Background Art The following discussion of the background of the invention is intended to facilitate an understanding of the invention. However, it should be appreciated that the discussion is not an acknowledgement or admission that any of the material referred to was published, known or part of the common general knowledge of the person skilled in the art in any jurisdiction as at the priority date of the application.

Many installations secure access to restricted areas through the use of magnetic keys, magnetic cards, Personal Identification Numbers ("PINs") entered into a keypad and other like arrangements.

However, the use of a card or key does not provide any guarantee that the person using the card or key to request access is the person who was originally assigned the card or key. The access system simply grants access to whoever possesses the card or key. Similarly, the use of a PIN cannot guarantee positive identification-a PIN can be misappropriated, for example, a PIN may be observed while it is being entered.

Accordingly it is an object of the present invention to provide an access control system in which the possibility that the person being granted access is not authorised to be given such access is reduced in comparison to the systems described above.

Disclosure of the Invention Throughout the specification, unless the context requires otherwise, the word "comprise"or variations such as"comprises"or"comprising", will be understood to imply the inclusion of a stated integer or group of integers but not the exclusion of any other integer or group of integers.

In accordance with a first aspect of the invention there is a biometric identity verification system comprising: processing means; user identification means for obtaining user identification information; at least one biometric reader units; and a biometric database, each record in the biometric database containing reference biometric readings of a type able to be taken by the at least one biometric reader units and user identification information. wherein the user identification means obtains user identification information and forwards the user identification information to the processing means, the processing means then operating to compare the user identification information obtained against the user identification information stored in each record of the biometric database until a matching record having the same identification information contained therein is found, and wherein the processing means controls the plurality of biometric reader units to take biometric readings of the user and compare each biometric reading taken against its corresponding reference biometric reading contained in the matching record and, if each comparison falls within a set predetermined confidence level, as determined for the type of biometric reading being compared, the user's identity is verified.

Preferably, the user identification means is a card reader operable to read user identification information from a card possessed by the user. More preferably, the card reader is a contactless card reader and the card is a contactless card.

Alternatively, the user identification means is a keypad or touch screen and the identification information is a personal identification number or password.

In yet a further alternative, the user identification means is an identifying biometric reader unit and the user identification information is a biometric reading of a type able to be taken by the identifying biometric reader unit.

Preferably, the user identification means is a finger print reader means for obtaining a digital image of at least one finger of the user and the at least one biometric reader unit is a camera means for obtaining a digital image of the face of the user. Alternatively, the user identification means is a camera means for obtaining a digital image of the face of the user and the at least one biometric reader unit is a finger print reader means for obtaining a digital image of at least one finger of the user.

In an ideal arrangement, the at least one biometric reader units includes camera means for obtaining a digital image of the face of the user and finger print reader means for obtaining a digital image of at least one finger of the user.

Preferably, the at least one biometric reader unit also includes at least one of the following : means for imaging the retina of a user; means for imaging the body of a user or a part thereof; a microphone for taking a voice print from the user; weight scales for taking a reading of the weight of the user; and/or a height sensor for taking a reading of the height of the user.

Preferably, each record in the biometric database contains height information. in respect of the user and the camera means includes camera adjustment means for adjusting the position of the camera such that the focus field of the camera means includes the face of the user as determined by the height information stored in their matching record. Alternatively, the system may comprises a height sensor for determining height information in respect of the user and wherein the camera means includes camera adjustment means for adjusting the position of the camera such that the focus field of the camera means includes the face of the user as determined by the height information stored in their matching record.

Preferably, each record in the biometric database stores the digital image of the face of the user and the digital image of the at least one finger of the user as a mathematical encode array and the camera means and finger print means are adapted to convert the digital image of the face of the user and the digital image of the at least one finger of the user, respectively, into a mathematical encode array for comparison purposes. Ideally, each record in the biometric database includes reference images of at least two fingers of the user, at least one of the at least two fingers being designated a duress finger, such that when a user's identity is verified at least in part on the basis of a comparison between a biometric reading of the duress finger, an alarm is raised by an alarm means. It is preferable that the alarm means provides no indication to the user that an alarm has been raised.

Preferably, the camera means includes adjustable illumination means for adjusting the level of illumination of the face of the user. In its most preferred state, the illumination means are white LEDs. It is further advantageous if the illumination means are capable of being adjusted to equal a setting recorded in the matching record.

Preferably, audible or visual prompts to the user regarding the biometric reading to be taken prior to taking the biometric readings.

Preferably, the biometric identity verification system includes verification outcome means for communicating to the user the outcome of the identity verification

process. The verification outcome means may include a red illumination means, illuminated when the user's identity can not be verified, and a green illumination means, illuminated when the user's identity can be verified. Verification outcome means may also includes at least one of the following for communicating the outcome of the identity verification process to the user: audio means; and/or video display means.

