Field of the Invention [0001] The present invention relates to crime prevention. Specifically, the present invention relates to a system and method for verifying and authenticating ID card.

Background

[0002] Home security has increasingly becoming a concern. Although surveillance system has been widely deployed, but such system is useful only on post- crime investigations. It is therefore prefer that any such burglary can be prevented.

[0003] The most common burglary occurs through the use of fake identity.

Burglar often deceived the tenant as government officials and the tenant to let them in voluntarily. Such situation happened most commonly as there is lack of convenient way to verifying and authenticating the visitor identity.

[0004] One way of verifying the visitor identity is to request them to show their identification card(s), which maybe job identification card. However, as the printing technology is getting more advance and easily accessible, high quality identity card can be easily forged. Further, ordinary public who is verifying it may not possess the necessary skills or knowledge to identify the genuineness of the identity card. Therefore, burglary with the use of fake identification card is still fairly common in this modern society. [0005] US9, 189,680 discloses a system and method of obtaining identification through face recognition. Such system is expensive to implement, and require a huge database to store the relevant facial data. Such system is adaptable in big organization, but to deploy such system in every household, it can be costly.

Summary

[0006] The present invention seeks a system for verifying and authenticating an identify card from the government authority having a smart chip embedded therein. The system comprises a remote trusted server; a mobile communication device having a reader module and a secure box deployed therein, wherein the reader module and the secure box are downloaded from the remote trust. The identity card is operationally placed at a close proximity to the mobile communication device, and the secure box authenticates the identity card on the mobile communication device, and to match the identity card against a black list store within the secure box upon successful authentication.

[0007] In one embodiment, the blacklist is updated through the remote trusted server via communication network.

[0008] In another embodiment, the trusted source is the identity card issuer.

[0009] In another aspect, the present invention further provides a method for verifying and authenticating an identity card, he method comprises deploying a reader module and a secure box on a mobile communication device; wherein the reader module and the secure box are downloaded from a remote trusted server onto the mobile communication device; reading the identity card at a close proximity to the mobile communication device; authenticating the identity card through the secure box on the mobile communication device; verifying the identity card against the black list upon successful authentication; and returning a result of the identity card verification. Brief Description of the Drawings

[0010] This invention will be described by way of non-limiting embodiments of the present invention, with reference to the accompanying drawings, in which: [0011] FIG.l illustrates a block diagram of the present invention in accordance with an embodiment of the present invention; and

[0012] FIG. 2 illustrates an identity card verification process in accordance with an embodiment of the present invention.

Detailed Description

[0013] In line with the above summary, the following description of a number of specific and alternative embodiments are provided to understand the inventive features of the present invention. It shall be apparent to one skilled in the art, however that this invention may be practiced without such specific details. Some of the details may not be described at length so as not to obscure the invention. For ease of reference, common reference numerals will be used throughout the figures when referring to the same or similar features common to the figures.

[0014] FIG. 1 illustrates a schematic diagram of an identity verification system

100 in accordance with one embodiment of the present invention. The system includes a verification module deployed on a mobile communication device 104, and a verification system 115. The mobile communication device 104 is able to connect to the verification system 115 through a communication network 110, such as Internet. The mobile communication device 104 is a personal communication device used by a user 102. Such personal communication device can be a smart phone or any personal handheld device uses for establishing wireless communications with the verification system 115 through the communication network 110. Desirably, the personal communication device is provided with NFC (near field communication) module, which can be used for close range data transmission with the identity card wirelessly.

[0015] The verification module can be a software program or mobile application obtainable from a trusted source to deploy on the mobile communication device 104. Once the verification module is deployed, it can be used to verify the genuineness of an identity card. In one illustrative example, the user 102 who carries the mobile communication device 104 may activate the verification module deployed therein to verify if a police officer's warrant card is a genuine one. When in used, the user 102 launches the verification module on the mobile communication device 104, and scans the identity card 106 for verification and authentication.

[0016] Each identity card 106 comprises an electronic chip, such chip may be any smart chip that is capable of communicate with a corresponding reader wirelessly. The electronic chip is adapted to store various information, which may include the holder particulars, as well as the card issuing organization.

[0017] When in use, visitor presented the identify card 106 for verification. User 102 then uses the communication device 104 to read the identity card. Once the identity card is scanned, the communication device 104 connects to the server 115 to perform handshaking. Once the handshaking is done successfully, the verification module shows the identity of the identity card holder on the mobile communication device 104, and the user may perform a visual verification against the visitor's authentication. In one embodiment, if the verification fails , the verificat ion module di splays a message that the card i s not val i d card or no card i dentity matched, or an appropriate message showing the relevant outcome of the verification and authentication status.

