Systems and methods utilizing biometric data
Systems and methods perform access control and mobile identity verification utilizing a memory, maybe on a handheld device, that stores at least biometric data, such as minutia. The handheld device may also store other data, such as a threshold value and Wiegand data. The data may be stored in a memory, a magnetic strip, a code, a bar code, or in all of these devices associated with the handheld device. The handheld device may be a SmartCard or the like. The threshold value may be a required value or parameter generated from input criteria based on biometric data read and extracted by an extracting system during an enrolling process. The threshold value is used during extracting, matching, or both, to most accurately determine the identity and characteristics of an individual wanting access to an accessed system or being questioned by law enforcement in the field.
Latest Cross Match Technologies, Inc. Patents:
- System for presentation attack detection in an iris or face scanner
- Transformed representation for fingerprint data with high recognition accuracy
- System, method, and apparatus for acquiring rolled-equivalent fingerprint images
- Privacy-enhanced biometrics-secret binding scheme
- Transformed representation for fingerprint data with high recognition accuracy
This application is a continuation of U.S. Ser. No. 10/125,650, filed Apr. 19, 2002, which is incorporated herein by reference in its entirety.
BACKGROUND OF THE INVENTION1. Field of the Invention
The present invention is directed to the field of access control and remote identity verification, in particular, utilizing biometric technology.
2. Related Art
Access control systems are used to limit access to selected individuals. Some of these systems use biometric technologies to determine whether access for an individual will be granted or denied. A biometric is a unique, measurable characteristic or trait of a human being for automatically recognizing or verifying identity. For instance, fingerprint biometrics are largely regarded as an accurate method of biometric identification and verification. See, e.g., Roethenbaugh, G. Ed., Biometrics Explained (International Computer Security Association: Carlisle, Pa. 1998), pages 1-34, which is herein incorporated by reference in its entirety. Access control units (ACUs) may be placed locally to perform a biometric analysis on the individual, and determine whether access will be granted or denied. As the number of people needing access to facilities grows, so must be any database holding their biometric information. Eventually, this will become a prohibitive aspect of access control because of the cost, both in equipment and updating time, required to maintain an ever increasing amount of stored biometric data.
What is needed is a system utilizing a device that stores data for an unlimited number of enrollees allowing easy scalability. Also, a system is needed that utilizes a device that allows for easy updating of stored biometric information to keep all information current for all enrollees.
BRIEF SUMMARY OF THE INVENTIONEmbodiments of the present invention provide a system including an enrollment system that controls storing of biometric data. The system further includes an access control system that reads the stored biometric data, an extracting system coupled to the access control system that extracts live biometric data, and a matching system coupled to the access control system that compares the stored biometric data to the live read biometric data to generate a matching result that is transmitted to the access control system. The system further includes an accessed system coupled to the access control system into which admittance is either allowed or denied based on the matching result. The system may also include a threshold controller that determines and generates a threshold value to be used during extracting, matching, or both. Using the threshold value increases the number of enrollees successfully managed by an access control system, and reduces the number of false rejections of entry. Thresholds can also provide more data with which to make an access control decision rather than mere presentation of a biometric input. These thresholds are individualized and help to make a more informed security decision that, among other things, reduces the rejection of more difficult to read fingerprints.
Other embodiments of the present invention provide a method including the step of enrolling enrollees and storing their biometric data. The method further includes the steps of performing a live read of one of the enrollees using a reader in an access control system, extracting live biometric data during the live read in an extracting system, and comparing the extracted live biometric data with the stored biometric data in a matching system and outputting a matching result. The method further includes the step of performing access control based on the matching result. The method also includes the steps of determining and generating a threshold value to be used during extracting, matching, or both.
According to a further feature, processing is distributed across a networked system. In one embodiment, extraction is carried out remotely over a network. In another embodiment, matching is carried out remotely over a network. In this way, an access control reader or panel need not perform extraction and matching, which reduces processing requirements at the access control reader or panel. Processing of extraction and matching is more efficiently managed at the remote sites, for example different extraction or matching algorithms, or changes thereto, can be more easily implemented. Further, the system is more scalable as additional, cheaper access control readers and panels utilizing biometric data can be easily added.
According to a further feature, in one embodiment the access control system is easily installed as an upgrade to an existing Wiegand panel through the use of a live access control reader, which acts as an interface to a Wiegand panel.
Some advantages of the system and method may be that they provide an access control system and method that utilizes a device allowing for data to be stored for an unlimited number of enrollees allowing easy scalability. Also, a system and method are provided that utilize a device requiring little, if any, updating time to keep current stored biometric information for all enrollees.