Preferably, the biometric identity verification system also includes intercom means for allowing the user to communicate with a system administrator.

Preferably, the biometric identity verification system includes an external interface connector, the external interface connector being adapted to establish an interface with a mobile computer and thereby allow the mobile computer to control the biometric identity verification system and/or modify records stored in the biometric database.

Preferably, the biometric identity verification system further includes storage means for storing log files. The log files that can be stored may include at least one of the following: an exception log file; and/or authorisation log file. The storage means may be remotely located in comparison to the processing means and biometric reader units.

Preferably, the biometric database is remotely located in comparison to the processing means and biometric reader units, communication between the processing means and biometric database being conducted via a communications network. Ideally, the communications between the processing means and biometric database are encrypted.

More preferably, the biometric identity verification system also includes a localised biometric database located proximate to the processing means and biometric reader units, the localised biometric database containing identical records to the biometric database in respect of at least one key user, the processing means being operable to compare biometric readings against records stored in the localised biometric database in the case of failure of the communications network.

The camera means may include an analogue camera and digitising means for converting a photograph taken by the analogue camera into a digital image.

In accordance with a second aspect of the invention there is a biometric identity verification system comprising processing means; a card reader; and at least one biometric reader units; wherein the card reader reads reference biometric readings of a type able to be taken by the at least one biometric reader unit from a card possessed by the user and forwards the reference biometric readings to the processing means, and wherein the processing means thereafter controls the plurality of biometric reader units to take biometric readings of the user and compare each biometric reading taken against its corresponding reference biometric reading and, if each comparison falls with a set predetermined confidence level, as determined for the type of biometric reading being compared, the user's identity is verified.

Preferably, the card reader is a contactless card reader and the card is a contactless card. Preferably, the at least one biometric reader units includes camera means for obtaining a digital image of the face of the user and finger print reader means for obtaining a digital image of at least one finger of the user.

Preferably, the at least one biometric reader unit also includes at least one of the following : means for imaging the retina of a user; means for imaging the body of a user or a part thereof; a microphone for taking a voice print of the user;

weight scales for taking a reading of the weight of the user; and/or a height sensor for taking a reading of the height of the user.

Preferably, each record in the biometric database contains height information in respect of the user and the camera means includes camera adjustment means for adjusting the position of the camera such that the focus field of the camera means includes the face of the user as determined by the height information stored in their matching record. Alternatively, the biometric identity verification system includes a height sensor for determining height information in respect of the user and wherein the camera means includes camera adjustment means for adjusting the position of the camera such that the focus field of the camera means includes the face of the user as determined by the height information stored in their matching record.

Preferably, the card stores the digital image of the face of the user and the digital image of the at least one finger of the user as a mathematical encode array and the camera means and finger print means are adapted to convert the digital image of the face of the user and the digital image of the at least one finger of the user, respectively, into a mathematical encode array for comparison purposes. Ideally, the card includes reference images of at least two fingers of the user, at least one of the at least two fingers being designated a duress finger, such that when a user's identity is verified at least in part on the basis of a comparison between a biometric reading of the duress finger, an alarm is raised by an alarm means. It is preferable that the alarm means provides no indication to the user that an alarm has been raised.

Preferably, the camera means includes adjustable illumination means for adjusting the level of illumination of the face of the user. Even more preferably, the illumination means are white LEDs. Ideally, the illumination means is able to be adjusted to equal a setting recorded on the card.

Preferably, the processing means provides audible or visual prompts to the user regarding the biometric reading to be taken prior to taking the biometric readings.

Preferably, the biometric identity verification system further includes verification outcome means for communicating to the user the outcome of the identity verification process. More preferably, the verification outcome means includes a red illumination means, illuminated when the user's identity can not be verified, and a green illumination means, illuminated when the user's identity can be verified. The biometric identity verification system may also include at least one of the following for communicating the outcome of the identity verification process to the user: audio means; and/or video display means.

The biometric identity verification system may include intercom means for allowing the user to communicate with a system administrator.

Preferably, the biometric identity verification system includes card writer means for recording details of the biometric identity verification system on the card when the user requested identity verification.

The camera means may include an analogue camera and digitising means for converting a photograph taken by the analogue camera into a digital image.

In accordance with a third aspect of the invention there is a method of verifying the identity of a user comprising: reading user identification information from a user identification means; comparing the user identification information against user identification information stored in each record of a biometric database until a matching record having the same identification information contained therein is found; controlling a plurality of biometric reader units to take biometric readings of the user; comparing each biometric reading taken against a reference biometric reading of corresponding type contained in the matching record; and

verifying the user's identity if each comparison falls within a set predetermined confidence level, as determined for the type of biometric reading being compared.

