BACKGROUND OF THE INVENTION The written signature has traditionally been a legally defensible record for a document indicating what was signed, who signed it, and why it was signed. Throughout history, the signature or mark of an individual on a specific document bound that individual to the terms and conditions contained therein.

With the advent of the computer and, more recently the Internet, the world is rapidly evolving into a world dominated by electronic documents, rather than printed documents. However, there remains in both these forms significant value in both the ceremony of signing, in which the signatories give real and symbolic assent to the content of hallmarks in the document, and in the traditional security and legal evidentiary value that signatures carry.

Electronic documents provide new efficiencies of production, storage, and transmission, but these advances are accompanied by risks of uncontrolled dissemination, forgery, and alteration. While many new technologies like digital encryption, message

digests, and the public key infrastructure are extremely effective in protecting the privacy and authenticity of electronic documents, they do not preserve the value of the identity of the person. These technologies only preserve that someone with a token of identity was present and acknowledged the document.

Various technologies exist for bridging the paradigm shift from printed to electronic documents. These technologies include an effective electronic handwritten signature technology for the capture of electronic signatures for electronic documents. In this regard, reference is made to U. S. Patent No. 5,544,255,"Method and System for Capture, Storage, Transport, and Authentication of Handwritten Signatures", issued to Smithies et al.; U. S. Patent No. 5,647,017,"Method and System for the Verification of Handwritten Signatures", issued to Smithies et al., which is a continuation of U. S. Patent No. 5,544,255; U. S. Patent No. 5,818,955,"Document and Signature Verification System and Method", issued to Smithies et al., which is a continuation of U. S. Patent No. 5,647,017, which is a continuation of U. S. Patent No. 5,544,255; and U. S. Patent No. 5,644,655,"Identification Method and Apparatus", issued to Windsor. These patents describe how to capture a handwritten signature and relate the captured signature to a document, such as an electronically stored document, for later authentication and verification of the handwritten signature.

However, these authentication techniques only verify and authenticate the handwritten signature and not necessarily the identity of the signatory who is physically present in front of the electronic document and who is actually making the handwritten signature that is being captured. Therefore, they are subject to fraud associated with the signature, including forgery, replacement of the signature, alteration of the document, or alternation of the signature object itself.

In addition to the handwritten signature authentication and verification technologies discussed above, various technologies are used for uniquely identifying a person in accordance with an examination of a particular biometric attribute of the person, such as the attributes of either the person's interior or exterior eye. One of these technologies involves the visual examination of the particular attributes of the exterior of the iris of at least one of the person's eyes. The iris of the human eye has random patterns of striations, ciliary processes, crypts, rings, furrows and other features which have been shown capable of

generating highly unique biometric templates for personal identification. In this regard, reference is made to U. S. Patent No. 4,641,349,"Iris Recognition System", issued to Flom et al., and U. S. Patent No. 5,291,560,"Biometric Personal Identification System Based on Iris Analysis", issued to Daugman. As made clear by these patents, the visible texture of a person's iris can be used to distinguish one person from another with great accuracy. Thus, iris recognition can be used for such purposes as identifying a person in various applications, such as controlling access to a secure facility or a bank automatic teller machine, for example.

An iris recognition system involves the use of an imager to video image the iris of each person, and an image processor for comparing this iris video image with a reference iris image stored in a memory or database.

Although iris recognition is widely recognized as the most powerful technology available for biometric identification of humans, this technology does not preserve the traditional and customary value in the ceremony of signing a document and in the traditional security and legal evidentiary value that signatures carry.

Although the art of electronic document signatory authentication systems is well developed, there remain some problems inherent in this technology, particularly the lack of an electronic signature authentication system specifically designed to solve the problems inherent in preserving the ceremony of physically signing the document and the legal significance of the signature for electronic documents with a highly reliable and flexible biometric authentication technology based on the iris of the eye. Therefore, a need exists for an electronic signature biometric authentication system and method that overcome the drawbacks of the prior art.

SUMMARY OF THE INVENTION The present invention is directed to a system that uses iris recognition to authenticate the signatory to an electronic document. The system captures handwritten graphic signatures and true identity through an iris-based biometric and association of these data with electronic documents. The system includes a signature capture and verification system and an iris image capture and authentication system. The system provides for the storage of a biometric identifier based on the iris of the eye which uniquely identifies and binds the signatory to the signature and the document. A biometric record is produced which

contains information about the document, such as, for example, the conditions under which it was signed, the reason for signing as understood by the signatory, the biometric template of the signatory, and a graphic representation of the signature. Stored with the document, this biometric record allows later detection of fraud associated with the signature, including forgery, replacement of the signature, alteration of the document, or alteration of the signature object itself.

Optionally, in accordance with a further aspect of the invention, the system can include a camera that captures a image or photograph of the person. Although not necessary for identification of the person, this additional aspect of the invention can be included for completeness of the identification and verification system.

A further embodiment within the scope of the present invention is directed to a method of authentication of an electronic signature on an electronic document using iris recognition technology. The method comprises providing an electronic document to be signed by a person, providing a signature prompt to enter a signature on a signature acquisition device, capturing an electronic image of the signature, forming an electronic representation of the signature, storing the captured signature representation in a memory, capturing an image of an iris of an eye of the person, extracting a template of the iris image, storing the iris template in a memory, and authenticating the signature based on a comparison of the captured biometric template to stored iris templates in a database. The method can also identify the person based on the results of the comparison. A biometric record can be formed having a plurality of data fields including one or more of the signature representation, the iris template, and an electronic image of the electronic document.

