Electronic identification Tokens, such as e-identification (e-ID) cards, security badges or e-passports, are commonly used for security and identification purposes of the owner of the Token. The owner of the Token, referred to hereinafter as the Owner, may include a person or an object carrying a Token and being uniquely identified by the information stored in or displayed on the Token. Such electronic identification Tokens may include an electronic chip having a memory adapted to store Identification Data (ID) to uniquely identify the Token Owner. For example such Identification Data may include for a person as Owner the name of the Owner, national ID number, a picture, date of birth, nationality, official employee number, education degree, security clearance level, membership contract number, home address, and/or other related Identification Data. Examples for an object as Owner may include its serial number, license plate number of a car, insurance contract number, ID number of the company who produced the object and/or other related Identification Data. Furthermore, the Token may be provided with a communication interface enabling the Token to interact with an electronic authentication and validation system. The communication interface may be used to perform an electronic identification of the Token Owner and authentication of the Identification Data stored therein. Since electronic identification and authentication of the Token is not always possible, a subset of the Identification Data may be made visible on a Token location. For example the Token may include on a visible location the photo of the Owner along with his name and home address as a printed overlay on the Token.
Due to the value of the Identification Data, identification Tokens have become a major target of fraudulent attacks. For example, an authentic Token of a valid Owner may be used in a fraudulent way by replacing the visible Identification Data displayed on the Token by falsified Identification Data of a false Owner. Furthermore, a fraudulent Token may be manufactured containing falsified Identification Data. In a further example, an authentic Token may be used in an invalid security clearance situation whereby a Token Owner having a predetermined Clearance Status may use his Token to gain access to a part of a building that he is not authorised to enter. Tokens that are falsified, which for example means not authentic, or that are authentic but used in an unauthorised manner, are all invalid Tokens and will be referred to as such.
In order to prevent such attacks, a range of known security measures have been implemented in the state of the art. For example, in order to prevent falsification of the visible information on the Token, the Token may be provided with a set of visible security items such as holograms, special background prints and special colour dyes.
However, these visible security measures have shown to be relatively ineffective to prevent fraudulent use of a Token. Therefore, recognizing an invalid Token by a visible inspection using the visible security items may become extremely difficult or burdensome especially in the case where a large number of Tokens need to be validated and thus also authenticated.
To overcome the issues related to the visible security measures, validating a Token may be performed by directly accessing the Identification Data stored in the memory of the Token. For example, this may involve approaching the Token and/or Token Owner and reading out electronically the Identification Data. However, such an approach may be difficult to implement in the case where a larger number of Tokens need to be validated, for example, when desiring to verify the Tokens of a crowd of people working in a building or the Tokens of cars driving around a city.
US20070013610 presents an apparatus and a technique for allowing an electronic badge to establish a wireless online network with a fixed wireless transceiver mounted in a secure facility and to display information received through the wireless network from the wireless transceiver that is relevant to the secure facility. The apparatus requires that the security badge maintains a continuous wireless connection with the transceiver, which wireless connection is realised using a short range radio frequency. However, a disadvantage of this solution is that the maintenance of such wireless connection requires relatively complicated networks and electronic badges. This is because, in order for the system to work effectively, numerous fixed wireless transceivers and relatively strong batteries in the electronic badges are required to maintain a continuous online connection and sufficient autonomy throughout the building, compound or surroundings where the system is supposed to work. A further disadvantage of this solution, is that validation of the security badge may only be performed while the badge is connected to the wireless network. Therefore, in the case where the network is not available, or the wireless connection is interrupted such a validation procedure cannot be carried out. Moreover, in the case where the invalid badge is not arranged to be connected to the wireless connection once present in a building area, the security facility may remain unaware of the presence of such an invalid badge.
Therefore there remains a need for a validation, and thus authentication, procedure which may be carried out even where the Token is not connected to a security facility.