Field of the Invention

The invention relates to systems for enabling a user to securely identify a first person to a second person, and methods for enabling a user to securely identify a first person to a second person.

Background to the invention

It is common in both the public sector and commercial service economy for organisations or individuals, as "clients", to request the services of individuals as "contractors", through third parties acting as "agents". Clear examples of this tripartite relationship include employment agencies providing temporary staff for businesses, education authorities providing supply teachers for schools and technology suppliers providing engineers for the maintenance of their customers' equipment.

Typically, clients have security constraints and concerns about contractors coming to their premises. Most businesses have physical assets which they wish to protect from those who might wish to take them, while schools and the like watch out for those who might pose as support staff in order to gain access and subsequently cause harm to children. The client will therefore want to ensure that a contractor is authorised before he can perform his assignment. Commonly, in order for a contractor to be authorised, his identity must be authenticated.

A number of technical prior art systems are known in the field of identity recognition amongst these are: 1) scanning body parts such as finger tips or retina, 2) printing single copy passports with password and holograms etc.; 3) and voice recognition.

Conventional means are often complex and cumbersome. Identification cards can, of course, be faked, and moreover simply cannot be made and supplied quickly enough to cover the situation where a contractor is called to do an emergency job or even for the day to day ad hoc supply of contractors to do an ongoing job.

It is of course possible to send the identification details of a person by post or manually - but again, this is generally too slow for the scenarios outlined above.

A system of fast and effective identity authentiftcation is clearly therefore much desired, not only by the security conscious client, but also by the agent and contractor, who through such a system may engage in all manner of profitable labour. In particular, such a system will be advantageous to the "jobbing workman", who may rely on such short notice jobs as his principal source of income.

There is therefore a clear need for a system and method for allowing the fast transmission of authentification and identification information to both client and agent without the complexity and encumbrances of the scanning systems or the printing and distribution systems.

It is one of the objects of the inventions disclosed to provide a solution to this problem, amongst others.

The Applicant acknowledges the following prior art: US2008/016054A1 (LISKA), GB2417355A (TRINITY MOBILE), GB2449284A (YOURRAIL) and GB2420436A (TRINITY MOBILE). Summary of the invention

In a broad independent aspect, the invention provides a system for enabling a user to securely identify a first person to a second person, comprising;

one or more user interfaces for interfacing with an application, communication means, for communication between said user interfaces and said application, a database storing, in use, signals representative of identity information, means for communication between said database and said application, an application comprising a password generator and a renderer for generating signals which when loaded for display are representative of a ticket, means for communication between said application and ticket delivery means, and ticket delivery means for delivering signals which when loaded for display are representative of a first ticket for display on a first ticket reception device and for delivering signals which when loaded for display are representative of a second ticket for display on a second ticket reception device.

The technical advantages of the broad configuration are at least: 1) improved security by the generation of two independently viewable machine-generated tickets for visual comparison; 2) improved speed of distribution in the field of secure identity recognition; and 3) reduces the use of material such as plastics, electronic chips and paper by solely employing electronic displays in the field of secure identity recognition.

In a subsidiary aspect, said database is configured to store at least one photographic image. This allows speedy distribution of identity without requiring printing. Furthermore, it allows distribution to multiple recipients.

In a further subsidiary aspect, the ticket delivery means are configured to simultaneously deliver the first ticket and the second ticket. In a further subsidiary aspect, the ticket delivery means is configured to employ an MMS gateway to send signals representative of tickets to ticket reception devices. This improves the probability of delivery to a recipient.

In a further subsidiary aspect, said system is configured to generate signals representative of a validity period determined by the user.

In a further subsidiary aspect, said system is configured to generate signals representative of the expiry of said ticket and to prevent access to a ticket subsequent to the expiry.

In a further subsidiary aspect, the system is configured to generate a signal representative of a password.

In a broad independent aspect, the invention provides a method for enabling a user to securely identify a first person to a second person, comprising the steps of;

selecting data from a database storing, in use, signals representative of identity information; generating signals which when loaded for display are representative of a ticket comprising identity information, delivering signals which when loaded for display are representative of a first ticket for display on a first ticket reception device; and delivering signals which when loaded for display are representative of a second ticket for display on a second ticket reception device.

