CROSS-REFERENCE TO RELATED APPLICATION

The present patent application claims priority on United States Provisional Patent Application No. 61/425,473, filed on December 21, 2010, and incorporated herein by reference.

FIELD OF THE APPLICATION

The present application relates to systems and method for the automatic surveillance of individuals at a remote location or in out-of-prison detainment, such as in house arrest or parole instances.

BACKGROUND OF THE ART

In various justice systems, house arrest is a common method of detention. House arrest involves monitoring an individual through actual visit to the home or phone calls to ensure that the house arrest or curfew conditions are being respected. In some instances, the monitoring is done 24/7 by correctional service agents.

Home detention provides an alternative to imprisonment and aims to reduce re-offending while also coping with expanding prison numbers and rising costs. It allows eligible offenders to retain or seek employment, maintain family relationships and responsibilities and attend rehabilitative programs that contribute towards addressing the causes of their offending .

In some countries, house arrest is often enforced through the use of technology products or services. One method is an electronic sensor locked to the offender's ankle (technically called an ankle monitor, sometimes referred to as a tether) . If the subject and the sensor venture too far from the home, the violation is recorded and the proper authorities are summoned. To discourage tampering, many ankle monitors can now detect attempted removal.

In operation, at timed intervals, the ankle monitor sends a radio frequency signal containing location and other information to a receiver. If an offender moves outside of an allowed range, the authorities will be notified. Ankle monitors are designed to be tamper-resistant and can often alert police to tampering attempts.

The most common configuration is a radio- frequency transmitter unit that sends a signal to a fixed-location receiving unit in the offender's residence. The residence unit uses either a land line or a cellular network to relay information to a service center server. If the offender is not at the residence at times stipulated, an alert message is sent to the service center, and then relayed to the supervising probation or parole officer. GPS units are similar in design, but the offender also carries a GPS cell phone unit that receives a signal from the ankle unit, or both functions may be combined into one ankle unit.

However, this type of system can only confirm that the ^A ankle monitor' in inside the allowed range and not necessarily the offender who is supposed to be wearing it. This is why the monitors are designed with tamper-resistant devices.

The monitoring service is often contracted out to private companies, which assign employees to electronically monitor many convicts simultaneously. If the sensors detect a violation, the monitoring service calls the convict's probation officer. The electronic surveillance together with frequent contact with the probation officers, and checks by the security guards all provide for a secure environment. Another method of ensuring house arrest compliance is achieved through the use of automated calling services that require no human contact to check on the offender. Random calls are made to the residence and the respondent's answer is recorded and compared to the offenders' voice pattern. Authorities are notified only if the call is not answered or if the recorded answer does not match the offenders' voice pattern.

Electronic monitoring is considered a highly economical alternative to the cost of imprisoning offenders, especially considering that the convict is often required to pay for the monitoring as part of his or her sentence.

While house arrest can be applied to common criminal cases when prison does not seem an appropriate measure, the term is often applied to the use of house confinement as a measure of repression by authoritarian governments against political dissidents.

The challenge is to design a system that will locate a ^A specific person' within a range. For this it will require to have strong authentication of the offender using an identification capability

SUMMARY OF THE APPLICATION

It is therefore an aim of the present disclosure to provide a biometric authentication system and method that address issues associated with the prior art .

Therefore, in accordance with a first embodiment of the present application, there is provided a biometric authentication apparatus comprising: a biometric reader for capturing biometric data of an individual; a movement sensor unit comprising at least one micro-electromechanical sensor for detecting movement, the movement sensor unit recording movement data from the movement detected by the at least one micro-electromechanical sensor; and an authentication processor for triggering authentication checks of the individual by emitting an authentication demand signal, and for transmitting a status signal related at least to the captured biometric data and the recorded movement data to an authentication server.

In accordance with the first embodiment of the present application, a biometric authenticator determines the authenticity of the captured biometric data with respect to a biometric profile of an individual at the authentication checks.

Still in accordance with the first embodiment of the present application, a biometric profile database stores the biometric profile of the individual.

