Device and method for providing biometric tokens
By using self-service or agent-operated devices to generate biometric tokens from high-quality identity document and biometric data, the challenges of mobile device limitations are overcome, ensuring reliable and secure digital ID generation and user convenience.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- SITA BV
- Filing Date
- 2025-12-17
- Publication Date
- 2026-07-02
AI Technical Summary
Existing mobile devices face challenges in efficiently reading high-resolution passport images and biometric data due to limitations in RFID technology and camera quality, leading to variable failure rates and user errors, which hinder the adoption of digital ID generation.
Utilizing self-service or agent-operated computing devices to obtain high-quality scans of identity documents and biometric information, generating a biometric identity token that is then transmitted to the user's device for secure storage and use, leveraging superior data capture capabilities of these devices.
Ensures reliable and secure generation of biometric tokens with higher quality data, reducing reliance on consumer device limitations and enhancing user convenience by providing a reusable identity element for various interactions.
Smart Images

Figure EP2025087729_02072026_PF_FP_ABST
Abstract
Description
[0001] DEVICE AND METHOD FOR PROVIDING BIOMETRIC TOKENS
[0002] FIELD OF THE INVENTION
[0003] This invention relates to a methods and devices for generating and using biometric tokens.
[0004] BACKGROUND OF THE INVENTION
[0005] There exist a range of scenarios in which a biometric token may be used as part of security and / or admittance processes. Biometric tokens are known for security purposes and in broad terms comprise a mathematical representation of some form of biometric information such as a fingerprint, face scan or other biometrically derived data. The security of systems using biometric tokens is inherent in the fact that the biometric token is unique to the particular user from whom the biometric token is derived, combined with use of cryptography controlled by the issuing entity
[0006] One particular use of biometric tokens is in the field of security relating to border control and passports. One way of creating a self-sovereign digital ID token on a mobile phone involves using software installed on that mobile phone that interfaces with the:
[0007] - camera for capturing the current user’s face and capturing an image (or set of them) assuring subject liveness, which is also used to image the user’s I D document (often a passport) and assure that the document looks authentic and that its data is consistent between areas and data read from the chip; and
[0008] - RFID module for reading the chip embedded in the passport or national ID, which includes user’s biographic data, e.g. birth date, passport number, expiration date, etc.
[0009] Other arrangements exist involving use of biometric tokens in fields such as banking, security control more generally, access to online systems and so on.
[0010] SUMMARY OF THE INVENTION
[0011] We have appreciated that generating a digital ID entirely via a mobile device is not a less than desirable experience. Mobile device enrolment can be problematic and have variable failure rates, due to several factors.
[0012] In particular, we have appreciated that reading an RFID chip on a passport is not well-suited to being performed on a mobile phone. RFID is not well suited to reading largeamounts of data (e.g. a high-resolution passport image). The primary RFID use case for phones is to enable fast transactions, primarily presenting (and not reading) a payment credential. The data payload for these typical transactions performed by an RFID reader on a mobile phone is very small, typically under 1 KB. By contrast, the data payload required for a high-res image which may be stored on an RFID chip of a passport may be may be 50-80 times larger and may take several seconds of uninterrupted near-contact to complete.
[0013] We have further appreciated that the proximity between a phone’s RFID reader and target must be closely aligned for efficient, error-free data transfer. This can often result in user error which makes it difficult for a user to get a read on a passport RFID chip. Furthermore, some countries’ passports utilize skim-protecting shields using embedded metal foils, which can make it difficult for a phone’s RFID reader to make a clean connection with the RFID chip.
[0014] Visual document scans performed by a user’s mobile phone may have similar downsides such as poor visual quality due to the low cost nature of the camera, or information being cut off from the photo due to user error. As well as the inability of most consumer cameras from detecting security features that are only made apparent via specialized reading devices, such as ultraviolet or infrared detection, accurate reading of holograms, and detection of other document security features such as micro-perforations.
[0015] Given these difficulties, adoption of technology to ingest physical ID documents -and securely adapt them to a purely digital equivalent - has been limited due to the limitations of consumer mobile device technologies. However, the inventors of the present application have identified that much of the data required to generate a digital ID is typically extracted as part of the normal flow of a passenger through an airport, for example when a passenger provides a passport scan and biometric scan when passing through a passenger check-in touchpoint like a kiosk or agent desk. We have appreciated that the dedicated specialized technologies in these devices is superior in many ways to those available in common consumer computing devices.
[0016] The inventors have therefore identified that it is possible to generate a digital ID, in particular a biometric token, using information extracted during other processes (for example, when a user interacts with a routine check-in or bag tag kiosk) utilizing data detection capabilities more numerous and superior to those in consumer devices.The invention is defined in the independent claims to which reference is directed with preferred feature set out in the dependent claims.
[0017] In broad terms, the invention provides methods, devices and systems in which a device such as self service or agent-operated computing device is used to obtain a scan of an identity document of the user and biometric information of the user and to cause a biometric identity token to be generated based on the obtained user identity document data and biometric information, which can be further obtained by biometric capture of the user on the same device using cameras or other biometric sensors such as fingerprint readers. The biometric identity token so generated may be transmitted to a user device of the user.
[0018] By generating the biometric identity token at the point of interaction with the common use computing device, embodiments may enable the token to be formed from identity document data and biometric information obtained during the user’s normal engagement with that device. The resulting token may then be provided to the user device for later use within applications associated with the relevant tenant, allowing the user device to hold a biometric identity token that may be stored for subsequent interactions.