Further embodiments, features, and advantages of the present inventions, as well as the structure and operation of the various embodiments of the present invention, are described in detail below with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS/FIGURESThe accompanying drawings, which are incorporated herein and form a part of the specification, illustrate the present invention and, together with the description, further serve to explain the principles of the invention and to enable a person skilled in the pertinent art to make and use the invention.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number identifies the drawing in which the reference number first appears.
DETAILED DESCRIPTION OF THE INVENTIONOverview and Terminology
Some embodiments of the present invention are directed to systems and methods that perform access control and mobile identity verification, including examples utilizing a handheld device, with a memory that stores at least biometric data, such as minutia. The handheld device may also store other data, such as a threshold value and Wiegand data. The data may be stored in a memory, a magnetic strip, a machine-readable code, a bar code, or in all of these devices associated with the handheld device. The handheld device may be a SmartCard or the like.
One example of biometric data that may need the threshold value is a value indicative of a fingerprint image capture quality of an individual. For example, a low value can indicate a relative poor image capture quality, while a high value can indicate a relative high capture quality. Low threshold values may be appropriate for individuals with difficult to read fingerprints, such as those with dry fingers, missing or damaged fingers, or birth defects. High threshold values may be appropriate for individuals with easy to read fingerprints, such as those with oily fingers or with complete fingertips having a number of distinct minutiae. In some embodiments of the invention, threshold values can be numeric values or categorical values (such as good, average, poor). These threshold values can be used in a variety of ways in the systems of the present invention to accommodate an even greater range of biometric objects successfully managed by the system. The threshold value is used during extracting, matching, or both, to most accurately determine the identity and characteristics of an individual wanting access to an accessed system or being questioned by law enforcement in the field.
An object as used throughout the specification may be a physical part of an individual, such as an eye, a finger, a limb, etc. An accessed system as used through the specification may be any known system that requires some limitation to entry, which can be a computer, electrical or mechanical equipment, a room, a hallway, a building, a section of a compound, etc. An enrollee as used throughout the specification may be any individual, whether within a business setting, public setting, or otherwise. As mere examples, an enrollee may be an employee of a company, a person receiving governmental assistance, a prisoner, or a person at a traffic stop. Matching used throughout the specification relates to matching either 1:1 to determine if the individual matches with whom he/she says he/she is or 1:m, where m=all the enrollees, to determine if an individual is an enrollee at all.
Overall Access Control and Remote Verification System
With reference to
Enrolling System
Now turning to
Through use of this handheld device 206 the need for a large database is virtually eliminated because biometric and other personal data can be stored on the handheld device 206. There would also be no need to update a central database, just the hand held device 206 memory, which ensures more accurate information is timely maintained. The use of the handheld device 206 is most effective for systems that have a large and continuously growing enrollee list.
In embodiments where the biometric reader 200 reads and extracts fingerprints, the biometric reader 200 may be coupled between an electronic fingerprint template (EFT) file 208 and an EFT service 210. The EFT file 208 converts read fingerprint data into a predetermined form and transmits the data to the EFT Service 210, which may be the Federal Bureau of Investigations (FBI), other federal, state, or local authorities, private entities, or the like. This data is then used by the EFT Service 210 to run background checks on possible enrollees.
In still other embodiments the enrolling system 102 may include a threshold controller 212 coupled between the biometric reader 200, the handheld device controller 204 and/or the database 202, and an input system 214. According to one feature, threshold values associated with each biometric input are assigned and stored during enrollment in an enrolling system. In this way, the assignment and storage of correct or suitable thresholds can be obtained during enrollment. This may have advantages in many practical situations where more experienced personnel are available at enrollment to monitor threshold value assignment and storage. Also, the presentation of biometric input at enrollment may often occur in a setting where more time is available for ensuring proper threshold values are assigned and quality biometric data, such as fingerprint data, are captured. Details of the threshold controller 212 are described below with reference to
Mobile Verification System
Now turning to
According to one embodiment, the reader 300 is a handheld, mobile device. This is helpful in allowing capture of biometric data at different locations. Individuals can be checked during spot checks, mobile or roving checks, and in other ways to provide additional security in support of access control systems. This is especially helpful in applications such as airport security, where spot checks need to be performed on a tarmac or runway, in a terminal, etc. Other applications that require mobile verifications also benefit from the mobile reader 300. Wireless links can also be used to transfer data from the mobile reader 300 to the verification system 302.