In a subsidiary aspect, the method further comprises the step of storing at least one photographic image.

In a subsidiary aspect, the method further comprises the step of simultaneously delivering the tickets to both the first and second ticket reception devices. In a subsidiary aspect, the method further comprises the steps of employing an MMS gateway to send signals representative of tickets to ticket reception devices.

In a subsidiary aspect, the method further comprises the step of generating signals representative of a validity period determined by the user.

In a subsidiary aspect, the method further comprises the step of preventing access to a ticket subsequent to the expiry.

In a subsidiary aspect, the method further comprises the step of generating a signal representative of a password.

In a broad, independent aspect, the invention comprises a system for enabling a user to securely identify a first person to a second person, comprising one or more user interfaces for interfacing with an application, communication means, for communication between said user interfaces and said application, a database comprising, in use, identity information, means for communication between said database and said application, an application comprising a password generator and a renderer for making tickets, means for communication between said application and ticket delivery means, and ticket delivery means for delivering a first ticket to a first ticket reception device and a second ticket to a second ticket reception device.

The technical advantages of the broad configuration are at least: 1) improved security by the generation of two independently viewable machine-generated tickets for visual comparison; 2) improved speed of distribution in the field of secure identity recognition; and 3) reduces the use of material such as plastics, electronic chips and paper by solely employing electronic displays in the field of secure identity recognition.

The use of mobile internet technology in this way allows contractors to be chosen for clients and authentification data can be sent to clients or their agents in a few moments. This is advantageous for both contractor and client, since it allows jobs to be apportioned and therefore problems to be solved very quickly. Clearly the use of mobile phone technology is particularly useful in the very common scenario where the contractor is a jobbing workman, because said workman is likely to be situated at a place unknown to either agent or client at any given time but is likely to have a mobile telephone, given that the telephone is already a important tool for said jobbing workman.

Further, by giving the authentifϊcation details straight to the parties which require them, time, money and energy is saved. A material manifestation of the authentication details, such as an identification card or a photograph, does not have to be given to contractor or client.

In the case where the client is a big company, the circumventing of the administrative aspects of getting an identification card or the like to an individual, makes this solution all the more desirable.

The system is further advantageous because since there is no requirement of exchange of physical credentials between agent, client and contractor, there is therefore nothing to be stolen or lost in the post, for example.

Clearly also, the system is advantageous because it presents more obstacles to those attackers who may wish to create fake authentifϊcation details. It presents more obstacles to would-be attackers than ID cards, which are easily forged.

This service enables an agent to authenticate a contractor to a client, where clients assign security privileges to contractors according to their identity. In preferred embodiments, it can take the form of an online service that can be used to authenticate the identity of a person requesting authorization under security constraints.

In a subsidiary aspect the identity information comprises at least one photographic image.

The provision of a photographic image to the client allows for the client to use the image to check the identity of the contractor when they come into contact. Alternatively, the supply of an identical image to both the client and the contractor provides the added advantage that the possession of the image itself provides further means for the checking of the identity of the contractor. This could stop a bogus contractor who nonetheless resembled the contractor in the photographic image from being accepted, or conversely may allow for a contractor whose image has changed since the picture was taken to be accepted by the client. The provision of the image therefore increases the flexibility of and the security provided by the system.

In a subsidiary aspect the ticket delivery means begins the delivery of the first ticket and the delivery of the second ticket simultaneously.

Simultaneous delivery allows for the setting up of a relationship between a given contractor and a given client as quickly as possible, which in the case of emergency work is a great advantage.

In a subsidiary aspect at least one user interface to the application is a website and website operation means.

In a subsidiary aspect the website operation means is a mobile telephone.

This is advantageous in that it allows the user to operate the system away from a computer, which further enhances the utility of a system designed to allow for the quick finding of labour and subsequent job allocation.

In a subsidiary aspect, the ticket delivery means is an MMS gateway and the ticket reception devices are mobile telephone handsets.

The use of mobile telephones is advantageous because they are extremely commonly available and are likely to be carried by both contractors and clients or their agents. This still further enhances the utility of a system designed to allow for the quick finding of labour and subsequent job allocation.

