Technical Field

The invention relates to the verification of the identity of a person by an electronic identity card and an electronic image showing the face of the person. The invention further relates to a method and a system performing the verification of an identity and to a method and a system for digital letters of appointment.

Background Art

Identity theft typically occurs when someone uses another person's personal identifying information, such as national identifying number, or credit card number, without permission, to commit fraud or possibly other crimes. In identity theft, a person typically pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources, or obtain credit and other benefits, in that person's name. Identity theft is also commonly known as identity fraud or impersonation.

In many countries, identity documents, e.g. pass ports and nationally approved ID-cards, are employed as proof of identity. Typically, these identity documents show a picture of a face together with identification information, such as a national identification or identity number, of the person in the picture. When used in practice, the picture of the face is compared with the face of the person claiming the identity and presenting the identity document. Sometimes, it can be hard to determine if the person in the picture and the person presenting the identity document are the same. For example, hair or glasses may be different, or glasses may be worn in real life, but not in the picture.

In many places, internet shopping is a steadily growing business and the number of packages that are sent by post and delivery services increases. The packages are either handed over to the customer at a specific address, or are collected at a service point or post terminal. In these situations, it is typically required that the person receiving or collecting the package presents identity documents. A common fraud scenario is that a person orders an item in another person's name on the internet, and the item is sent by mail together with an invoice. The item is then collected from a service terminal, at which point an ID-card stolen from the other person, or a forged ID- card, is used for identification. Another common fraud scenario is that an item is bought in a store on credit, and a stolen ID-card is used for establishing the credit. This means that the credit is established for the person on the ID-card, and not the person collecting the item from the store. The frauds based on identity theft are costly for the persons affected, the insurance companies involved, and for the authorities investigating the crime.

There are also problems when updating or establishing a system for national identity documents. Typically, all old identity documents must be replaced with new ones. If pictures forms part of the documents, it is required that all people concerned must submit a picture to the government or accepted institutions. The management and handling of an established system also requires significant effort and cost, since the identity documents are physical objects that must be provided and distributed.

Electronic identity cards have been introduced in several countries. One example is the BanklD-system implemented in Sweden. There are several versions of the system. Some are historic and no longer in use. In one version, Bank-ID on file, a digital certificate is issued by a certificate authority and stored in a non-volatile memory, such as a hard-drive. A Personal Identification Number (PIN)-code or password is associated with the certificate. A program in the same system in which the certificate is stored is used to generate the keys necessary for authentication and digital signing. In another version, Bank-ID on card, a secret private code key is stored in the chip of a smart card or Integrated Circuit Card (ICC). The card is inserted in a reader by its user, a sequence of numbers is provided to the user that is keyed into the reader, the four digits PIN-code associated with the card is also keyed into the reader, which generates a response code in the form of a series of numbers uniquely identifying the user. In yet another version, Mobilt BankID, the secret key is stored in an application program of a wireless device, and authentication and digital signing is performed via the application program and a trusted authentication server. In each of these versions, the electronic identity card, together with some form of PIN-code or password, uniquely identifies or verifies the person using it.

Summary

It is an object of the invention to at least partly overcome one or more of the above-identified problems. In particular, it is an object to improve the security with respect to identity theft and manipulation for fraud purposes. It is also an object to improve the probability of making a correct identification of a person, and to provide a complementary identification system to improve the security of an existing identification system. It is a further object to provide a secure technology for digital letters of appointments, or digital powers of attorney that, for example, can be used at a point-of- sale or a point-of-delivery. To solve one or more of the above objects, a first method for identifying a person, or an individual, is provided. The method comprises a setup process and an operation process, which processes may be performed by a server. The setup process comprises: receiving a digital picture from a sender showing the face of the person or individual, obtaining information associated with an electronic identity card for verifying the personal identity of the sender of the digital picture. The setup process may further comprise: providing and storing an image based on the digital picture. The operation process comprises: receiving a request for sending the image to a first terminal configured to display the image, and sending the image to the first terminal.

The request is for an image and the personal identity of the provider of the image is known. Thus the image that is sent to the first terminal can be assumed to show the person claiming an identity simply by comparing the image with the face of the person. Effectively, the proposed method replaces the need for an image on identity documents.

The sender may be a terminal, a terminal is here understood to encompass personal computers (PCs), such as stationary computers, including desktop computers and home-theater PCs, and portable computers, including laptops, tablets, pocket PCs. The sender is also understood to encompass smartphones and mobile phones. Further, a terminal is here understood to encompass a device configured to communicate electronically or digitally and to be operated directly by a single user, i.e. without any intervening computer operator.

A digital picture image is here understood to encompass a numeric representation of a two-dimensional image or a digital image, such as commonly known standard image formats including Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Portable Network Graphics (PNG). An image based on the digital picture is here understood to encompass the digital picture as such, or an image generated from the digital picture, for example by modifying the size, contrast, or color of the digital picture. The image may be of a predetermined format. This allows for an optimization of a system implementing the method for several persons or individuals. In the digital picture, the face of the person or individual may be the face of the sender.

The request may come from the first terminal. Alternatively, the request could have come from another source, such as a second terminal. However, a first terminal is not likely to be manipulated for fraud purposes, since it is typically controlled by someone demanding a verification of a personal identity. Thus, the specified request has the effect of an improved security. An electronic identity card is here understood to encompass electronic or digital means by which the personal identity of the sender of the digital picture can be identified. This may be in the form of an electronic or digital signature or seal used for identification or verification purposes on the internet. The information associated with an electronic identity card is here understood to verify the personal identity of the sender. This means that the information is uniquely tied to a physical person. It should be noted that a user name and an associated a password is not tied to a physical person. For example, user names and passwords can be shared between several persons.

Obtaining information associated with an electronic identity card is here, and throughout these specifications, understood to encompass generating the information or receiving the information, for example from, or with the involvement of, an authentication server. The authentication server may be operationally connected to a server executing the setup process and the operation process, e.g. via the internet.

The setup process may further comprise: identifying, or receiving information indicating, an electronic communication link to a second terminal, wherein the second terminal is a wireless device. A wireless device is here understood to encompass mobile phones, smartphones and tablets computers. An example of an electronic communication link is a connection established via mobile telecommunications technology. This may involve Short Message Service (SMS), email, and application software connected to the internet. The identifying may comprise: receiving contact information for establishing the electronic communication link. Such information may be a mobile phone number or an e-mail address. Alternatively or additionally, the identifying may comprise: determining if an application software is installed on the wireless device and identifying a communication link for interacting with the application software.