[0019] In this way, the benefit of a scanner and sensor of a self service or agent-operated device may be used for obtaining the highest possible quality of biometric information of the user and document data, instead of lower quality scanner and inputs of a mobile device, but the biometric identity token is still provided to the user device of the user for subsequent use. The generation of biometric tokens from common-use computing devices on behalf of - and for - tenants of such devices, via their applications on those common use devices provides superior data capture of such common use devices combined with convenience to the end user.
[0020] The biometric identity token may be arranged for operation within the tenant’s application on the user device. The token may be created from the identity document data and biometric information obtained at the common use terminal, and may be suitable for storage and use on the user device without reliance on identifiers associated with dedicated hardware. This may support flexible use of the token across user devices operating the relevant tenant application.
[0021] Various ways of providing the biometric identity token to the user device of the user are also provided so as to ensure security of transmission and storage of that token.We have appreciated by using such an approach, the biometric identity token may be more reliable and so used for a longer period and / or higher security purposes.
[0022] The features set out in the dependent claims relating to the common-use computing device may be applied correspondingly to the other independent claim categories disclosed herein.
[0023] BRIEF DESCRIPTION OF THE FIGURES
[0024] An embodiment of the invention as described by way of example only and with reference to the following figures in which.
[0025] Fig. 1 illustrates an example of how data may be exchanged when generating a biometric token.
[0026] Fig. 2 illustrates a first embodiment of a method which may be used to generate a biometric token.
[0027] Fig. 3 illustrates a second embodiment of a method which may be used to generate a biometric token.
[0028] Fig. 4 illustrates a further method which may be used alongside the method of Fig. 3 in generating a biometric token.
[0029] Fig. 5 illustrates a further method for storing a biometric token on a user device. Fig. 6 illustrates a first embodiment of a computing device which may be used to perform the method of Fig. 2 or Fig. 3.
[0030] Fig. 7 illustrates a second embodiment of a computing device which may be used to perform the method of Fig. 4.
[0031] Fig. 8 illustrates a third embodiment of a computing device which may be used to perform the method of Fig. 5.
[0032] Fig. 9 illustrates a further example of how data may be exchanged when generating a biometric token.
[0033] DESCRIPTION OF AN EMBODIMENT OF THE INVENTION
[0034] The following description is made with reference to airports, airport departure gates, and passengers by way of example only. However, embodiments may advantageously be used in any venue that requires associating an identity check with an assertion for service or passage, including and not limited to train stations (train tickets), concert venues (concert tickets), hospitals (for admission), and so on. Embodiments may therefore support the use of the biometric identity token across a range of services offered by the tenant application,allowing identity data obtained at the common use device to be used again in contexts determined by that tenant. In this way, the biometric identity token may act as a reusable identity element for interactions recognised by the issuing tenant. Further, embodiments of the invention may be used in any other setting where a user wishes travel to a particular location.
[0035] Fig. 1 schematically illustrates the data flow 100 which may occur when a user generates a biometric token, also referred to as a biometric identity token, and shows the main component parts of an embodiment of the invention.
[0036] The main component parts include a check-in app that operates a check in step 102 deployed on a common use device such as a self-service device or agent-operated device including a bag drop , check-in kiosk or other device that includes functionality to both scan a user document and derive user biometric information. The other main component part includes a user device of the user, such as a mobile phone, tablet or other user device that may securely receive and store a biometric identity token. That user device operates the step of receiving the biometric identity token at step 140. The concept of common use technology is well known in the airline industry and, in broad terms, allow airlines, airports, and ground handling agents to support the optimization of passenger processes using shared technologies typically found at airports, but also at seaports, hotels and train stations. Common use devices include any hardware terminal provided by one party and adapted to securely operate one or more applications on behalf of other parties including providers such as airlines, airport operators of other service providers. Through this configuration, the biometric identity token may be created within the application domain of the tenant using the common use device. The same common use hardware may support issuance of biometric identity tokens for multiple tenants, with each tenant application generating and delivering tokens to user devices within its own application framework. Common use devices are designed to be highly interoperable, allowing seamless integration with various airline systems and software. One such aspect of interoperability that we leverage includes the ability for an application of a provider to be operated on such a device and to communicate with a corresponding application on a user device of a user.
[0037] The biometric token may be generated as part of the normal check-in process undergone by a passenger travelling through an airport. However, it will be understood that the claimed invention could be applied to other domains, such as when a user enrols an identity and / or passes through security at a factory, office, or other location.At step 102, the user may approach a device, such as a Common Use Self Service (CUSS) kiosk or Common Use Terminal Equipment (CUTE) workstation when checking into their flight. The device may be a self service device and may also be an eGate or security gate, a check in kiosk, a border control checkpoint, a bag check kiosk, an agent-operated check-in workstation, or any other computing device equipment in which a user’s identity and credential is established and / or accepted for admittance.
[0038] A kiosk may be defined as a computing device with which a user may interact to perform one or more processes associated with a journey between an origin and a destination. Such a kiosk may preferably be operated by an airport or an airline or by a third party on behalf of same. A kiosk may further comprise a structure in an area used for providing information, often comprising an interactive display screen or screens.
[0039] At step 104, the user may perform a typical enrolment process when passing through airport security. For example, the user may scan their passport on a kiosk, and provide a biometric scan (such as a photograph or fingerprint scan) which may be used to confirm the identity of the user and allow them to proceed through the airport on their current journey.
[0040] At step 120, the information collected at step 104 may be stored in a buffer. This information may be stored until the user proceeds to step 106, and confirms whether they would also like a reusable biometric identity token generated for use in other parts of the airport on the user’s present journey, or for use on future journeys through the same or other airports.
[0041] At step 106, the kiosk may ask the user to confirm whether a portable ID in the form of a reusable biometric identity token should be generated.