In a subsidiary aspect, the system utilises the internet protocol multimedia subsystem. The use of the IMS system has the advantage of allowing for further sophistication in the ticket, since it allows the parties to download applications which they can then run on their telephones and which will subsequently facilitate the display of the ticket. By requiring that an application be run on a given telephone, an extra level of security is also generated.

In a subsidiary aspect, wherein at least one ticket has a validity period determined by the user and wherein at the end of the validity period, the ticket expires.

The incorporation of the validity period further secures the system.

In a subsidiary aspect if a person tries to access a ticket subsequent to the expiration of that ticket, notice is given to the person accessing that ticket that it has expired.

The giving of notice secures the system still further, by discouraging a potential bogus contractor from using the ticket after expiration.

In a subsidiary aspect the ticket further comprises a password.

Because there are two tickets, linked together by a password, it is the case that a ticket which is compromised will not be useful for anything other than that job, since the password is unique and will thus not be correct for any other job.

The invention also comprises a system substantially as described herein with reference to and as illustrated by any appropriate combination of the accompanying drawings.

In a broad independent aspect, the invention comprises a method for enabling a user to securely identify a first person to a second person, comprising the steps of electing data from a database, generating a ticket, adding the selected data to the ticket, sending a first ticket to a first person, and sending a second ticket to a second person thus facilitating the use of the data by the first person to authenticate the identity of the second person when the first person and the second person come into contact.

The method has all of the advantages of the system described above.

In a first subsidiary aspect of the second broad independent aspect the ticket are sent simultaneously.

The invention also comprises a method substantially as described herein with reference to and as illustrated by any appropriate combination of the accompanying drawings.

Brief description of the figures

Figure 1 is a block diagram illustrating the relationships between the data entities in the system.

Figure 2 is a block diagram showing the main steps in the system.

Figure 3 is a block diagram showing the system in detail.

Figure 4 is a front view of the visual presentation of a ticket.

Figure 5 is a block diagram illustrating an example of the deployment of the system.

Figure 6 is a block diagram illustrating a further example of the deployment of the system.

Detailed description of the preferred embodiments

At figure 1, the component data entities in the system indicated generally at 2 are shown. They are the application 12, which facilitates the operation of the system 2 by the user 4. The user 4 will often be an agent seeking to unite a first person 6, who is often a contractor, with a second person 8, who is often a client. These labels - "agent", "client", and "contractor" - will be used subsequently in this specification. The user 4 is able to communicate with the first and second persons 6, 8 via the application 12. The application 12 may be used to generate one or more tickets 26, containing various pieces of information pertaining to the identity and preferences of the second person 8, as well as optionally the identity, skills and preferences of the first person 6 and details relating to the assignment 9. A set of information relating to a particular person or assignment is grouped together as a data record 11. In the embodiment shown, the data record 11 of the second person 8 comprises a name and a mobile telephone number, while the first person's 6 data record 11 comprises a mobile number, a name and a photographic image 40 (not shown), and the assignment 9 data record 11 simply contains a reference number. Other details may be added in all three cases - substantive information relating to the nature of a given assignment as well as to the particular skills and general location of a given contractor, or the preferences and location of a given client will all be helpful. A ticket 26, when assembled, will contain some or all of the above data, as well as, optionally a password 58 and, again optionally, a validity period.

The application 12 uses a database 16 (not shown) to store a plurality of data records 11 (not shown). The agent may attach a photographic image 36 of each contractor 6 that he has verified as a likeness.

The details of client 8, contractor 6 and job/ assignment 9 could be drawn from other existing databases. Because the service does not need to update an external database, an alternative means of database provision would be to write adaptors for external databases where a legible exchange format exists. Alternative embodiments may be to offer a public application program interface, enabling developers to embed the service into their own application.