BRIEF DESCRIPTION OF THE DRAWINGS The foregoing and other aspects of the present invention will become apparent from the following detailed description of the invention when considered in conjunction with the accompanying drawings. For the purpose of illustrating the invention, there is shown in the drawings an embodiment that is presently preferred, it being understood, however, that the invention is not limited to the specific methods and instrumentalities disclosed. In the drawings:

Figure 1 is a schematic diagram of an exemplary system for biometric authentication of electronic signatures in accordance with the present invention; Figure 2 is a schematic diagram of an exemplary electronic signature capture system to be used with the present invention; Figure 3 is a schematic diagram of an exemplary biometric capture system to be used with the present invention; Figure 4 is a schematic diagram of another exemplary system in accordance with the present invention; Figure 5 is a schematic diagram of an exemplary signature capture system in accordance with the present invention; Figure 6A is a flow chart of an exemplary method of operation in accordance with the present invention; Figure 6B is a flow chart of another exemplary method of operation in accordance with the present invention; Figure 7 is a schematic diagram showing an exemplary biometric record structure in accordance with the present invention; Figure 8 is a schematic diagram of an exemplary signature verification system in accordance with the present invention; Figure 9 is a schematic diagram of an exemplary iris identification system in accordance with the present invention; Figure 10A is a schematic diagram of the imager of Figure 3 shown in greater detail; Figure 1 OB is a schematic diagram of another exemplary imager in accordance with the present invention; Figure 11 is a schematic diagram of an exemplary iris image recognition system in accordance with the present invention; Figure 12 is a schematic diagram of another exemplary iris image recognition system in accordance with the present invention; Figure 13 is a schematic diagram of an exemplary iris imager having visual and aural indicators in accordance with the present invention;

Figure 14 is a schematic diagram of an exemplary iris image recognition system having a focus assessment processor in accordance with the present invention; Figure 15 is a schematic diagram of an exemplary iris imager comprising a focus assessment processor in accordance with the present invention; and Figure 16 is a schematic diagram of an exemplary iris imager comprising a focus assessment processor and image processor in accordance with the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS The present invention is directed to a highly secure system and method for authentication of an electronic signature on an electronic document. The system of the present invention includes an electronic signature capture and verification system and a biometric capture and authentication system, a processor, a display device, and a biometric record including information relating to, for example, whether someone was there to sign the electronic document, what, why, and how the signatory signed, and who actually signed the electronic document. The system and method of biometric authentication of electronic signatures of the present invention uses iris patterns to effectively preserve the use of handwritten signatures with electronic documents by performing functions, such as, for example, representing the signature in electronic form ; uniquely"binding"or associating the signature with the identity of the person who produced it; binding the signature and the identity to the specific version of the document that was signed; representing the signatory's understanding of the document and the reason for signing; and protecting the security and privacy of the person who signed the document.

Figure 1 is an exemplary system for biometric authentication of an electronic signature of a signatory on an electronic document. As shown in Figure 1, the system 10 includes a display device 11, a signature acquisition device 12, a biometric image acquisition device 13, a processor 14 having a memory 15, a biometric record 18, and associated computer readable instructions (e. g., computer software) stored in the memory 15 for use by the processor 14 in capturing, processing, and storing a graphical representation of the electronic signature and a template of the biometric image. As shown, the signature acquisition device 12 and the biometric image acquisition device 13 are coupled to the processor and are located such that the signatory can view the electronic document on the

display device 11 and have his electronic signature and biometric image captured all in the same place and at about the same time. The other components of the system 10 need not be located with the display device 11, the signature acquisition device 12, and the biometric image acquisition device 13.

A document 17 to be signed is first displayed in electronic form on the display device 11 such that the signatory can browse through and read the contents of the document 17. Preferably, the display device 11 is a video display, such as a computer video monitor, and is coupled to the processor 14 using standard techniques. Preferably, the processor 14 has control and input devices (not shown), such as a keyboard, a mouse, etc., for manipulating, editing, and viewing the document 17. The electronic document 17 can be stored in the memory 15, such as a RAM or ROM, of a processor, such as the processor of a personal computer. Alternatively, the document 17 can be stored in another remote memory or storage device (not shown) and viewed locally at the display device 11.

Once the signatory has reviewed the contents of the electronic document 17, a signature prompt 16 is displayed on the display device 11. The signature prompt 16 instructs the signatory to enter his signature into the electronic document 17 by physically signing a signature block of the signature acquisition device 12. The signature prompt 16 can include information that the signatory should read prior to signing the document 17, such as that they have read the entire document, understood its contents, consent to the terms contained therein, are signing of their own free will, etc. The signature prompt 16 is preferably controlled by the processor 14.

The signatory enters his or her signature into the electronic document 17 by physically signing his or her name or mark on the signature acquisition device 12. Preferably the signature acquisition device 12 is a graphics input device, such as a pen computer. For example, the signature acquisition device 12 can be an ePadTM manufactured by PenOpTM personal signature capture solution for e-commerce, a PenOp PocketSignTM which allows palm users to sign online, or any other compatible signature capture technology.

Figure 2 shows an exemplary signature acquisition device 12. As shown in Figure 2, the signature capture device 12 can include a display window 41, a signature block 42, a pen device 43, control keys 44, and indicators 45. Preferably the signature capture device 12 comprises a graphics input device having a pressure sensitive signature block 42,

or input pad. The signature block 42 is where the signatory physically signs his or her name.

