Title of Invention

"A SYSTEM FOR CRYPTOGRAPHICALLY SECURE PERSON IDENTIFICATION"

Abstract A system for cryptographically secure person identification, the system comprising, an identification issuer to produce one or more person identification documents (IDs) for a person, the ID comprising first and second representations of person-distinguishing data which distinguishes persons, the first representation being human-readable and second representation being computer-readable and encrypted; and characterized by an authenticator (300) to automatically determine whether the first representation of person-distinguishing data of an ID corresponds with a decrypted second representation of person-distinguishing data of the same ID.
Full Text The present invention relates to a system for cryptographically secure person identification.
TECHNICAL FIELD
This invention generally relates to a technology for facilitating authentication of person identification documents.
BACKGROUND OF THE INVENTION
Herein, person identification document (ID) authentication refers to the confirmation that the presented ID is authentic, genuine, legitimate, valid, and/or unadulterated. This may also be called person ID certification. Examples of such personal IDs include immigration documents, passports, and driver's license.
In contrast, "person verification" refers to the confirmation that the personal information on an ID corresponds to the person presenting the ID.
There are many conventional person ID authentication approaches. Sophisticated document production is the most common approach. Other common approaches include biometrics, smart cards, and watermarks.
Sophisticated Production >
Historically and over many cultures, the test of a person's identity is verified by the possession of identifying documents. The test of the veracity of such documents has been the difficulty of producing such documents. Although it is not an identification document, paper money is a prime example of the receiver relying on its authenticity because it is difficult to produce a passable counterfeit.
However, recent advances in the printing technology have made high-quality printing devices relatively inexpensive. The availability of high-end printers has
rendered forging most personal identification documents (IDs) a relatively simple task. It has also significantly raised the costs of printing the official documents by the issuing organizations.
In response, issuing parties (such as governments) have implemented increasingly more sophisticated and presumptively more expensive production techniques. For example, issuing parties are using holograms, watermarks, micro-printing, special print paper and/or chemical coating, etc. Since the production of IDs is more complex, authentication has become correspondingly more complex, unreliable, and most importantly, expensive.
Biometric Approaches
Biometrics has been defined as a process of automatically recognizing a person using distinguishing traits. Several biometric approaches have been proposed via face, speech, fingerprint, handwriting, and/or iris and retina recognition. A survey of these techniques is provided by "The Biometric Consortium" at "http://www.biometrics.org."
Typically, a biometric-based person identification system includes a human verifier who ensures the identification system is not fooled. This can happen when an adversary shows a realistic size photo of the face of an authorized person to the face detector or plays a voice recording to a speech detector.
While some types of: biometric-based person identification (such as retina scan or fingerprint detection) can be highly reliable, often they are intimidating (e.g., retina scan) and qan be used maliciously to incriminate innocent users (e.g., fingerprint scan). A malicious detector can record a person's fingerprint, create its physical copy, and then, incriminate this person at will. This renders fingerprint detection systems highly undesirable for most person identification scenarios.
Finally, some biometrics systems are commonly subjected complaints for invasion of privacy. For example, wide-spread face detection points can disclose at any time one's location to a party who gains control over such a system.
Nevertheless, the almost all biometric-based person identification systems have three major disadvantages:
• inconsistent reliability (especially for face and speech recognition) as the system scales up, which commonly renders these systems highly prone to false alarms and false positives;
• the authenticator needs to be connected to a central trusted server which actually performs the identification; and
• the equipment performing the authentication is costly.
For most applications, biometric-based approaches are inconvenient, costly, and most importantly, unreliable.
Smart Cards
Smart cards represent a seemingly effective approach to person identification. An advantage of smart cards that is often touted is its all-digital communication with the authenticator.
A simple scenario is having a smart card, which contains a digital photo, personal description data, and a signed hash of this information using the private key of the issuer. Authentication is performed by hashing the photo and the personal description data and then authenticating this hash against the signature using the public key of the issuer. Finally, the authenticator must display the certified digital photo, so that a human can verify that the person being identified is on the photo.
Personal IDs are frequently lost or damaged. Replacing a smart card involves purchase of another hardware device in addition to burning this device with the appropriate identification contents. This can be expensive.
Due to their relatively generous storage capabilities, smart cards may give an impression that they may be used for storing additional information, in particular, private information about the owner (e.g., private keys that are revoked if smart card is lost). However, it has been demonstrated so far that smart cards cannot be considered a secure storage because it is relatively easy to extract the hidden information even without reverse engineering the smart card.
Exemplary attacks that have successfully identified encryption keys (both symmetric and private keys) have been based on analyzing smart card's I/O behavior via differential power analysis or timing analysis. Thus, it cannot be expected that a smart card stores anything more than the public information about the user, which is in many ways equivalent to a photo ID.
Watermarks
Another technique for authenticating content is to hide imperceptible secret
information, a watermark, in the digital photo. One serious disadvantage of this
" type of ID authentication is the fact' that in most watermarking systems, the secret
hidden in the photo must be present in the authenticator. Hence, a single broken
authenticating device renders the entire system broken.
Surprisingly, public-key watermarking systems have been developed, however, with different target applications. In addition, this system requires significantly longer host signals than a single photo to statistically reliably detect the existence of a given secret. In addition, such a system requires that the secret used to mark a photo be renewed after several photos.
Finally, a malicious customer can always try to estimate the secret by taking many photos of herself and comparing them with the photo on the ID. In summary, using watermarks for public* ID authentication is the least robust technology for enabling secure ID authentication.
Challenge
All conventional approaches (e.g., sophisticated production, biometrics, smart cards, and watermarks) are riddled with shortcomings. They all have one or more of the following drawbacks:
• expensive to implement, maintain, and/or scale;
• difficult to implement, maintain, and/or scale;
• difficult for the human authenticator to effectively authenticate;
• unreliable results (e.g., an unacceptable degree of false positive or misses); and
• unreliable security (e.g., increasingly easier for an adversary to thwart or fool the system).
It is a challenge to provide an architecture for secure personal identification documents (IDs) that are difficult to forge, simply and inexpensively produced, and do not require smart card, biometric, or sophisticated production approaches.
SUMMARY OF THE INVENTION
Described herein is a technology for facilitating authentication of person identification documents.
One implementation, described herein, is a simple, inexpensive, and cryptographically secure personal ID architecture. With this implementation, one may efficiently create and authenticate secure photographic personal identification
documents (ID) that thwarts tampering and counterfeiting attempts. This ID employs a compact, cryptographically signed bar-code that is readable by an ordinary scanner.
This summary itself is not intended to limit the scope of this patent. Moreover, the title of this patent is not intended to limit the scope of this patent. For a better understanding of the present invention, please see the following detailed description and appending claims, taken in conjunction with the accompanying drawings. The scope of the present invention is pointed out in the appending claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The same numbers are used throughout the drawings to reference like elements and features.