The setup process may further comprise: obtaining information associated with the electronic identity card for verifying the personal identity of the sender of the information indicating an electronic communication link to the second terminal. This information may be the same as the information obtained for verifying the personal identity of the sender of the digital picture. Additionally or alternatively, this step may be the same or different from the step verifying the personal identity of the sender of the digital picture.

The operation process may comprise subsequent to receiving the request for sending the image: sending a first signal to the second terminal via the electronic communication link indicating that the operation process is ongoing, and sending a second signal to the first terminal indicating the sending of the first signal. This has the effect that the first terminal knows that the second terminal has been notified that an identification is ongoing, and measures can be taken to prevent fraud. For example, the user of the first terminal knows that the second terminal has been notified, which means that he can ask the person claiming the identity to show the second terminal. If the request is not followed, the user of the first terminal can refuse to accept a claimed identity and can ask to see the second terminal.

The operation process may comprise subsequent to receiving the request for sending the image: sending a fifth signal to the second terminal via the electronic communication link indicating that the operation process is ongoing, and receiving a sixth signal from the second terminal indicating that the fifth signal has been received, is acknowledged, and/or is actively acknowledged by the sender, or the user of the second terminal. The operation process may further comprise: obtaining information associated with an electronic identity card for verifying the personal identity of the sender of the sixth signal. Additionally, it may comprise: sending a seventh signal to the first terminal indicating the sixth signal has been received. This has the effect that the user of the second terminal can confirm an ongoing identification process with the same level of security as the registering of the digital picture. Also, a vendor or the like can receive a confirmation of the validity the identification process with an electronic identity card. Throughout these specifications, the indicating that the operation process is ongoing is understood to encompass an indicating that an identification process is ongoing.

The first terminal may be a wireless device or a wired device. A wireless device is here understood to encompass mobile phones, smartphones, tablets computers, and user terminals configured to communicate via mobile telecommunications technology. A wired device is here understood to encompass a device configured to communicate over a landline or a wired network.

The setup process may further comprise: receiving first identification information from the sender, wherein the first identification information may be associated with the sender, or the identity of the sender, and obtaining information associated with the electronic identity card for verifying the personal identity of the sender of the first identification information. Thus, the first identification information is tied to the personal identity of the sender in the same manner as the digital picture. Here, the information may be the same as the information obtained for verifying the personal identity of the sender of the digital picture. Additionally or alternatively, this step may be the same or different from the step verifying the personal identity of the sender of the digital picture. Alternatively, the setup process may further comprise: obtaining first identification information, wherein the first identification information may be associated with the sender, or the identity of the sender. For example, the first identification information may be retrieved from a database containing personal information on the sender. Here, the information may be the same as the information obtained for verifying the personal identity of the sender of the digital picture. Additionally or alternatively, this step may be the same or different from the step verifying the personal identity of the sender of the digital picture.

The request for sending the image may further comprise second identification information, and the sending of the image to the first terminal may be performed if the second identification information can be associated with, or uniquely coupled to, the first identification information.

Here identification information is understood to encompass name and address, national identification or identity numbers, social security or insurance numbers, credit card numbers, passport numbers, and combinations thereof. Identification information is also understood to encompass a user name. These features have the effect that the person can initiate an identification process and his or her image can be located in the system. The first identification information and the second identification information may be identical. Alternatively, the first identification information may be different from the second identification information, but can be uniquely associated with each other. It is only required that they can be associated with each other. For example, the first identification information may comprise the full 16 digits of a credit card number, while the second identification information may comprise the first four digits and the last four digits, which may allow them to be uniquely associated with one another. The first identification information and the second identification information may be different from a personal identification number or a credit card number.

The method may further comprise subsequent to receiving the request for sending the image: sending the first identification information, or at least a portion of the first identification information, to the first terminal. Thus, at least a portion of the first identification information may be displayed at the first terminal, which allows for the first identification information to be checked against physical identity documents.

The setup process may further comprise: receiving third identification information from an additional sender, wherein the third identification information may be associated with at least a portion of the first identification information, and obtaining information associated with an additional electronic identity card for verifying the personal identity of the additional sender of the third identification information. Thus, the third identification information is tied to the personal identity of the additional sender in a similar manner as the digital picture. The sender can this way be coupled to the additional sender. For example, the first and third identification information may be a passport number for the sender.

The setup process may further comprise: receiving fourth identification information from the additional sender, wherein the fourth identification information may be associated with the additional sender, or the identity of the additional sender, and obtaining information associated with the additional electronic identity card for verifying the personal identity of the additional sender of the fourth identification information. Thus, the fourth identification information is tied to the personal identity of the additional sender in a similar manner as the digital picture. Here, the information may be the same as the information obtained for verifying the personal identity of the additional sender of the third identification information. Additionally or alternatively, this step may form part of the step verifying the personal identity of the additional sender of the third identification information.

The request for sending the image may comprise fifth identification information. The fifth identification information may be provided at the first terminal. The fifth identification information may be associated with the additional sender, or the identity of the additional sender.

The operation process may further comprise prior to sending the image: determining whether to send the image to the first terminal based on the third identification information, the fourth identification information, and the fifth identification information. Thus, if the digital picture is subsequently displayed at the first terminal, it may indicate or be regarded as an authorization for the sender to represent or act on the behalf of the additional sender in private affairs, business, or some other legal matter, similar to a power of attorney.

The sender may operated by a first user and the first identification information may be associated with the identity of the first user. The information associated with the electronic identity card for verifying the personal identity of the sender of the first identification information may verify the personal identity of the first user operating the sender. The additional sender may operated by a second user and the third identification information may be associated with the identity of the second user. The information associated with the electronic identity card for verifying the personal identity of the sender of the third identification information may verify the personal identity of the second user operating the additional sender. The third identification information together with the information associated with the additional electronic identity card for verifying the personal identity of the additional sender of the third identification information may be regarded as an authorization by the additional sender for the sender to act for on behalf of the additional sender.

The determining whether to send the image to the first terminal may comprise: determining to send the image to the first terminal if the fourth identification information can be associated with, or uniquely coupled to, the fifth identification information. This allows for an exact specification at the first terminal of the additional sender.

The determining whether to send the image to the first terminal may comprise: determining to send the image to the first terminal if the third identification information can be associated with, or uniquely coupled to, the first identification information. For example, the first and third identification information may comprise the same national identification or identity numbers, in which case the image is sent; and if they do not, the image is not sent.