[0042] At step 130, if the user confirms they do not want a biometric token generated, then no token is generated. For data security purposes, the biographic and biometric data stored on the device may be deleted, once it is not longer needed. By default, if the user does not confirm either option on the kiosk, the kiosk may default to a “no” answer and proceed to step 130.If the user answers “yes”, the system may proceed to step 140. The stored data may be selected and used to generate the biometric token. Once the biometric token is generated, it may be transmitted to a device of the user, such as a mobile phone, tablet, or smartwatch.
[0043] Generation of the biometric token may be locally on the kiosk or computing device. This has the advantage of reducing the amount of data that needs to be sent or received from the kiosk when generating the token, and can help to improve data security since there is no risk of sensitive passenger information being obtained by 3rd parties whilst it is being transmitted. Alternatively, the token may be generated on a separate biometric tokengenerating computer device or server which receives the user’s biographic and biometric data communicating with the device collecting that data directly. The advantage of this approach is that it requires less hardware to be stored locally on the kiosk, which may be particularly beneficial if this system is retrofitted onto pre-existing airport kiosks or agent-operated computing stations. More details of how the biometric token is generated is provided below.
[0044] Embodiments may therefore utilise the document scanner and biometric scanner of the common use device to obtain the information from which the biometric identity token is generated. The token may consequently reflect the identity document data and biometric information that were captured at the common use terminal.
[0045] Whether the user selects step 130 or 140, the process may end at step 108 with the user check-in complete.
[0046] Fig. 2 illustrates a method 200 for use in generating a biometric token locally on a kiosk.
[0047] At step 210, a device (such as a kiosk) may obtain a scan of an identity document of a user. This may be obtained directly by the device, such as from a document scanner provided as part of the device. Alternatively, the device may not be provided with the device. Instead, scanning of the document may be performed by a separate device which does have a document scanner - this device may then provide the document scan to the device for use.
[0048] The document scanned may comprise one or more of a passport, a driver’s licence, national ID, a visa, or a security pass. More than one of these documents may be scanned as part of this process, with data being extracted from each document scanned. In apreferable embodiment, the user may scan their passport as part of the check-in process through an airport.
[0049] To achieve this, the device may include a camera and / or RFID reader to obtain information from the identity document. The identity document may use optical character recognition to extract identity document data from an image of an identity document of the user.
[0050] The data extracted as part of this process may comprise one or more of: a passport number; a picture of the passport holder; the document issuer’s country; a given name; a surname; a date of birth; a sex or gender; a place of birth; a date of issue; a date of expiry; a document serial number, and data proprietary to the country of issuance to enable secured verification by that issuer.
[0051] Additionally, the document may contain an RFID-readable chip which contains further identity document information. As part of step 210 the RFID chip may also be scanned and data from this chip extracted and possibly verified by the computing device that reads it.
[0052] The data extracted from the RFID chip may comprise one or more of: a given name; a surname; a date of birth; a place of birth, a passport number; document date of issuance, document date of expiration, a picture of the passport holder; or fingerprints.
[0053] At step 220, the device may obtain biometric information of the user. This may be obtained through a biometric scanner which is part of the device, or the scan may be performed by a separate device and provided to the device.
[0054] The biometric information may preferably be “live” biometric data obtained by the device - in other words the user may interact with a biometric scanner using their body at the point of using the device to provide the biometric information, in contrast to the user providing biometric data stored on a data storage medium. The biometric scanner may be a camera configured to capture photographs of body parts of the user, or may be some other specially configured biometric scanner such as a palm vein scanner.
[0055] The biometric scan of the user may comprise one or more of: one or more images of the face of the user; one or more images of the one or more fingerprints of the user; one or more images of a palm-print of the user; one or more images of a palm vein scan of the user;one or more images of a finger shape of the user; one or more images of a retina of the user; one or more images of an iris of the user; one or more images of a scleral of the user; or one or more images of an ear of the user.
[0056] Because this biometric capture may be performed at the common use computing device during a process the user would typically undertake, the identity document data and biometric information may be collected without requiring a distinct enrolment session. This may allow the biometric identity token to be generated as part of the user’s established interaction with the common use terminal.
[0057] In a preferable embodiment, the biometric data may comprise a facial photograph of the user as part of an eGate, check-in kiosk, check-in workstation, or other computing device. This image may be processed to extract certain facial features of the user, such as face shape, head shape, retina shape, or other characteristics of the user.
[0058] The biometric scan may be performed at or around the same time that the identity document scan is performed. For example, this may mean that the scans are performed at least within 5 seconds of one another, at least within 10 seconds of one another, at least within 30 seconds of one another, at least within 1 minute of one another, or at least within 5 minutes of one another.
[0059] At step 230, the biometric token may be generated, optionally with a step of obtaining user consent depending upon any prevailing jurisdictional requirements. In embodiments, the biometric identity token may be generated using the identity document data and biometric information collected at the common use device. Whether produced locally or by a biometric token-generating device acting on transmitted data, the output token may remain based on the information obtained at the user’s interaction with the common use terminal. The biometric token may include user identity document data determined from the scan of the user's identity document and wherein the biometric token further comprises the obtained biometric information of the user. The user identity document data may be text data extracted from an image of the document using optical character recognition, OCR, or other text extraction techniques, or may be a JPEG or other image format of a captured image of the identity document. The biometric token may directly contain the user identity document data and biometric information, or may be derived from that information. In the example below, the biometric token contains one or more data fields of security relevant to the user, but stored in an encrypted form. As an alternative, the biometric token may be derived from suchdata by a tokenisation process using any standard tokenisation technique that maps the original data to a token using processes such as cryptographic functions such that it is infeasible to reverse the token to obtain the original data. In either case, the biometric data of the user is protected.