[0018] In one embodiment, the verification module may be adapted with an off- line system that stores a list of identity card for verification. The list can be a whitelist or blacklist for matching the information extracted from the identity card. Such implementation is suitable when there is no Internet access possible. [0019] To provide a highly secure system, in one embodiment, the server 115 is adapted with a smart card verification system to secure the database therein. Each of the identity cards is personalized through a high-secured environment that include a secured module containing a signing key. A card management system in the server 112 can be used to manage the electronic data to be written on the identity card. With the signing key, the electronic data for each card is signed. The signature of the data is stored in EF.SOD and to be verified during the card reading. The electronic data is written in the contactless smartchip of the identity card.

[0020] The integrity of the data stored on the card is protected by the digital signature available in the EF.SOD. In one embodiment the file uses the SignedData Structure of the CMS (Cryptographic Message Syntax) standard.

[0021] Of course, to verify signatures, the Signing Entity must be available and their integrity must be guaranteed.

[0022] The certificate of the signer can either be stored on the identity card or obtained from other source.

[0023] The digital signature can be adapted as the security mechanism on verifying the identity card. Schemes such as RSA PKCS#1 , RSA PSS, DSA, ECDSA in combination with SHA-1 or any of the SHA-2 hash functions may be adapted herein.

[0024] In yet a further embodiment, Basic Access Control (BAC) can also be adapted to prevent reading of data on the identity card before the authentication. Such technique is based on a standard mutual authentication teclmique, which is considered to be secure as long as the keys are kept secret.

[0025] In one embodiment, the verification module includes a reader module and a secure box, which are obtainable a trusted server for deploying on the mobile communication device. Both the reader module and the secure box can be a software modules or applications. The reader module is adapted to read the card wirelessly. The reader module maybe adapted to trigger the wireless short-range communication module, such as near field communication (NFC) module, to interact with the card when it is place at the close proximity to the communication device. Once it establishes the communication with the identity card to be authenticated, the secure box is executed to authenticate the identity card. The secure box may contain verification key for signature verification, as well as a black list. In one embodiment, in order to obtain the verification key and the blacklist, the secure box may authenticate through either through PIN which is user input, or RSA keys which can be embedded in the secure box. Once successfully authenticated, the secure box may checks for new blacklist file to be downloaded from the trusted source. This is to ensure that the blacklist file in use is always the latest. However, if the communication network is not available, the secure box may authenticate the identity card based on the current blacklist for authentication.

[0026] In another embodiment, the secure box may authenticate the card in under offline mode, whereby the network communication connection is only required to obtain the updated blacklist. Accordingly, the card verification and authentication may work under a complete offline mode.

[0027] Failure to authentication through the secure box will result to verification failure. Operationally, when the verification module is executed to scan/read the identity card, it gets the verification key from the secure box. With the verification key, the secure box verifies the signature in EF.SOD of the identification card. It checks to ensure the integrity and authenticity of the identity card. The verification module further check against the blacklist from the secure box to determine if the identity card has ever been blacklisted, and if yes, the verification results is provided on the verification module immediately. If the identity card not found on the blacklist, the verification further verify the authenticity of the card, and if it fails, it will be added to the blacklist automatically. Blacklist is updated automatically on a regular basis, or in real-time, whenever the network communication is available.

[0028] In one further embodiment, the blacklist may also be stored on the trusted server and is retrievable through the secure box through the communication network, i.e. Internet.

[0029] It is also desired that the trusted source is the card issuer of the associated identity card. One advantage of having a trusted good verification provider as the trusted source is that users are required to obtain the verification module from one source only, rather than deploying proprietary verification modules from the respective manufacturers. In some cases, the verification module can be obtained from through a trusted digital distribution provider, such as the Google Play Store or the like.

[0030] As users obtained the verification module themselves, there is no concern on the integrity of the verification module as long as it was obtained tlirough a trusted source.

[0031] FIG. 2 illustrates an identity card verification process in accordance with an embodiment of the present invention. The process comprises deploying a reader module and a secure box on a mobile communication device step 202; reading the identity card at a close proximity to the mobile communication device at step 204; authenticating the identity card through the secure box on the mobile communication device step 206; verifying the identity card against the black list upon successful authentication 208; and returning a result of the identity card verification 209. [0032] While specific embodiments have been described and illustrated, it is understood that many changes, modifications, variations and combinations thereof could be made to the present invention without departing from the scope of the invention.