Technical Field

The present invention relates to systems, entities, and methods for remote analysis of a security document . Specifically, the present invention aims to increase flexibility in the use of existing field equipment that is employed for scanning security documents at, for example, checkpoints .

Background

Electronic systems for issuing and authenticating security documents, such as passports, identity cards, visa, driving licences, and the like, are common practice in most countries all over the world today. Because such systems handle data that is both confidential and sensitive, most existing electronic systems for security document handling are closed proprietary systems. In other words, the existing systems comprise special central data repositories that are connected by means of well protected, closed protocols and data links to the equipment and terminals in the field. The field equipment usually comprises data terminals, scanners, printers, and the like.

Usually, authorized personnel employ such systems at, for example, border checkpoints (immigration) , authority office premises, airports, and mobile checkpoints as part of common police patrols. Specifically, authorized personnel may check a security document from an owner in the field by querying personal data taken from the security document by means of accessing the mentioned special central data repositories. The system may provide an analysis result to a terminal in the field so that the personnel can take appropriate action, e.g. letting the checked person pass a security checkpoint, arresting the checked person, providing the checked person with a certificated, applying a stamp or mark to the presented security document .

Since the existing systems are usually well protected and shielded so as to avoid any unauthorized interference with the data exchange, it may be difficult to install new field equipment or to change generally the equipment and components of the system. Likewise, it may be difficult to use the existing field equipment with other or additional central analysis systems, since the field equipment is usually especially adapted to work only with the specific central special repositories. However, the field equipment would be in principle able and suitable for performing tasks of a more general nature, such as, for example, scanning documents, forwarding data, receiving and displaying data, and the like.

The publication US 7,314,162 discloses a method and system for reporting identity document usage by storing in a database and reporting to an identity document owner instances in which that person's driver's license, passport or other government -issued identification documents are presented as a form of ID, thereby facilitating early notification of identity theft. Further, the publication US 7,503,488 discloses a method of assessing the risk of fraud before issuing a driver' s license to an applicant on the basis of the relative incidence of fraud historically associated with the particular combination of collateral identification documents (e.g. birth certificate, passport, student ID card, etc.) presented by the applicant in their application for the driver's license. However, the proposed systems require matched information processing at both ends, i.e. at the site of checking a document and at the site of determining the analysis result.

It is therefore an object of the present invention to provide an improved system for remote security document analysis that is able to integrate with existing field equipment in a flexible but still sufficiently reliable and secure way. Specifically, the improved system should be able to employ existing scanning and data input/display devices in the field.

Summary

The above mentioned problems and drawbacks of the conventional concepts are solved by the subject-matter of the independent claims . Further preferred embodiments are described in the dependent claims.

According to an embodiment of the present invention, a system is provided for remote analysis of a security document comprising an interface adapted to receive, from field equipment and via a network, image data of a scanned security document; a data storage adapted to store a data record comprising said received image data and additional data in relation to an owner of the scanned security document; an analytics module adapted to access said data storage for analyzing a data record, and to generate an analysis result; and a notification module for launching a notification based on said analysis result.

According to an embodiment of the present invention, a method is provided for remote analysis of a security document comprising a step of receiving, from field equipment and via a network, image data of a scanned security document; a step of storing a data record comprising said received image data and additional data in relation to an owner of the scanned security document; a step of accessing said stored data record for analyzing said data record and of generating an analysis result; and a step of launching a notification based on said analysis result.

Generally, in the embodiments the network can be either wired or wireless or a combination thereof. Further, the data may be accompanied by data of voice, biometric, or biological analysis such as blood sample, DNA or observation profile, etc . The analytics module may be further adapted to match a data record against historical data in the repository or data about the data (metadata) .

Brief Description of the Drawings

Embodiments of the present invention, which are presented for better understanding the inventive concepts but which are not to be seen as limiting the invention, will now be described with reference to the Figures in which:

Figure 1 shows a schematic view of a conventional electronic system for analyzing a security document for the example of a checkpoint;

Figure 2 shows a schematic view of a deployment of remote security document analysis according to an embodiment of the present invention;

Figure 3 shows a schematic view of a server entity for security document analysis according to a further embodiment of the present invention; Figure 4 shows a schematic view of a general apparatus embodiment of a server entity for security document analysis ; and

Figure 5 shows a flowchart of a general method of operation embodiment of the present invention.