Fig. 1 is an illustration of an example personal identification that may be employed in accordance with an implementation described herein.
Fig. 2 is broad graphical representation of an issuing party issuing a*personal identification in accordance with an implementation described herein.
Fig. 3 is broad graphical representation of an authentication of a personal identification in accordance with an implementation described herein.
Fig. 4 is a functional flow diagram showing an implementation described herein...
Fig. 5 is an example of a computing operating environment capable of (wholly or partially) implementing at least one embodiment described herein.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
In the following description, for purposes of explanation, specific numbers, materials, and configurations are set forth in order to provide a thorough
understanding of the present invention. However, it will be apparent to one skilled in the art that the present invention may be practiced without the specific exemplary details. In other instances, well-known features are omitted or simplified to clarify the description of the exemplary implementations of present invention, thereby better explain the present invention. Furthermore, for ease of understanding, certain method steps are delineated as separate steps; however, these separately delineated steps should not be construed as necessarily order dependent in their performance.
The following description sets forth one or more exemplary implementations of a Error! Reference source not found, that incorporate elements recited in the appended claims. These implementations are described with specificity in order to meet statutory written description, enablement, and best-mode requirements. However, the description itself is not intended to limit the scope of this patent.
The inventors intend these exemplary implementations to be examples. The inventors do not intend these exemplary implementations to limit the scope of the claimed present invention. Rather, the inventors have contemplated mat the claimed present invention might also be embodied and implemented in other ways, in conjunction with other present or future technologies.
An example of an embodiment of a Error! Reference source not found. may be referred to as an exemplary "Face Certification" or an "exemplary FACECERT" for short.
Introduction
The one or more exemplary implementations, described herein, of the present claimed invention may be implemented (in whole or in part) by a FACECERT architecture 400 and/or by a computing environment like that shown in Fig. 5.
The exemplary FACECERT is a simple, inexpensive, and cryptograph!cally secure personal ID architecture. With the exemplary FACECERT, one may efficiently create and authenticate secure photographic personal identification documents (ID) that thwarts tampering and counterfeiting attempts.
This ID employs a compact, cryptographically signed bar-code that is readable by an ordinary scanner. It provides an efficient, simple, inexpensive, and secure mechanism for authenticating a person's identification using IDs that are difficult to forge, but simply and inexpensively produced.
In a typical conventional scenario, the authentication system (i.e., an "authenticator") of a person's ID must connect to a remote database and retrieve a stored photograph for the comparison with the ID.
Unlike conventional approaches, the exemplary FACECERT does not require sophisticated production, smart cards, biometrics, and/or massive, remote databases. More interestingly, the IDs need not be printed by a trusted or high-end printer (as is typically the case with conventional approaches). Rather, the ID may be printed anywhere, anytime, and potentially by anyone.
With the exemplary FACECERT, all the necessary data for authentication is securely stored on the ID itself, in the form of a cryptographically signed bar-code. It does not depend on face recognition technology.
Secure photo identification provided by the exemplary FACECERT would contribute to efficient, secure, and inexpensive digital government efforts, since they provide cryptographical security, low-cost all-digital infrastructure deployment and maintenance, and convenient usage for both users and ID issuers.
Exemplary FACECERT IDS
The exemplary FACECERT is a simple, inexpensive, and cryptographically secure personal ID architecture. Instead of relying on the sophistication of the printing process to. impose difficult forging, the exemplary FACECERT relies on public-key cryptography for provable security, while deploying a standard-quality
low-cost color printing process.
As shown in Fig. 1, a personal FACECERT ID 100 includes "person-distinguishing data" in a "human-readable" representation and a "computer-readable" representation.
Herein, the designation of "human-readable" does not exclude the possibility that a computer may read the representation. In fact, with the exemplary FACECERT, a computing device does "read" the human-readable representation. Rather, the designation means that it is easily readable by human. Examples of such representations include photographs, images, symbols, and human-language (e.g., English) text.
Similarly, the designation of "computer-readable" focuses on the ease at which a computer may read the representation rather that a human's inability to read it.
In general, "person-distinguishing data" includes information that reasonably distinguishes one person from another. Examples of person-distinguishing data includes (but is not limited to) the following information about a specific person: one or more images of the person's face, a retina scan of the person, an iris scan of the person, the person's name, the person's social security number, the person's account number, the person's weight, the person's height, the person's hair color, the person's eye color, one or more of the person's fingerprints, information about the person's birthmarks, information about the person's tattoos, the person's
personal human statistics, one or more distinguishing traits of that person, and the person's contact information.
With the exemplary FACECERT, the human-readable representation includes a human-readable printout of person's portrait photo 110 and any supplemental information 120 (typically, personal information). The computer-readable readable representation includes a device readable 2-D color bar-code 130, which contains a cryptographically signed message.
That bar-coded message 130 includes compact versions of both the supplemental information 120 and a representation of the face (of the portrait photo). The message is signed (e.g., using RSA) using the private key of the ID-issuing party (i.e., the issuer).
FACECERT ID Issuance
As illustrated in Fig. 2, a primary example of an ID-issuer 200 is a department of government. The issuer 200 officially issues the ID 100.
Typically, the human-readable person-distinguishing data that is certified on a FACECERT ID is both photographic and textual. The photo 110 is a portrait of the owner of the FACECERT ID. The photo may have any suitable resolution. Since the printout on the ID fits certain fixed area, this resolution may be constrained. The resolution needs to great enough to be effectively legible by humans and machine.
The supplemental information 120 is any suitable data. It is likely to vary depending on the specific application. As shown in Fig. 1, it will typically be personal statistical information such as name, age, weight, height, weight, eye color, other personal data, etc. This data is printed on the ID 100.
Typically, the computer-readable person-distinguishing data that is certified on a FACECERT ID is a 2D color bar code (e.g., bar-code 130). Alternatively, it may be a magnetic strip or some other suitable computer-readable medium.
With the exemplary FACECERT, it is desirable for a bar-code reader to read the bar-code 130 on a FACECERT ID with relative accuracy. Since the likelihood of read-failure increases with the number of bits encoded in the bar-code, a balance between accuracy and data storage is typically made when producing a FACECERT ID. Also, included in this balance are the space and reproduction quality requirements of the ID.
Efficient compaction digital-facial-image data is advantageous in some instances because:
• For a given size of the bar-code, efficient face-data compaction maximizes the presentation accuracy of the compacted face-data with respect to the face in the original image - this reduces the risk of finding look-a-likes or mimicking a given face; and
• For a given facial presentation accuracy, efficient compaction reduces the length of the message that needs to be cryptographically signed, thus decreasing the computational cost of authenticating a cryptographic
• signature, which limit the amount of data that can be signed if one wants to authenticate an ID in only one or few seconds. Therefore, the exemplary FACECERT employs a bar-code of about 3Kb that balances these factors. Of course, other implementation may employ a bar-code that encodes more or less data.
Modern scanners are capable of reliably reading up to about six maximally separated colors. Thus, for a message of ns bits, the exemplary FACECERT uses
log6 2 bins in the bar-code. For example, for ns = 3072 bits, we use 1189 bins
which results in a 120x10 bin bar-code.