Preferably, the step of reading user identification information includes the additional step of swiping a card through a user identification means in the form of a card reader. Alternatively, the step of reading user identification information includes the additional step of entering a personal identification number of password via a. user identification means in the form of a keypad or touch screen.

In yet a further alternative, the step of reading user identification information includes the additional step of taking a biometric reading of the user by a user identification means in the form of an identifying biometric reader unit.

Preferably, the step of controlling a plurality of biometric reader units to take biometric readings of the user comprises the substeps of controlling a camera means to obtain a digital image of the face of the user and controlling a finger print reader means to obtain a digital image of at least one finger of the user.

Preferably, the method includes the additional steps of: retrieving height information in respect of the user from the matching record; and adjusting the position of the camera means such that the focus field of the camera means includes the face of the user as determined by the height information.

Alternatively, the method includes the steps of: retrieving height information in respect of the user from a height sensor; and

adjusting the position of the camera means such that the focus field of the camera means includes the face of the user as determined by the height information.

Preferably, the method includes the steps of: determining whether the user has sought verification at least in part on the basis of a duress finger; and if so, raising an alarm Preferably, the method includes the step of illuminating the face of the user prior to obtaining a digital image of the face of the user. Ideally, the method includes the step of maintaining the illumination of the face of the user at a level equal to that recorded in the matching record.

Preferably, the method includes the step of communicating the outcome of the identity verification process to the user.

Preferably, the method includes the step of establishing communication with a system administrator upon the user activating intercom means.

Preferably, the method includes the steps of: establishing a connection with a mobile computer; and allowing the mobile computer to control the identity verification process and/or modify records stored in the biometric database.

Preferably, the method includes the step of recording prescribed details to an exception log file upon an unsuccessful outcome of the identity verification process. Ideally, the method also includes the step of recording prescribed details to an authorisation log file upon a successful outcome of the identity verification process.

Preferably, the method includes the step of comparing biometric readings against records stored in a localised biometric database when access to a remotely located biometric database is not possible.

In accordance with a fourth aspect of the invention there is a method of verifying the identity of a user comprising: reading reference biometric readings from a card possessed by the user; controlling a plurality of biometric reader units to take biometric readings of the user; comparing each biometric reading taken against the reference biometric reading of corresponding type; and verifying the user's identity if each comparison falls within a set predetermined confidence level, as determined for the type of biometric reading being compared.

Preferably, the step of controlling a plurality of biometric reader units to take biometric readings of the user comprises the substeps of controlling a camera means to obtain a digital image of the face of the user and controlling a finger print reader means to obtain a digital image of at least one finger of the user.

Preferably, the method includes the steps of: retrieving height information in respect of the user from the card; and adjusting the position of the camera means such that the focus field of the camera means includes the face of the user as determined by the height information.

Preferable, the method includes the steps of:

retrieving height information in respect of the user from a height sensor; and adjusting the position of the camera means such that the focus field of the camera means includes the face of the user as determined by the height information.

Preferably, the method includes the steps of: determining whether the user has sought verification at least in part on the basis of a duress finger; and if so, raising an alarm Preferably, the method includes the step of illuminating the face of the user prior to obtaining a digital image of the face of the user. Ideally, the method includes the step of maintaining the illumination of the face of the user at a level equal to that recorded on the card.

Preferably, the method includes the step of communicating the outcome of the identity verification process to the user.

Preferably, the method includes the step of establishing communication with a system administrator upon the user activating intercom means.

Preferably, the method includes the step of recording prescribed details regarding the biometric identity verification system accessed to the card.

In accordance with a fifth aspect of the invention there is provided a biometric access control system comprising: a biometric identity verification system according to either the first or second aspect of the invention; an access point; and

a control unit operable to control access beyond the access point, where, upon successful verification of a user's identity by the biometric identity verification system the biometric identity verification system communicates with the control unit to switch to a state where by the user can access beyond the access point.

Preferably, the access point is a door and the control unit is external door control unit. Ideally, the control unit is positioned on the opposite side of the access point to the biometric identity verification system.

Preferably, communication between the biometric identity verification system and the control unit is encrypted.

In accordance with a sixth embodiment of the invention there is provided a biometric access control system comprising : a biometric identity verification system according to either the first or second aspect of the invention; an access point an existing access control system operable to control access beyond the access point, where, the biometric identity verification system is adapted to control the existing access control system to receive information relating to a user from the existing access control system and block the existing access control system from further processing of the information until such time as the user's identity has been verified by the biometric identity verification system, the existing access control system thereafter being operable to allow access beyond the access point.