Detailed Description

Figure 1 shows a schematic view of a conventional electronic system for analyzing a security document for the example of a checkpoint. Specifically, there is shown a checkpoint 30 as part of security equipment in the field 1. Generally, the term field relates to all the locations where corresponding equipment and components are distributed. This field equipment, therefore, includes components such as any type of input termina][TMi] 1 , cameras, terminals, display terminals, scanners, printers, and the like. In the shown example, the checkpoint 30 allows a security officer 19 to operate, for example, a display terminal 11 and a scanner 12. In a usual scenario, an individual will present a security document to the officer 19. Accordingly, it is assumed that the individual is the owner of the security document and the correct ownership and/or the corresponding authenticity of the presented security document is analyzed and checked.

More specifically, the individual will present the security document to the officer 19, who, in turn may employ the scanner 12 for scanning the security document or parts thereof. Usually, the scanner 12 will employ data-processing techniques for extracting information concerning the individual (or the owner of the presented security document) , such as a name, a date of birth, and/or a security document number either in biographic or biometric format such as RFID content, etc. In general, any of the following data items may represent so-called additional data concerning the individual/owner/holder of the security document: surname, given name, date and place of birth, country of citizenship, place and country of residence, document number, document type identification, document issue date, document issue place, biometric data of the owner, image data or graphical data concerning the face, fingerprints, or other physical characteristics of the document owner, and the like.

Once the scanner 12 has generated such information concerning the individual, this information can be forwarded via a secure link 100 to some kind of central repository 120. .The repository 120 is likely to be a server and or resources of a datacenter, private network and/or cloud infrastructure that are arranged and able to analyze the received information with regard to authentication. For example, the repository 120 may store data concerning whether or not the individual has the right to reside in a given country. Assuming that the shown checkpoint 30 is located before a departure gate or electronically connected securely (wired or wireless) to the airport, the repository 120 may store data indicating whether or not the individual has rightfully entered the country and is now leaving the country within a permissible visa duration. For example, the repository 120 may inform the officer 19 via the display terminal 11 that the individual who presented his/her passport at the checkpoint 30 has stayed longer in the country then permitted by his/her respective visa. The officer 19 may accordingly operate a barrier 13 so as to allow arresting of the individual. Naturally, the officer 19 may also operate the barrier 13 so as to let the individual pass if a response from the repository 120 indicates that everything is in order.

In general, the conventional electronic systems for security document analysis usually employ distributed equipment field 1 and some kind of central resources located at one or more central locations 2 for data storage and analysis. The link 100 may be implemented by a dedicated special signal line, or maybe some kind of secure communication over existing communication networks, such as the Internet (e.g. VPN connection, tunnels, etc.). These conventional systems suffer from the drawback that it is difficult to add or change the components of the field equipment 10. Specifically, only specialized equipment and components can be connected so as to be able to communicate via the link 100 the central repository 120. In other words, it is difficult - if not impossible - to connect more standardized components, such as scanners, printers, and the like, to work with the repository 120 over the link 100. Likewise, it may be difficult to employ the field equipment 10 with other centralized services rather than the repository 120.

Figure 2 shows a schematic view of a deployment of remote security document analysis according to an embodiment of the present invention. A corresponding system 21 is provided at some kind of central location 2 in the sense that it can be remote from the various sites in the field 1, where the equipment for scanning, printing, data input/output etc. is distributed. Generally, the system 21 improves remote analysis of security documents over the convention arts and hence comprises an interface 21 adapted to receive, from equipment in the field 1 and via a network 110, image data 111 of a scanned security document. In this way, the interface 21 can receive graphical data from any type of scanner and data source in the field 1.