It is desirable for the print area of each bin should be such that scanning the bar-code results in an error that is less than certain desired minimal performance bound. It is realistic to assume that the longer dimension of the bar-code reaches an inch. If each bin is scanned with a 10x10 CCD matrix (1000 dpi 48-bit CCD sensor array is a standard equipment of most low-cost scanners), the data in the bar-code can be detected with high reliability.
The exemplary FACECERT compacts an image of a face 112 into only several thousand bits with preserved sharpness of the main facial characteristics. The exemplary FACECERT employs eigenface-based compression methodologies and improved variants of principal component analysis, such bit-rates can be easily achieved even when the component analysis is trained on a small database of images.
Loss of an ID can result in a potentially malicious reuse of the ID by an adversary if that adversary is a near-perfect look-a-like. To prevent this unlikely scenario, the ID may contain descriptive information of a certain unique mark of the ID owner.
ID Authentication
Fig. 3 illustrates an example of FACECERT ID authentication. It is performed by an intelligent scanning device (such as FACECERT authenticator 300). As shown in Fig. 3, the authenticator 300 scans the photo, supplemental info, and bar-code of the ID 100.
The authenticator 300 obtains the public key of the ID-issuing party. The key may be stored on-board the authenticator or on a locally connected data storage. Alternatively, the key may be retrievable via a remote (e.g., Internet) connection.
The authenticator 300 scans the bar-code, decodes the cryptographic signature, and then performs signature authentication (e.g., public-key decryption of the decoded data) using the public key of the issuer 200. As a result, the authenticator 300 obtains the message signed with the private key of the issuer.
That message includes person-distinguishing data. More specifically, the message contains the supplemental information 120 and a compacted representation of the face 112 in the photo 110. Next, the authenticator scans the textual supplemental information 120 from the ID 100, performs character recognition, and compares the recognized text with the extracted supplemental information.
Next, the authenticator 300 scans the photo of the ID 100. It detects the face in the photo and performs a statistical comparison with the de-compacted face extracted from the bar-coded message. By using printed guides 114 on the ID, one may achieve accurate scanning alignment, such as rotation and scaling.
If the two faces match beyond a certain threshold (which may be arbitrarily, statistically, and/or empirically determined), the authenticator 300 concludes that the ID is authentic. Otherwise, the ID has been either forged or damaged, or an error occurred while scanning the ID. This indication may simply be a chromatic light (e.g., red or green light) and/or an audible tone (e.g., buzzer or beep).
Therefore, tampering with the photo or the supplemental information on an officially issued ID means they will not match the person-distinguishing data encoded in the cryptographically signed bar-code.
Human Verification
Although the authenticator 300 performs authentication of a specific FACECERTS ID, an actual human verifies that the face on the ID corresponds to the person presenting the ID. This human is called, herein, the verification official 305. The human's role with the exemplary FACECERT is verifying that the face on the ID corresponds to the person presenting the ID. This is the same role that human verifiers often perform in typically security or person identification settings.
Therefore, in a typical person identification setting, the role of the exemplary FACECERT is to authenticate the ID. It does this by confirming that the information on the ID (including the photo) has not been altered since it was issued by the ID-issuer. Instead of authorizing the ID, the role of the verification official 305 is to verify that the face on theJlD (and other person-distinguishing data on the ID) corresponds to the person presenting the ID.
With a positive confirmation by the exemplary FACECERT, the human verifier 305 may confidently rely on the person-distinguishing data (including the photo) on the presented ID. Conversely, with a negative confirmation by the exemplary FACECERT, the human verifier 305 may have probable cause to suspect that the information on the presented ID has been modified.
While this authentication and verification process is typically performed in-person, it may occur on-line via a web-cam, closed-circuit television, and the like.
With the exemplary FACECERT, the human verifier 305 may, if desired, have the face from the bar-code displayed on a video screen and double check that everything is in order. This scenario is particularly practical at border crossings, where the immigration officers are already sitting in front of a computer, so their scanning device can send all the information to a computer for display.
Cryptography Background
The exemplary FACECERT employs a public-key infrastructure (PKI) to cryptographically sign the data in the bar-code of the ID. More specifically, it employs RSA public-key cryptography. However, other implementations of the exemplary FACECERT may employ other cryptographically secure mechanism, especially those using private-public key structures.
Although the RSA public-key cryptography infrastructure is well-known to those of ordinary skill in the art, many of its key aspects are discussed here to provide background for further discussion of its use with the exemplary FACECERT.
In the RSA public-key signing system, each communicating party is assumed to have two keys: a public-key, which is available to everyone and used for signature authentication, and a private-key, which is securely stored with the signature issuer and used to sign messages. The public-private key-pair is created in the following way:
• Generate two large and distinct primes p and q.
• Compute n = pq and φ = (p- l)(q -1).
• Select a random eZ|{ • Find d  Z' || The created key-pair is: private key is d, whereas the public-key is a set of two numbers (n,e). Commonly, in communication protocols that use the RSA
public-key crypto-system (e.g., the Secure Socket Layer - SSL) e is fixed, usually to e = 216 + 1, hence, reducing the information that represents the public-key to n as well as speeding up signature authentication. A message m  [0,n-l] is typically
signed using the private key d as follows:
(Equation (Removed)
The authentication procedure shows that for a given message m, signature s has been obtained by signing m using d. However, the private-key d is not used, rather the corresponding public-key n is typically used to perform the same task as follows:
(Equation (Removed)
If r = m, then s is a valid signature of m , otherwise the signature s does not correspond to the message m.
The exemplary FACECERT does not dependant upon a single secret stored in a single protected location. Rather, it employs a secure storage techniques for the master secrets (e.g., private keys).
For example, with one technique, the multiple private-public keys are used to chain the signatures (e.g., output of one RSA signing is sent as input to another RSA signing with a different private key). Each private key may be stored in geographically different but secure locations.
With another example of a secure storage technique, parts of each private key is stored in k different locations such that each key can be retrieved only if n out of k (n ≤ k) collude their information to create the key. Those of skill in the art recognize this technique as "secret sharing." With this technique, the issuing organization further disperses the pieces of the puzzle that need to be assembled by the adversary to break the system.
With still another example of a technique, the secrets may be stored in tamperproof hardware.
Of course, the exemplary FACECERT may employ other suitable secure storage techniques.
FaceCert Architecture and Methodology
Fig. 4 illustrates the functional components and one or more methodological implementations of the FACECERT architecture 400. The top portion 410 of Fig. 4 illustrates the issuance of a FACECERT ID 100 while the lower portion 420 illustrates the authentication of that ID. These one or more methodological implementations may be performed in software, hardware, or a combination thereof
As shown in issuance portion 410 of Fig. 4, the FACECERT ID issuer 200 creates the message m that is signed by RSA.
At 210, the exemplary FACECERT compacts the face in the photo 110 of the ID 100. This compact face data (e.g., message f) is a succinct, but relatively
complete, representation of the specific face in the specific photo 110.
The output of the face compaction is the message / with nF > nT bits. Parameter nF is fixed and eduals nF = k*nRSA,k& Z*, where nRSA is the length of an RSA public-key (we adopt nRSA = 1024) and k is commonly set to k e [2,5].
Given a fixed nF, one of the goals of the face compaction is to increase the
distance between any two distinct facial structures. This goal translates directly to
minimized likelihood of a false negative and false positive during the
authentication.
At 220, the supplemental information 120 (e.g., textual data) is compressed
using any suitable data compression technique. For example, the printed message
can be compressed as pure text using LZ77 or semantically with optimal coding
(e.g., addresses converted to latitude/longitude encoded using arithmetic encoding). The output of the text compression is denoted as a message / with nT bits.