[0060] In embodiments, the information used to form the biometric identity token may be that which was obtained during the user’s interaction with the common use device through its integrated identity document scanner and biometric scanner. The biometric identity token may therefore be derived from information gathered using the document and biometric capture capabilities of the common use terminal.
[0061] As part of the generation of the token, the data may be converted and stored in a particular data format. The data format may be a standardised data format with a particular standardised set of fields, or may be a data format specific to a particular token generator and supplier. Additionally, the token may be encrypted as part of this process. This encryption may be done according to the Data Encryption Standard, DES, or any other suitable standard for achieving data encryption. The biometric token may comprise one or more of the following data fields:
[0062] Passport Number
[0063] Picture of passport holder
[0064] Country code
[0065] Given Names
[0066] Surname
[0067] Date of Birth
[0068] Sex
[0069] Place of Birth
[0070] Date of Issue
[0071] Date of expiry
[0072] Perforated serial number
[0073] Live picture of user
[0074] Fingerprint scan
[0075] The biometric token may be generated locally on a processor of the device. As part of the generation of the biometric token, the device may take as an input identity document data determined from a scan of the user's identity document, biometric information of the user, and optionally additional document data obtained from an RFID circuit integrated intothe identity document. This data, or a subset of this data, may then be stored inside of a biometric token, which may have a particular data format with one or more data fields, and encrypted.
[0076] The biometric token may also include a data field indicating a token type. For example, if the biometric token is generated using a passport as the user ID, the token type may be set to “international”, meaning that the biometric token can be used in the future to check into all flights, domestic and international. If the token is generated using a drivers licence as an ID, the token type may be set to “domestic”, meaning that the biometric token can only be used in the future to check into domestic flights, and if the user wished to obtain a biometric token suitable for use on international flights the user would need to generate a new biometric token using their passport.
[0077] As part of this process, the device may perform a comparison of information obtained from the scan of the identity document of the user with information obtained from the biometric information of the user. For example, the device may compare a photograph stored on a passport (such as the paper photograph or a photograph stored on an RFID chip) with a photograph taken by the kiosk at that time. The device may only proceed with generating the biometric token if the comparison of the biometric information and identity document substantially match or correspond. For example, facial analysis software may analyse an image of the user obtained from an I D document (such as a paper photo inside of a passport, or a picture stored on an RFID circuit of the passport) with a “live” photograph of the user taken at the time of interaction with the device or kiosk. It will be appreciated that these two photographs will not be identical, since they are different photographs of the same person taken at different times - however, analysis of these photographs can be performed to determine that the photographs identify the same person, based on the photographs substantially matching. The photographs may be deemed to substantially match if the software outputs that the faces within these two photos are a match above a threshold level of confidence (for example, the software outputs that it considers there is a 95% chance or more that the photographs are of the same person). Alternatively, or as part of the same method, facial features of the user may be extracted from both photographs (e.g. eye spacing distances, nose width, the positions of moles of blemishes) and used to confirm the photographs are of the same person.
[0078] In certain embodiments, the biometric token may not be available to all users of the device. For example, an airport or airline may only offer to generate a biometric token to theirbest or most frequent fliers. In some embodiments the biometric token is only generated if the user is determined to have obtained a number of air miles exceeding a threshold, flown a number of flights exceeding a threshold, or if the user has a profile which has been assigned a status marker allowing the user the ability to generate a biometric token.
[0079] At step 240, once the biometric token has been generated, the device may transmit the biometric token to a user device. This may be achieved using one or more of:
[0080] a Bluetooth signal;
[0081] an RFID signal;
[0082] via the internet; or
[0083] via a QR code displayed on a computing device screen of the computer device which comprises a link suitable for requesting the transmission of the biometric token to the user equipment device of the user.
[0084] Once the biometric token has been transmitted to the end user’s device, the system may erase identity document data and biometric data stored on the computing devices from which it was transmitted, or any caches or buffers where it may have been temporarily stored.
[0085] Transmission of the biometric identity token from the common use computing device, or from a biometric token-generating device acting upon its data, may enable the user’s device to retain the token for later use. This may allow subsequent verification or use to take place within the user’s device while the capture data remains confined to its original processing environment.
[0086] The device may transmit the biometric token to the user device as soon as the biometric token is generated, which may help reduce the time it needs to be stored in a temporary buffer or cache. Alternatively, the biometric token may only be sent to the user device after a threshold amount of time has passed, for example a minute, an hour, or a day, which can help to reduce spikes in data transmission during busy periods. Alternatively, the biometric token may be linked to a particular application stored on a user’s device, such as a particular app for an airline. The biometric token may be stored and only transmitted to the users phone the next time the user logs in to the application.
[0087] Fig. 3 illustrates a method 300 for use in generating a biometric token externally to a kiosk.Methods 200 and 300 are similar, as will be understood by the skilled person. A number of steps are performed in similar ways, and may be achieved via similar technical means. As such, only the key differences between methods 200 and 300 will be discussed in detail.
[0088] At step 310, the device may obtain a scan a scan of an identity document of a user. At step 320, the device may obtain biometric information of the user.
[0089] At step 330, if the user consents to the generation of a biometric token, the device may transmit user identity document data to a biometric token generating computer device. The user identity document data may comprise the scan of the user's identity document and user biometric data may comprise the biometric information of the user.
[0090] In certain embodiments it may be that the device does not have the necessary software or hardware to perform biometric token generation locally on the device. Alternatively, it may simply be more computationally or time efficient for the token to be generated on an external device or server.
[0091] To achieve this, the device may send the information required to generate the biometric token - such as the user identity document data determined from the scan of the user's identity document and the obtained biometric information of the user - to the biometric token generating computer device. This may be achieved via the internet, wired connection, peer-to-peer data transmission, or any other suitable means.