Specifically, the system 21 does not rely on or even require specialized and proprietary data formats but, rather, is able to accept and process graphical image data received via any type of network, such as the Internet, intranet, mobile devices and other means of networking such as satellite. As a consequence, any suitable scanning equipment can be employed for scanning a security document and generating the respective image data. Said scanning equipment made thus include scanners 12 of dedicated field equipment 10 already existing and employed by the corresponding body/authority. For example, the field equipment 10 can be third-party equipment provided to the body/authority in connection with a specialized central repository as discussed and explained in greater detail in conjunction with figure 1. Likewise, the scanning equipment can also include individual or stand-alone components that are not part of or dependent on any specific field equipment 10, such as the scanner 12. Furthermore, any other data source is envisaged so as to generate and forward the image or digital data of a scanned security document via the network 110 to the systems interface 21.

The system 21 further comprises a data storage 22 adapted to store a data record comprising the received image data and additional data in relation to an owner of the scanned security document. With the system's analytics module 23 the data records stored in the data storage 22 can be analyzed and an analysis result can be generated. For example, the received image data 111 is analyzed for identity or security items, as such features are common elements of modern security documents. Specifically, the analytics module 23 may look at such identity or security items in connection with the additional data that is stored with the corresponding data record. For example, the identity item may lead to identification of a specific individual who is holder of a visa. The additional data may then, following this example, indicate a permissible region or period where and when the individual may reside. If an inconsistency is found by the analytics module 23, a corresponding flag can be launched toward a notification module 24 of the system 20. In turn, the notification module 24 may generate and launch a notification 112 based on the analysis result taken in the analytics module 23. By means of the notification 112, an officer in the field 1 can be notified of the analysis result remotely taken in the system 20.

The above embodiment of the present invention may specifically provide the advantage that the equipment used in the field 1 can be more independent from any centralized entity that is responsible for analyzing data concerned with security documents. The system 20 according to this embodiment may integrate in any existing field equipment so that the basic functionalities, such as scanning, printing, displaying information and mechanical operation such as opening a gate, and the like, can be employed for working together with the system 20. In particular, the use of the image data of the scanned security document allows for the use of virtually any suitable scanning equipment in the field and the use of conventional communication network infrastructure .

Figure 3 shows a schematic view of a server entity for security document analysis according to a further embodiment of the present invention. In this embodiment, the system functionalities are integrated in a server entity, i.e. in the form of an application running on some kind of processing resources (server, dedicated hardware, share of a datacenter) . Similar to the system as described in conjunction with Figure 2, the server entity 20' comprises an interface 21 adapted to receive, from field equipment 10 and via a network 110, image data 111 of a scanner security document. The server entity 20' further comprises a data storage 22 adapted to store a data record comprising said received image data and additional data in relation to an owner of the scanned security document. Further, the server entity 20' comprises an analytics module 23 adapted to access said data storage 22 for analyzing a data record and to generate an analysis result. Yet further, the server entity 20' comprises a notification module 24 for launching a notification based on said analysis result.

In this embodiment, the interface 21' is implemented as an application server that provides privately owned cloud-based operational control of a reader, scanner, printer and/or integrated reader/scanner/printer, whichever may be installed in the field. The application server 21' may provide other administrative functions, thereby relieving the burden of integrating any scanner/reader/printer into existing third- party electronic systems.

The data storage 22' can be implemented as a data collection module that is adapted to collect and store in a database all desired data. The type of data that can be stored may be limited or restricted by national legislation (e.g. privacy laws) . However the stored data can be in form of data records that can be associated with each use or selected uses of a security document or value item (passport) .