The exemplary FACECERT reads the data from the FACECERT ID with an
error-free assumption. Then it either compresses the data or it cryptographically
hashs it before combining the digest, as in Equation (1.3). Since the. output is
always a fixed length, hashing is sometimes desirable over compression. Exemplary
hash functions are SHA1 and MD5.
Messages / and t are merged into a message m of length nM = nF using an
operator 230 that encourages each bit of m to be dependent upon at least one bit from both / and t and there exists at least one bit in m which depends upon a given bit of / or /. This helps to increase the number of bits that need to be manipulated in a photo to create a certain message m. An example of such an operator is:
(Equation (Removed)
where m,., fn and /,. represent the z-th bit of message m, f, and t respectively.
At 240, message m is signed with the private-key 242 of the issuer of a FACECERT ID. Each nRSA bits of m are signed separately. The resulting signature s has ns = nM= nF bits. The resulting signature s is printed as a 2D color bar-code
130onto the FACECERT ID 100.
As shown in authentication portion 420 of Fig. 4, the FACECERT authenticator 300 that the cryptographically signed data in the bar-code corresponds with the supplemental data 120 and the face 112 in the photo 110 of a FACECERT ID.
The authenticator 300 initially scans all three printed components of the ID: the photo 110, the supplemental textual information 120, and the bar-code 130.
XD Those are represented by photo scan 310, OCR text scan 320, and bar-code scan 330.
At 322, the scanned supplemental textual information is also converted into a text-string. This text-string is compressed using the same compression technique
(e.g., one based on Equation (0.2)) employed above by component 220. This results in message tv. Generic optical character recognition (OCR) is not required for this
task because the font used to print the text is known to the authenticator and may be optimized for improved OCR.
At 332, the authenticator 300 received the scanned bar-code data. It converts scanned bar-code into a authentication signature sy. The authenticator obtains the issuer's public-key 334. It performs the RSA signature authentication on sv using issuer's public-key and obtains the signed message mv.
If the ID has not been tampered with, then the authentication signature .sv
and the originally printed signature 5 will match. However, the authenticator has no
direct access to a verifiable copy originally printed signature. Rather, it must authenticate that the authentication signature sv of the presented ID is, indeed, the
originally printed signature 5.
Since the photo and supplemental info on the presented ID were presumptively used to- generate the authentication signature sv, then the data encoded in sv should match the face and supplemental data extracted there from. If
the ID remains in a pristine and unmodified condition, they will match. Otherwise, there will be no match.
At 340, message /„ is computed from mv and ty.
At 350, the authenticator 300 applies a de-compaction technique to extract the digital facial-feature data from /„.
At 360, the authenticator compares the facial-feature data extracted from fv
to digital facial-feature data of the scanned photo of the presented ID. It quantifies the level of similarity (e.g., correlation) between the two faces: the de-compacted and the scanned one.
At 370, the authenticator 300 reports the results of component 360. If the quantified level of correlation is above a threshold, then it reports that the ID is authentic. Otherwise, it reports that it is invalid.
Alternatively, the authenticator may report that the ID is valid, but provide an additional indication (e.g., flashing blue light and quick beeps) that this particular person should be detained. She may be wanted by the authorities as a person of interest, a suspect, an escapee, a criminal, etc.
Again, the face authentication task does not involve face recognition in the typical setting of biometrics, but rather a more straightforward task of correlating two equivalent facial structures.
If the authenticator 300 indicates that the ID is authentic, the human official verifier 305 confidently performs their typical duty of authenticating that the human-readable data (including the photo) on the ID corresponds with the person presenting the ID. If the authenticator 300 indicates that the ID is invalid, it gives the human official verifier 305 reasonable suspicion to investigate further. The data on the ID may be forged and thus, the presenter is an imposter. The data on the ID may be corrupted or simply read incorrectly.
Face Compendium
A digital representation of the facial features of the face 112 in the photo 110 on the ID 100 is stored in the bar-code 130. If the balances of bar-code reading accuracy and space allowed it, then the entire unabridged photo may be encoded in
the bar-code. Since key distinguishing information is found on the face of the person, then the balances of factors may allow for an unabridged portion of the photo that represents the face to be encoded in the bar-code.
Since the realities of the balance lean towards substantially less data storage in the bar-code than can fully represent the unabridged face in the photo, the digital image 110 of the face is compacted with the exemplary FACECERT. While the image of the face may be compacted using traditional image compression techniques (e.g., JPEG, GIF, etc.), other techniques may be employed to reduce the storage requirements further while maintaining a fair representation of the face.
With the exemplary FACECERT, the digital facial-feature data in the bar-code should be a succinct, but reasonably complete, representation of the face in that photo. Unlike biometric face-recognition approaches, the digital facial-feature data does not need to represent the person's face viewed from multiple angles and conditions.
Rather, the digital facial-feature data on the FACECERT ID need only represent that specific face on that specific photograph. That is because the exemplary FACECERT is authenticating that the face in the photo on the ID matches the face represented by the digital facial-feature data in the bar-code.
Since the digital facial-feature data is indeed a succinct', but reasonably complete, representation of the face in that specific photo, it may be called "face compendium." This face compendium is "reasonably complete" in the sense that the compendium contains sufficient data to reconstruct an image of the face. Furthermore, the compendium is "reasonably complete" enough so that enough facial-feature data is encoded therein to potentially distinguish the represented face from other similar faces,
Of course, other implementations may employ bar-codes that encode more or less data, but one implementation, described herein, employs a bar-code of about 3000 bits. This is found to be reasonable compromise of many factors, including (but not limited to) bar-code reading accuracy and space for the bar-code.
To improve this compromise, the exemplary FACECERT employs a impaction technique that identifies the object of interest (e.g., facial structure) and compacts its features, rather than compacting the entire image using standard image compression techniques such as JPEG.
Face Detection and Compaction
The computer vision community has studied various models of faces over the last several years. The exemplary FACECERT does not need to encode the face image to facilitate recognition of the person in differing images, but rather in the yery same photograph from which the face code has been extracted. Thus, the exemplary FACECERT does not face the difficult issue of over-training that is present in a typical biometric face-recognition application.
Rather,, the exemplary FACECERT employs an efficient facial-features compaction technique. While generic DCT coefficients may be employed, the face images may be compacted better using subspace models learned from a large face database.
The problem of subspace learning can be elegantly defined in terms of a generative model that describes joint generation of the subspace coordinates, or Factors, y and the image g by linearly combining image components in the so called factor loading matrix A:
(Equation (Removed)
where O constitutes the non-uniform image noise (i.e., the variability not captured in the subspace model). A is an n x k matrix used to expand from the k-dimensional subspace into a full n-dimensional one, where n is the number of pixels in the image g-
The parameters A, O, and µ can be learned by maximizing the likelihood of a set of images g,,
(Equation (Removed)
and a good low-dimensional representation of the image tends to be E[y | g].
The above probability model, called factor analysis (FA), also allows for the design of the optimal encoding strategy for the factors y. As a result, a face image can be efficiently encoded with about 85 bytes representing 100 face factors y.
The subspace model may be extended that take into account the possible transformation of the facial image, such as translations, rotations, and scale. In this model, called transformed component analysis (TCA), an additional random transformation variable T is applied to the image expanded from y, and a new
image h is observed:
(Equation (Removed)
Such a model, when trained on an image set tends to automatically align all images to create the very compact subspace representation. The regular subspace models, in presence of transformational variability in the training data will tend to create blury models, while TCA creates sharper components.
FACECERT Authentication
The task of authentication performed by the exemplary FACECERT may be viewed as template matching. A likelihood over the windows in the image can be used as a cost instead of the template differences, although even straightforward correlation technique would work.
For example, to use the likelihood as the similarity measure, one would take the message /, extract the window size and detection threshold thr as well as the subspace parameters y compute:
(Equation (Removed)
for all windows of appropriate size. If maxhlog p(h) > thr, then the ID photograph
does contain the face encoded in the bar-code.
If the only modeled transformations are shifts, the integration over transformation T is not necessary since the search is done over all windows in the image. This process is equivalent to matching µ + Λv with the window h, in the
sense of a Mahalanobis distance dependent on the learned noise model. These types of computations are as effective as image correlation and can be done very efficiently using the fast Fourier transformation (FFT).
During the photo ID creation, the provided photograph is searched for a face, which is cropped and compacted efficiently using a transformed component analyzer. The face code, together with the compaction error and the window size (or even position) is signed with a private key.
The FACECERT ID is then created as a combination of text, photo and a barcode containing the encoded face. During authentication, the bar-code is decoded
and the face code, consisting of the factors y, threshold on likelihood (or encoding error) and the window size are decoded from the bar-code using a public key and the face store in the bar-code is compared to the one in the actual photograph in the FACECERT ID.
Scanning 2D Color Bar-codes
Of course, it is desirable to have high accuracy when reading the 2D color bar-code. Modern low-cost scanning devices typically have a 48-bit per pixel accuracy in the RGB color spectrum. However, hardly the color information of a digital image is retrieved accurately after printing and then scanning.
Assuming low-cost devices and print material, one can at best hope for only several colors to be transmitted reliably through this communication channel. Assuming an nB-bin bar-code , the likelihood that it is incorrectly scanned
equals:
(Equation (Removed)
where y is the scanned «fl-bin bar-code and e is the maximal likelihood for a
given color used in the bar-code to be incorrectly scanned. At least one implementation, described herein, adopts 6-color bar-codes:
RGB:T = [[0,0,0],[0,0,255],[0,255,0],[255,0,0],[255,255,255],[255,255,0]
as a reliable communicatiori'channel e Commonly, for a given scanner type (e.g., CCD sensor matrix brand), one of the following colors [255,255,0], [255,0,255], [0,255,255] has the highest read error
rates with respect to the other colors in T. Thus, for a given CCD scanning device type, the T spectrum is one of these colors, which results in a good read-error rate.
Bar-code read accuracy can be improved through error detection (e.g., parity check) and error correcting codes (e.g., Reed-Solomon codes), although typically good performance is achieved by printing the r colors at a known location on the ID to enable scanner fine-tuning.
Exemplary Computing System and Environment
Fig. 5 illustrates an example of a suitable computing environment 500 within which an exemplary FaceCert, as described herein, may be implemented (either fully or partially). The computing environment 500 may be utilized in the computer and network architectures described herein.
The exemplary computing environment 500 is only one example of a computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the computer and network architectures. Neither should the computing environment 500 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary computing environment 500.
The exemplary FaceCert may be implemented with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers, server computers, thin clients, thick clients, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes,
programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The exemplary FaceCert may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The exemplary FaceCert may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The computing environment 500 includes a general-purpose computing device in the form of a computer 502. The components of computer 502 may include, by are not limited to, one or more processors or processing units 504, a system memory 506, and a system bus 508 that couples various system components including the processor 504 to the system memory 506.
The system bus 508 represents one or more of any of several types of bus structures, including- a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures may include an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnects (PCI) bus also known as a Mezzanine bus.
Computer 502 typically includes a variety of computer readable media. Such media may be any available media that is accessible by computer 502 and includes both volatile and non-volatile media, removable and non-removable media.
The system memory 506 includes computer readable media in the form of volatile memory, such as random access memory (RAM) 510, and/or non-volatile memory, such as read only memory (ROM) 512. A basic input/output system (BIOS) 514, containing the basic routines that help to transfer information between elements within computer 502, such as during start-up, is stored in ROM 512. RAM 510 typically contains data and/or program modules that are immediately accessible to and/or presently operated on by the processing unit 504.
Computer 502 may also include other removable/non-removable, volatile/non-volatile computer storage media. By way of example, Fig. 5 illustrates a hard disk drive 516 for reading from and writing to a non-removable, non-volatile magnetic media (not shown), a magnetic disk drive 518 for reading from and writing to a removable, non-volatile magnetic disk 520 (e.g., a "floppy disk"), and an optical disk drive 522 for reading from and/or writing to a removable, nonvolatile optical disk 524 such as a CD-ROM, DVD-ROM, or other optical media. The hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 are each connected to the system bus" 508 by one or more-data media interfaces 526. Alternatively, the hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 may be connected to the system bus 508 by one or more interfaces (not shown).
The disk drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules, and other data for computer 502. Although the example illustrates a hard disk 516, a removable magnetic disk 520, and a removable optical disk 524, it is to
be appreciated that other types of computer readable media which may store data that is accessible by a computer, such as magnetic cassettes or other magnetic storage devices, flash memory cards, CD-ROM, digital versatile disks (DVD) or other optical storage, random access memories (RAM), read only memories (ROM), electrically erasable programmable read-only memory (EEPROM), and the like, may also be utilized to implement the exemplary computing system and environment.
Any number of program modules may be stored on the hard disk 516, magnetic disk 520, optical disk 524, ROM 512, and/or RAM 510, including by way of example, an operating system 526, one or more application programs 528, other program modules 530, and program data 532.
A user may enter commands and information into computer 502 via input devices such as a keyboard 534 and a pointing device 536 (e.g., a "mouse"). Other input devices 538 (not shown specifically) may include a microphone, joystick, game pad, satellite dish, serial port, scanner, and/or the like. These and other input devices are connected to the processing unit 504 via input/output interfaces 540 that are coupled to the system bus 508, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB).
A monitor 542 or other type of display device may also be connected to the system bus 508 via an interface, such as a video adapter 544. In addition to the monitor 542, other output peripheral devices may include components such as speakers (not shown) and a printer 546 which may be connected to computer 502 via the input/output interfaces 540.
Computer 502 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computing device 548. By way of example, the remote computing device 548 may be a personal
computer, portable computer, a server, a router, a network computer, a peer device or other common network node, and the like. The remote computing device 548 is illustrated as a portable computer that may include many .or all of the elements and features described herein relative to computer 502.
Logical connections between computer 502 and the remote computer 548 are depicted as a local area network (LAN) 550 and a general wide area network (WAN) 552. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.