The signature is electronically captured and processed by a processor. The processor preferably produces/forms a graphical representation of the signature using standard techniques. The representation can be inserted into or associated with the electronic document 17. Preferably the signature capture device 12 is coupled to the processor 14. Alternatively, the signature capture device 12 can have its own internal processor (not shown). Preferably, the signature acquisition device 12 is connected through an interface (not shown) to the processor 14 by standard wired or wireless connection techniques.

Once the signatory enters his or her signature on the signature block 42, an electronic representation/image of the signature may appear on one or more of the display 41 of the signature capture device 12, the signature prompt 16, and on the electronic document 17. The captured signature is processed to form a graphical representation of the signature.

The captured signature can be inserted, bound, or associated to the electronic document 17 by using any standard cryptographical technique. A date and time stamp can also be affixed to the document.

Figure 3 shows an exemplary biometric image acquisition device 13 that can be used for capturing an image of a biometric trait of the individual. As shown in Figure 3, the biometric image acquisition device 13 is preferably an iris imager adapted for capturing an image of the iris of an eye of the signatory. The captured biometric image is processed to extract a biometric template. As shown, the exemplary biometric image acquisition device 13 comprises iris acquisition device 105, an imaging lens 110, a mirror 120, an optional diopter correction lens 125, and an illuminator 130. The biometric image acquisition device 13 is connected to the processor 14 by standard wired or wireless connection techniques.

An input device (not shown) can be provided for use by the signatory in amending, or modifying the electronic document prior to signing it, such as adding or deleting terms and conditions. The input device can also be used for manipulating the document, such as scrolling up and down on a page, paging through the document, etc. For example, the input device can be used to added information to the signature block, including the name and address of the signatory, the date that the document was signed, etc. The input device can be, for example, a keyboard, a mouse, etc.

As shown in Figure 4, the system 10 can also include a central database 20 for storing a plurality of biometric images (e. g., the iris image template) of individuals who are enrolled in a particular application. The database 20 and the biometric image enrollment process are described in more detail below. The database 20 can also include a plurality of stored signatures that can be used to verify the authenticity of a captured signature.

Also, as shown in Figure 4, the system 10 can include an optional camera device 21 that captures a image or photograph of the person. The camera 21 can include, for example, a web cam type camera coupled to the processor 14. The face picture can be stored with the iris image and the signature representation in a unified record. Although not necessary for identification of the person, this additional aspect of the invention can be included for completeness of the identification and verification system. For example, the signature would capture the ceremony and evidentiary of signing, the iris image would capture the identity of the person signing, and the photograph of the person would capture a real image of the physical presence of the person.

Signature capture software (SCS) allows individuals to conduct business electronically, such as for example, purchasing products, executing contracts, and conducting other on-line business using their own verifiable, legally binding, handwritten signature. Any known technique for signature capture can be used with the signature acquisition device, such as those described in U. S. Patent No. 5,544,255,"Method and System for Capture, Storage, Transport, and Authentication of Handwritten Signatures", issued to Smithies et al.; U. S.

Patent No. 5,647,017,"Method and System for the Verification of Handwritten Signatures", issued to Smithies et al., which is a continuation of U. S. Patent No. 5,544,255; U. S. Patent No. 5,818,955,"Document and Signature Verification System and Method", issued to Smithies et al., which is a continuation of U. S. Patent No. 5,647,017, which is a continuation of U. S. Patent No. 5,544,255; and U. S. Patent No. 5,644,655,"Identification Method and Apparatus", issued to Windsor.

An exemplary signature capture system and software that can be used with the present invention is the PenOpTM Signature Capture Service (SCS) which is activated by a client application that might, for example, also display the document to be signed.

Figure 5 shows an exemplary signature capture system for capturing the signature of a signatory on an electronic document. The SCS, using phraseology provided by

the client application, displays a signature prompt 16 that indicates, for example, the purpose for which the signature is being captured, the name and address of the signatory, the date, etc.

The client application would preferably already know the user's name, or if necessary could prompt for it as well as other user identification information which the user could input into the system using an input device. In response to the signature prompt 16, the user signs his or her name to the document 17 using the signature acquisition device 12 and a graphical representation of the signature is obtained.

After the signature has been entered, the client application prompts the user to use an appropriate imaging device 13, such as, for example, an iris imager as described herein above with respect to Figure 3, to capture an iris image (left, right, or both eyes) that is processed to extract an iris image template, hereinafter also referred to as an IrisCodeTM template. In most applications the IrisCodeTM template can be compared with a previously enrolled (under controlled conditions) template for the identified user. This previously enrolled template is preferably stored in a master user database maintained either locally or remotely. When the entire process is complete, the user can be presented with the options of approving the information entered or starting over.

The data collection process just described produces a number of data entities that are processed as follows and assembled into a signature object called a biometric record 18, which is described more fully herein below with respect to Figure 7. The biometric record 18, including at least the biometric template and the graphical representation of the signature, is formed by the processor 14. The biometric record 18 uniquely binds or associates the signature with the identity of the person who produced it (e. g., the signatory) and the electronic document 17.

Figure 6A is a flow chart of an exemplary method of operation in accordance with the present invention. The user activates a signature prompt at step 320. An electronic image of the signature is obtained at step 325 by the user physically signing a signature block on the signature acquisition device. At step 330, it is determined if the signature image is suitable for use with the image processing routines. If the image is suitable, the image is passed to the processor for further processing, at step 335. If the image is not suitable, at step 330, the indicator (s) is activated (e. g., a beep sound is issued), and processing continues at step 340 (i. e., another graphical representation is obtained).