The setup process may further comprise: identifying, or receiving information indicating, an additional electronic communication link to a third terminal. The third terminal may be a wireless device. The additional electronic communication link and the third terminal may have any of the features of the electronic communication link and the second terminal described above. The setup process may further comprise: obtaining information associated with the additional electronic identity card for verifying the personal identity of the additional sender of the information indicating the additional electronic communication link to the third terminal. Here, the information may be the same as the information obtained for verifying the personal identity of the additional sender of the third identification information. Additionally or alternatively, this step may be the same or different from the step verifying the personal identity of the additional sender of the third identification information.

The operation process may further comprise subsequent to receiving the request for sending the image: sending an eighth signal to the third terminal via the additional electronic communication link indicating that the operation process is ongoing, and receiving a ninth signal from the third terminal indicating that the eighth signal has been received and/or is acknowledged. The operation process may further comprise: obtaining information associated with the additional electronic identity card for verifying the personal identity of the additional sender of the ninth signal. Here, the information may be the same as the information obtained for verifying the personal identity of the additional sender of the third identification information. Additionally or alternatively, this step may be the same or different from the step verifying the personal identity of the additional sender of the third identification information. Additionally, the operation process may comprise: sending a tenth signal to the first terminal indicating the ninth signal has been received. This has the effect that the user of the third terminal, or the additional sender, can confirm an ongoing identification process with the same level of security as the registering of the digital picture. Also, a vendor or the like can receive a confirmation of the validity the identification process involving a power of attorney, or the like, with the electronic identity card of the person giving the authority.

The setup process may further comprise: receiving an additional digital picture from an additional sender showing the face of another person or individual, and obtaining information associated with the additional electronic identity card for verifying the personal identity of the additional sender of the additional digital picture, and providing and storing an additional image based on the additional digital picture. In the additional digital picture, the face of the other person or individual may be the face of the additional sender. The additional picture may have any of the features if the picture described above. The operation process may further comprise subsequent to receiving the request for sending the image: sending the additional image to the first terminal. This contributes to an improved security in that the identity of an authorized person can be checked in better detail.

Here, the information may be the same as the information obtained for verifying the personal identity of the additional sender of the third identification information. Additionally or alternatively, the latter step may form part of the step verifying the personal identity of the additional sender of the third identification information.

The determining whether to send the image to the first terminal may be based on the time interval between the setup process and the operation process. This contributes to an improved accuracy, since an unauthorized access will be limited in time. The time interval between the setup process and the operation process may be defined as the time interval between receiving the third identification information and the receiving of the request for sending the image. Additionally, determining whether to send the image to the first terminal may comprise: determining to send the image if the time interval between the setup process and the operation process is shorter than a predetermined time interval. For example, the predetermined time interval may be 24 hours.

The first identification information and the second identification information may correspond to data stored in a Near Field Communication (NFC) tag, or data stored in a wireless device emulating an NFC card or tag for transferring the data. The first identification information and the second identification information may be represented by or comprise data retrievable from an optically readable code, such as a matrix bar code or two-dimensional bar code. This may be a Quick Response code (QR-code).

The first identification information may comprise biometric data, such as data indicating a fingerprint or facial features. Similarly, the second identification information may comprise biometric data. The setup process may comprise: determining biometric data representing facial features from the digital image or the picture.

The operation process may comprise prior to sending the second signal: receiving a response signal from the second terminal indicating whether a verification should be allowed or not. Further, the second signal may indicate whether a verification should be allowed or not based on the response signal. Thus, if the second signal indicates that a verification should be allowed, it can be assumed at the first terminal that the ongoing identification is accepted at the second terminal. However, if is indicated that a verification should not be allowed, it can be assumed at the first terminal that the ongoing identification is not accepted at the second terminal, and that fraud is a high risk. Thus, the response signal and the second signal contribute to an increased security.

The operation process may comprise prior to sending the second signal: determining if a response to the first signal has been received, and if no response has been received, the second signal may further indicate that no response has been received. This has the effect that it can be assumed at the first terminal that there is risk for fraud, which contributes to an increased security.

The identifying of the electronic communication link may comprise: receiving information indicating the electronic communication link from the sender, and obtaining information associated with the electronic identity card for verifying the personal identity of the sender of the information indicating the electronic communication link. This means that the electronic communication link is established with the same high security as the image. Examples of information indicating the electronic communication link are a mobile phone number and an email address. Here, the information associated with the electronic identity card may be the same as the information obtained for verifying the personal identity of the sender of the digital picture. Additionally or alternatively, the latter step may form part of the step verifying the personal identity of the sender of the digital picture.

The sender may be the second terminal and the method may further comprise an input process comprising: acquiring the digital picture at the second terminal, and transmitting the digital picture, e.g. so that it can be received in the setup process. Additionally, the input process may be performed on the second terminal. This feature contributes synergetically with the above-mentioned verification to an increased security. The electronic identity card is used to verify the personal identity of the sender of the digital picture, and the input process also verifies the second terminal as such. Further, it also allows the use of a well-controlled application program on the second terminal to both handle the provision of the digital picture as well as the verification, which reduces the vulnerability to fraud.

The image may comprise a plurality of image frames showing the face of the person or individual from different perspectives. For example, there may be three frames showing the face: one from the front, one from the right side, and one from the left side. This contributes to an improved security over traditional identification documents that typically only allow a single frame. Additionally or alternatively, the image may be a composite of several frames, and/or constitute a three-dimensional picture. Subsequently to sending the image to the first terminal, the operation process, or the method, may further comprise: displaying the image at the first terminal.

The operation process may further comprise prior to sending the second signal: determining a distance between the first terminal and the second terminal, and the second signal may further indicate the determined distance. Examples of an indication of distance are the actual distance in meters, a parameter proportional to the actual distance, and a confirmation of presence within a certain range. Together with the abovementioned electronic communication link to the second terminal and the input process performed on the second terminal, the information at the first terminal indicating the distance to the second terminal provides additional security. For example, a significant distance, for example 100 m or 300 m between the first terminal and the second terminal may indicate that a false identification is attempted.

The second signal may indicate whether a verification should be allowed or not based on the distance. For example, a verification may not be allowed if the distance is greater than a predetermined distance, such as 50 m, 200 m, and 500 m. The step of determining the distance may comprise: receiving a third signal from the second terminal indicating the positon of the second terminal. For example, the position of the second terminal may be determined with Global Positioning System (GPS) or telecommunication technologies implemented in the second terminal. The step of determining the distance may further comprise: obtaining the position of the first terminal, and determining the distance from the position of the first terminal and the position of the second terminal. The step of obtaining the position of the first terminal may comprise: receiving a fourth signal from the first terminal indicating the positon of the first terminal. For example, the position of the first terminal may be determined via GPS or telecommunication technologies, but also by specifying physical locations, such as street addresses or map-coordinates.