Access Control Apparatus
Access Control Reader
In this arrangement, the live access control reader 400 both reads live biometric data and accesses stored biometric data to be used during an access control operation described in more detail below. Also, in some embodiments an additional level of security can be provided because multiple factors (a live biometric and an input) may be used in access control. This architecture provides significant installation advantages for incorporating aspects of the system 100 into existing stand-alone access control systems having Wiegand panels. For instance, one or more live access control readers 400 can be coupled to one or more existing Wiegand panels 402. This allows existing stand-alone Wiegand access control systems to be easily upgraded to a more secure, scalable, network-based access control system 100 of the present invention.
As also seen in
Access Control Panel
Turning now to
In this arrangement, the access control panel 500 reads live biometric data and accesses stored biometric data to be used during an access control operation described in more detail below. As described with respect to
Network Extraction or Matching Systems
As shown in
Similar advantages are provided in a feature where matching processing is carried out by a remote matching system 110 (
As seen in
Example Access Control and Remote Verification System
Shown in
In this example, one embodiment of reading the SmartCard 801 may be to use a remote verification system including a mobile reader 812 that reads both a code 814 on the SmartCard 810 and a live fingerprint of an individual to perform matching in the verification system 816. The reader 812 may be manufactured by Cross Match Technologies, Inc. and the verification system may be a computer either linked or unlinked to a network, such as one found in a law enforcement vehicle.
Other embodiments used to read and utilize information on the SmartCard 810 are an access control reader (ACR) 818 environment and an access control panel (ACP) 820 environment. Either of these access control systems can be used to control access to a door 822, either via a Wiegand panel 824 or directly. As shown, both the ACR 818 and the ACP 820 can access the SmartCard 810 to send extracting parameters to an extracting service 826. Also, both the ACR 818 and ACP 820 can access the SmartCard to send stored biometric data and matching parameters, along with the live read biometric data read by a live biometric reader (not shown), to a matching service 828. In some embodiments, based on a result from the matching service 828, the ACR 818 sends Wiegand signal to the Wiegand panel 824 to control opening of the door 822 via a relay signal from the Wiegand panel 824. In other embodiments, based on a result from the matching service 828, the ACP 820 sends a relay signal to the door 822 to control its opening.
Threshold Value System
Referencing
As discussed above, one example of biometric data that may need the threshold value is a value indicative of a fingerprint image capture quality of an individual. For example, a low value can indicate a relative poor image capture quality, while a high value can indicate a relative high capture quality. Low threshold values may be appropriate for individuals with difficult to read fingerprints, such as those with dry fingers, missing or damaged fingers, or birth defects. High threshold values may be appropriate for individuals with easy to read fingerprints, such as those with oily fingers or with complete fingertips having a number of distinct minutiae. In embodiments of the invention, threshold values can be numeric values or categorical values (such as good, average, poor). These threshold values can be used in a variety of ways in the system 100 to accommodate an even greater range of biometric objects successfully managed by the system 100. A threshold value may be a required value or parameter generated from input criteria based on biometric data read and extracted by an extracting system 108 during an enrolling process. The threshold value is used during extracting, matching, or both, to most accurately determine the identity and characteristics of an individual wanting access to an accessed system 112 or being questioned by law enforcement in the field.
Overall Operation
An overall operation 1000 of the system 100 is shown in
Enrolling Operation
The details of the enrolling operation 1002 performed by the enrolling system 108 according to embodiments of the present invention are shown in
Remote Verification Operation
A mobile verification operation 1200 performed by the mobile verification system 106 is shown in
This roving or mobile verification operation 1200 can be used to supplement the security provided by the system 100.
Access Control Operation
Extracting, Matching, and Controlling Operations
Referencing
The extraction parameter step 1306 and the matching parameter step 1312 are performed along with an operation 1400 shown in
Access Control Reader Operation
After performing the operations shown in
Access Control Panel Operation
Similar to the operation shown in
Threshold Value Operation
A threshold value determination and generation operation 1104, and how the generated threshold value is utilized, are shown in more detail in
As seen in
As seen in
The score values are a correlation between the live extracted biometric data and the stored biometric data based on the threshold value. For example, scores may range from 0 to 1000, where 500 is an acceptable score for an average individual as being a positive match, and anything below is not a positive match. The threshold value may adjust the acceptable score for a below average person to 300 in order for a match to be positive, while the threshold value may adjust the acceptable score for an above average person to 900 in order for a match to be positive. Thus, in this way each individual's biometric data is taken into consideration when determining what score is needed to allow then entry into an accessed system.