The eye is illuminated at step 350 and an image of the iris is obtained at step 355. At step 360, it is determined if the image is suitable for use with the image processing and comparison routines. If the image is suitable, the image is passed to the processor for further processing, at step 370, and comparison, at step 375. If the image is not suitable, at step 360, the indicator (s) is activated (e. g., a beep sound is issued) at step 365, and processing continues at step 355 (i. e., another image is obtained). In accordance with one embodiment of the present invention, image processing algorithms are used to extract a fixed length template (e. g., about 512 bytes long) from each iris image. Iris images are compared by determining the percentage of bits in each template that match. If the percentage of bits that match exceeds apredetermined threshold (e. g., 75%), then it is determined that the iris images being compared belong to the same iris, thereby identifying the subject being tested.

Figure 6B is the exemplary method of Figure 6A showing optional steps for capturing a face picture of the person. As shown in Figure 6B, a camera coupled to the processor is turned on at step 380. A face picture is obtained at step 385. At step 390, it is determined if the face picture is suitable for processing. If the face picture is suitable, the image is passed to the processor for further processing, at step 395 and the face picture can be incorporated into the biometric record with the iris image and the signature representation.

If the image is not suitable, at step 390, the indicator (s) is activated (e. g., a beep sound is issued) at step 397, and processing continues at step 385 (i. e., another face picture is obtained).

Figure 7 shows the formation of an exemplary biometric record. As shown in Figure 7, a hash 23 of the document as displayed to the user is computed. The hash 23, sometimes called a checksum or message digest, is a unique, fixed-length digital value that can be computed for any document, but from which the contents of the document cannot be reconstructed, (e. g., it operates one-way only). It has the property that any change in the document, large or small, produces a significant and easily detected change in the hash 23.

Standard hash techniques that can be used with the present invention include MD4, MD5, and SHA (Secure Hash Algorithm). The document hash 23a is stored in a data field of the biometric record 18.

Next, the IrisCodeTM template 24 extracted from the biometric image collected from the user just after signing is entered. As will be discussed later, this is preferably a fixed-

length 512-byte code that captures the unique identifying traits contained in the image of the iris. It provides incontrovertible evidence of the identity of the individual who signed the document.

Additional entries 25 can further document the conditions of signing. For example, these additional entries can include the date and time of signing, the identity of the particular machine on which the signing occurred, the claimed identity of the user, the text that appeared in the signature prompt, etc.

Another biometric record 18 entry that can be included is a representation of the graphic image of the user's signature 26. This can be used later, if desired, to generate a hard copy version of the document with the signature attached.

The SCS then generates a biometric record hash 27 of the complete biometric record, and encrypts the biometric record together with this complete hash. Encryption can be with any of the known encryption techniques, such as using public and private keys to encipher and decipher the data, respectively.

A second function determines whether a particular signature is authentic. This second function can comprise any known signature verification software, such as the PenOpTM Signature Verification Service (SVS). Preferably, the SVS has access to a database of IrisCode templates and signature representations collected, as part of an authorized enrollment process, from users who have been identified to the SVS.

Figure 8 is an exemplary signature verification system in accordance with the present invention. When presented with a specific biometric record 18 and asked to verify its authenticity, the SVS proceeds as shown in Figure 8. It decrypts the token and compares the live or captured IrisCodeTM template from the biometric record 18 with the stored biometric images from the database 20 corresponding to the user's claimed identity. Alternatively, it can compare the captured IrisCodeTM template in the record to all those contained in the database to find a match, thereby performing identification rather than verification. If a matching IrisCodeTM template is found, either through verification or identification, the SVS can report in real time that a verification match has occurred or, in the latter case, report the identity of the individual.

While the role of the signature capture and authentication technology is to capture the electronic signature and bind it to the document, the role of the biometric

authentication technology is to bind the identity of the signatory to the signature. This can be accomplished in accordance with the exemplary flowchart of Figure 9. As shown in Figure 9, an image of an iris of an eye is captured at step 30. An unique biometric template 30 (e. g., an IrisCodeTM template) is extracted from the captured image of the iris of the eye at step 31.

Iris recognition is widely acknowledged as the most powerful and accurate biometric available today. The iris image is collected and processed at the time the signature is generated, and can be compared to a database of templates collected under controlled conditions by a trusted enrollment agent. This provides absolute and incontrovertible evidence of the individual who produced the signature.

The iris is a protected internal organ that is at the same time readily available for outside observation. Its complex textural pattern of striations, crypts, rings, furrows, etc., has extremely high information content, yet is stable from about the age of one year throughout life. Notably, the iris structures are formed with minimal genetic penetrance (e. g., they are not influenced by the individual's genetic make-up) and so are dramatically different for every individual and indeed for every eye. If the variability inherent in the iris is expressed in statistical terms as the number of independent degrees of freedom, or forms of variability across individuals, the estimated number of such degrees of freedom is 266. This high information content, extracted by sophisticated computer image processing algorithms, enables an extremely accurate and sensitive personal identification technology. One recent study yielded an estimated crossover error rate of 1 in 1.2 million. This value represents the odds of a False Accept (incorrectly identifying a user as someone else) or a False Reject (failing to recognize a valid user), assuming that the system parameters are adjusted so that either type of error is equally likely.