When implemented in a LAN networking environment, the computer 502 is connected to a local network 550 via a network interface or adapter 554. When implemented in a WAN networking environment, the computer 502 typically includes a modem 556 or other means for establishing communications over the wide network 552. The modem 556, which may be internal or external to computer 502, may be connected to the system bus 508 via the input/output interfaces 540 or other appropriate mechanisms. It is to be appreciated that the illustrated network connections are exemplary and that other means of establishing communication link(s) between the computers 502 and 548 may be employed.
In a networked environment, such as that illustrated with computing environment 500, program modules depicted relative to the computer 502, or portions thereof, may be stored in a remote memory storage device. By way of example, remote application programs 558 reside on a memory device of remote computer 548. For purposes of illustration, application programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computing device 502, and are executed by the data processors) of the computer.
Computer-Executable Instructions
An implementation of an exemplary FaceCert may be described in the general context of computer-executable instructions, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Typically, the functionality of the program modules may be combined or distributed as desired in various embodiments.
Exemplary Operating Environment
Fig. 5 illustrates an example of a suitable operating environment 500 in which an exemplary FaceCert may be implemented. Specifically, the exemplary FaceCert(s) described herein may be implemented (wholly or in part) by any program modules 528-530 and/or operating system 526 in Fig. 5 or a portion thereof.
The operating environment is only an example of a suitable operating environment and is not intended to suggest any limitation as to the scope or use of functionality of the exemplary FaceCert(s) described herein. Other well known computing 'systems, environments, and/or configurations that are suitable for use include, but are not limited to, personal computers (PCs), server computers, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, wireless phones and equipments, general- and special-purpose appliances, application-specific integrated circuits (ASICs), network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
Computer Readable Media
An implementation of an exemplary FaceCert may be stored on or transmitted across some form of computer readable media. Computer readable media may be any available media that may be accessed by a computer. By way of example, and not limitation, computer readable media may comprise "computer storage media" and "communications media."
"Computer storage media" include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which may be used to store the desired information and which may be accessed by a computer.
"Communication media" typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as carrier wave or other transport mechanism. Communication media also includes any information delivery media.
The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above are also included within the scope of computer readable media.
Comparison with Existing Approaches
The exemplary FACECERT does not require smart cards or expensive biometric approaches to authenticating a person's identity. It does not rely on the sophistication of ID production to help authenticate a person's identity by reducing the likelihood of counterfeits.
Sophisticated Production
With readily available and relatively inexpensive high-quality, sophisticated production equipment, an unscrupulous rogue can cheaply and easily produce impressive counterfeit documents, including personal IDs. In response, issuing parties (such as governments) have implemented increasingly more sophisticated and presumptively more expensive production techniques.
For example, issuing parties are using holograms, watermarks, micro-printing, special print paper and/or chemical coating, etc. Since the production of IDs is more complex, authentication has become correspondingly more complex, unreliable, and most importantly, expensive.
With the exemplary FACECERT, these issuing parties can end this escalating cycle of increasingly more expensive and sophisticated production techniques and increasingly more complex, unreliable, and expensive authentication techniques. In contrast to the conventional approaches, the exemplary FACECERT does not rely on the sophistication of ID production to increase the confidence level that the presented ID is not counterfeit.
The FACECERT ID does not need to be printed by a trusted or high-end printer. It does not need to be produced using sophisticated production techniques to make it more difficult and expensive for a devious scoundrel to manufacture a counterfeit ID.
Rather, the FACECERT ID may be printed anywhere, anytime, and potentially by anyone using basic, inexpensive printers. That is because the exemplary FACECERT relies on the cryptographically signed data in the.bar-code to make it more difficult and expensive for an adversary to manufacture a counterfeit ID; rather than rely on the sophistication of production.
With the exemplary FACECERT, the Department of Motor Vehicles may, for example, e-mail a driver's license ID (in its digital format) to a customer, who can print it on her own printer creating as many copies as she wants. Unlike the conventional approaches, loss of the ID with the exemplary FACECERT incurs minimal cost to the customer.
Biometric Approaches
With biometrics, a computer may automatically recognize a person using distinguishing traits of that person. Several biometric-based person identification approaches have been proposed. Some of these include based upon automatic recognition of the distinguishing traits of a person's face, speech, fingerprints, handwriting, and/or iris and retina.
While some types of biometric-based person identification (such as retina scan or fingerprint detection) can be reliable, often they are ifttimidating (e.g., retina scan) and can be used maliciously to incriminate innocent users (e.g., fingerprint scan). A malicious detector can record a person's fingerprint, create its physical copy, and then, incriminate this person at will. This renders fingerprint detection systems highly undesirable for most person identification scenarios.
Typically, a biometric-based person identification system includes a human verifier who ensures the identification system is not fooled. This can happen when
an adversary shows a realistic size photo of the face of an authorized person to the face detector or plays a voice recording to a speech detector.
Finally, some biometrics systems are commonly subjected complaints for invasion of privacy. For example, wide-spread face detection points can disclose at any time one's location to a party who gains control over such a system.
For most applications, biometric-based approaches are generally considered to be inconvenient, costly, and most importantly, unreliable.
Smart Cards
With a smart card based system, a digitally stored image of the person's face
must be displayed so that the human verifier can confirm that the face in the image
stored on the card corresponds to the face of the presenter of the smart card. The
typical display will be a LCD or other flat panel display.
However, the exemplary FACECERT does not need to display any image.
Instead, it employs an optical scanner (e.g., a charge-coupled device (CCD) to scan
the photo, supplemental information, and bar-code. The human verifier confirms
that the face of the printed image corresponds to the face of the presenter of the
FACECERT ID.
Medium-quality displays (e.g., LCDs) are significantly more expensive than
CCD scanners (up to a factor of 5). In one estimate, a mass-produced scanner of the
authenticator of the exemplary FACECERT should not cost more than US$15, as
opposed to a smart card authenticator, which should encompass at least US$50 only
for the LCD display. Consequently, the cost of the authenticating infrastructure of
the exemplary FACECERT is significantly less than that of a smart-card based
approach.
Furthermore, personal IDs are frequently lost or damaged. Replacing a FACECERT ID involves only a simple reprint. However, replacing a smart card involves purchase of another hardware device in addition to burning, this device with the appropriate identification contents.
Moreover, the data stored on smart cards are not secure. Using various techniques, the data in the smart card can be extracted. More importantly, it can be replaced with new data. This reduces the overall confidence level in the security of smart cards.
Due to their relatively generous storage capabilities, smart cards may give an impression that they may be used for storing additional information, in particular, private information about the owner (e.g. private keys that are revoked if smart card is lost).
Conclusion
Although the invention has been described in language specific to structural features and/or methodological steps, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific features or steps described. Rather, the specific features and steps are disclosed as preferred forms of implementing the claimed invention.