A data record may include any of the following: (i) image data of scan of the security document by the a reader/scanner or integrated device, including multiple scans at multiple wavelengths of electromagnetic radiation, ultrasound scans (e.g. of liquids as part of the security document or value items), x-ray scans, laser scans, etc.; (ii) security document identification such as a passport number, image (s) or other identification of the passport and its contents, including position within a given passport of any prior official (e.g. visa) stamps in that given passport; (iii) biometric and/or biographic data of the document's or item's holder or owner, such as fingerprints, eye scans, facial scans, body scans, infrared heat sensor data, audiovisual recordings, etc.; (iv) date, time and location of each use or selected uses of the document/item, including for example whenever a passport is scanned at a passport scanning facility such as a border crossing (checkpoint) , transportation hub such as at airports, ship docks and train stations, or at banks, hotels, etc., or whenever a value item is scanned at a scanning facility; (v) sound, image or video recordings of interactions between document/item holders and officials (personnel) at a passport scanning facility or other recordings related to use of the document/item, associated media metadata (e.g. number of frames recorded, frequency signatures of voice or other recorded data) and metrics calculated from such media metadata (e.g. which can be encrypted and employed to complement existing anti- tampering technologies) ; (vi) video data showing persons using the passport or other value item; (vii) travel information associated with the value item holder or owner, e.g. arrival and/or destination information, such as an airline flight no. associated with a passport being scanned at an airport or other passport scanning facility; (viii) medical information (e.g. health status, prior exposure to communicable diseases, medical reports, etc., associated with a passport holder, individual (e.g. refugee) present at an official data collection facility, or value item owner; (ix) related documentation, such as a scan of customs forms, scans of secondary identification documents, notes by officials involved, etc. (x) identity of the responsible officer involved with handling a passport or other value item, such as where the officer is identified by fingerprint using the corresponding equipment, if installed, or other biometric for example; and (xi) RFID contents where a RFID chip is installed in a passport, label or sticker (e.g. affixed to an object) or value item and scanned at the (passport) scanning facility. The database may also store information related to visa, national entry, national exit, custom form, passport stamps or other official stamps for use in centrally (i.e. remotely) controlling a scanner, reader, printer and/or integrated device, whichever may be installed. The analytics module 23' may be specifically configured' to analyze the data stored in the database to determine, in real-time, potentially irregular use of a passport or other value item, such as where an entry into or exit from a country is being attempted by a passport holder without a corresponding preceding exit or entry, or where a value item holder is exhibiting notable behavioral patterns such as nervousness. In general, such analysis may be referred to as plausibility checks and/or checking any incoming information that is associated to an event (e.g. attempted border crossing) with the conformity to one or more predetermine rules. For example, a rule may define that a given individual needs to have entered a country, and to have been accordingly registered, before an attempt to leave the country is observed.

Furthermore, the analytics module 23' may also monitor external databases 220, e.g. of INTERPOL, Europol, national criminal record databases, and other databases to identify individuals of interest who are attempting to use a passport at a passport scanning facility or other value item at a scanning facility. The analytics module 23' may further monitor length-of-stay restrictions to issue an alert if a passport holder has an "overstay" (e.g. has not exited a country by the expiry date of their visa) or has an "understay" (e.g. has not stayed a sufficient amount of time in a country to qualify for a specifiable immigration status) .

The notification module 24' can be implemented as a dedicated alert module that is arranged to alert the responsible officer or other official when the document/item (e.g. passport or other value item) scanned by the officer has been flagged by the analytics module 23' as being associated with irregular use or otherwise problematic. Alerts can also be generated when tampering or other physical damage to the server entity 20' or a module thereof is detected. For this purpose a sensor 25 may be provided (e.g. temperature, pressure, vibration, location, etc.) that is configured to detect tampering. Alerts, or, more generally, notification may be provided via a secure communications module (described below), and/or by email, text and/or voice message (e.g. to a mobile telephone) , etc. to the responsible officer or other official. Alerts may be provided to any official agency worldwide, as permitted by law, for the purposes of proactive security.

A firewall module 26 may be provided that is adapted to protect the server entity 20' from external, Internet -based attacks. The firewall module may also comprise the above mentioned sensors 25 that are suitable to monitor for physical tampering, intrusion or other damage to the special - purpose hardware components. In this way, it may be referred to the module 26 as a firewall and anti-tamper module.

A secure communications module 27 may be provided for encryption of communications between the server entity 20' and electronic systems of participating national governments, agencies thereof, commercial enterprises, or other customers, i.e. the field equipment, using encryption techniques consistent with customer preferences and legal requirements. The secure communications module 27 may thus facilitate communications between the server entity 20' and the client computers, including scanners, readers, printers and/or integrated devices, at, for example, passport scanning facilities. The secure communications module 27 may be operable to communicate with client computers within each country via a country- specific VPN (Virtual Private Network) . In some embodiments, a separate VPN for each (passport) scanning facility can be employed. Country-specific communications facilitate the transfer of information between countries (within the limits of both countries' laws) via the server entity, despite incompatibility between respective passport-related electronic systems of different countries.