Referring back to Figure 9, the steps which comprise an exemplary iris identification process are illustrated. The data collection step includes acquisition of a high- quality iris image using a suitable imaging platform, at step 30. Typically this platform will utilize low-level infrared illumination and an infrared-sensitive camera. The resulting image is processed to extract a digital code, such as for example, a fixed-length 512-byte digital code, at step 31, that fully captures the unique information used for identification. If the data collection occurs as part of the enrollment process, the IrisCode record is stored, at step 32, in a database along with other personal information that has particular value for the specific

identification application. The other identification information is entered at step 33 and might include, a graphical representation ofthe person's signature, the person's name, an ID number, address, telephone number, for example.

If the image is being collected and processed as part of the recognition process, however, the IrisCode record is compared, at step 34 and step 35, against all records contained within the database, and the matching record, if one exists, is found. If a match is found at step 35, then the system reports the authentication of the identity at step 36. If no match is found, then the system reports an invalid signature at step 37, at which time the user may re-enter a new signature and/or iris image, or terminate the process.

This exhaustive search of the database allows one to identify an unknown individual. It is also possible, if the individual provides a claimed identity, to retrieve that IrisCode record from the database and compare it to the submitted ln*sCodeTm record to verify the identity.

An exemplary imager that can be used with the present invention is a compact, handheld imaging apparatus manufactured by IriScan, Inc. of Marlton, NJ. The imager preferably has sensors and indicators which assist the human operator in aligning and focusing the device. The imager also automatically captures the image when proper positioning is achieved. Because it is small and compact, it is practical for use as an accessory to a personal computer, and for many business and consumer applications where cost is critical.

Referring back to Figure 3, illustrated is a preferred embodiment of the handheld imager 13 that can be used with the present invention. Any known technique or apparatus for capturing the iris image can be used, such as those described in Patent Application serial No. 09/200,214 (Attorney Docket No. ICAN-0064), entitled"Handheld Iris Imaging Apparatus and Method", filed on November 25,1998, which is herein incorporate by reference. The exemplary handheld, non-invasive, non-contacting iris imager comprises iris acquisition device 105, an imaging lens 110, a mirror 120, an optional diopter correction lens 125, and an illuminator 130. The imager 13 can be powered by a standard DC or AC supply, and preferably a 9 volt battery (not shown).

The iris acquisition device 105 is preferably a conventional solid state video camera, such as a charged coupled device (CCD) or complementary metal oxide semiconductor (CMOS) device. A preferred camera is a 1/3 inch format, monochrome CCD

board camera, such as Computar Model EM200. Preferably, the video camera 105 is sensitive to light of wavelengths in the range of about 400 nanometers to about 1100 nanometers, and is positioned so that its front surface coincides with the image plane of the lens 110 in front of it. In the preferred embodiment, the object plane of the lens is approximately 89 mm in front of the lens 110. More preferably, the lens 110 is an optical lens with approximately 14.2 mm focal length.

The mirror 120, preferably a concave cold mirror having a radius of curvature preferably about 276 mm, is disposed on the side of the lens 110 opposite the video camera 105 and creates a magnified virtual image of the iris behind the mirror 120. In the preferred embodiment, the mirror 120 reflects visible light with wavelengths in the range of about 400 to about 700 nanometers, and passes light having longer wavelengths, such as those in the range of about 700 to about 900 nanometers.

The illuminator 130 is positioned just outside the edge of the cold mirror 120 and is used to illuminate the iris of the subject being identified. The preferred illuminator 130 emits light having wavelengths of about 680 to about 900 nanometers. Preferably, the illuminator 130 is a miniature quartz halogen or krypton gas bulb operating at approximately 1 watt.

The imager acquires images of an iris with sufficient clarity, focus, and size for use with conventional image processing and comparison routines. A preferred image processing and comparison routine is described in U. S. Patent No. 5,291,560,"Biometric Personal Identification System Based on Iris Analysis", issued to Daugman, and commonly assigned with the present invention to IriScan Inc., and incorporated herein by reference.

However, any processing and comparison technique can be used with the image that is acquired at the imager, such as the image pixel correlation technique described in U. S. Patent No. 5,572,596,"Automated, Non-Invasive Iris Recognition System and Method", issued to Wildes et al. and the techniques described in U. S. Patent No. 4,641,349,"Iris Recognition System", issued to Flom et al., both of which are incorporated herein by reference.

Figure I OA shows the apparatus of Figure 3 in greater detail. The lens 110 gives a high resolution image of the eye 150 of the user, who is positioned in front of the lens 110, so that extreme proximity between the eye 150 and the imager 13 is not required (i. e., no contact is needed between the subject and the imager 13).

The handheld iris imager comprises a solid-state image capture device and an optical system which forms an image 109 of the iris on the image capture device at the image plane of the video camera 105 and at the same time produces a virtual image 115 of the iris which the user can use to position and focus the iris image. As a result, the user can, using the same eye being imaged, see a reflected image of the iris which can be used to position the handheld imager 13 so that a good iris image (i. e., an image that can be processed and compared to those stored in a database) can be obtained.

Figure 10A also shows an optional dioptric correction lens 125 positioned between the eye 150 and the cold mirror 120. The dioptric correction lens 125 is an adjustable optical element which corrects for the close-range focusing ability of the individual eye, which varies from subject to subject. When the lens 125 is properly adjusted, the magnified, reflected virtual image 115 of the subject's eye appears in sharp focus to the subject at the same eye-to-mirror distance at which the subject's eye is sharply focused on the front surface of the camera. This simplifies use of the imager, because the subject simply positions the image so that the virtual image 115 of the iris appears sharply focused.