Figure 2 shows the typical "workflow" of the system 2, i.e. the order in which the system 2 performs tasks. Any actions inside a given column are done by the person after whom the column is labelled. Before the system 2 is entered, a client 8 arranges an assignment 9 or otherwise realises that he needs work to be done. He contacts agent 4 in order that he can get agent 4 to find at least one contractor 6 who will be able to do the assignment or work 9. What the agent 4 then does is to create one or more tickets 26, using a user interface 10 which may be a website 40 and website operation means 42. The website operation means 42 may for example be a mobile telephone or a computer terminal. The interface 10 is then used to interface with the application 12. The agent 4 must then choose client 8, assignment 9 and contractor 6. The agent 4 may then optionally set or determine a validity period for the ticket 26, at the end of which the ticket 26 may expire. Such expiration may take the form of the ticket 26 ceasing to exist or function, or it may take the form of a notice (not shown) appended to the ticket 26 which alerts one or more of the contractor 6, agent 4 or client 8 to the expiration. The ticket 26 may then be sent via ticket delivery means 30, which may be either an MMS gateway or preferably an IMS system. The invention could be adapted to work on any mobile telephone network. In preferred embodiments, the ticket 26 will be sent simultaneously to all intended destinations, although near simultaneous and staggered delivery are both also options. In the illustrated embodiment, a first ticket 32 is sent to a first ticket reception device 34 and a second ticket 36 is sent to a second ticket reception device 38. The contractor 6 can now visit the site of the client 8, where he may have his identity authenticated. This can be done by checking the photographic image 36, the validity period and/or the password 58. The client 8 or his representative may then authorise the activity, which the contractor 6 will be subsequently free to perform.

Figure 3 shows the making of the ticket 26 in more detail. Again, the diagram is divided, this time into two columns, for ease of understanding. The first column shows actions performed by the user 4 and the second column shows actions performed by the application 12.

The user 4 begins by instructing the application 12 to create a new ticket 26. The application 12 creates a new ticket record 100 which it keeps in temporary storage, either on a database 16 (not shown) or via supplementary memory means (also not shown). The user is then presented with a page 102 from which he chooses details to add to the ticket 26. These details comprise details relating to client 8, contractor 6, and assignment 9 records, as shown in Figure 1 and discussed above. The application then looks up the chosen details from its database 16 and adds the chosen details to the ticket record 100. The user chooses the validity period by inputting two timestamps marking the beginning and end of the validity period. The user is presented with a page 103 from which he can choose to revise the pending ticket record 100, or proceed to issuing it 104.

The user 4 instructs the application 12 to issue the ticket 26. The application 12 then invokes its password generator component 106. In a preferred embodiment the operating environment of the application provides a source of random or pseudorandom data. In this embodiment, the password generator 106 encodes a string of random data as alphanumeric characters, producing a string of text, which may include numbers and other symbols and which may be used as a password 58 (not shown). The length of the string; and the algorithms used to generate the source data, and encode it as alphanumeric text, are outside the scope of this invention. The generated password 58 (not shown) is added to the Ticket record 100.

The ticket record 100 is now complete and the application 12 stores it in database 16.

The application next invokes its renderer component 24. The renderer 24 creates an image file 108 containing a visual representation of the ticket record 100, or "ticket image" 112 (not shown). At first the image file 108 is empty. The renderer 24 then locates and loads data constitutive of a background or background image 110. It adds this background image 110 to the image file 108. In preferred embodiments, the renderer 24 uses the reference within the ticket 26 to a given contractor's record to locate a photographic image 39 of the contractor 6. This contractor 6 photographic image 39 is added to the Ticket image 112. Optionally, an image of the client and other images such as maps and directions may be added to the ticket 26. Details from the ticket record 100 are rendered as text and added to the ticket image 112 and image file 108. This can be seen at figure 4 - these details of the ticket image 112 will include the name from the contractor record 114, the reference token from the assignment record 116, the validity period timestamps 118, and the password 58. In embodiments using a photographic image 36, that image 36 will also be present.

The ticket image 112 is encoded for example as bitmap data and returned to the application 12. The application 12 then prepares to deliver the ticket to the client 8 and Contractor 6. It looks up from its database 16, the mobile telephone number associated with the data records 11 of both client and contractor. It then invokes the ticket delivery means 30 - in this example, once to send a first ticket 32 to a first ticket reception device 34, which may be the client's mobile telephone, and once to send a second ticket 36 to a second ticket reception device 38 which may be a contractor's mobile telephone. The application presents means to interface with a separate ticket delivery software. The operation of the ticket delivery 30 will be provided by a third party software component.