Still in accordance with the first embodiment of the present application, a media reader obtains the biometric profile of the individual from a medium at the authentication checks.

Still in accordance with the first embodiment of the present application, a media authenticator authenticates the medium when obtaining the biometric profile, the status signal indicating a failed authentication of the medium.

Still in accordance with the first embodiment of the present application, a geographic localization unit provides location data of the apparatus at the authentication checks, the status signal indicating a location of the apparatus.

Still in accordance with the first embodiment of the present application, the biometric reader is a finger vein reader.

Still in accordance with the first embodiment of the present application, the movement sensor unit comprises a time-measuring device for recording a duration of movements detected by the at least one micro-electromechanical sensor. Still in accordance with the first embodiment of the present application, the movement sensor unit identifies when the recorded movement data exceeds a preset threshold, the status signal indicating a faulty movement .

Still in accordance with the first embodiment of the present application, the movement sensor unit comprises at least one of a movement magnitude value and a movement duration value in the preset threshold.

In accordance with a second embodiment of the present disclosure, there is provided a biometric authentication system comprising: at least one of the biometric authentication apparatus; and an authentication server comprising for receiving the status signal from the at least one biometric authentication apparatus, and for outputting authentication monitoring data.

In accordance with the second embodiment of the present application, the authentication server further comprises a driver for driving a demand for authentication check to the biometric authentication station as a function of an individual profile schedule.

Still in accordance with the second embodiment of the present application, the authentication server further comprises a profile authenticator for confirming the data received from the biometric authentication apparatus, and for producing an alert for a wrongful authentication.

Still in accordance with the second embodiment of the present application, a location comparator compares a location of the at least one biometric authentication station to an expected location, and produces an alert for wrongful location.

In accordance with a second embodiment of the present disclosure, there is provided a method for authenticating a presence of an individual at an authentication station comprising: continuously recording movement data using at least one micro- electromechanical sensor in the authentication station; demanding an authentication of an expected individual at the authentication station; capturing biometric data from an individual present at the authentication station; authenticating an identity of the present individual by comparing the captured biometric data to a biometric file of the expected individual; determining from the recorded movement data if the authentication station is at an expected location; and outputting a fault signal if the identity is not of the expected individual and/or if the authentication station is not at the expected location.

In accordance with the third embodiment of the present application, a medium is read to obtain the biometric file at the authentication station prior to authenticating the identity.

Still in accordance with the third embodiment of the present application, the medium is authenticated when read.

Still in accordance with the third embodiment of the present application, location data is produced at the authentication station and comparing the produced location data to the expected location.

BRIEF DESCRIPTION OF THE DRAWINGS

Fig. 1 is a block diagram illustrating a biometric authentication system in accordance with the present disclosure;

Fig. 2 is a block diagram of a biometric authentication station of the biometric authentication system of Fig. 1. ;

Fig. 3 is a block diagram of an authentication server of the biometric authentication system of Fig. 1; and Fig. 4 is a flow chart of a method for authenticating a presence of an individual at an authentication station.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to the drawings and more particularly to Fig. 1, there is generally illustrated at 10 a biometric authentication system. The biometric authentication system 10 (hereinafter the system 10) is used to localize individuals A (e.g., offenders, detainees, dissidents, etc) by authorities B in specific incarceration conditions, such as house arrest, parole, or the like. The system 10 may also be used to localize individuals A in other types of conditions, such as during exam in schooling matters, etc.

As illustrated in Fig. 1, the system 10 has a plurality of biometric authentication stations 12 to which individuals A will report. The biometric authentication stations 12 are also referred to as biometric authentication apparatuses. The system 10 also has an authentication server 14 to manage the authentication statuses provided by the various stations 12. In Fig. 1, four of the biometric authentication stations 12 (hereinafter, the station 12) are illustrated. It is understood that more or less of the stations 12 could be related to the server 14. In an embodiment, a system 10 comprises a high number of stations 12 for a single server or network of servers 14. The authentication server 14 may contact authorities B in special circumstances to be described in detail hereinafter.