[0092] The biometric token generating computer device may generate the biometric token. This is discussed further below in relation to method 400.
[0093] Optionally, once the biometric token generating computer device has generated the biometric token, the device may proceed to step 340 in which the device receives the generated biometric token. Again, this may be achieved via the internet, wired connection, or any other suitable means. The biometric token may be stored locally on a buffer or cache of the device.
[0094] Optionally, at step 350, the device then transmits the biometric token to the user device.Fig. 4 illustrates a method 400 for generating a biometric token on an external biometric token generating computer device.
[0095] At step 410, the biometric token generating computer device may receive the user identity document data determined from the scan of the user's identity document and the obtained biometric information of the user.
[0096] At step 420, the biometric token generating computer device may generate the biometric token.
[0097] At step 430, the biometric token generating computer device may transmit the generated biometric token. The biometric token may be transmitted to a device or kiosk in keeping with method 300, for the device to then transmit the biometric token to a user device itself. Alternatively, the biometric token generating computer device may transmit the biometric token directly to a user device itself, or may provide the biometric token to an application memory or storage device for the application to provide the biometric token to the suer device itself.
[0098] Fig. 5 illustrates a method 500 for a user device to receive a generated biometric token. This method may be performed alongside any of the previously discussed methods, 200, 300, or 400.
[0099] At step 510, the user device may receive a biometric token. This may be received from a local kiosk via a Bluetooth signal; an RFID signal; other peer-to-peer wireless data transmission, relayed via a local network or the internet; or a request to download the data instantiated via a QR code. Alternatively, the user device may receive the biometric token from a separate biometric token generating computer device, which may optionally provide the biometric token via networked services, such as the internet.
[0100] At step 520, the device may store the biometric token. The biometric token may be stored in the memory of the device, and in particular embodiments may be stored inside of a secure digital wallet inside of the device.
[0101] The biometric token may also be stored inside of a part of the device’s memory allocated to a particular application installed on the user device. For example, the biometric token may be associated with a particular airport or airline, and the biometric token may be stored inside of an application owned or associated with the issuing entity.Storage of the biometric identity token within such an application may allow the user to employ the token during later interactions supported by that tenant, without repeating the original document and biometric capture. The token may therefore serve as a persistent identity element where the tenant application recognises tokens created at the common use device.
[0102] Security may be provided by virtue of interoperability between an application of a provider on the common use terminal and an application of that provider on the device of the user. The biometric token may be encrypted, signed or otherwise securely provided in a manner usable by an application of the provider operating on the user device of the user and as a result of the interaction between the user and an application of the provider operating on the common use terminal.
[0103] At step 530, the user device may transmit the biometric token elsewhere. For example, the biometric token may be generated on a first journey the user takes travelling through an airport with a particular airline. The next time a user flies with that same airline, the user may complete online or in person check in using the previously generated biometric token. This may provide the airline with the necessary user information required for the user to proceed, and does not require the user to reverify the information stored within it.
[0104] Optionally, in order to de-encrypt or use the biometric token, the user may need to provide a live biometric scan to authenticate their identity. For example, the user may be required to take a photograph of their face using their mobile phone camera. This picture may be compared with data stored in the biometric token, or elsewhere, to verify that the user is able to validly use the biometric token. For example, a photograph of the user’s face stored within the biometric token may be compared to a “live” photograph of the user’s face taken on their phone, and the token may be fully de-encrypted for the user to use if these photographs are found to substantially match. Only once this verification process has been performed may the user use the biometric token and send it elsewhere.
[0105] Fig. 6 illustrates a device 600 which may be used in executing methods 200 or 300. The device 600 may be a CUTE or CUSS kiosk.
[0106] The device 600 may comprise a communication bus 610 to allow the various parts of the device to interact and communicate with one another.The device 600 may comprise a display 620 to display information to a user. The display 620 may be in the form of an LED or QLED display.
[0107] The device 600 may comprise a network communication device 630. This may allow the device 600 to communicate over the internet with a user device or with a biometric token generating computer device.
[0108] The device 600 may comprise a local transmitter 640. The local transmitter may comprise an RFID transmitter, a Bluetooth transmitter, or any other suitable form of local transmitter. This may allow the device to communicate locally with a user device or to read an RFID circuit.
[0109] The device 600 may comprise a memory 650. This memory may be used to store user identity document data comprising a scan of the user's identity document and user biometric data comprising biometric information of the user.
[0110] The device 600 may comprise a processor 660. Processor 660 may be used to execute any of the methods 200 or 300.
[0111] The device 600 may comprise a biometric scanner 670. The biometric scanner may comprise a camera, a fingerprint scanner, or any other suitable means of obtaining biometric data.
[0112] The device 600 may comprise a document scanner 680. Document scanner may comprise a camera, an RFID scanner, or other suitable document scanner means. The RFID scanner and camera may be the same RFID scanner and camera used by other components of the device 600.
[0113] Fig. 7 illustrates a device 700 which may be used in executing method 400. The device 700 may be a biometric token generating computer device in the form of a server or computer device.
[0114] The device 700 may comprise a communication bus 710 to allow the various parts of the device to interact and communicate with one another.The device 700 may comprise a network communication device 730. This may allow the device 700 to communicate over the internet with a user device or with a kiosk to exchange a biometric token or data for use in generating the biometric token.
[0115] The device 700 may comprise a memory 750. This memory may store the biometric token, or data for use in generating the biometric token.
[0116] The device 700 may comprise a processor 760. The processor may be used to execute the method 400.
[0117] Fig. 8 illustrates a device 800 which may be used in executing method 500. The device 800 may be a user device such as a mobile phone for use in storing the biometric token.
[0118] The device 800 may comprise a communication bus 810 to allow the various parts of the device to interact and communicate with one another.