The method or operation process may further comprise, or a system may be configured to: transferring the second identification information from the second terminal to the first terminal. This may be done prior to receiving the request for sending the image. The second identification information may be stored on the second terminal. It may be transferred by way of short range communication, such as Bluetooth wireless standard technology, Wi-Fi local area wireless computer networking technology, Radio-Frequency IDentification (RFID) technology, and NFC technology.

The second identification information may also be transferred by way of optical communication between the second terminal and the first terminal. For example, the method may comprise, or a system may be configured to: displaying an optically readable code, such as a QR code, on the second terminal, and reading the optically readable code at the first terminal. Alternatively or additionally, the optically readable code may be printable. Then, the method may comprise, or a system may be configured to: printing the optically readable code, and reading the printed optically readable code at the first terminal.

The features described here create a closed loop in which the second terminal may both initiates and confirms the verification, which contributed to an increased security.

The second identification may be stored in an NFC tag, for example an NFC tag embedded in a sticker that can be attached to the second terminal. Alternatively, the second terminal may comprise an NFC tag or card, or be configured to emulate an NFC tag or card. The second identification information may be stored in the NFC tag or card, or in the wireless device, and be accessible by the emulated NFC tag or card. The first terminal may be configured to read NFC tags or cards, for example by a NFC reader. The second identification information may be read from the NFC tag or card, or the emulated NFC tag or card, by the first terminal or the NFC reader. This has the effect that the second identification information is transferred from the second terminal to the first terminal.

The setup process may further comprise: receiving confidential or personal information from the sender, and obtaining information associated with the electronic identity card for verifying the personal identity of the sender of the confidential or personal information. The confidential or personal information may comprise contact information, an agreement or disagreement to organ donation, medical journals or portions of medical journals, medical or mental diagnoses, information on medical conditions, such as disease or disabilities, family connections, insurance information, a shipping code, a certificate, a power of attorney, and a time indication for a certificate or power of attorney for indicating when it is in effect or valid. The confidential or personal information may comprise a digital picture or image of a person, for example a family member or a person subject to an authorization by a power of attorney. The confidential or personal information may comprise a digital file or document, such as digital text document. Here, the information may be the same as the information obtained for verifying the personal identity of the sender of the digital picture. Additionally or alternatively, the latter step may form part of the step verifying the personal identity of the sender of the digital picture.

The confidential or personal information may be configured for being displayed at the first terminal.

The operation process may further comprise subsequent to receiving a request for sending the image to a first terminal: sending the confidential or personal information, or portions of the confidential or personal information, to the first terminal.

The method or operation process may further comprise, or a system may be configured to, subsequent to sending the image to the first terminal: storing the image at the first terminal. This is particularly advantageous if the first terminal is a wireless device, and there is a risk that the wireless device will be brought into an area with bad wireless connection. By storing the image on the first terminal, the verification can still be used. The method or operation process may further comprise, or a system may be configured to, subsequent to sending the additional image to the first terminal: storing the additional image at the first terminal. This allows for an image of person subject to a power of attorney, or the like, to shown also in an area where the wireless connection is bad.

The image and/or the additional image stored in the first terminal may be associated with a shipping code, such as a Serial Shipping Container Code (SSCC), in the first terminal. Additionally or alternatively, the image and/or the additional image stored in the first terminal may be associated with the recipient address of a package, such as a postal package. If not indicated otherwise above, the different steps of the method may be executed on a server, in a server system, or in cloud computing environment. To solve one or more of the above objects, a second method is also provided for identifying a person, or an individual, comprising a setup process and a subsequent operation process, which processes may be performed by a server. The setup process comprises: receiving first identification information from a sender, wherein the sender is operated by a first user and the first identification information is associated with the identity of the first user; and obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information. The setup process further comprises: receiving second identification information and third identification information from an additional sender, wherein the additional sender is operated by a second user, the second identification information is associated with the identity of the second user, and the third identification information is associated with the identity of the first user; and obtaining information associated with an additional electronic identity card for verifying the personal identity of the second user operating of the additional sender of the second identification information and the third identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises fourth identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the second user, and wherein the identification confirmation is at least in part based on, or comprises, the first identification information associated with the identity of the first user. Alternatively or additionally, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the second user. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user and the second identification information associated with the identity of the second user.

The operation process may further comprise: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation. Here, the first user may be regarded as the receiver of a letter of appointment and the second user may be regarded as the giver of a power of attorney.

The second method described here may comprise any of the features or steps described above in relation to the first method.

The setup process may further comprise: receiving a digital picture from the sender showing the face of the first user; and- obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the digital picture; and providing and storing an image based on the digital picture; and wherein the identification confirmation comprises the image. Here, the electronic identity card may be the same as, or associated with, the electronic identity card used for verifying the personal identity of the first user operating the sender of the first identification information. Additionally or alternatively, the latter step may form part of the step verifying the personal identity of the first user operating the sender of the first identification information. The sender from which the digital picture is received may be the same as the sender from which the first identification information is received.

The setup process may further comprise: receiving an additional digital picture from the additional sender showing the face of the second user; obtaining (208) information associated with an electronic identity card for verifying the personal identity of the second user operating the additional sender of the digital picture; and providing and storing an additional image based on the additional digital picture; and wherein the identification confirmation comprises the additional image. Here, the additional electronic identity card may be the same as, or associated with, the electronic identity card used for verifying the personal identity of the second user operating the additional sender of the second identification information and the third identification information. Additionally or alternatively, the latter step may form part of the step verifying the personal identity of the second user operating the additional sender of the second identification information and the third identification information. The additional sender from which the additional digital picture is received may be the same as the additional sender from which the second identification information and the third identification information is received.

The operation process may further comprise: sending a request for an identification verification to a second terminal operated by the first user; and receiving the identification verification from the second terminal. The identification verification may further comprise information associated with an electronic identity card verifying the personal identity of the user operating the second terminal. Here, the second terminal may be the sender. The request for an identification verification may be sent to the first second terminal via the first terminal. For example, this may be achieved by displaying a code, such as a QR-code, relating to, or based on, the request at the first terminal, and reading the code with a camera on the second terminal. The second communication terminal may send the identification verification via a wireless connection, for example via an internet connection based on mobile telecommunications technology.

Determining to send the identification confirmation may further comprise: determining to send the identification confirmation to the first terminal if the identification verification, or personal identity of the user operating the second terminal, can be associated with the first identification information, the third identification information, or the personal identity of the first user.

The operation process, or the method, may further comprise: displaying the identification confirmation at the first terminal.