Referring to Fig. 2, one of the stations 12 is illustrated in more detail. The station 12 is typically a telephone-like unit that could use a wireless connection like cellular phone or WiFi or could be wired to a telecommunication system, such as the public-switch telephone network (hereinafter PSTN), cable, etc. Any appropriate telecommunication system that can be used to link stations 12 to the server 14 is considered. The station 12 has a station processor 20 comprising a processing unit (e.g., CPU of any appropriate type) to perform various functions via different algorithms, some of which are detailed hereinafter. The processor 20 comprises any appropriate telecommunications component to transmit data to the authentication server 14.

The station 12 receives or generates an authentication demand signal 21 so as to initiate an authentication check (i.e., transaction, step, process) with the individual A. The authentication demand signal 21 is driven by a schedule provided by the authentication server 14 or programmed into the station processor 20 specifically for individual A. When an authentication demand signal 21 is initiated, the individual A is notified that an authentication check must take place, that he/she must report to the station 12. The signaling is typically performed by the station 12 via sound or light (e.g., a bell ring, an alarm, visual cue) .

In answering the demand for an authentication check, the individual A must be biometrically recognized by the station 12. Accordingly, the station 12 has a biometric reader 22 that will capture biometric data related to the individual A.

Any appropriate biometric reader 22 may be used, for the biometric recognition of any selected biometric characteristic of the individual A.

According to one embodiment, the vein pattern presents one acceptable biometric characteristic to be captured for the type of application of the present disclosure .

Vein pattern recognition offers advantages over other biometric techniques, including an ease of feature extraction - Veins provide large, robust, relatively stable and hidden (to the naked eye) biometric features. Infrared absorption patterns are easily compared through the use of near-IR (infrared red) which may be controlled to cause no injurious effects on the human body. Vein pattern recognition also provide spoof resistance - Vein patterns are not easily observed, damaged, obscured or changed. They generally do not exhibit latency properties; and they are quite difficult to replicate. This makes vein patterns highly resistant to spoofing. Moreover, vein-pattern recognition systems commonly digitize and encrypt the data in the templates.

Vein pattern recognition systems are also accurate - Vein patterns have low false acceptance levels (e.g., < 0.0001%) or low false reject levels (e.g., < 0.01%), and failure-to-enroll (FTE) rates less than 0.08% of most populations. Finger vein patterns may be used in some cases to differentiate between identical twins; such claim is currently shared by few biometric characteristics, such as iris and retina recognition modalities. Moisture, precipitation, minor dirt and cuts do not impact the accuracy of vein-pattern recognition systems .

Vein-pattern recognition systems are also environmentally independent - Vein patterns are much less susceptible to many external factors in the way that fingerprinting, facial recognition, or iris scanning can be. For example, indoor lighting has little effect on vein authentication. Some vein-pattern recognition systems can achieve authentication under sunlight as well, rendering authentication possible whether the individual is indoor or outdoor.

Moreover, vein-pattern recognition technology can be privacy enhancing; it is fast (e.g., < 2 seconds), user intuitive regarding the placement of one' s finger, hygienic, and is generally bereft of cultural bias and criminal stigmas . Additionally, automated audio and visual guidance during both enrollment and authentication checks provide helpful feedback.

Two examples of vein-pattern recognition systems that could be used for the application of the present disclosure are provided, for illustrative purposes and shall not exclude other systems. One example is the Hitachi™ FingerVein™. This module is highly accurate, and has a small portable form factor that enables it to be mounted inside a variety of larger devices. The FingerVein™ readers are relatively small and support a template of approximately 500 bytes, small enough to support rapid processing and large enough to support both 1:1 and 1:N matching.

Another example is the Fujitsu™ PalmSecure™. Fujitsu™ provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features authentication accuracy with low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users. PalmSecure™ also allows contactless authentication that is hygienic and non-invasive. An authentication algorithm of the reader may produce a high level of accuracy. In some circumstances, the authentication algorithm of this device has shown a FAR (false accept rate) of 0.00008%, a FRR (false reject rate) of 0.01%, and may comprises a software development kit for developers integrating this technology.