Remote Management Operation
Turning now to
With reference to
In these embodiments utilizing a system administrator 118, small organizations that need external support for their access control or large organizations that need a central or remote station for their access control can utilize a network, such as the Intranet or the Internet, as part of their access control system 100. For a small company, this helps reduce some costs involved in installing and maintaining an access control system. While in large companies this gives central station information about every single thing requiring access control in a company, such that problems can be detected and resolved timely.
Conclusion
While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. It will be apparent to persons skilled in the relevant art that various changes in form and detail can be made therein without departing from the spirit and scope of the invention. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
Claims
1. A method, comprising:
- (a) reading information from a smart card of an enrollee at an access control location;
- (b) transmitting the information via a network to a central processing location;
- (c) generating image data from a live capture of an image of a biometric of the enrollee using a live capture device at the access control location;
- (d) transmitting the image data via the network to the central processing location;
- (e) accessing the image date from the central processing location to extract extraction information from the accessed image data;
- (f) accessing the information from the smart card from the central processing location and the extraction information to generate a matching result through comparing the extracted information with the information from the smart card; and
- (g) performing access control at the access control location via the network based on the matching result.
2. The method of claim 1, further comprising:
- (h) using a system administrator at the central processing location to perform step (g).
3. The method of claim 2, wherein step (h) comprises:
- using an access control device as the system administrator that compares the matching result to a threshold value.
4. The method of claim 2, further comprising:
- using an operator as the system administrator that reviews the matching results against a threshold value.
5. The method of claim 2, wherein:
- step (f) further comprises determining a threshold quality value of the enrollee from the information on the smart card; and
- step (g) further comprises using the threshold quality value and the matching result to perform the access control.
6. The method of claim 2, wherein step (h) further comprises:
- using the system administrator to at least one of initialize, configure, or update at least one or more devices utilized to perform steps (a)-(g).
7. The method of claim 2, wherein step (h) further comprises:
- using the system administrator to access at least one of audit information, log information, status information, or polling information from one or more devices utilized to perform steps (a)-(g).
8. The method of claim 2, wherein step (h) further comprises:
- using the system administrator to transmit one or more event commands to one or more devices used to perform steps (a)-(g).
9. The method of claim 1, wherein before step (e) the central processing location monitors a plurality of extraction locations coupled the network and chooses one of the plurality of extraction locations at which to perform step (e).
10. The method of claim 1, wherein before step (f) the central processing location monitors a plurality of matching locations coupled to the network and chooses one of the plurality of matching locations at which to perform step (f).
11. The method of claim 1, wherein:
- before step (e) the central processing location monitors a plurality of extraction locations coupled the network and chooses one of the plurality of extraction locations at which to perform step (e); and
- before step (f) the central processing location monitors a plurality of matching locations coupled to the network and chooses one of the plurality of matching locations at which to perform step (f).
12. A distributed system for access control, comprising:
- a reader that reads information from a smart card of an enrollee at an access control location;
- a transmitter that transmits the information via a network to a central processing location;
- an image generator that generates image data from a live capture of an image of a biometric of the enrollee using a live capture device at the access control location;
- a transmitter that transmits the image data via the network to the central processing location;
- an extraction service that accesses the image date from the central processing location to extract extraction information from the accessed image data;
- a matching service that accesses the information from the smart card from the central processing location and the extraction information from the central processing location to generate a matching result through comparing the extracted information with the information from the smart card; and
- an access controller at the access control location that controls access via the network based on the matching result.
13. The system of claim 12, further comprising:
- a system administration device at the central processing location coupled to the access controller.
14. The system of claim 13, wherein the system administration device at least one of initializes, configures, or updates at least one or more of the means coupled to the network.
15. The system of claim 13, the system administration device accesses at least one of audit information, log information, status information, or polling information via the network.
16. The system of claim 13, wherein the system administration device transmits one or more event commands via the network.
17. The system of claim 12, further comprising:
- a selector that selects the extraction service from a plurality of extraction locations coupled the network.
18. The system of claim 12, wherein:
- the matching service a threshold quality value of the enrollee from the information on the smart card; and
- the access controller uses the threshold quality value and the matching result to perform the access control.
19. The system of claim 12, further comprising:
- a selector that selects the matching service from a plurality of matching locations coupled the network.
20. The system of claim 12, further comprising:
- a first selector that selects the extraction service from a plurality of extraction locations coupled the network; and
- a second selector that selects the matching service from a plurality of matching locations coupled the network.
Type: Application
Filed: Apr 6, 2005
Publication Date: Dec 1, 2005
Applicant: Cross Match Technologies, Inc. (Palm Beach Gardens, FL)
Inventors: William Siegel (Wellington, FL), Gregory Cannon (Boynton Beach, FL)
Application Number: 11/099,697