The present invention pertains to personal identification systems and more particularly to a system for the generation of unforgeable identification credentials and use of these unforgeable identification credentials at remote localized sites.
Modern society is continuously confronted with the problem of positive identification of individuals. Within the general populous, the problem is most frequently evidenced during everyday financial transactions such as, the use of credit cards, check cashing and automated tellers.
Within the government realm, the problem of identification is closely related to security issues involving access control. Various government agencies which handle classified information, as well as corporations which handle their own and others' confidential information, recognize the security issues. The U.S. Government and corporations spend much money to protect classified and confidential information. In response to the need for security, the government as well as individual corporations have provided forms of officially issued identification. Typically, the identification issued consists of an identification card imprinted with an individual's facial photograph. Some of these identification cards contain an additional magnetic strip which provides storage of digital data representing various information such as, employee number or security clearance level in a digital format. The information contained on this magnetic strip may be in encrypted or unencrypted form. Typically, magnetic card readers are provided at access control points. These card readers read the information, perform any necessary decryption and then either permit or deny access to materials or areas by unlatching door, gates, etc. For certain systems such as, banking or automatic teller systems, in addition to a magnetically encoded identification card, a user is required to enter a personal identification number (PIN). Any encrypted PIN number is then read from the identification card or a data base is accessed to retrieve a prestored PIN number. The PIN number which is retrieved is compared with the PIN number entered by the user. For detection of a comparison, access control is permitted. Otherwise, access control is denied. The PIN system and similar Password-based systems provide personal identification based on information "known" by the rightful user. All of these systems are defeated by extracting the known information from the rightful user, normally under duress, allowing the fraudulent user to pose as the rightful user.
Still other systems provide for security through the use of various user specific physical traits. These physical traits include fingerprints, retinal scans, voice patterns and dynamic signatures. Typically, these distributed access control points are linked via a communication medium to a centralized data base. The centralized data base serves as the repository for previously stored physical trait data, such as those mentioned above. The repository also provides for some form of comparison of the prestored traits with those obtained through the access control devices. A remote access control point transmits the data representing the physical trait which it has gathered through one of the above mechanisms to the central repository. The central repository then matches the data obtained from the remote access control point with the prestored data retrieved from the data base. If a successful comparison is obtained, the central repository then communicates back to the access control point to allow the requested access. Otherwise, the access is denied. Further, these systems may add encryption and decryption of the messages between the remote access control point and the central data base repository for security.
One such system as that described immediately above, is shown in U.S. Pat. No. 4,438,824, issued on Mar. 27, 1984, to C. Mueller-Schloer for an invention entitled "Apparatus and Method for Cryptographic Identity Verification".
Lost or stolen identification cards are a problem of some of the above-mentioned systems. Such systems depend heavily on the timely reporting of lost or stolen cards in order to update the data base. In the case of forged identification cards, the forgery may not be recognized for a considerable period of time resulting in a period of time during which there may be unauthorized use. This could result in heavy financial problems or the compromising of secret information.
In the systems which use physical trait identities and a centralized data base, these systems must maintain an online data base for communication with the remote access control points. Maintaining an on-line large data base and communication with remote sites for each access is very expensive, and poses intolerable access delays during periods of peak transactions. Also, they result in service outages if the central site or the communications medium fails.
In the government sector, the access control issue has not been handled in a centralized manner. Each agency such as, Army, Navy, Department of Energy, etc. has its own access control identification system. The lack of a centralized identification system has allowed the proliferation of unique non-interoperable methods for personal identification. Some of the methods are simple, while others are complex. However, these systems do not interact with one another.
Accordingly, it is an object of the present invention to provide a universally accepted personal identification system providing for low cost identification of personnel at remote access control points without the need of a large, on-line centralized data base to control each of the remote access control points. In addition to providing the personal identification, the invention also provides a means for conveying unforgeable privilege information associated with the user. This information can also be used to later audit or certify that the transaction was performed on behalf of a properly identified individual, and using provably valid attribute or privilege data.