel, the check device interacting, in use, with a pass device presented to it, to initiate a verification routine.
24. A system according to claim 22 or 23, wherein the memory means is incorporated in the pass device.
25. A system according to any of claims 22 to 24, wherein the choice of verification routine depends, at least in part, on the frequency of checks conducted previously, or on the time elapsed since a previous check or on the time elapsed since a previous check of specified thoroughness.
26. A system according to any of claims 22 to 25, wherein the choice of verification routine may depend, at least in part, on a security status applying to the location at which the verification is made.
27. A system according to any of claims 22 to 26, wherein the check device is operable to select a verification question to be posed to the bearer, the answer to the question being contained within the stored information.
28. A system according to claim 27, wherein a verification question relates to the time, date, location or nature of a previous check.
29. A system according to claim 27 or 28, wherein a verification question l O relates to a pattern of routine established by the record of past use.

I.
30. A system according to any of claims 22 to 29, wherein the check .

device maintains a verification record relating to verification routines effected .e by it.
31. A system according to claim 30, wherein the check device is operable to pass the verification record to a remote location. A. . .
32. A system according to claim 31, wherein the remote location is operable to receive verification records from a plurality of check devices.
33. A method of identity verification, in which: at least one check device is provided, operable to initiate a verification routine; and memory means are provided, operable to store a record of past verification routines; and wherein the stored record of past verification routines is analysed by the check device to reveal a pattern of routine in the past use, and to identify variation from the routine, and to choose a verification routine from a plurality of available verification routines, in accordance with the analysis.
34. A method according to claim 33, wherein each member of personnel is provided with a pass device, the check device being operable to interact with a pass device presented to it, to initiate a verification routine.
35. A method according to claim 34, wherein the memory means is incorporated in the pass device.
36. A method according to any of claims 33 to 36, wherein the choice of JO verification routine depends, at least in part, on the frequency of checks conducted previously, or on the time elapsed since a previous check or on the time elapsed since a previous check of specified thoroughness. .e .. .
37. A method according to any of claims 33 to 36, wherein the choice of : 35 verification routine depends, at least in part, on a security status applying to the location at which the verification is made. .
38. A method according to any of claims 33 to 37, wherein a verification . question is selected to be posed to the bearer, the answer to the question being contained within the stored information.
39. A method according to claim 38, wherein a verification question relates to the time, date, location or nature of a previous check.
40. A method according to claim 38 or 39, wherein a verification question relates to a pattern of routine established by the record of past use.
41. A method according to any of claims 33 to 40, wherein a verification record is maintained, relating to verification routines effected by the check device.
42. A method according to claim 41, wherein the check device is operable to pass the verification record to a remote location.
43. A method according to claim 42, wherein the remote location is operable to receive verification records from a plurality of check devices.
44. A security system substantially of the type described above, with reference to the accompanying drawings.
45. A check device substantially as described above, with reference to the accompanying drawings. .. A.
46. A method of identity verification, substantially as described above, with : .1.5 reference to the accompanying drawings. i:
47. Any novel subject matter or combination including novel subject matter disclosed herein, whether or not within the scope of or relating to the same invention as any of the preceding claims.