In accordance with a seventh embodiment of the invention there is provided a biometric access control system comprising:

a biometric identity verification system according to either the first or second aspect of the invention; an access point; an existing access control system operable to control access beyond the access point, where, the biometric identity verification system is adapted to control the existing access control system to simultaneously receive information relating to a user from the existing access control system, the existing access control system thereafter operable to allow access beyond the access control point on successful verification of the identity of the user by the biometric identity verification system and successful verification by itself.

Preferably, the access point is a door and the existing access control system is one of the following: a card reader; a contactless card reader; a keypad; or a touch screen, access being granted by the existing access control system on production of a card, entry of a personal identification number or password, as appropriate.

Preferably, communication between the biometric identity verification system and the existing access control system is encrypted.

In accordance with an eight aspect of the invention there is provided a biometric identity verification system comprising: processing means; user identification means for obtaining user identification information; at least one biometric reader units; and a biometric database each record in the biometric database containing a fused biometric reading and user identification information,

wherein the user identification means obtains used identification information and forwards the user identification information to the processing means, the processing means then operating to compare the user identification information obtained against the user identification information stored in each record of the biometric database until a matching record having the same identification information contained therein is found, and wherein the processing means controls the plurality of biometric reader units to take biometric readings of the suer and process such readings to form a fused biometric reading, the processing means then being operable to compare the fused biometric reading with the fused biometric reading contained in the matching record and, if the comparison falls within a predetermined confidence level, thereafter verifying the user's identity.

Preferably, the processing means reduces each biometric readings to a format capable of processing by a mathematical algorithm, the processing means then executing the mathematical algorithm using the biometric readings in this format as inputs to produce the fused biometric reading as an output.

In accordance with a ninth aspect of the invention there is provided a biometric identity verification system comprising processing means; a card reader; and at least one biometric reader units, wherein the card reader reads a reference fused biometric reading from a card possessed by the user and forwards the fused biometric reading to the processing means; and wherein the processing means thereafter controls the plurality of biometric reader units to take biometric readings of the user and form a fused biometric reading therefrom, the processing means then comparing the fused biometric reading with the referenced fused biometric reading and, if the comparison falls with a predetermined confidence level, verifying the user's identity.

Preferably, the processing means reduces each biometric readings to a format capable of processing by a mathematical algorithm, the processing means then executing the mathematical algorithm using the biometric readings in this format as inputs to produce the fused biometric reading as an output.

Brief Description of the Drawings A preferred embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which: Figure 1 is an isometric view of a first embodiment of a biometric identity verification system.

Figure 2 is a schematic view of a biometric access control system incorporating the biometric identity verification system shown in Figure 1.

Figure 3 is a flowchart showing the base steps of a second embodiment of a biometric identity verification system.

Best Mode (s) for Carrying Out the Invention In accordance with a first embodiment of the invention, there is an biometric identity verification system 10 arranged to operate in a stand-alone distributed system configuration. The biometric identity verification system 10 comprises a housing containing: a card reader 12; e a memory 14; zea minicomputer 16; zea camera adjustment means 18; e a camera 20;

a a speaker 22; * a finger print reader 26; and * a microphone 34.

Housing also has a front panel 11. Located on the front panel 11 are the card reader 12, camera adjustment means 18, speaker 22, white LEDs 24, finger print reader 26, green LED 28, red LED 30, tactile button 32 and microphone 34.

Camera 20 is retained in and supported by camera adjustment means 18.

White LEDs 24 are high intensity illumination LEDs. Camera 20 is a digital CCD colour camera.

Card reader 12 is in data communication with memory 14. Memory 14 is also in data communication with minicomputer 16. Minicomputer 16 is in data and control communication with camera adjustment means 18, camera 20, speaker 22, white LEDs 24, finger print reader 26, green LED 28, red LED 30, tactile button 32 and microphone 34.

Biometric identity verification system 10 is connected to consoles in a central monitoring area via a TCP/IP network.

In this embodiment, card reader 12 is a smart card reader. The card reader 12 may be of the contact or contactless variety as suits the smart cards with which it is to interact.

The biometric identity verification system 10 of this, the first embodiment, will now be described in the context of its use.

A user (not shown) proceeds to an administration workstation. The administration workstation has a plurality of biometric reader units and a card printer and/or writer. The plurality of biometric reader units each record a separate biometric identifier such as facial image; body image; eye scan; voice print; finger print,

height and weight. The administration workstation is controlled by an administrator.

When the user arrives at the administration workstation, the administrator commences a registration process. In doing so, the administrator first enters details that will be used later to identify the smart card given to the user. Once the smart card details are entered, the administrator guides the user through a series of biometric scans. Ideally, these biometric scans include at least the following: at least one scan of the user's face to obtain facial information; e a scan of the user's height to determine height information; and e at least one scan of at least one of the user's finger print to obtain finger print information.