A preferred embodiment of the dioptric correction mechanism has no correction lens 125 and instead has a mechanical means (not shown) for adjusting the position of the cold mirror 120 relative to the camera lens 110. This allows the user to vary the obj ect distance of the cold mirror 120, thus changing the eye-to-lens distance at which the virtual image 115 of the iris is sharply focused.

The ability to set the dioptric correction mechanism to accommodate a particular user has a great utility if the imager is used by only one person most of the time.

Once the correction is set, the user can easily position the device to obtain a sharply focused reflected image. This automatically produces a sharply focused image from the camera and substantially immediate acceptance of the image by the focus assessment processor described below. Image capture time is thereby reduced and overall convenience and utility is enhanced.

An eye 150 is positioned in front of the imager 13 (e. g., about 3.5 inches in front), as shown in Figure 1 osa, and the illuminator 130 is turned on. This, in turn, illuminates the eye 150 and the iris therein. Preferably, the light having wavelengths of about 400 to about 700 nanometers is reflected by the cold mirror 120, thereby forming a magnified virtual

image 115 behind the mirror 120 which the user can see through the eye being imaged. The radius of curvature of the mirror is selected so that the magnified image 115 of the eye substantially fills the user's entire field of view. Hence, when the imager 13 is positioned so that the entire eye 150 is visible, it is virtually assured that the eye 150 will be substantially centered in the object plane 140 of the camera 105. Under these conditions, the light having wavelengths of about 700 to about 900 nanometers is passed by the mirror 120 and forms an approximately centered image 109 of the eye 150 at the image plane 107 of the camera 105.

The image is then captured and processed, as described below.

Although a cold mirror (one which reflects shorter wavelengths and passes longer wavelengths) is described herein, it is understood that a hot mirror (one which reflects longer wavelengths and passes shorter wavelengths) could also be used in accordance with the present invention. Such a configuration is shown in an imager 101 in Figure 1 OB. The eye 150 is illuminated by an illuminator 131 emitting light having wavelengths in the range of about 680 to 900 nanometers. This light is reflected by the eye 150 and the light having wavelengths in the range of about 700 to 900 nanometers is reflected by the hot mirror 121 to be focused by the lens 111 onto the front surface of the camera 106. Light reflected from the eye 150 having shorter (visible) wavelengths in the range of about 400 to 700 nanometers passes through the hot mirror 121 and strikes a concave broadband mirror 122 which reflects light having wavelength from about 400 to 900 nanometers. This light forms a virtual image 115 of the eye 150 behind the concave mirror 122 that the user can see and use to align and focus the device.

Figure 11 is a schematic diagram of an exemplary iris image recognition system that can be used with the present invention. The imager 13 is coupled to a microprocessor 210 that performs the processing and comparison. The microprocessor 210 can reside in a conventional computer 200, such as a standard personal computer (e. g., 100 MHZ, 32 Mbyte DRAM, monitor, keyboard, ports, hard drive, floppy drive, CD-ROM drive), as shown, or within an IrisEngine manufactured by IriScan Inc., Marlton, NJ.

The microprocessor 210 is coupled to the imager 13 via conventional cables and/or printed circuit boards (PCBs) that are connected into slots on the computer such as an ISA slot or a PCI slot. Other conventional means for coupling the imager 13 and the microprocessor 210 can be employed. The microprocessor 210 controls the imager 13 and

runs software held in read only memory (ROM) 205. The processor 210 is connected via a bus 207 to the ROM 205, a random access memory (RAM) 232, another memory such as an erasable programmable ROM (EPROM) 230, and an input/output (I/O) controller 225. The RAM 232 is large enough to hold at least one captured image of an iris. The I/O controller 225 is connected to the appropriate circuitry and drivers (not shown) for issuing commands to control the imager 13.

The imager 13 preferably transmits the images in RS170 format to a frame grabber PCB, such as the PixLink VGX2MB frame grabber PCB, for image processing; or provides the digital images directly to the processing unit 210."On/off'data is transmitted from the imager 13 to the processor 210 to initiate the image acquisition function. A digital image could be provided if a digital camera is used. Preferably, for an analog video camera, data is analog RS 170 from the camera 105 to the frame grabber PCB, or digital from a digital camera to the microprocessor 210, and digital for all other functions.

The image processing consists of a number of image processing steps (such as those described in U. S. Patent No. 5,291,560 and U. S. Patent No. 5,572,596, which are herein incorporated by reference) which lead to extraction of a unique and highly specific digital biometric template that can be used to identify the individual based on intensity patterns within the iris. The biometric template is then compared against other templates or images stored in a memory (such as a RAM or EPROM) 230 within the computer 200. The memory 230 stores selected data representing images of the iris of a plurality of subjects. A match of the biometric template with a template stored in the memory 230 identifies the subject whose iris is being imaged.

As shown in Figure 12, the imager 13 can be linked to the microprocessor 210 via wireless means, such as an RF modem 135 residing within the imager 13 communicating with a companion modem 220 on the microprocessor 210 or elsewhere within in the computer 200. This increases the flexibility of the imager 13 for certain applications where the limited range of motion imposed by a wired connection would limit its usefulness. These might include, for example, certain applications such as medical or corrections facilities where it is not desirable or convenient to bring the individual whose eye is being imaged close to the external computer 200. The modem 135 also can receive instructions from the computer 200,

such as to illuminate the lamp 130, or activate visible and/or audible indicators (described below with respect to Figure 13).