Determining to send the identification confirmation may be based on the third identification information. The operation process may further comprise subsequent to sending the identification confirmation to the first terminal: preventing another identification confirmation based on, or relating to, the third identification information from being sent again, for example to the second terminal or another terminal. For example, this may be achieved by deleting the third identification information.

To solve one or more of the above objects, a third method for identifying a person, or an individual, is provided. The method comprises a setup process and a subsequent operation process, which processes may be performed by a server. The setup process comprises: receiving first identification information and second identification information from a sender, wherein the sender is operated by a user, the first identification information is associated with the identity of the user, and the second identification information is associated with the identity of a person or individual. The setup process may further comprise: obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information and the second identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises third identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the third identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the person. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the person.

The operation process further comprises: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation.

Here, the first user may be regarded as the giver of a letter of

appointment and the other person may be regarded as the receiver of a letter of appointment.

The third method described here may comprise any of the features or steps described above in relation to the first method.

The operation process may further comprise: sending a request for an identification verification to a second terminal; and receiving the identification verification from the second terminal. The identification information may comprise information associated with an additional electronic identity card verifying the personal identity of the user, person, or individual, operating the second terminal.

The request for an identification verification may be sent to the first second terminal via the first terminal. For example, this may be achieved by displaying a code, such as a QR-code, relating to, or based on, the request at the first terminal, and reading the code with a camera on the second terminal. The second communication terminal may send the identification verification via a wireless connection, for example via an internet connection based on mobile telecommunications technology.

Determining to send the identification confirmation may further comprise: determining to send the identification confirmation to the first terminal if the identification verification, or the personal identity of the user, person, or individual, operating the second terminal, can be associated with the second identification information, or the personal identity of the person.

The operation process, or the method, may further comprise: displaying the identification confirmation at the first terminal.

Determining to send the identification confirmation may be based on the second identification information. The operation process may further comprise subsequent to sending the identification confirmation to the first terminal: preventing another identification confirmation based on, or relating to, the second identification information from being sent again, for example to the second terminal or another terminal. For example, this may be achieved by deleting the second identification information.

To solve one or more of the above objects, a first system for identifying a person or individual is provided comprising a processor and a non-volatile memory containing program code instructions that, when executed on the processor of the system, causes the system to perform a method comprising a setup process and an operation process. The setup process comprises: receiving a digital picture from a sender showing the face of the person or individual, obtaining information associated with an electronic identity card for verifying the personal identity of the sender of the digital picture. The setup process may further comprise: providing and storing an image based on the digital picture. The operation process comprises: receiving a request for sending the image to a first terminal configured to display the image, and sending the image to the first terminal. The method of the system may comprise any of the features described above in relation to the method of identification, such as the first terminal and the second terminal.

The first terminal may be operationally connected to the processor and form part of the first system, and the first terminal may be configured to display the first image and/or the second image. Further, the program code instructions may cause the processor to execute any of the steps described above in relation to the first method.

To solve one or more of the above objects, a second system for identifying a person is provided comprising a processor and a non-volatile memory containing program code instructions that, when executed on the processor of the system, configure the processor for performing a method comprising a setup process and an operation process. The setup process comprises: receiving first identification information from a sender, wherein the sender is operated by a first user and the first identification information is associated with the identity of the first user; and obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information. The setup process further comprises: receiving second identification information and third identification information from an additional sender, wherein the additional sender is operated by a second user, the second identification information is associated with the identity of the second user, and the third identification information is associated with the identity of the first user; and obtaining information associated with an additional electronic identity card for verifying the personal identity of the second user operating of the additional sender of the second identification information and the third identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises fourth identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the second user, and wherein the identification confirmation is at least in part based on, or comprises, the first identification information associated with the identity of the first user. Alternatively or additionally, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the second user. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user and the second identification information associated with the identity of the second user.

The operation process further comprises: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation.

The first terminal and/or the second terminal may be operationally connected to the processor and form part of the second system, and the first terminal may be configured to display the identification confirmation at the first terminal. Further, the program code instructions may further configure the processor for performing any of the steps described above in relation to the first method and the second method.

To solve one or more of the above objects, a third system for identifying a person is provided comprising a processor and a non-volatile memory containing program code instructions that, when executed on the processor of the system, configure the processor for performing a method comprising a setup process and an operation process. The setup process comprises: receiving first identification information and second identification information from a sender, wherein the sender is operated by a user, the first identification information is associated with the identity of the user, and the second identification information is associated with the identity of a person or individual. The setup process may further comprise: obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information and the second identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises third identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the third identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the person. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the person.

The operation process further comprises: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation.

The first terminal and/or the second terminal may be operationally connected to the processor and form part of the third system, and the first terminal may be configured to display the identification confirmation at the first terminal. Further, the program code instructions may further configures the processor for performing any of the steps described above in relation to the first method and third method.

To solve one or more of the above objects, a first computer program product is also provided comprising program code instructions which are configured to, when executed on a processor of a system, cause the system to perform a method comprising a setup process and an operation process. The setup process comprises: receiving a digital picture from a sender showing the face of the person or individual, obtaining information associated with an electronic identity card for verifying the personal identity of the sender of the digital picture. The setup process may further comprise: providing and storing an image based on the digital picture. The operation process comprises: receiving a request for sending the image to a first terminal configured to display the image, and sending the image to the first terminal. The computer program product may comprise program code instructions which are configured to, when executed on a processor of the system, cause the system to further comprise any of the features and/or perform any of the steps described above in relation to the method of identification. The program code instructions may cause the processor to execute a method having any of the above described features. The program code instructions may be stored on a non-volatile memory, such as a flash memory.

Further, the program code instructions may cause the processor to execute any of the steps described above in relation to the first method.

To solve one or more of the above objects, a second computer program product is also provided comprising program code instructions that, when executed on a processor of a system, configure the processor for performing a method comprising a setup process and an operation process. The setup process comprises: receiving first identification information from a sender, wherein the sender is operated by a first user and the first identification information is associated with the identity of the first user; and obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information. The setup process further comprises: receiving second identification information and third identification information from an additional sender, wherein the additional sender is operated by a second user, the second identification information is associated with the identity of the second user, and the third identification information is associated with the identity of the first user; and obtaining information associated with an additional electronic identity card for verifying the personal identity of the second user operating of the additional sender of the second identification information and the third identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises fourth identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the second user, and wherein the identification confirmation is at least in part based on, or comprises, the first identification information associated with the identity of the first user. Alternatively or additionally, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the second user. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal if the fourth identification information obtained at the first terminal can be associated with the first identification information associated with the identity of the first user and the second identification information associated with the identity of the second user.