An example deployment of the system 2 is to be found at figure 5. Here the agent 4 uses his interface 10 which is a web browser to connect to and communicate with a web server 120. He is able to then interface with an application 14 which comprises a user interface 122, a password generator 22 and a renderer 24. The application 14 is in communication with a database 16, which in this instance takes the form of a database server. A ticket 26 is generated and communicated to ticket delivery means 30, which is this instance comprises an IMS service. Ticket delivery means 30 then delivers a first ticket 32 to a first ticket reception device 34, which comprises a client application, and is held by a contractor 6 and a second ticket 36 to a second ticket reception device 38 which also comprises a client application 124 and is held by a client 8. In preferred embodiments, the client application 124 may be downloaded to the ticket reception device 34, 38 at any time it is needed. The ticket reception devices 34, 38 in the embodiment are mobile telephones, although the system 2 could be made to work with other portable and non-portable devices, such as laptop and desktop computers.

At figure 6, we see a further embodiment of the system. This embodiment differs from the previous embodiments in that the ticket delivery means 30 comprises a Multimedia messaging service interface connected to a multimedia messaging service 126, and the first and second tickets 32, 36 which in this case are MMS messages are sent to ticket reception devices 34, 38 which do not require separate client applications.

Additional data may be added to the ticket 26, for a variety of reasons, including the increasing of security. For example, a token meaningful to both the client 6 and agent 4 may be added to the ticket as a reference to the current assignment 9.

A further example of useful data to be added to the ticket is a representation of dates marking the start and end of the period during which the authentication ticket is valid. This representation may either be connected to or separate from any expiration device built into the ticket.

With regard to the password 58 (not shown), an alternative to the provision of the password 58 (not shown) by a random or pseudorandom number generator would be to take a fixed number of characters from a text representation of an HMAC (hashed message authentication code) of the ticket data elements (for example the contractor's name, the job reference, the validity period and the verified photographic image).

In this alternative embodiment, the ticket password acts as a checksum, or message authentication code for the ticket. Optionally, the client's ticket reception device and the agent's account could both be configured with an identical shared secret, allowing them both to create an identical HMAC of the ticket data, keyed by the shared secret. When the ticket reception device (such as a mobile telephone) receives the ticket it can recreate the HMAC and verify the integrity of the ticket by checking that the password matches the recreated HMAC. The image portion used as an input to the HMAC computation would be the area of the image that remains unmodified by the ticket creation process, for example the upper half of the image representing the contractor's face, but not the image portion designated to contain the subsequently generated password. This embodiment would require that the complete message transmission process does not transform or re- encode the image in a non-reversible way, to ensure the integrity of the inputs to the HMAC computation. The application 12 could be offered as a public application programming interface that would enable developers to embed the service in their own applications.

If a given ticket reception device had public key cryptography features, a digital feature could be attached to the ticket which the ticket reception device could verify, thus advantageously adding another layer of security.

Enhancements such as that above rely on an application installed on the ticket reception device that is able to connect directly to the service using HTTP. IMS would be a way of providing this capability. Such enhancements may also advantageously require elements of the ticket to be delivered separately and without content adaptation by the MMS gateway. The ticket could, for example be sent as SMIL (synchronised multimedia integration language) data. The fragmenting of the delivery in this way may also have security advantages.

Also, digital watermarks could be added to the verified photographic image(s) that is/are used in the ticket(s). This could protect against attempts to fake tickets.

The term "signal" is to be interpreted broadly to include any form of data, electronic transmission, and storage which is machine readable or may be processed to be so.

The terms "means of communication" and "communication means" encompasses any means of carrying a communication signal, and in particular includes transmitters and receivers, as well as wires, cables and the like. It could in some circumstances refer to a signal or signal carrying object.

The term "ticket delivery means" refers in this instance to both MMS and IMS systems, but it is thought that in the future other networks suitable for delivering tickets will become available. It could also refer to cables, wires as well as in some circumstances a ticket or a ticket carrying object.