Although an image of the eye is reflected back to the subject in mirror 120, this may not provide the desired feedback to the user to enable the user to properly position the imager so that a suitable iris image is obtained. For example, a user may be a novice in using and positioning the imager 13 with respect to the eye 150, or the user may be attempting to image the eye of another subject with the imager. Thus, preferably, the imager 13 comprises a passive feedback mechanism to guide the user in positioning the eye 150 to an optimum location to allow acquisition of a suitable image.

The passive feedback mechanism is an indicator or combination of indicators that provides, on a near real-time basis, an indication to the user that an adequate iris image has or has not been obtained. Figure 13 is a schematic diagram of an exemplary iris image recognition system that includes position indicators in accordance with the present invention.

Preferably, the indicator is visible and/or audible, such as, for example, an indicator lamp 305 (e. g., a light emitting diode (LED)) that lights when an acceptable image has been captured (i. e.,"image acquired"), and an aural indicator via a speaker 310, such as a beep or other tone, that sounds periodically until an acceptable image has been captured (i. e.,"imaging in progress").

Additional indicators 306,307 can be also be used, either alone or in combination, for such indications as"subject identified-accept"and"subject not identified- reject". These indications would be activated pursuant to the results of the processing and comparison performed at the microprocessor 210, as described above with respect to Figure 11.

The imager 13 also preferably has an on/off switch (not shown), such as a pushbutton, for powering up the imager and initiating the image acquisition process. Power for the imager 13 is preferably supplied by a battery, but can also be supplied externally, such as, for example, from the computer 200 comprising the microprocessor 210. The imager 13 receives and acts on instructions from the processor 210 to perform functions such as lighting or turning off the indicator lamp (s) 305, providing the audible signals via the speaker 310, and lighting the'accept'and'reject'indicators.

It should be noted that the imagers of Figures 11, 12, and 13 can also contain the optional dioptric correction lens 125, described above with respect to Figure 10A.

Because the eye's own focusing system automatically adjusts to bring the virtual image 115 into sharp focus to the user, it cannot be relied upon to always accurately focus the eye image on the camera 105. For this purpose, an external focus assessment system is used in one embodiment, as shown in Figure 14. Video image information from the handheld imaging device 13 is received as an analog video signal which conforms to a standard format such as NTSC or PAL. In these formats video frames are transmitted at a rate of 25 (PAL) or 30 (NTSC) frames per second. The analog image data is transmitted to an analog-to-digital converter 405 and stored in a frame buffer memory 410, such as a RAM similar to RAM 232 described above with respect to Figure 11, and capable of storing one complete frame of digitized video information. A focus assessment processor 420 accesses the digitized image information and applies certain measurement algorithms which are disclosed in a patent application Serial No. 60/109,960 (Attorney Docket No. ICAN-0067), entitled"Video-Rate Focus Assessment", which is incorporated herein by reference. The output of the focus assessment is used to control an indicator, such as the audible indicator 310. As long as the focus assessment processor 420 determines that the captured image is not acceptable for further processing and comparison, the audible indicator 310 is directed to emit periodic sounds to alert the user. Images are repeatedly acquired and assessed until an acceptable one is received. After an acceptable iris image has been received, the audible indicator 310 is turned off and the final image is retained for further processing and comparison, for example, by the microprocessor 210, as described above.

Any known technique for image focusing can be used with the imager, such as those described in U. S. Patent 4,876,608, entitled"Focus and Signal to Noise Measurement Routines in Input Scanners", issued to Eaton, U. S. Patent 5,151,583, entitled"Focus Adjustment Device Having Restricting Means for Restricting a Selecting Action According to the Degree of Nearness of a Distance Measurement", issued to Tokunaga et al., and U. S.

Patent 5,404,163, entitled"In-Focus Detection Method and Method and Apparatus Using the Same for Non Contact Displacement Measurement", issued to Kubo.

A focus score is computed for each video frame (i. e., each captured image).

If the focus score exceeds a predetermined value, then it is determined that the image is

focused enough for further processing and comparison. If the focus score does not exceed the predetermined value, then it is determined that the image is not focused enough for further processing, and an indicator (such as indicator 310, described with respect to Figure 13) is activated and a further image is captured. Alternatively, a sequence of image frames can be obtained that cycle through a range of focus distances strobed at the video frame-rate, and the focus score computed for each frame can enable the selection of the best focused frame within the sequence of frames. For example, by obtaining image frames at each of several different lens settings and then fitting a spline curve to their respective focus scores one can predict the lens position that would deliver substantially the sharpest focus, by setting the derivative of the parameterized spline curve to zero and then solving the equation for position.

The focus assessment can be performed by the microprocessor 210 in the computer 200, or it can be a separate processor element. For example, the focus assessment processor 420 can be disposed within the handheld imager 13, as shown in Figure 15, and not be external to the imager 13, as shown in Figure 14. A benefit of this embodiment is that the selection of a properly focused image can occur within the hand-held device, so that only a single, acceptable image is transmitted to the external processor 210. In the embodiment shown in Figure 14, the focus assessment algorithm is typically performed within a personal computer, so digitized image data is transmitted to the personal computer at video rates.

However, the high data rates associated with transmission of digitized video cannot be supported by some types of computers, particularly notebook-style personal computers. If the focus assessment is performed in the handheld device 13, the single selected video frame can then be transmitted at a lower data rate which is compatible with notebook-style personal computers. This greatly enhances the flexibility and versatility of the handheld imaging device of the present invention.