The facial, height and finger print information are then recorded as numerical values. In the case of the facial and finger print information this involves reducing a digital image of the face or finger print, as appropriate, to a mathematical encode array.

It is preferable that the system obtain multiple facial images to improve the recognition matching and at least five such images is recommended. Similarly, it is preferable that multiple finger print images be obtained to improve recognition matching. In respect of finger print images, it is also preferable that a minimum of two of the user's fingers be imaged. There are two reasons for imaging at least two of the user's fingers, namely : one of the imaged fingers can be designated a duress identifying finger. Thus, if the user is under duress during the identifying process, the user can use their duress identifying finger to initiate a silent alarm or other security procedure as may be appropriate in the circumstances.

If the user damages one of their imaged fingers in some manner, the alternative imaged finger can still be used for identification purposes without the need to redo the registration process.

Once the information obtained from the scans is verified by the administrator, the administrator proceeds to create a smart card embodying the information (including the card identification details) using the card printer and/or writer. The smart card may include further information such as the: e name of the user; e access privileges; and e level of light intensity needed to appropriately illuminate the user's face. This is particularly important in the case of darker skin people where a high light intensity level may be required.

The user is then provided with the newly-created smart card. For the purposes of the present example, the smart card is a contact smart card.

When the user needs to verify their identity they proceed to the biometric identity verification system 10 and align themselves such that they face the front panel 11 at a predetermined distance therefrom. The user then swipes their contact smart card through card reader 12. The card reader 12 operates to read the information contained on the contact smart card and store it in a memory 14.

Minicomputer 16 then retrieves the height information from memory 14 and analyses that information. Based on that analysis, minicomputer 16 operates to control camera adjustment means 18 to rotate camera 20 about its vertical axis such that the focus field of the camera 20 includes the face of the user at the predetermined distance (provided also that the user is standing up straight and is facing the front panel). The speaker 22 is then activated by minicomputer 16 to provide a voice prompt to the user to lool< into the camera 20.

Minicomputer 16 then operates to turn on the white LEDs 24. If the information stored in memory 14 records a specific level of light intensity needed to properly illuminate the user's face, minicomputer 16 operates to adjust the intensity of white LEDs 24 until the specific light intensity level is reached. Camera 20 then operates to take at least one digital image of the user's face. Once the at least one digital image has been taken, minicomputer 16 operates to turn off the white LEDs 24.

The digital image is then encoded by the minicomputer 16 into a mathematical encode array and compared to the facial information stored in memory 14. This comparison produces a first match confidence value.

Minicomputer 16 thereafter activates the speaker 22 to provide a voice prompt to the user to place their finger on the finger print reader 26. The finger print reader 26 then operates to take at least one digital image of the user's finger placed thereon. This digital image is also encoded to a mathematical encode array by the minicomputer 16 and compared to the finger print information stored in memory 14. This comparison produces a second match confidence value.

If both the first and second match confidence values fall within predetermined confidence ranges, the minicomputer 16 operates to indicate that the user's identity has been verified by activating speaker 22 to convey an appropriate authorisation message and illuminating green LED 28. If the first or second match confidence value falls outside of the predetermined confidence range or both the first and second match confidence value falls outside of the predetermined confidence range, minicomputer 16 operates to indicate that the user's identity has not been verified by activating speaker 22 to convey an appropriate decline of authorisation message and illuminating red LED 30.

At any time, the user can seek to contact an operator at a central monitoring area by pressing tactile button 32. Upon tactile button 32 being depressed, minicomputer 16 sends a signal to a console of the operator at the central monitoring area using the TCP/IP network protocol. The operator may then opt to make contact with the user as desired. In making this decision, the operator may

remotely control the camera adjustment means 18 and camera 20 in order to get an appropriate visual image of the user.

If the operator opts to make contact with the user, the user's speech is recorded by microphone 34 and converted into voice over Internet Protocol ("VoIP") data packets. The VolP data packets are then forwarded to the console of the operator where they are converted back into speech. The operator's speech is recorded and transmitted in the same manner, the speech being communicated to the user via speaker 22. Communication between operator and user can occur on a full duplex basis.

In accordance with a second embodiment of the invention, where like numerals reference like parts, there is a biometric identity verification system 10 arranged to operate in a stand-alone configuration. The biometric identity verification system 10 includes all of the features of the biometric identity verification system 10 described in the first embodiment with the addition of: e a biometric database 36; @ an external interface connector 38; and a hard drive 40.

Biometric database 36 and hard drive 40 are in data communication with minicomputer 16. External interface connection 38 is in data and control communication with minicomputer 16. External interface connection 38 is located on front panel 11. External interface connection 38 is, in the embodiment being described, a USB port.