More generally, the secure communications module 27 may be adapted to facilitate the transfer of information between subscribing customers despite incompatibilities between their respective systems by receiving data from a first subscribing customer in accordance with a first communication protocol and then transmitting data from the server entity to a second subscribing customer in accordance with a second communication protocol wherein the first and second communication protocols are not necessarily compatible with each other. Any number of modules of the server entity 20' may be integrated into a customized "black-box unit", and any given module may be commercialized as a stand-alone unit suitable for integrating with existing third-party electronic systems .

Figure 4 shows a schematic view of a general apparatus embodiment of a server entity for security document analysis. In general, the server entity 20 can be any entity that provides processing resources 211 (e.g. processing unit, processing unit collection, CPU, share of a data/processing center, etc.), memory resources 212 (memory device, database, share of a data center) , and communication means 213. By means of the latter, the entity 20 can communicate with the communication network 110. The memory resources 212 may store code that instructs the processing resources 211 during operation to implement any embodiment of the present invention. Specifically, the memory resources 212 may store code that instruct the processing resources 211 during operation to implement an interface for receiving via the network 110, image data of a scanned security document, a data storage adapted to store the data record comprising the received image data and additional data in relation to an owner of the scanned security document; the analytics module adapted to access said data storage for analyzing a data record and to generate an analysis result; and the notification module for launching a notification based on said analysis result.

Figure 5 shows a flowchart of a general method of operation embodiment of the present invention. This method embodiment is described in the context of an exemplary scenario relating to passport control and authentication. This scenario considers a first step S51 (SCANNING SECURITY DOCUMENT) of scanning a security document (or value item) in order to generate respective image data. Therefore, even in countries where no particular scanner/reader/printer is in use, passports are nevertheless scanned by corresponding field equipment at entries and/or exits into and from the country using that country's existing passport scanning facilities (equipment) . The system then can communicate, such as via a country- specific VPN and by secure encrypted communications, with the existing passport scanning facilities to collect and store information associated with each use of a passport. More specifically, in a step S52 (RECEIVING IMAGE DATA) the server or system for remote analysis of a security document receives the image data over a network.

In a step S53 (PERFORM ANALYTICS) , the system performs analytics based on the received image data and stored additional data. For example, the system can perform in realtime, whenever a passport is being scanned at a passport scanning facility, a determination whether the number and chronology of entries and exits match, to check whether a passport holder is a person of interest to officials in the country where the holder's passport is being scanned, and/or to determine whether the behavior of the passport holder is noteworthy (e.g. suspicious) . If such an analysis result is to trigger a notification, the mode of operation proceeds to step S54 (LAUNCH NOTIFICATION) where a notification is launched based on the analysis result.

Specifically, for example, if a passport use is flagged as problematic, the system can alert the responsible officer or other officials in accordance with national laws. If no irregularities are found or the passport use is otherwise not objectionable, the system may generate a "virtual" (i.e. digitally stored) official stamp, which may be an entry and/or exit stamp for example, that is stored in the database module such that it is accessible to the responsible officer and subsequently to officials at other passport scanning facilities within the limits permitted by the laws of each pair of countries (i.e. the country where the data was collected and the country where it is being accessed) . In some embodiments, the system may be operable in real-time to inform the responsible officer or other official who has scanned a passport where prior official (e.g. visa) stamps are located in the passport. For example, when a passport holder is exiting a country the special-purpose server can inform the responsible officer the page number upon which the corresponding preceding entry stamp is located.

In general, the embodiments of the present invention can provide the advantage that national governments, authorities, or other interested bodies that are not using specific equipment for border control and/or security document authentication, can manage such authentication by use of the services provided by the system. Specifically, they can virtually also manage entry and exit visa stamps on passports. Integrating the commercially available equipment into the existing electronic systems in use by each country may be time-consuming and difficult. Similarly, the embodiments of the present invention can provide the advantage to facilitate use of field equipment in a more flexible fashion. Although detailed embodiments have been described, these only serve to provide a better understanding of the invention defined by the independent claims, and are not to be seen as limiting .