As shown in Figure 15, the video signal (analog) from the camera 105 is converted to digital format by an analog-to-digital converter 405 and each frame of video is stored in a frame buffer memory 410. The converter 405 and memory 410 are similar to those described above with respect to Figure 14, but are disposed within the handheld imager 13.

Data in the frame buffer 410 is processed by a focus assessment processor 420 which is also contained within the handheld imager 13. The results of the focus assessment control an audible indicator 310 which emits a sound that is discontinued when an acceptable video

frame is acquired. The single video frame that has been determined to be acceptable is transmitted to another processor 210 (typically within a personal computer 200) for further processing and comparison.

It is contemplated that in addition to the focus assessment processor, an auto- focus lens system could be used with the present invention. The results of the focus assessment control the lens system, thereby automatically adjusting focus to produce an optimal image. This would place less of a premium on the accuracy with which the user positions the eye, and would be helpful if the user could not see or hear the indicators described above.

Optionally, the imager of the present invention can be equipped with a display, such as a miniaturized back-illuminated liquid crystal display (LCD) 505. The LCD display 505 is disposed on the side of the imaging system opposite the subject whose eye is being imaged. The video signal generated by the camera 105 is continuously displayed on the LCD display 505 to permit an operator (other than the subject whose eye is being imaged) to control the position of the hand-held imaging device 13 and thereby center the eye's image in the field of view to more easily achieve proper focus, as indicated by the sound emitted by the audible indicator 310. This allows the device to be used on individuals who are unable or unwilling to cooperate in the image acquisition process.

An additional embodiment of the present invention is shown in Figure 16. In Figure 16, an additional processor 605 has been added to the device of Figure 15. The additional processor 605 extracts the iris image data, processes it to produce a biometric template, and encrypts it so that the output of the handheld imager 13 is an encrypted biometric template that can be used by the processor 210 in the computer 200 for comparison.

Encryption can be with any of the known encryption techniques using public and private keys to encipher and decipher the data, respectively. One advantage offered by this embodiment of the invention is that the added functionality required to add the biometric identification technology to a computer system is contained within the handheld imager 13, thereby simplifying installation, support, and service. Secondly, the security of transactions which utilize the biometric template is enhanced because the data is generated and encrypted totally external to the computer 200 and thus is less susceptible to theft, alteration, or interception.

In the embodiment of Figure 16, a wireless modem 635, similar to the modem

135 described above with respect to Figure 12, is shown. The encrypted biometric template from the processor 605 is transmitted via the modem 635 to the computer 200 for further processing and comparison. The modem 635 also receives instructions from the computer 200, such as to activate visible and/or audible indicators.

The system and method of handwritten signature capture for electronic documents and biometric authentication based on iris recognition of the present invention, has significant value in those situations where there are compelling needs for the social and legal acceptability of a handwritten signature and the positive identification provided by iris recognition. Many types of contracts are not enforceable unless a signature or other form of "signed writing"has been affixed to the contract to show understanding and approval of its contents. Some types of documents are signed to indicate that the signatory was actually present, reviewed the document, and assented to the terms and conditions contained therein.

In other situations the social value of a conventional signing ceremony may be even greater than its legal value.

Virtually any type of document that relies on a signature to indicate approval or adoption is rendered ineffective, unenforceable, or meaningless if the signature is fraudulent. Biometric authentication, and in particular that biometric authentication provided by iris recognition, of handwritten signatures on electronic documents provides a virtually unbreakable link between the signature and the individual that produced it. That link can be used in a number of different ways, depending on the particular requirements or traditions of the business or social process for which biometrically authenticated electronic signatures are used.

For example, exemplary applications where the present invention might prove helpful would include: 1. Where an individual believes that his or her (electronic) handwritten signature was forged on a legal document. The individual could prove this by submitting a live IrisCodeTM record and showing that it does not match the biometric record associated with the document signature.

2. Persons wishing to conduct financial transactions electronically could register his or her IrisCodeTm record with their financial

institution, which would store it as part of the personal account information. The validity of a transaction could be checked in real time by transmitting a live IrisCode record to the institution, along with the account information, for comparison to the stored record and verification. A fraudulent transaction could be later repudiated by showing that the IrisCodeTM record submitted with the signature did not match the reference record held by the institution.

3. An authenticated electronic signature collected as part of a multi-step process could be used to verify the identity of the signatory throughout the entire process. For example, a signatory to an insurance application might be required to obtain a medical examination. The authenticated signature collected at the time of the application could be compared with a second one collected at the time of the medical examination to verify that the signatory was the individual actually examined.

These examples illustrate how powerful, flexible and robust the present invention can be.

Note also that in most applications effective fraud reduction can be achieved simply through repudiation of invalid signatures. This can be accomplished without compiling central databases of stored biometric records that might be used improperly to invade individual privacy. By embracing both the cultural value of the handwritten signature and the absolute identity of iris recognition, these technologies can deliver the convenience, reliability, privacy and security of authenticated electronic documents with the legal defensibility and social acceptance of handwritten signatures.

Although illustrated and described herein with reference to certain specific embodiments, it will be understood by those skilled in the art that the invention is not limited to the embodiments specifically disclosed herein. Those skilled in the art also will appreciate that many other variations of the specific embodiments described herein are intended to be within the scope of the invention as defined by the following claims.