We Claim;
. 1. A system for cryptographically secure person identification, the system comprising:
an identification issuer to produce one or more person identification documents (IDs) for a person, the ID comprising first and second representations of person-distinguishing data which distinguishes persons, the first representation being human-readable and second representation being computer-readable and encrypted; and characterized by
an authenticator (300) to automatically determine whether the first representation of person-distinguishing data of an ID corresponds with a decrypted second representation of person-distinguishing data of the same ID.
2. The system as claimed in claim 1, wherein the first representation includes person-distinguishing data selected from a group consisting of one or more images of the person's face, the person's name, the person's social security number, the person's account number, the person's weight, the person's height, the person's hair color, the person's eye color, one or more of the person's fingerprints, information about the person's birthmarks, information about the person's tattoos, the person's personal human statistics, one or more distinguishing traits of that person, and the person's contact information.
3. The system as claimed in claim 1, wherein the second representation includes person-distinguishing data selected from a group consisting of one or more images of the person's face, a retina scan of the person, an iris scan of the person, the person's name, the person's social security number, the person's account number, the person's weight, the
person's height, the person's hair color, the person's eye color, one or more of the person's fingerprints, information about the person's birthmarks, information about the person's tattoos, the person's personal human statistics, one or more distinguishing traits of that person, and the person's contact information.
4. The system as claimed in claim 1, wherein the format of the first representation is selected from a group consisting of written human-language text, color-coding, photographs, written human-language symbols, and imagery.
5. The system as claimed in claim 1, wherein the format of the second representation is selected from a group consisting of a bar-code, a magnetic strip, and a memory storage device.
6. The system as claimed in claim 1, wherein:
the first representation of person-distinguishing data comprises a image of a person, wherein the image comprises the face of that person; and
the second representation of person-distinguishing data comprises a face compendium of the face in the image, the face compendium comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the face compendium represents less than all of the features of that person's face.
7. The system as claimed in claim 1, wherein the identification issuer
comprises:
an image-acquisition device to obtain an image of a person's face;
a data generator to identify and generate person-distinguishing data of that person's face, the person-distinguishing data comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the person-distinguishing data represents less than all of the features of that person's face;
a data encrypter to encrypt the person-distinguishing data; and
an ID producer to produce one or more person identification documents (IDs) comprising a human-readable representation of the image of that person's face and a computer-readable representation of the encrypted person-distinguishing data.
8. The system as claimed in claim 7, wherein the ID producer comprises a printer to print on a print medium.
9. The system as claimed in claim 7, wherein the data generator compact the person-distinguishing data.
10. The system as claimed in claim 7, wherein the computer-readable and encrypted representation is selected from a group consisting of one or more bar-codes, one or more magnetic strips, and one or more memory storage devices.
11. The system as claimed in claim 7, wherein the human-readable
representation comprises a photograph of the face of that person.
12. The system as claimed in claim 1, wherein the authenticator for
authorizing person ID, comprises:
an optical scanner to obtain a first set of person-distinguishing data from a human-readable representation of a person identification document (ID) and obtain a second set of person-distinguishing data from a computer readable representation of the person ID;
a comparison unit to automatically compare the first and second sets of person-distinguishing data; and
a reporting unit to indicate results based upon such comparison by the comparison unit.
13. The system as claimed in claim 12, wherein the second set is encrypted, the system comprising a decrypter to decrypt the second set.
14. The system as claimed in claim 12, wherein the second set of person-distinguishing data comprises a face compendium of that person's face, the face compendium comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the face compendium represents less than all of the features of that person's face.
15. The system as claimed in claim 12, wherein:
the first set of person-distinguishing data comprises a photograph of that person, wherein the photograph comprises the face of that person; and
the second set of person-distinguishing data comprises a face compendium of the face in the photograph, the face compendium comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the face
compendium represents less than all of the features of that person's face.
16. A method for issuing person identification documents
(IDs),performed by a system as claimed in claim 1, the method
comprising:
for a specific person, generating a human-readable representation of a person's face, which distinguishes that person from other persons;
for that person, identifying person-distinguishing data of that person's face, the person-distinguishing data comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the person-distinguishing data represents less than all of the features of that person's face; and
generating an encrypted and computer-readable representation of the identified person-distinguishing data; and
producing one or more person IDs comprising the human-readable representation and the encrypted and computer-readable representation.
17. The method as claimed in claim 16, wherein producing comprises printing onto a print medium.
18. The method as claimed in claim 16, wherein generating the encrypted and computer-readable representation comprises compacting the person-distinguishing data.
19. The method as claimed in claim 16, wherein the person-
distinguishing data comprises information related to that person, which
data is selected from a group consisting of one or more images of the
person's face, a retina scan of the person, an iris scan of the person, the person's name, the person's social security number, the person's account number, the person's weight, the person's height, the person's hair color, the person's eye color, one or more of the person's fingerprints, information about the person's birthmarks, information about the person's tattoos, the person's personal human statistics, one or more distinguishing traits of that person, and the person's contact information.
20. The method as claimed in claim 16, wherein the computer-
readable and encrypted representation is selected from a group
consisting of one or more bar-codes, one or more magnetic strips, and
one or more memory storage devices.
21. The method as claimed in claim 16, wherein the human-readable
representation comprises a photograph of the face of that person.
22. A method for authenticating person identification documents
(IDs),performed by a system as claimed in claim 12, the method
comprising:
scanning a person identification document (ID) and by so doing obtaining:
• a first set of person-distinguishing data from a human-
readable representation on the person ID;
• a second set of person-distinguishing data from a computer-
readable representation on the person ID;
automatically comparing automatically the first and second sets of person-distinguishing data; and
indicating results of the automatic comparison of the first and second sets.
23. The method as claimed in claim 22, wherein the second set is encrypted, the method comprising a decrypter for decrypting the second set.
24. The method as claimed in claim 22, wherein the second set of person-distinguishing data comprises a face compendium of that person's face, the face compendium comprising data that defines facial structures of that person's face which distinguishes that person from other persons, wherein the face compendium represents less than all of the features of that person's face.

