Note: Descriptions are shown in the official language in which they were submitted.
ao830 ~8
APPARATUS FOR RECORDING A TRANSACTION
INCWDING AUTHENTICATING AN IDENTIFICATION CARD
Background of the Invention
The subject invention relates to an apparatus for
recording a transaction; the transaction including
authentication of an identification card. The identification
card contains information pertaining to an object or other
entity to be identified on a first portion of the card in
human recognizable form, and a coded representation of an
encrypted signal comprisinq a representation of the
information on a second portion of the card. Such a card is
disclosed and claimed in the above mentioned, commonly
assigned U.S. patent application.
The problem of proving the identity, status or
characteristics of a person or other object or entity is
ancient. Both history and fiction are full of tales of
passwords, tokens, signet rings, etc. intended to prove
identity, and the consequences which followed from their loss.
In more recent times highly sophisticated instruments which
measure fingerprints, voice prints, retinal patterns and the
like to identify individuals have been developed. While very
useful where a high degree of security is required the
expense, complexity, and need for such systems to access a
database of characteristics of persons to be recognized, and
the need to secure and continually update this database has
limited such systems to applications such as controlling
access to extremely sensitive areas.
Thus, the most common form for proving the identity of a
person is the identification card. Typically, such an
identification card will include information about the
. ~
,~ ,
7~830 ~8
~ identity, status or characteristics of the per~on authorized
to process the card, and may include some means, such as a
seal, to reduce the possibility of forgery. (As used herein
the term "identification card" is intended to include not only
typical identification cards and similar items such as drivers
licenses and employee badges, but is also intended to include
any item which may be suitably carried by a person or
associated with an object or other entity to be identified,
and which is capable of containing information pertaining to
such a person, object or other entity and a coded
representation of an encrypted signal comprising a
representation of such information.)
In addition, to establishing the identity, status or
other characteristics of a person or other object or entity,
it is frequently desirable to establish that someone or
something was in a particular place at a particular time. For
example, a police officer might wish to establish that a
motorist or other person had been stopped at a particular
place and time, the immigration service of a country might
wish to establish that a person had entered or left the
country at a particular inspection point at a particular time,
or an inspection or testing facility might wish to establish
that a particular object had been delivered at a particular
time.
Accordingly, it is an object of an aspect of the subject
invention to provide an apparatus for recording a transaction
including authentication of an identification card.
Brief Summary Of The Invention
The above object is achieved and the disadvantages of the
prior art are overcome in accordance with the subject
invention by means of an apparatus for recording a transaction
where the transaction includes authenticating an
identification card; the identification card having
information pertaining to an object or other entity to be
identified on a first portion in human recognizable form, and
a coded representation of an encrypted signal comprising a
representation of the information on a second portion. The
apparatus includes a controller for controlling the operation
- 2 -
~. ~
~ ~ 8 3 ~0 ~ 8
of the apparatus and a mechanism for reading the coded
representation of the signal from the card. A decoder for
a decoding the representation of the signal and a de-
crypter are also included for decoding and decrypting the
signal. A display is responsive to the decrypter for dis-
playing the representation of the information; so that the
identification card may be authenticated by comparison of
the information on the first portion of the card with the
displayed representation of the information. The appara-
tus also includes a recorder responsive to the controller
for recording data and the controller is responsive to the
decrypter to reformat at least a part of the decrypted
signal and to control the recorder to record the reformat-
ted signal.
In accordance with various aspects of the subject in-
vention the recorder may include a non-volatile, removable
memory card, or a printer, or a communications link for
transmitting the reformatted information to a central lo-
cation for recording or other purposes.
In accordance with another aspect of the subject in-
vention the apparatus may include a mechanism for the in-
put of additional data to be appended to the recorded in-
formation. Typical such additional information might be
vehicle speed information where the apparatus of the sub-
ject invention is used by a police officer to authenticate
a driver's license and issue a speeding ticket.
In accordance with still another aspect of the sub-
ject invention the encrypted signal is encrypted using an
encryption key Ei, for a public key encryption system and
the corresponding decryption key, Di is encrypted with an
encryption key El for the public key encryption system to
form an encrypted decryption key El[Di] and the encrypted
key is appended to the encrypted signal. Further in ac-
cordance with this aspect of the subject invention the ap-
paratus stores a decryption key, Dl, corresponding to keyEl and decrypts the encrypted key El[Di] to recover the
decryption key, Di, and then decrypts the encrypted signal
using the key Di.