The biometric identity verification system 10 of this, the second embodiment, will now be described in the context of its use.

An administrator proceeds to connect a mobile computer, such as a notebook computer or PDA, to the biometric identity verification system 10 by means of

external interface connection 38. Once so connected, the administrator initiates a registration process via the mobile computer. The operator then monitors the registration process as it operates to control the minicomputer 16 to perform the following actions : activate the speaker 22 to deliver a voice prompt to a user, standing a predetermined distance away from the biometric identity verification system 10 and facing front panel 11, to swipe their contact card through card reader 12.

* receive the card identifying information read by the card reader 12 from the contact card; 9 activate the speaker 22 to deliver a voice prompt for the user to look into camera 20; e turn on the white LEDs 24; @ rotate the camera 20 about its vertical axis, using camera adjustment means 18, until such time as the focus field of the camera 20 includes the face of the user and thereby determine the height of the user.

= activate the speaker 22 to deliver another voice prompt for the user to look into the camera 20. adjust their intensity of the LEDs 24 to provide an image having the best detail of the user's face.

"activate the camera 20 to take at least one facial image of the user.

As mentioned above, ideally, five images of the user's face are taken with the speaker 22 being activated after each image has been taken to remind the user that they are to look into the camera 20.

* activate the speaker 22 to deliver a voice prompt for the user to place a first finger on finger print reader 26; « activate the finger print reader 26 to take at least one image of the user's first finger prints. e optionally, activate the speaker 22 to deliver a voice prompt for the user to place a second finger, representing the finger to be used when seeking access in a duress situation, on finger print reader 26; and optionally, activating the finger print reader 26 to take at least one image of the user's second finger prints.

The information obtained from the above process is then returned to the mobile computer for verification by a master user, such as the administrator. If the administrator verifies the information, the information is stored as a record of the biometric database 26 along with optional additional information such as: the name of the user; e the user's access privileges ; and @ level of light intensity needed to appropriately illuminate the user's face.

In the case of the facial and finger print information, the digital image of the face or finger print, as appropriate, is reduced to a mathematical encode array prior to storage.

When the user needs to verify their identity they proceed to the biometric identity verification system 10 and align themselves such that they face the front panel 11 at a predetermined distance therefrom. The user then swipes their contact smart

card through card reader 12. The card reader 12 operates to read the card identifying information contained on the contact smart card.

Minicomputer 16 then operates to compare the card identifying information read by card reader 12 against the card identifying information recorded against each record in the biometric database 36. When a match is found, all information recorded against the corresponding record is copied to memory 14.

Minicomputer 16 then retrieves the height information from memory 14 and analyses that information. Based on that analysis, minicomputer 16 operates to control camera. adjustment means 18 to rotate camera 20 about its vertical axis such that the focus field of the camera 20 includes the face of the user at the predetermined distance (provided also that the user is standing up straight and is facing the front panel). The speaker 22 is then activated by minicomputer 16 to provide a voice prompt to the user to look into the camera 20.

Minicomputer 16 then operates to turn on the white LEDs 24. If the information stored in memory 14 records a specific level of light intensity needed to properly illuminate the user's face, minicomputer 16 operates to adjust the intensity of white LEDs 24 until the specific light intensity level is reached. Camera 20 then operates to take at least one digital image of the user's face. Once the at least one digital image has been taken, minicomputer 16 operates to turn off the white LEDs 24.

The digital image is then encoded by the minicomputer 16 into a mathematical encode array and compared to the facial information stored in memory 14. This comparison produces a first match confidence value.

Minicomputer 16 therafter activates the speaker 22 to provide a voice prompt to the user to place their finger on the finger print reader 26. The finger print reader 26 then operates to take at least one digital image of the user's finger placed thereon. This digital image is also encoded to a mathematical encode array by the minicomputer 16 and compared to the finger print information stored in memory 14. This comparison produces a second match confidence value.

If both the first and second match confidence values fall within predetermined confidence ranges, the minicomputer 16 operates to indicate that the user's identity has been verified by activating speaker 22 to convey an appropriate authorisation message and illuminating green LED 28. If : "the first or second match confidence value falls outside of the predetermined confidence range; e both the first and second match confidence value falls outside of the predetermined confidence range; or "another failure condition, such as the biometric identity verification system 10 not being able to associate the card information read from the swiped card with a particular user, being identified, minicomputer 16 operates to indicate that the user's identity has not been verified by activating speaker 22 to convey an appropriate decline of authorisation message and illuminating red LED 30.

Regardless of the outcome of the request for identity verification, the images taken by camera 20 and finger print reader 26 are not immediately discarded. In this manner, if the user's identity can not be verified, the biometric identity verification system 10 creates or adds to, as appropriate, an exception log file stored on hard drive 40. The information added to the exception log file includes the card identification information, the facial image, the finger print image and the date and time of attempted access.