The operation process further comprises: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation. Further, the second computer program product may comprise program code instructions further configuring the processor for performing any of the steps described above in relation to the first method and the second method.

To solve one or more of the above objects, a third computer program product is also provided comprising program code instructions that, when executed on a processor of a system, configuring the processor for performing a method comprising a setup process and an operation process. The setup process comprises: receiving first identification information and second identification information from a sender, wherein the sender is operated by a user, the first identification information is associated with the identity of the user, and the second identification information is associated with the identity of a person or individual. The setup process may further comprise: obtaining information associated with an electronic identity card for verifying the personal identity of the first user operating the sender of the first identification information and the second identification information.

The operation process comprises: receiving a request for an identification confirmation from a first terminal, wherein the request comprises third identification information obtained at the first terminal. The operation process further comprises: determining to send the identification confirmation to the first terminal if the third identification information obtained at the first terminal can be associated with the second identification information associated with the identity of the person. Additionally or alternatively, the operation process further comprises: determining to send the identification confirmation to the first terminal, wherein the identification confirmation is at least in part based on, or comprises, the second identification information associated with the identity of the person.

The operation process further comprises: sending the identification confirmation to the first terminal if it is determined to send the identification confirmation.

Further, the third computer program product may comprise program code instructions further configuring the processor for performing any of the steps described above in relation to the first method and the third method.

Here, and throughout theses proceedings, a processor is understood to encompass several processors working together, or one or more processors in a server based or cloud based environment. The above described systems may comprise the first terminal and/or the second terminal.

In the proposed technologies above, the person, or the individual, may be located at the first terminal. In the described systems, the processor and the non- volatile memory may constitute parts of a server or server system, or the systems as such may be a server or a server system.

Throughout these specifications, obtaining information associated with an electronic identity card is understood to encompass receiving information associated with the electronic identity card. If not indicated otherwise above, the different steps of the method may be executed on a server, in a server system, or in cloud computing environment.

Brief Description of the Drawings

Embodiments of the invention will now be described, by way of example, with reference to the accompanying schematic drawings, in which

Fig.1 is a schematic view of a system for identifying a person,

Fig.2 is a flow-chart illustrating an embodiment of method for identifying a person,

Fig.3 is a flow-chart illustrating the setup process of the method described in relation to Fig.2,

Fig.4 is a flow-chart illustrating an embodiment of the setup process described in relation to Fig.3,

Fig.5 is a flow-chart illustrating the operation process of the method described in relation to Fig.2,

Fig.6 is a flow-chart illustrating an embodiment of the operation process described in relation to Fig.5,

Fig.7a is a flow-chart further illustrating the embodiment of the operation process described in relation to Fig.6,

Fig.7b is a flow-chart further illustrating an alternative embodiment of the operation process described in relation to Fig.7,

Fig.8 is a flow-chart illustrating an alternative embodiment of the operation process described in relation to Fig.6,

Fig.9 is a flow-chart illustrating the sub-steps of determining the distance determining between first terminal and second terminal,

Fig.10 is a flow-chart illustrating the sub-step of obtaining the position of the first terminal,

Fig.1 1 is a flow-chart illustrating an additional sub-step of the operation process of the method described in relation to Fig.2,

Fig.12 is a flow-chart illustrating an alternative embodiment of method for identifying a person, Fig.13 is a flow-chart illustrating the input process of the method disclosed in relation to Fig.12,

Fig.14 is a flow-chart illustrating an alternative embodiment of a setup process for the method described in relation to Fig.2,

Fig.15 is a flow-chart illustrating an alternative embodiment of an operation process for use in conjunction with the setup process described in relation to Fig.14,

Fig.16 is a flow-chart illustrating the determining to send the image described in relation to Fig.15.

Fig.17 is a flow-chart illustrating another embodiment of a method for identifying a person,

Fig.18 is a flow-chart illustrating an alternative embodiment of the setup process described in relation to Fig.17,

Fig.19 is a flow-chart illustrating an alternative embodiment of the operation process described in relation to Fig.17,

Fig.20 is a flow-chart illustrating another embodiment of a method for identifying a person, and

Fig.21 is a flow-chart illustrating an alternative embodiment of the operation process described in relation to Fig.20. Detailed description

Fig.1 is a schematic view of a system for identifying a person. The system has a processor 12 and a non-volatile memory 14. The processor 12 is a general purpose processor. In an alternative embodiment, the processor 12 may be dedicated to its described function. A processor as a concept is here understood to encompass a single processor that individually handles a process, or a group of processors that cooperate to handle a process. Similarly, a non-volatile memory as a concept is here understood to encompass a single non-volatile memory that individually stores program code instructions, or a group of non-volatile memories that cooperate to store program code instructions. In the embodiment of Fig.1 , the system has a single general purpose processor 12 and a single non-volatile memory 14, which form part of a server 11. The server 11 is connected to the internet 16.

The system forms part of an arrangement with a first terminal 22 in the form of a stationary PC with a display 24. The first terminal 22 is connected to the internet 16 by hardwired broadband fiber access 25. In alternative embodiments, the first terminal 22 can be a smartphone or a tablet. The arrangement also has a second terminal 20 in the form of a smartphone, thus constituting a wireless device. The second terminal 20 is connected to the internet 16 by way of wireless broadband access 18. The non-volatile memory 14 comprises program code instructions that, when executed on the processor 12, enables the server 14 to communicate with the first terminal 22 and the second terminal 20 via the internet 16.

The non-volatile memory 14 contains program code instructions that, when executed on the processor 12 of the server 11 , causes the server 1 1 , or system 10, to perform a method 100 by which the identity of a person can be determined. The method, which is illustrated in Fig.2, includes a setup process 102 and an operation process 104.

The setup process 102 includes a number of sub-steps, which are shown in the flow-chart of Fig.3. In the first sub-step, a digital picture is received 1 10 from the second terminal 20 showing the face of the person. Thus the user of second terminal 20 is the sender of the digital picture and the server 11 is the receiver. The server 11 then obtains 112 information via the internet 16 from a trusted authentication server (not shown) verifying the personal identity of the sender of the digital picture by way of an electronic identity card. In the present embodiment, the previously mentioned Mobilt BankID is installed on and employed by the second terminal 20 to provide the electronic identity card in cooperation with the authentication server. An image is then provided 114 by changing the format of the digital picture to JPEG. Subsequently, the image is stored in the non-volatile memory 14.