[0119] The device 800 may comprise a display 820 to display information to a user. The display 820 may be in the form of an LED or QLED display.
[0120] The device 800 may comprise a network communication device 830. This may allow the device 800 to communicate over the internet with a device such as a kiosk or with a biometric token generating computer device.
[0121] The device 800 may comprise a local transmitter 840. The local transmitter may comprise an RFID transmitter, a Bluetooth transmitter, or any other suitable form of local transmitter. This may allow the device to communicate locally with a device such as a kiosk or to transmit data.
[0122] The device 800 may comprise a memory 850. This memory may be used to store a biometric token received from a device such as a kiosk or another biometric token generating computer device. In particular, the device 800 may have a portion of the memory 850 allocated as a secure wallet 855, which may be specifically adapted to securely receive and store the biometric token.The device 800 may comprise a processor 860. Processor 660 may be used to execute method 500.
[0123] The device 800 may comprise a biometric scanner 870. This may comprise a camera or a fingerprint scanner. This may be used by the device 800 to obtain further biometric data from the user to allow them to decrypt and / or use the biometric token.
[0124] Fig. 9 shows a further data flow process that forms part of the claimed material.
[0125] A device 910 may take the form of a self-service computing device such as a common use kiosk. For example, this may be a CUSS kiosk or CUTE workstation for available to users as part of their check in process at an airport.
[0126] At step 1 of Fig. 9, the user may check in to the device 910. This may involve logging into the kiosk with some identifying information such as an account name, email, or password, or presenting the same to an agent at an agent-operated workstation. The kiosk / workstation may comprise a common use computing environment. The kiosk is a common use device, e.g. a kiosk or other agent-operated computing workstation. The kiosk may include tenant common use applications which may be accessed by common users. The user may check into the tenant common use app (i.e. the biometric token I ID issuer) using an ID scan. The tenant app may instantiate a request for biometric ID I token credentials for the user.
[0127] At step 2 of Fig. 9, the user may access peripherals 915 of the device 920. The peripherals may include a ID document validation and data collection processor, a camera (or other biometric data collection device, e.g. fingerprint scanner), networking apparatus, a touchscreen, a display, a mouse, a printer, and local peer-to-peer communication means such as Bluetooth and RFID communication means.
[0128] The peripherals 915 may be used to gather and verify ID and biometric data from the user. The peripherals may include peripherals of the system and remote connected systems.
[0129] At step 3 of Fig. 9, the identity data obtained by the peripherals 915 may be used to format and encrypt a biometric token. The identity data may be formatted and encrypted to generate the token. This may be achieved locally on the kiosk device, or on an external device as previously discussed.At step 4 of Fig. 9 the encrypted biometric token may be transmitted to a secured local data store as part of a local application for a biometric issuer stored on a user device 930. This may be provided to the user device using local, peer-to-peer means such as Bluetooth, NFC, or RFID, or may be provided via an application server 920 using a push service or a cache I pull data store. The application server may include a biometric services and data integration subsection, which may itself include a biometric gallery for storing biometric data. Upon receipt of the data on the user’s mobile phone, a ‘live’ 1:1 match of the user’s face (with liveness check) against the token contents to be stored could be performed to allow decryption and storage to happen in the first place, rendering it nearly impossible for another device to download and store this data. Effectively, this assures that the person in front of the phone receiving this data is the same person that’s in the Digital ID.
[0130] It will be appreciated that the system, device and method may include a computing device, such as a desktop computer, a laptop computer, a tablet computer, a personal digital assistant, a mobile telephone, a smartphone.
[0131] The device may comprise a computer processor running one or more server processes for communicating with client devices. The server processes comprise computer readable program instructions for carrying out the operations of the present invention. The computer readable program instructions may be or source code or object code written in or in any combination of suitable programming languages including procedural programming languages such as C, object orientated programming languages such as C#, C++, Java, scripting languages, assembly languages, machine code instructions, instruction-set-architecture (ISA) instructions, and state-setting data.
[0132] The wired or wireless communication networks described above may be public, private, wired or wireless network. The communications network may include one or more of a local area network (LAN), a wide area network (WAN), the Internet, a mobile telephony communication system, or a satellite communication system. The communications network may comprise any suitable infrastructure, including copper cables, optical cables or fibres, routers, firewalls, switches, gateway computers and edge servers.
[0133] The system described above may comprise a Graphical User Interface. Embodiments of the invention may include an on-screen graphical user interface. The user interface may be provided, for example, in the form of a widget embedded in a web site, asan application for a device, or on a dedicated landing web page. Computer readable program instructions for implementing the graphical user interface may be downloaded to the client device from a computer readable storage medium via a network, for example, the Internet, a local area network (LAN), a wide area network (WAN) and / or a wireless network. The instructions may be stored in a computer readable storage medium within the client device.
[0134] As will be appreciated by one of skill in the art, the invention described herein may be embodied in whole or in part as a method, a data processing system, or a computer program product including computer readable instructions. Accordingly, the invention may take the form of an entirely hardware embodiment or an embodiment combining software, hardware and any other suitable approach or apparatus.
[0135] The computer readable program instructions may be stored on a non-transitory, tangible computer readable medium. The computer readable storage medium may include one or more of an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk.
[0136] Exemplary embodiments of the invention may be implemented as a circuit board which may include a CPU, a bus, RAM, flash memory, one or more ports for operation of connected I / O apparatus such as printers, display, keypads, sensors and cameras, ROM, a communications sub-system such as a modem, and communications media.
[0137] The terms biometric token, biometric identity token, reusable biometric token, and reusable biometric identity token, may used interchangeably throughout the specification.