If the user's identity is verified, then the biometric identity verification system 10 creates or adds to, as appropriate, an authorisation log file stored on hard drive 40. The information added to the authorisation log file includes: the user's details as recorded in the corresponding record of the biometric database 36;

the facial and finger print images ; * the date and time of access; and an indicator as to whether the user requested authentication under a duress situation, i. e. whether they used their"duress"finger to achieve authorisation.

From the information contained in the exception log file and authorisation log file, a variety of useful information can be obtained. For instance, employers can generate time and attendance information for all employees. Additionally, reports on who attempted/obtained authentication near the time of a significant event can be obtained to facilitate further investigation or action. The information can also be used for statistical analysis purposes-for example, upon determining that a user's card has been used a number of times within a predetermined period to verify a user's identity, and each time verification was refused, a flag may be raised indicating that an administrator should check to see whether the card has been stolen.

At any time, the user can seek to contact an operator at a central monitoring area by pressing tactile button 32. Upon tactile button 32 being depressed, minicomputer 16 sends a signal to a console of the operator at the central monitoring area using the TCP/IP network protocol. The operator may then opt to make contact with the user as desired. In making this decision, the operator may remotely control the camera adjustment means 18 and camera 20 in order to get an appropriate visual image of the user.

If the operator opts to make contact with the user, the user's speech is recorded by microphone 34 and converted into voice over Internet Protocol ("VoIP") data packets. The VolP data packets are then forwarded to the console of the operator where they are converted back into speech. The operator's speech is recorded and transmitted in the same manner, the speech being communicated to the user via speaker 22. Communication between operator and user can occur on a full duplex basis.

In accordance with a third embodiment of the invention, where like numerals reference like parts, there is a biometric identity verification system 10 arranged to operated in a distributed network configuration. The difference between this embodiment and the biometric identity verification system 10 of the second embodiment is that the biometric database 36 and, optionally, the hard drive 40 are sited external to the biometric identity verification system 10. In the embodiment being described the biometric database 36 and hard drive 40 are sited at the central monitoring area.

As can be appreciated by the person skilled in the art, siting the biometric database 36 and hard drive 40 at the central monitoring area requires the TCP/IP network to be used to handle communications between the biometric database 36 and minicomputer 16 and hard drive 40 and minicomputer 16 to facilitate proper processing of identity verification requests. To ensure that the integrity of the biometric identity verification system 10 is maintained, such communications are encrypted using a predetermined encryption protocol.

To ensure that variations in the integrity of the TCP/IP network do not affect the operation of the biometric identity verification system 10, the biometric identity verification system 10 of the third embodiment may include a localised biometric database 42. The localised biometric database 42 contains the records of key users who need to be able to authenticate their identity at all times. Accordingly, when the TCP/IP network is down, comparison processing can be switched to refer to the localised biometric database 42 rather than the centralised biometric database 36.

In accordance with a fourth embodiment of the invention, where like numerals reference like parts, there is a biometric access control system 100. Biometric access control system 100 comprises: e a biometric identity verification system 10 as described in any of the preceding embodiments of the invention; and zea door 102 the subject of access control;

s at least one external door control unit 104.

Biometric identity verification system 10 is recessed into a wall or other structure on the unrestricted side of the door 102 such that only front panel 11 is external to the wall or structure. The biometric identity verification system 10 is in control communication with the at least one external door control unit 104.

The at least one external door control unit 104 is positioned on the restricted side of the door 102 in the wall cavity or roof such that they cannot be reached by the user. The at least one external door control unit 104 operates to open the door 102 by providing an electrical trigger to unlock solenoid-type door locks (or other automatically lockable/unlockable door types).

When a user seeks verification of their identity and both the first and second match confidence values fall within predetermined confidence ranges, the minicomputer 16: o operates to send a control communication to the at least one external door control unit 104. e indicates that the user's identity has been verified by activating speaker 22 to convey an appropriate authorisation message; m and illuminates green LED 28.

The control communication sent to the at least one external door control unit 104 is encrypted using a predetermined encryption protocol. In this manner, even if an unauthorised person where to gain access to the internal components of the biometric identity verification system 10 they could not control the operate of the at least one external door control unit 104 unless they could generate an appropriately encrypted signal.

In accordance with a fifth embodiment of the invention, where like numerals reference like parts, there is a biometric access control system 100 comprising:

zea biometric identity verification system 10 as described in any of the first through third embodiments of the invention (modified to remove card reader 12); and an existing access control system 110.

The existing access control system 110 is positioned in line with the biometric identity variation system 10. The biometric identity variation system 10 is in data and control communication with the existing access control system 110.