The mobile phone number associated with the Subscriber Identity Module (SIM) card installed in the second terminal 20 is sent from the second terminal 20 to the server 1 1. Thus, an electronic communication link to the second terminal 20 has been identified 116 and information indicating the electronic communication link has been received 118. The sender of the mobile phone number is verified by the same verification process as is used for verifying the sender of the digital picture. Thus, information associated with the electronic identity card has been obtained 120 that verify the personal identity of the sender of the information indicating the electronic communication link. Here the sender of the digital picture and the sender of the information indicating the electronic communication link are the same, namely the second terminal 20. The sub-steps described here are illustrated in the flow-chart of Fig.4.

A national identification number is sent from the second terminal 20 to the server 1 1. Thus, a first identification information from the sender has been received 119 by the server. The sender of the national identification number is verified by the same verification process as is used for verifying the sender of the digital picture. Thus, information associated with the electronic identity card has been obtained 120 that verify the personal identity of the sender of the national identification number. These sub-steps are illustrated in the flow-chart of Fig.4. In an alternative embodiment, a credit card number is used instead of a national identification number.

The operation process 104 includes a number of sub-steps, which are shown in the flow-chart of Figs.5-7. The first terminal 22 sends a message via the internet 16 that is received 130 by the server 11. The message is a request for sending the image to a first terminal 22. The image is then sent 132 to the first terminal 22, after which it is shown on the display 24. The request for sending the image also includes the second identification information in the form of a national identification number. The first identification number and the second identification number are compared, and if they are the same, i.e. if the second identification information can be associated with the first identification information, the sending 132 of the image to the first terminal 22 is performed. In the present embodiment, the first identification number has been obtained at the first terminal 22 by scanning a physical ID-card.

As is illustrated in Fig.7a, a first signal is then sent 134 to the second terminal 20 via the electronic communication link via the internet 116. The first signal indicates that the operation process is ongoing. Thus, the second terminal 20 is informed that a verification of its user is attempted. The user is then presented with a choice to allow or deny a verification. A response signal is sent from the second terminal 20 and received 138 by the server 1 1 , and the response signal indicates the choice of the user, i.e. whether a verification should be allowed or not.

A second signal is then sent 136 to the first terminal 22 indicating whether a verification should be allowed or not based on the response signal. For example, if the response signal indicates that a verification should be allowed, the second signal also indicates that a verification should be allowed. Thus, the second signal also indicates the sending of the first signal. The server 1 1 also determines 139 if the response signal has been received. If the response signal has not been received, the second signal instead indicates that no response has been received. This may occur when the first terminal 22 is shut off our outside coverage. The indication of the second signal is shown on the display 24 of the first terminal 22, a green symbol if the verification should be allowed, and a red symbol if the verification should not be allowed or if no response signal has been received.

An alternative embodiment to the steps described in relation to Fig.7a is described in Fig.7b. A fifth signal is sent 160 from the server 11 to the second terminal 20 via the electronic communication link indicating that the operation process is ongoing. A sixth signal is then received 162 from the second terminal 20 indicating that the fifth signal has been received by the second terminal 20. Information verifying the personal identity of the sender of the fifth signal is then obtained 164 in the same manner as for the digital picture described above. Subsequently, a seventh signal is sent 166 to the first terminal 22 indicating that the sixth signal has been received by the server 1 1.

Figs.8-10 are flow-charts illustrating an alternative embodiment of the sub-steps of the operation process illustrated in Figs.6-7. The second terminal 20 has a GPS unit 32 by which its coordinates are determined. In the operation process 104, prior to sending 136 the second signal, a third signal including the coordinates is sent from the second terminal 20 and received 144 by the server 1 1 , thus indicating the positon of the second terminal 20. The first terminal 22 also has a GPS unit 34 by which its coordinates are determined. In the operation process 104, prior to sending 136 the second signal, a fourth signal including the coordinates is sent from the first terminal 22 and received 150 by to the server 11 , as is illustrated in Fig.10, thus indicating the positon of the first terminal 22, and the position of the first terminal 22 has been obtained 146 by the server 1 1. The distance from the position of the first terminal 22 and the position of the second terminal 20 is then determined 140, 148 from the two sets of coordinates. If the distance is greater than 100 m, it is determined that the verification should not be allowed, and this is indicated by the second signal, thus also indicating the determined distance. In another embodiment, the determined distance is included in the second signal and shown in the display 24 of the second terminal 22.

The first terminal 22 has an NFC reader 40 and the second terminal 20 has an embedded NFC tag 38. The second identification information is stored in the NFC tag 38, and the operation process 104 further includes the step of transferring or transmitting 152 the second identification information from the second terminal 20 to the first terminal 22. This is done by the NFC reader 40 reading the NFC tag 38 to prior to the request 130 for sending the image is sent from the first terminal 22 to the server 1 1. In alternative embodiments, the transmitting 152 is performed by way of RFID, Bluetooth technology and Wi-Fi technology. The second identification information is included in the request for sending the image, as is described above. In one embodiment, the second identification information stored in the NFC tag 38 is sent from the second terminal 20 to the server 11 in the setup process 102, and is regarded as the first identification information in the subsequent steps. Thus, the first and second identification information are identical. Fig.12 is a flow-chart illustrating an alternative embodiment of method 100 for identifying a person that can be implemented in the system described in relation to Fig.1. The method 100 includes an input process 106, a setup process 102, and an operation process 104. The latter two processes are identical to the corresponding processes described in relation to Figs.2-10. The input process 106, which is illustrated in the flow-chart of Fig.13, is performed on the second terminal 20, which comprises a camera 36. The digital picture is acquired 160 by the camera 36, i.e. at the second terminal 20, and then transmitted 162 from the second terminal 20 to the server 1 1.

It should be noted that in the description above, the system is regarded as comprising the server 1 1 , first terminal 22, and the second terminal 20. In a different embodiment, the system is regarded as the server 11 alone. The server may also be regarded as a control unit or a sub-system in a system also comprising the first terminal 22 and the second terminal 20. Transmitting a signal or response is here understood to encompass a single transmission, or several transmissions spread out in time. Similarly, sending a signal or response is here understood to encompass an uninterrupted sending, or several sending operations spread out in time.

From the description above follows that, although various embodiments of the invention have been described and shown, the invention is not restricted thereto, but may also be embodied in other ways within the scope of the subject-matter defined in the following claims.

A flow-chart illustrating an alternative embodiment of a setup process 202 for the method described in relation to Fig.2 is illustrated in Fig.14. A digital picture is first received 206 from the second terminal 20 showing the face of the person. Thus the user of the second terminal 20 is the sender of the digital picture and the server 11 is the receiver. First identification information in the form of a national identification number of the sender is also received 208 from the sender. This means that the first identification information is coupled to, or can be associated with, the sender.