X ` - 3 -
~830 ~8
Other aspects of this invention are as follows:
An apparatus for recording a traffic violation and
for authenticating a driver's license, said driver's
license having information in humanly recognizable form
and pert~;n;ng to a licensed driver to be identified, on
a first portion of said driver's license, and a coded
representation of an encrypted signal comprising a
representation of said information on a second portion,
said apparatus comprising:
a) control means for controlling the operation of said
apparatus;
b) means for re~; ng said coded representation of said
signal from said card;
c) decoding means, responsive to said reading means for
decoding said representation of said signal to
provide a decoded signal;
d) decrypting means for decrypting said decoded signal
to provide a decrypted signal;
e) display means, responsive to said decrypting means,
for displaying said representation of said
information; whereby
f) said driver's license can be authenticated by
comparison of said information on said first portion
with said displayed representation of said
information; and
g) auxiliary data input means for determining and
inputting additional data relating to said traffic
violation; and
h) recording means, responsive to said control means,
for recording data; and wherein
i) said control means is responsive to said decrypting
means to further control said recording means for
record at least a portion of said decrypted signal,
and is responsive to said auxiliary data input means
to control said recording means to record said
additional data in association with said portion of
said decrypted signal.
- 3a -
.,
~ ~ 8 ~
An apparatus for recording a transaction, said
transaction including authenticating an identification
card, said card having information in humanly
recognizable form and pert~;n;ng to an object or other
entity to be identified on a first portion of said
identification card and a coded representation of an
encrypted signal comprising an representation of said
information on a second portion, said apparatus
comprising:
a) control means for controlling the operation of said
apparatus;
b) means for re~;ng said coded representation of said
signal from said card;
c) decoding means, responsive to said re~;ng means,
for decoding said representation of said signal to
provide a decoded signal;
d) decrypting means for decrypting said decoded signal
to provide a decrypted signal;
e) display means, responsive to said decrypting means,
for displaying said representation of said
information, whereby
f) said card can be authenticated by comparison of said
information on said first portion with said
displayed representation of said information; and,
g) recording means, responsive to said control means
for recording data; wherein,
h) said control means is responsive to said decrypting
means to control said recording means to record at
least a portion of said decrypted signal, and
wherein;
i) said encrypted signal is encrypted using an
encryption key, E1, for a public key encryption
system, and a decryption key D1, correspon~;ng to
said key E1, is encrypted with an encrypted key E
for said public key encryption system to form an
encryption decryption key El[D1] and said encrypted
,,,~
~3~ ~8
key Ei[Di] is appended to said encrypted signal, and
said decrypting means further comprises;
il) mean~ for decrypting said encrypted
decryption key, E1[D1] with a correspon~;ng
decryption key D1, to recover said decryption
key, Di, and,
i2) means for decrypting said encrypted signal
using said key, Di.
- 3c -
, ~
2~83~ 9~
Brief De~cription Of The Drawings
Figure 1 shows a schematic block diagram of an
apparatus in accordance with the subject invention.
Detailed Descri~tion Of Preferred Embodiments Of The
Sub~ect Invention
Apparatus 10 includes a signal processing system 20
which further includes a central processing unit 22 for
control of apparatus 10. Control of apparatus 10 consist
of implementation of well known data processing functions
including data input, control~of peripherals such as
displays, printers and communications interfaces, and
control of the sequencing of data through various known
processes as will be described further below. Such
control functions are well within the skill of those in
the data processing art and need not be discussed further
here for an understanding of the subject invention.
Apparatus 10 is intended for use in conjunction with
a card C having a front CF and a back CB. Card C serves
as an identification card for an object or other entity,
typically a person.
Front CF contains information in human recognizable
form pertaining to the object or other entity to be
identified. Typically, a person 0 will be identified by
an image I and also by a text message T printed on card
front CF. Back CB contains a coded representation of an
encrypted signal comprising a representation of image I.
In accordance with a preferred embodiment of the subject
invention the encrypted signal on back CB may also
include at least part of text message T. In accordance
with another preferred embodiment of the subject
invention the encrypted signal comprises a compressed
representation of image I.
A more complete description of the construction of
card C is provided in the above mentioned, commonly
assigned U.S. patent application, which is hereby
incorporated by reference, and a further description of
the construction of card C is not believed necessary for
an understanding of the subject invention.
- 4 -
. ~
~ 0 8 3 0 ~ ~
In operation scanner 24 scans back CB to produce a signal
- representative of the coded representation on back C~. The
signal is input to decoder 26 to be decoded in a conventional
manner. Preferably the coded signal will be coded as a two
dimensional barcode such as the PDF-417 standard barcode
developed by the Symbol Technology Corporation of New York.
However, it is within the contemplation of the subject
invention that the coded representation may be stored in any
convenient medium, for example in memory of a smart card or of
a memory card. Alternatively, in suitable applications, card
C may comprise a magnetic storage medium such as a floppy disk
and the signal may be coded suitably for recording on such
medium.
