An especially beneficial application of the invention, although not exclusive, consists in controlling the granting of entitlements to persons having obtained a unique means of identification.
The term “entitlement” is to be understood in its widest acceptance, the granting of an entitlement to a person being understood as the concrete realization of a possibility offered to this person. By way of example, a person may have a driving license, a building access badge, a transport pass be granted to them, or else be allocated a retirement fund, compensation or else a refund within the context of a social security system for example, etc.
The granting of such entitlements is confronted with a problem of uniqueness, in so far as one generally does not wish to grant the same entitlement to the same person several times.
Thus, certain current systems operate according to the following principle: a person wishing to have an entitlement granted to them firstly states their identity (for example their surname and forenames), then a check of this identity is performed with means that are generally limited and rather unreliable. Next, a check is made to verify whether the person bearing this identity has not already received the entitlement claimed, for example by consulting a database wherein are stored the identities of all the persons having already acquired the relevant entitlement. If the check shows that the person has not already acquired this entitlement, the latter is then granted to them and this information is taken into account in the database.
However, if the relevant person has usurped one or more identities, they can obtain the entitlement a number of times equal to the number of identities that they present to the system. The uniqueness of granting entitlements is not therefore ensured in such systems.
Furthermore, such systems grant entitlements in conjunction with the identity of the persons, so that they do not make it possible to grant entitlements to persons by virtue of their capacity, for example their membership of an association of anonymous individuals.
To limit these drawbacks and in particular to make the identification of persons more reliable, it is known to use biometric data associated with persons. The resulting principle is illustrated in FIGS. 1 and 2.
FIG. 1 shows a prior phase of so-called enrollment, in the course of which a means of identification of a person is generated, this means of identification creating a tie between the biometric data of the person and their identity. Thus, the person 1 possesses a biometry 3, that is to say biometric data characterizing them, such as fingerprints, characteristics of the iris of their eyes, etc. The person 1 states their identity 4, which is then verified (step 5). Next, an association is made between the biometry 3 and the identity 4 of the person 1 (step 6). This association is finally stored on a means of identification associated with the person 1. The means of identification is typically held by the person themselves, so that they alone possess a trace of the association between their biometry 3 and their identity 4. Such a means of identification associated with a person is commonly called a biometric token. It may for example take the form of an identity card on which the fingerprints of the person have been affixed.
FIG. 2 shows a subsequent phase of granting an entitlement. A person 2 claiming the granting of an entitlement must have been the subject of a prior enrollment according to the principles illustrated in FIG. 1. The biometry 8 of this person is then compared with that which was kept on the biometric token 9 associated with this person during their enrollment. If the biometries match (step 10), it is then possible to retrieve the identity of the person 2 in a relatively reliable manner (step 11) on the basis of the identity that they stated, for verification, during their enrollment, and which was stored on the biometric token 9 in association with the biometry 8 of this person. Thereafter, in step 12, a check is made to verify whether the entitlement in question has already been obtained in relation to the identity retrieved. To do this, a search is performed for the presence of said identity in a database 13 storing the identities of the persons having acquired the entitlement in question. If the person 2 had not yet acquired the entitlement, the latter is finally granted to them in step 14 and this information is taken into account in the database 13.
This mode of operation therefore improves the reliability of the identification of a person, since the identity stated by each person and verified during their enrollment is retrieved on the basis of this person's own biometric data and of the biometric token previously issued to this person.
However, it does not guarantee the uniqueness of the granting of entitlements. Specifically, a person possessing several biometric tokens, obtained during successive enrollments, may get an entitlement granted several times, with a different biometric token each time. This is especially true when the person obtains several biometric tokens with different identities for each token, this possibly occurring in particular when step 5 of verification of the identity is of low reliability.
A known and effective way of remedying this problem consists in storing, in a centralized database, an association between the biometry and the identity of each person. FIG. 3 illustrates a phase of enrollment in accordance with this mode of operation. The person 15 possesses a biometry 16 and states an identity 17 which is verified by a check in step 18. In step 19 a check is made to verify whether a biometric token has already been allocated to the person 15 by searching for the presence of the stated identity 17 in the database 20 of the identities storing the biometry/identity pairs of the persons for which a biometric token has already been generated. If the person 15 did not yet have a biometric token, one is then generated for them in step 21, thereby guaranteeing that a single biometric token is generated for each person. The database 20 is finally updated to take account of the generation of the new token.
Subsequently, an entitlement can be granted as in the case illustrated in FIG. 2, if need be.
However, the mode of operation illustrated in FIG. 3 requires that biometric data and identities of persons be placed in correspondence in a database 20. Such a correspondence is rather undesirable since it could be used for purposes other than the simple granting of entitlements and thus run counter to individual freedom. It would even be contrary to legal provisions in respect of the protection of individual freedom in certain countries.
An object of the present invention is to limit the abovementioned drawbacks, by permitting an identification of persons which does not impede individual freedom.
Another object of the invention is to improve the reliability of the uniqueness of the means of identification associated with persons, with a view for example to affording control of the granting of entitlements to these persons, without thereby creating a database linking for each person, their biometry and their identity.
Another object of the invention is to limit the possibilities of fraud during the granting of entitlements.
Yet another object of the invention is to allow control of the granting of entitlements to persons without consideration of their identity.