Claims
CLAIMS:
1. A common use computing device for use in providing a biometric identity token to a user device of a user, the common use computing device configured to:obtain a scan of an identity document of a user;obtain biometric information of the user;cause the biometric identity token to be generated, wherein the biometric identity token is based on user identity document data determined from the scan of the identity document of the user and wherein the biometric identity token is further based on the obtained biometric information of the user; andcause the biometric identity token to be transmitted to the user device of the user.
2. The computing device of claim 1, wherein the biometric identity token is generated at the time the user interacts with the computing device.
3. The computing device of any previous claim, wherein the identity document of the user comprises a passport, a driver’s licence, a visa, or a security pass.
4. The computing device of any previous claim, wherein the scan of the identity document of the user comprises ID document text data, and an image of the user obtained from the ID document.
5. The computing device of any previous claim, wherein the user identity document data is obtained from the scan of the user's identity document based on optical character recognition, OCR, and I or an image taken of the identity document.
6. The computing device of any previous claim, wherein the identity document of the user comprises a passport, and the identity document data of the user comprises any one or more of:country of issuance;place of issuancea passport number;a picture of the passport holder;a country code;a given name;a surname;a date of birth;a sex or gender;a place of birth;a date of issue;a date of expiry;other issuer-proprietary data security coding; ora perforated serial number.
7. The computing device of any previous claim, wherein the identity document of the user comprises an RFID integrated circuit, and obtaining the scan of the identity document of the user comprises obtaining data from the RFID integrated circuit.
8. The computing device of claim 7, wherein the data obtained from the RFID integrated circuit comprises any one or more of:a given name;a surname;a date of birth;a passport number;a picture of the passport holder; orone or more fingerprints.
9. The computing device of any previous claim, wherein the biometric information of the user is obtained from a scan of the user at time of user interaction with the computing device.
10. The computing device of any previous claim, wherein the biometric information of the user comprises any one or more of:one or more images of the face of the user;one or more images of the one or more fingerprints of the user;one or more images of a palm-print of the user;one or more images of a palm vein scan of the user;one or more images of a finger shape of the user;one or more images of a retina of the user;one or more images of an iris of the user;one or more images of a scleral of the user; orone or more images of an ear of the user.
11. The computing device of any previous claim, wherein the biometric information of the user is obtained via a scan performed at the time that the user interacts with the computing device.
12. The computing device of any previous claim, wherein the biometric information of the user comprises one or more images of the face of the user obtained by a biometric scanner coupled to the computing device at the time that the identity document of the user is scanned.
13. The computing device of any previous claim, wherein the computing device is further configured to:perform a comparison of the user identity document data determined from the scan of the user's identity document with the obtained biometric information of the user; and generate the biometric identity token if the user identity document data determined from the scan of the user's identity document and the obtained biometric information of the user substantially match such that the information obtained from the scan of the identity document and the information obtained from the biometric information correspond to the same user.
14. The computing device of any previous claim, wherein the computing device further comprises:an identity document scanner; anda biometric scanner.
15. The computing device of claim 14, wherein the identity document scanner comprises one or more of:a passport scanner; oran RFID scanner.
16. The computing device of claim 14 or 15, wherein the biometric scanner comprises one or more of:a camera; ora fingerprint scanner.
17. The computing device of any previous claim, wherein the computing device is a check in kiosk, a border control checkpoint, a bag check kiosk, an agent-operated checkin workstation, or any other self service computing device equipment.
18. The computing device of any previous claim, wherein the computing device is further configured to transmit the biometric identity token to a user equipment device of the user, wherein the user equipment preferably comprises a mobile phone, a tablet device, a smartwatch, or other portable communication device.
19. The computing device of claim 18, wherein the biometric identity token is transmitted to a mobile application installed on the user equipment device of the user after a threshold amount of time has passed since the biometric identity token was generated.
20. The computing device of claim 18, wherein the biometric identity token is transmitted to a mobile application on the user equipment device of the user the first time that the user accesses the mobile application after the biometric identity token was generated.
21. The computing device of any claim 18 to 20, wherein the biometric identity token is transmitted to the user’s equipment device using:a Bluetooth signal;an RFID signal;via the internet; orvia a QR code displayed on a computing device screen of the computer device which comprises a link suitable for transmitting the biometric identity token to the user equipment device of the user.
22. The computing device of any of any claim 18 to 21 , wherein after the biometric identity token is transmitted to the user equipment device of the user, the user identity document data determined from the scan of the user's identity document and the obtained biometric information of the user is deleted from the computing device.
23. The computing device of any previous claim, wherein the biometric identity token is only generated if the user is determined to have obtained a number of air miles exceeding a threshold, flown a number of flights exceeding a threshold, or if the user has aprofile which has been assigned a status marker allowing the user the ability to generate a biometric identity token.
24. The computing device of any previous claim, wherein if the user does not consent to the generation of the biometric identity token, then the computing device is configured to not generate the biometric identity token.
25. The computing device of any preceding claim, wherein the computing device is arranged to cause the biometric identity token to be generated by a separate biometric identity token generating computer device, the computing device configured to:transmit user identity document data determined from the scan of the user's identity document and the obtained biometric information of the user to a biometric identity token generating computer device.
26. The computing device of claim 25, further configured to receive the biometric identity token generated by the biometric identity token generating computer device.
27. The computing device of claim 26, wherein the computing device is further configured to transmit the biometric identity token to a mobile application installed on the user equipment device of the user.
28. The computing device of claim 26, wherein the computing device is further configured to transmit the biometric identity token to a secured digital wallet application installed on the user equipment device of the user and configured to store the biometric identity token.
29. The computing device of any claim 25 to 28, wherein transmitting the user identity document data and transmitting the obtained biometric information of the user comprises transmitting the user identity document data and the obtained biometric information of the user to the biometric identity token generating computer device over a wireless or wired communications protocol.