After decoding to recover the encrypted signal the
encrypted signal is input to decrypter module 30.
The signal may be encrypted using any convenient method
of encryption and may be decrypted using the corresponding
known, conventional algorithms.
In a preferred embodiment the signal is encrypted using a
public key encryption system such as the well known RSA
system, using an encryption key Ei. The corresponding
decryption key Di is encrypted using another encryption key,
El, for the public key system and the encrypted decryption
key, E1[Di] is appended to the encrypted message. Decrypter
module 30, in accordance with this embodiment, stores the
corresponding decryption key, D1, which is used to decrypt key
Di, which is in turn used to decrypt the encrypted message.
A more detailed description of this method of
authenticating a message or signal is given in U.S. patent no.
4,853,961; to: Pastor; for: "Reliable Document Authentication
System; issued: August 1, 1989.
In accordance with a preferred embodiment of the subject
invention a representation of image I is comprised in the
encrypted signal in a compressed form. Image I may be
compressed using any suitable image signal compression
algorithm such as the known, commercially available JPEG
algorithm. Accordingly, in accordance with this embodiment,
after decryption the decrypted signal is expended by expander
- 5 -
~830 ~
module 32 to produce a representation RI of image I which
is displayed on display 36 together with text message T.
Those skilled in the art will recognize that repre-
sentation RI will appear somewhat degraded with respect
S to image I because of the compression. However, with im-
provements in storage technology, or the use of high ca-
pacity storage media, it is within the contemplation of
the subject invention that the need for signal compres-
sion may be reduced or eliminated and representation RI
may correspond substantially exactly to image I.
As is described in the above referenced commonly as-
signed U.S. patent application display 36 may then be
compared to card C and an operator may compare image I to
representation RI and the printed text message T to the
displayed text message T to authenticate card C, and card
C and display 36 may be compared to person O for identi-
fication.
In another preferred embodiment of the subject in-
vention the encrypted signal may also include a password
known to person O which is displayed on display 36 after
decryption as a further means of identification. Of
course, in this embodiment the password would not be
printed on card front CF.
In another preferred embodiment of the subject in-
vention password T is not displayed but is appended to arecord, as will be described further below, to authenti-
cate that the record has been produced as part of an
authentication transaction for card C.
In accordance with the subject invention CPU 22 cap-
tures at least a portion of text message T and reformatsit for recording on a permanent medium. In one such em-
bodiment the portion of message T may be downloaded to a
replaceable non-volatile memory 40 for later transfer to
permanent storage. Memory 40 may comprise any suitable
medium, including but not limited to magnetic medium,
EPROM, or battery-backed RAM. Such memories and their
use are well known and need not be described further here
for an understanding of the subject invention.
- 6 -
~3~ ~8
In another such embodiment a portion of message T or
Image I may be printed by printer 42 in a conventional
manner.
In still another such embodiment a portion of mes-
sage T or Image I may be transmitted over a communicationlink 44 through communications interface 46. Link 44 may
comprise any suitable technology, including but not lim-
ited to, modem connection to a telephone line, cellular
phone technology, or radio transmission. These technolo-
gies too are well known to those skilled in the art andneed not be discussed further here for an understanding
of the subject invention.
In accordance with another preferred embodiment of
the subject invention additional data relating to the
authentication transaction may be appended to the record
of message T.
For example, in an application of the subject inven-
tion where a police officer authenticates a driver's li-
cense in the process of issuing a traffic ticket it may
be desired to append additional data relating to the
traffic ticket to the record. In one such embodiment
auxiliary data input 50 would comprise a radar gun or
similar device for measuring vehicle speed. In another
such embodiment auxiliary data input 50 would comprise a
breathalyzer for input of data representative of the
blood alcohol content of person O.
In other applications, where it is desired to record
the exact geographic position at which a transaction oc-
curred input 50 would comprise a receiver for the Global
Positioning System, which is a well known satellite based
system for determining geographic position.
In still another such application the time of the
transaction may be appended to the record and may be in-
put from system clock 52.
In still another application additional data may be
entered manually through a keyboard, keypad, touch screen
or other suitable, conventional apparatus for manual en-
try of data.
X - 7 -
~ . .~ "
,~
~83~ ~
.
Each of these technologies for the input of auxil-
iary data is well known to those skilled in the art and
need not be described further here for an understanding
of the subject invention.
s The detailed description of preferred embodiments
set forth above has been provided by way of illustration
only, and other embodiments of the subject invention will
be apparent to those skilled in the art from considera-
tion of the above description and the attached drawing.
Io Accordingly, limitations on the subject invention are to
be found only in the claims set forth below.
~7 - 8 -
..,~_