For the purposes of explaining this embodiment the existing access control system 110 will be a swipe card/contact card reader 112 access control system.

In a first variant of this embodiment, when a user seeks to verify their identity they swipe their swipe card through the contact card reader 112. The minicomputer 16 of the biometric identity variation system 10 then operates to block the transmission of the data read by the contact card reader 112 from the swipe card.

The data read by the contact card reader 112 is then transmitted to the microprocessor 16 for processing in the normal manner. If, after this processing, both the first and second match confidence values fall within predetermined confidence ranges, the minicomputer 16: operates to send a control communication to the existing access control system 110 to release the information read by the contact card reader for further processing by the existing access control system 110. indicates that the user's identity has been verified by activating speaker 22 to convey an appropriate authorisation message; and illuminates green LED 28.

If the existing access control system 110 thereafter verifies the user as being authorised to access, the existing access control system 110 operates as normal to allow the user entry to the access controlled area.

In a second variant of this embodiment, when a user seeks to verify their identity they swipe their swipe card through the contact card reader 112. The data read by the contact card reader 112 from the swipe card is then simultaneously transmitted to both the existing access control system 110 and the biometric identity variation system 10 where each system then processes the data to determine whether access should be granted. Only if both systems authorise the user's entry is the user then able to enter the access controlled area.

It should be appreciated by the person skilled in the art that the invention is not limited to the embodiments described. In particular, the inventions as described include the following modifications and/or additions: o Other means of biometric identification, such as body image, body markings, retina image, voice print and weight may be used as additional or substitute identification verifiers. In such arrangements, it is considered with the scope of the person skilled in the art to modify the invention as described to incorporate such additional or substitute identification verifiers and therefore will not be described here.

@ In the stand-alone distributed system configuration the card reader 12 may be replaced with a card reader/writer. In this alternative arrangement, the card reader/writer may operate to record on the smart card details of the biometric identity verification system 10 that has been accessed. Thus, a log file can be kept on the smart card of a user's activities.

The card reader may be a contact or contactless smart card as is appropriate to interact with the identity card issued to the user. An example of a contact card that may be used is a magnetic swipe card

or magnetically encoded token. Examples of contactless cards that may be used include proximity and bar code.

The card reader may be replaced with a keypad or touch screen. In such an arrangement, the user is required to input a PIN or password rather than swipe or otherwise cause their card to interact with the card reader. Subsequent processing of the biometric identity verification system 10 is determined by the information recorded in relation to the user associated with the entered PIN or password.

* In yet another alternative, there is no need for a card reader 12 or numeric keypad. In such a configuration, authentication of a user's identity is based on biometric information only. e Camera adjustment means 18 may be mounted to a vertical track.

In such an arrangement, rather than, or in addition to, rotating camera 20 about its vertical axis, camera adjustment means 18 may move along the vertical track until such time as the camera 20 is optimally positioned to include the face of the user in its focus field.

* Biometric identity verification system 10 may include a height sensor.

The height sensor may be used as a further verifying biometric when compared with the user's height information. Alternatively, the height sensor may be used to make adjustments caused by high heels, platform shoes or other items that may affect the perceived height of a user. In yet a further alternative, the. height sensor may act to replace the user's height information-in which case the height information is derived from the height sensor at the time the. user seeks verification of their identity. e Minicomputer 16 may be in data and control communication with a watchdog timer. Minicomputer 16 continuously sends a predetermined data signal at regular predefined intervals to the watchdog timer. If the watchdog timer does not receive the

predetermined data signal, or receives no signal, within a predefined time period, the watchdog timer sends the required commands to reset minicomputer 16.

User prompting and viewing of system status information can be achieved by means of an LCD screen. In the case of user prompting, this may be done in conjunction with the voice prompting system described above.

A sold state flash drive could be used in place of hard drive 40.

External interface connector 38 may be omitted and the registration process conducted under the control of an. external administrator using the communication capabilities of the TCP/IP network.

Types of cameras and LEDs, other than those described, can be used. Additionally, substitute arrangements may be used, such as implementing an analogue camera arrangement with means to digitally image the resulting picture or including fluorescent or incandescent light bulbs in place of the LEDs.

The biometric access control systems may implement a further level of access control through the inclusion of access privilege information as part of the identifying information. In such arrangements, if the user does not have the required access privilege to access the area beyond the door, that area will remain closed to the user even in a situation where the user can properly verify their identity.

External interface connector 38 can be used to connect to a mobile computer for purposes of modification of the biometric database 36 contained within the biometric identity verification system 10.

It should be further appreciated by the person skilled in the art that variations and combinations of features described above, not being alternatives or substitutes, can be combined to form yet further embodiments falling within the intended scope of the invention.