Other technologies may be used as well, using other vein-pattern recognition technologies, or any other recognition technology for other biometric features. Referring to Fig. 2, according to an embodiment, the individual A must carry a medium Al with a personal biometric data. The medium Al is for instance a non-writable smart card that is readable via the media reader 23 of the station 12. Accordingly, the station processor 20 receives both the captured biometric data and the stored biometric profile, respectively from the biometric reader 22 and the media reader 23. The medium Al comprises a biometric profile that is stored thereon when a profile is made for the individual A. For instance, the medium Al is created by authorities when defining the house arrest or the parole detainment conditions of the individual A. Medium Al comprises all security data to confirm that medium Al has not been tampered. For instance, medium Al may comprise an encrypted security code, whereby the media reader 23 will confirm the security code.

One type of smart card and reader technology that can be used is contactless smart cards or tokens using Mifare™ technology. The cards or tokens will have 32k bits of storage to meet the demanding data storage requirements (e.g., ISO 14443A standards) . This contactless smart card operates on a 13.56 MHz frequency and also utilizes high-security encrypted data which is mutually authenticated in communication between the card and reader, providing an almost infinite number (many trillions) of unique badge ID codes. With the contactless smart or token using Mifare™ technology, there is very little wear and tear ensuring longer life. These credentials also have a passive design which requires no batteries or maintenance for the life of the card .

Referring to Fig. 2, the captured biometric data and the stored biometric profile, as respectively read by the biometric reader 22 and the media reader 23, are directed to a biometric authenticator 24. The biometric authenticator 24 is provided to determine whether the captured biometric data and the stored biometric profile match one another and thus are for the targeted individual A. Accordingly, the authentication status will confirm whether the individual A is the targeted individual that is expected to check in at the authentication station 12. As an alternative to the authenticator 24, the captured biometric data may be directed to the server 14 where the authentication will be performed.

The station 12 may also comprise a geographic localization unit 25. The geographic localization unit 25 provides location data to the station processor 20 to indicate where the station 12 is geographically located. According to one embodiment, the localization unit 25 is a GPS unit providing location data via the use of satellites. The GPS unit advantageously provides worldwide coverage.

Yet in another embodiment, the localization unit 25 may be the caller identification of a PSTN number or the like that will indicate to the authentication server 14 the number of the land line used by the station 12 to provide the authentication status .

Caller identification is provided via a telephone service, available in analog and digital phone systems and in some Voice over Internet Protocol applications. Caller identification transmits a caller's number to the called party's telephone equipment during the ringing signal, or when the call is being set up but before the call is answered. Where available, caller ID can also provide a name associated with the calling telephone number. The information made available to the called party may be displayed on a telephone's display or on a separately attached device. The station 12 may also carry a secondary localization step which will be embedded in the station 12. As an example, of caller identification is used as a primary localization step, the station 12 may carry an embedded GPS which will operate on the battery system. The last GPS coordinates would be transmitted with every transmission of the station 12. This way, it will be possible to confirm that the coordinates correspond to the offender' s residence the first time the station 12 is put into service and also ensure that there are no changes in GPS coordinates during the whole period of house arrest.

The station 12 may also comprise a media authenticator 26 to confirm the identity of the medium Al . The expected medium code may be stored beforehand in a database 27 of the station 12 or sent by the authentication server 14.

Accordingly, by way of the biometric authenticator 24 and the media authenticator 26, the station processor 20 may indicate the authentication status to the authentication server 14. The authentication status confirms whether the individual A that has checked in the station 12 is the targeted individual of the medium Al, after the comparison of the captured biometric data and the stored biometric profile. Moreover, the station processor 20 may indicate via the authentication status whether the medium Al is the expected medium.

In some circumstances, the individual A may always check in to the same station 12. In such a case, it is possible to program a biometric profile for the targeted individual A in the biometric database 27. Therefore, in such a case, the media reader 23 is not required in that the database 27 provides the biometric profile that will be compared to captured biometric data by the biometric authenticator 24. On the other hand, the use of the medium Al with media reader 23 and optionally with the media authenticator 26 is well suited for instances in which many individuals A must be authenticated at a same station 12. As yet another alternative, the server 14 may send a biometric profile to the stations 12 with each authentication demand.