30. An application configured to be executed on a user device of a user, the application configured to:receive a biometric identity token based on user identity document data and biometric information of the user and obtained by a common use computing device from a scan of the identity document presented by the user and the biometric information derived from the user at the common use computing device; andstore the biometric token if the biometric token passes a verification process operated on the user device.
31. The application of claim 30, wherein the verification process comprises operating a liveness detection of the user.
32. The application of claim 31, wherein the liveness detection is performed between biometric information of the user of the biometric token and live images captured of the user.
33. The application of claim 30, 31 or 32, wherein the application is further configured to transmit the biometric token.
34. The application of claim 33, wherein the biometric token is transmitted in response to receiving additional biometric data from the user which substantially matches with biometric data previously obtained from the user.
35. The application of claim 34, wherein the additional biometric data is a photograph of the user’s face captured with the user equipment device of the user.
36. The application of claim 35, wherein the additional biometric data from the user comprises a photograph of the user’s face captured with the user equipment device of the user, wherein the photograph substantially matches a photograph of the user’s face stored within the biometric token.
37. The application of any claim 30 to 34, wherein the biometric identity token is received in an encrypted format, and stored in an encrypted format.
38. A method for providing a biometric identity token to a user device of a user operable on a common use computing device comprising:obtaining a scan of an identity document of a user;obtaining biometric information of the user;causing the biometric identity token to be generated, wherein the biometric identity token is based on user identity document data determined from the scan of the identity document of the user and wherein the biometric identity token is further based on the obtained biometric information of the user; andcausing the biometric identity token to be transmitted to the user device of the user.
39. The method of claim 38, wherein causing the biometric identity token to be generated comprises transmitting the user identity document data and biometric information of the user to a biometric identity token generating device, and receiving the biometric identity taken from the biometric identity token generating device.
40. The method of claim 38, wherein causing the biometric identity token to be generated comprises generating the biometric identity token on the common use computing device.
41. The method of claim 39 or 40, wherein the biometric identity token comprises one or more fields of data of the user identity document data and at least a portion of the obtained biometric information of the user.
42. The method of claim 39 or 40, wherein the biometric identity token is derived from the user identity document data and biometric information using a cryptographic process.
43. A computer product program that when executed performs the methods of any of claims 38 to 42.
44. A computing device, the computing device comprising a processor configured to perform any of the methods of claims 38 to 42.
45. A common use computing device for use in providing a biometric identity token to a user device of a user, the common use computing device configured to:obtain a scan of an identity document of a user;obtain biometric information of the user;cause the biometric identity token to be generated, wherein the biometric identity token is based on user identity document data determined from the scan of the identity document of the user and wherein the biometric identity token is further based on the obtained biometric information of the user; andcause the biometric identity token to be transmitted to the user device of the user, wherein the biometric identity token comprises data derived from the identity document data and the biometric information obtained at the common use computing device.
46. An application configured to be executed on a user device of a user, the application configured to:receive a biometric identity token based on user identity document data and biometric information of the user and obtained by a common use computing device from a scan of the identity document presented by the user and the biometric information derived from the user at the common use computing device; andstore the biometric token if the biometric token passes a verification process operated on the user device,wherein the biometric identity token comprises data derived from the identity document data and the biometric information obtained at the common use computing device.
47. A method for providing a biometric identity token to a user device of a user operable on a common use computing device comprising:obtaining a scan of an identity document of a user;obtaining biometric information of the user;causing the biometric identity token to be generated, wherein the biometric identity token is based on user identity document data determined from the scan of the identity document of the user and wherein the biometric identity token is further based on the obtained biometric information of the user; andcausing the biometric identity token to be transmitted to the user device of the user, wherein the biometric identity token comprises data derived from the identity document data and the biometric information obtained at the common use computing device.
48. A method executed on a user device of a user comprising:receiving, at the user device, a biometric identity token based on user identity document data and biometric information of the user and obtained by a common use computing device from a scan of the identity document presented by the user and the biometric information derived from the user at the common use computing device; andstoring, at the user device, the biometric identity token if the biometric token passes a verification process operated on the user device.
49. A method executed on a user device of a user comprising:receiving, at the user device, a biometric identity token based on user identity document data and biometric information of the user and obtained by a common use computing device from a scan of the identity document presented by the user and the biometric information derived from the user at the common use computing device; and storing, at the user device, the biometric identity token if the biometric token passes a verification process operated on the user device,wherein the biometric identity token comprises data derived from the identity document data and the biometric information obtained at the common use computing device.
50. A computer program product which, when executed, undertakes the method of any one of 38-42, or 47-49.
51. The method of any one of claims 38 to 42 or 47 to 49 or device according to any one of claims 1 to 37 or 45 to 46 wherein each step is performed via the computing device or one or more further computing devices.
52. A multi-use biometric information token, BIT, derived from a plurality of different data sources, the BIT comprising data derived from user identity document data determined from data read by a first computing device from an identity document associated with a user and derived from biometric information obtained from a scan of the user performed by the first computing device and wherein the BIT is stored on a second computing device wherein the second computing device is different from the first computing device and wherein the BIT is only stored on the second computing device if the BIT passes a verification process performed by the second device.
53. The multi-use biometric information token, BIT, according to claim 52 wherein the BIT is for use in the travel and preferably the aviation industry.
54. The multi-use biometric information token, BIT, according to any one of claims 52 to 53 wherein the first computing device and second computing device are located in a same predetermined area of a transportation hub.3055. The multi-use biometric information token, BIT according to any one of claims 52 to 55 wherein the second computing device is configured to communicate with the first computing device via, Bluetooth, NFC, or RFID communication protocols.