Documents:

955-delnp-2005-abstract.pdf

955-delnp-2005-assignment.pdf

955-delnp-2005-claims.pdf

955-delnp-2005-complete specification (as-files).pdf

955-delnp-2005-complete specification (granted).pdf

955-delnp-2005-correspondence-others.pdf

955-delnp-2005-correspondence-po.pdf

955-DELNP-2005-Description (Complete).pdf

955-DELNP-2005-Drawings.pdf

955-delnp-2005-form-1.pdf

955-delnp-2005-form-18.pdf

955-DELNP-2005-Form-2.pdf

955-delnp-2005-form-3.pdf

955-delnp-2005-form-5.pdf

955-delnp-2005-gpa.pdf

955-delnp-2005-pct-101.pdf

955-delnp-2005-pct-105.pdf

955-delnp-2005-pct-210.pdf

955-delnp-2005-pct-220.pdf

955-delnp-2005-pct-306.pdf

955-delnp-2005-pct-308.pdf

955-delnp-2005-pct-332.pdf

955-delnp-2005-pct-408.pdf

955-delnp-2005-pct-409.pdf

955-delnp-2005-pct-416.pdf

955-delnp-2005-petiton-137.pdf

Claims.tif


Patent Number 246046
Indian Patent Application Number 955/DELNP/2005
PG Journal Number 07/2011
Publication Date 18-Feb-2011
Grant Date 10-Feb-2011
Date of Filing 11-Mar-2005
Name of Patentee MICROSOFT CORPORATION
Applicant Address ONE MICROSOFT WAY, REDMOND WAY, WASHINGTON 98052, USA
Inventors:
# Inventor's Name Inventor's Address
1 DARKO KIROVSKI 14616 NE 36TH AVENUE, APT. E11, BELLEVUE, WASHINGTON 98007, USA
2 NEBOJSA JOJIC 6210 143RD AVE NE, REDMOND, WASHINGTON 98052, USA
PCT International Classification Number H04K 1/00
PCT International Application Number PCT/US2003/027614
PCT International Filing date 2003-09-04
PCT Conventions:
# PCT Application Number Date of Convention Priority Country
1 10/272,073 2002-10-16 U.S.A.