In another embodiment, a movement sensor unit 28 is provided inside the station 12 to record the movement history of the station 12. The movement sensor unit 28 comprises a movement sensor (s) which may be various any single micro-electromechanical sensor or arrangements of micro-electromechanical sensors (such as various types of gyroscopes, accelerometers or the like) with a time-measuring or timing device or an internal clock. The movement sensor unit 28 therefore records and provides movement data (e.g., movement history) of the station 12 to the station processor 20. The movement history may be reset at each authentication check, or may over a period of time. The movement history may comprise magnitude values, the measured time during which movements are detected, etc. Moreover, the movement sensor unit 28 may perform some form of processing to determine whether the values of the movement history exceed some preset threshold (s) . For instance, the preset thresholds may be one or more of measured time, total magnitude of movements, average magnitude of movement over time, etc. Accordingly, data from the station 12 pertaining to the movement history or an indication that the movement criteria have exceeded thresholds may be directed to the authentication server 14 to indicate any abnormal movement of the station 12. For instance, detection of a two-hour period of movement beyond a given magnitude may indicate that the station 12 was displaced geographically, whereby the individual may not be respecting the conditions of house arrest or parole. The movement sensor 28 may be provided in addition to or as an alternative to the geographic localization unit 25. The detection of abnormal movement may cause the station 12 to request an intervention by authorities, or to send an alarm signal to the server 14.

Referring now to Fig. 3, the authentication server 14 is shown in greater detail. The server 14 typically has a server processor 40 as generally illustrated, but the server processor 40 may consist of the processing units of multiple servers to provide suitable computational capacity to manage the network of stations 12. However, for simplicity purposes, the authentication server 14 is illustrated as having the server processor 40.

A station driver 41 comprises data related to authentication demands for the various individuals A and thus for assigned stations 12. The station driver 41 may be programmed with the profiles from authorities via the authority network. Accordingly, the station driver 41 will direct an authentication demand to any specific station 12, as scheduled. The station driver 41 may also manage no-response actions: if the authentication demand signal 21 is not answered by the individual in question, the station driver 41 will repeat the demand according to specific parameters in terms of lapsed time and repetitions to provide the individual A with an opportunity to respond. In the absence of a response after the retry parameters have been respected, the station driver 41 may direct a fault signal to authorities to indicate a non-responsive authentication demand signal.

A profile authenticator 42 is also part of the server 14 and is used to approve the data received from the stations 12, and determine whether it was the targeted individual A that checked in at the predetermined station 12. To perform this function, the profile authenticator 42 may access information from the biometric authentication server (B.A.S.) file database 43, in which is stored the identifications of the stations 12 along with the targeted individuals related to each station. If the information received by the profile authenticator 42 does not match the expected data, the profile authenticator 42 may direct a fault signal to the authorities to indicate that the individual that has checked in is the wrong individual, or is at an unexpected station 12.

Moreover, the profile authenticator 42 may perform the biometric authentication centrally. In such a case, the captured biometric data from the biometric reader 22 (Fig. 2) is transferred to the server 14 for centralized authentication. Thus, the profile authenticator 42 receives the captured biometric data and matches the data with a database of biometric profiles, or seeks a corresponding profile using the location data, or any identification data available (e.g., code of a token or smart card entered at the station 12 and accompanying the captured biometric data) .

A location comparator 44 is also provided to verify that the location of the station 12 is within an acceptable perimeter. The location comparator 44 receives data from the database 43 in which geographic information is stored for each of the stations 12. As mentioned previously, the geographic information may be in the form of a PSTN number, global positioning data, cellular network data or the like. The location comparator 44 determines whether the actual location as received from the station 12 falls within the acceptable perimeter. If the location provided by the station 12 is outside of the perimeter, authorities may be contacted by a signal driven by the location comparator 44. The location comparator 44 may also review the movement history from the movement sensor unit 28 (Fig. 2) to determine whether measure movement values exceed predetermined thresholds .

The biometric authentication system 10 and its method of use are similar to the ankle monitor systems. The system 10 and method add the capability to authenticate that the actual person is in the allowed range. At random or programmed timed intervals, the station 12 will be triggered to have the individual A authenticate him/herself and a communication through a land line or a cellular network will relay positive or negative information to the authentication server 14. If the offender is not at the expected location at the stipulated time or if the individual is not the targeted individual, an authentication status will comprise this information, whereby a fault signal may be relayed to the supervising probation or parole officer. The presence of a movement sensor unit 28 in the station 12 solves the problem of GPS signals being exposed to interferences and being blocked temporarily, therefore impacting the localization functions of the geographic localization unit 25.

The customizable functions of the station 12 may be programmed from the server 14. The main server 14 will also receive all required information from the public safety organization server such as name, expected location, phone number, level of criticality of the offender and requested verification frequency. The server 14 will either receive the schedule for on-demand authentication from the public safety organization or will automatically generate the schedule depending on criticality of the offender and type of house arrest rules .

On a regular basis, each station 12 will communicate with the server 14 and send a health check (which may comprise localization information and movement history) . If a health check is not received as expected, an alert message may be relayed to the supervising probation or parole officer.

In an embodiment, the station 12 is a self- contained, ruggedized unit. Similarly to a phone, the station 12 may have one or two connectors depending on the connection type used. If the used connection is not wireless, one connector is needed for the phone line and another for the main power (110-115 Vac) . If a wireless connection is used, only the main power connector may be needed. It will also contain a battery which is sized to ensure an autonomous operation without main power (e.g., 8 hours) .

The station 12 may also have LED lights of different colours to provide initiation sequence and success or failure of authentication feedback. A LED light will be used to invite the offender to retry if the first authentication was not successful. A loudspeaker will provide request for authentication ringing sound (like a phone) with volume control. As another embodiment, the station 12 may have a digital display indicating the name of the individual A that must be authenticated, with other information (e.g., the finger that must be authenticated) . The station 12 may therefore be used in an environment with more than one individual A.

The offender may be required to enroll more than one biometric feature, such as the finger vein template for two fingers. For instance, the offender may be requested to enroll one finger from each hand to ensure that the authentication can be done even if one finger is not ^A usable' . The enrollment will be done at the public security office and biographic information entered in the server database through a dedicated user interface. A photograph of the individual A will be taken to be kept in the database and be used on the medium Al . It is not necessary to have a picture on the card. In fact, a token can be used without any specific information. When the medium Al is a smart card, it may be printed with the proper personalization, i.e., personal information on the surface of the card (front and back) , and stored biometric data on the smart card chip. Depending of the type of offender and restrictions, different card design can be used. If a token id used instead, only the reference number will be kept in the database. The smart card or token will then be activated and verified for proper operation on the public-security installed station 12.

Once the medium Al and the dedicated and configured station 12 are ready to be issued, all reference information is entered in the database 43 of the server 14, as well as an issue date and expected return date. All necessary instructions are provided for connection as well as rules and regulations .

When the offender has reached his detention location, he/she will connect the station 12 to the main power and, depending on the connection type, could need to connect the station 12 to the phone line. The station 12 may be programmed to identify itself automatically and a localization step is performed. In an embodiment, both the caller identification and the last available GPS coordinates will be used to ensure proper location. The server 14 will then download the timed authentication schedule dedicated to the offender and a first authentication will be required for verification of operation.

Therefore, referring to Fig.4, a method for authenticating a presence of an individual at an authentication station 12 is generally shown as 50.

According to 51, movement data is continuously recorded using the least one micro-electromechanical sensor in the authentication station 12. According to 52, an authentication of an expected individual at the authentication station 12 is demanded. According to 53, biometric data is captured from an individual present at the authentication station 12. According to 54, an identity of the present individual authenticated by comparing the captured biometric data to a biometric file of the expected individual. According to 55, it is determined from the recorded movement data if the authentication station is at an expected location. According to 56, a fault signal is outputted if the identity is not of the expected individual and/or if the authentication station is not at the expected location. These steps may be performed in any appropriate order, and intervening steps may be performed as well in accordance with the operation of the authentication system 10 described above.