The server 11 then obtains 210 information via the internet 16 from a trusted authentication server (not shown) verifying the personal identity of the sender of the digital picture and the first identification information by way of an electronic identity card. In this present embodiment, the previously mentioned Mobilt BankID is installed on and employed by the second terminal 20 to provide the electronic identity card in cooperation with the authentication server. An image is then provided 212 by storing the digital picture in the non-volatile memory 14.

Third identification information is then received 214 from an additional sender.

The additional sender is the user of a third terminal similar to the second terminal 20. The third identification information is constituted by the national identification number of the sender. This means that it is associated with at the first identification information. Fourth identification information as also received 216 from the additional sender in the form of a national identification number of the additional sender. Thus, the fourth identification information is associated with the additional sender. The server 11 then obtains 217 information via the internet 16 from a trusted authentication server (not shown) verifying the personal identity of the additional sender in a similar manner as described above for the sender.

A mobile phone number associated with the SIM card installed in the third terminal in the form a smartphone is sent from the third terminal to the server 11. Thus, an additional electronic communication link to the third terminal has been identified 218 and information indicating the electronic communication link has been received by the server 11. The additional sender of the mobile phone number is verified by the same verification process as is used for verifying the additional sender of the third identification information. Thus, information associated with the electronic identity card has been obtained 219 that verify the personal identity of the additional sender of the information indicating the additional electronic communication link.

A flow-chart illustrating an alternative embodiment of an operation process 204 that is executed together with the setup process 202 described in relation to Fig.14 is shown in Fig.15. A request for sending the image to the first terminal 22 is first received 220 from the first terminal 22. The request for sending the image includes fifth identification information in the form of the national identification number of the additional sender. Subsequently, it is determining 222 whether to send the image to the first terminal 22 based on the third identification information, the fourth identification information, and the fifth identification information, as is further described below in relation to Fig.16. If a sending is determined, the image is then sent 224 from the server 1 1 to the first terminal 22.

An eighth signal is sent 230 to the third terminal via the additional electronic communication link indicating that the operation process is ongoing. A ninth signal is received 232 in reply from the third terminal that acknowledges that the eighth signal has been received 230, and the personal identity of the additional sender of the ninth signal is verified by information obtained 234 in the same manner as for verifying the additional sender of the third identification information described above. A tenth signal is then sent 236 to the first terminal 22 indicating that the ninth signal has been received by the server 1 1. A flow-chart illustrating the sub-steps of determining 222 to send the image to the first terminal 22 is shown in Fig.16. The fourth identification information is compared with the fifth identification information. In the present embodiment, both the fourth and the fifth identification information include the national identification number of the additional sender. Thus, the fourth and the fifth identification information are coupled or associated. The third identification information is compared with the first identification information. In the present embodiment, both the third and the first identification information include the national identification number of the sender. Thus, the third and the first identification information are coupled or associated.

It has been determined that the fourth and the fifth identification information are associated, and the third and the first identification information, on which ground it is determined 226 to send the image to the first terminal 22.

In another sub-step, the time interval between the setup process 202 and the operation process 204 is determined as the approximate time between receiving 214 of the third identification information and the receiving 220 of the request for sending the image. If the time interval between the setup process 202 and the operation process 204 is shorter than a predetermined time interval, in this embodiment 24 hours, it is determined 228 that the image is to be sent.

Fig.17 is a flow-chart illustrating another embodiment of a method 300 for identifying a person. The method 300 is divided into setup process 302 and a subsequent operation process 304. The method 300 is executed in a system as described in relation to Fig.1. The non-volatile memory 14 contains program code instructions that, when executed on the processor 12 of the server 1 1 , causes the server 1 1 , or system 10, to perform the method 300.

In the setup process 302, the server 11 receives 306 first identification information from a sender (not shown) via the internet 16. In a typical application, the sender is a communication device, such as a smartphone. The sender is operated by a first user and the first identification information is associated with the identity of the first user. The server 11 then obtains 308 information associated with an electronic identity card for verifying the personal identity of the first user operating the sender in a similar manner as described above in relation to Fig.3.

The server 11 receives 310 second identification information and third identification information from an additional sender (not shown) via the internet 16. In a typical application, the additional sender is a communication device, such as a smartphone. The additional sender is operated by a second user. The second identification information is associated with the identity of the second user, and the third identification information is associated with the identity of the first user. The server 11 then obtains 312 information associated with an additional electronic identity card for verifying the personal identity of the second user operating of the additional sender in a similar manner as described above in relation to Fig.3. Here, the third identification information can be regarded as a digital letter of appointment.

In a typical application, the first identification information is the national identifying number of the first user, the second identification number is the national identifying number of the second user, and the third identifying number is the national identifying number of the first user.

In the operation process 304, the server 11 receives 314 a request for an identification confirmation from a first terminal 22 and the request includes fourth identification information obtained at the first terminal 22. In a typical application, the terminal 22 is located at a point-of-sale or a point-of-delivery and the fourth identification is the national identifying number of a person intending to make a purchase or retrieve a package.

The server then determines 316 to send the identification confirmation to the first terminal 22, provided a number of conditions are fulfilled.

In a first scenario, the fourth identification information can be associated with the second identification information. In a typical application, a national identifying number is obtained at the first terminal 22, for example by manually entering a number in the first terminal 22 or by retrieval from delivery information for a package, which number is then sent to the server 1 1. The server 11 compares it with the national identifying number of the second user, and a decision to send the identification confirmation is then made if there is a match. The identification confirmation is then at least in part based on, or comprises, the first identification information associated with the identity of the first user. In a typical application, the identification confirmation includes the national identifying number of the first user. This way, information corresponding to the identity of a receiver of a digital letter of appointment is obtained.

In a second scenario, the fourth identification information can be associated with the first identification information. In a typical application, a national identifying number is obtained at the first terminal 22 by scanning a physical ID-card. The server 11 compares it with the national identifying number of the first user, and a decision to send the identification confirmation is then made if there is a match. The identification confirmation is then at least in part based on, or comprises, the second identification information associated with the identity of the second user. In a typical application, the identification confirmation includes the national identifying number of the second user. This way, information corresponding to the identity of a giver of a digital letter of appointment is obtained.

In a third scenario, the fourth identification information can be associated with both the first identification information and the second identification information. In a typical application, a first national identifying number is obtained at the first terminal 22, for example by manually entering a number in the first terminal 22. A second national identifying number is also obtained at the first terminal 22 by scanning a physical ID- card. These are then sent to the server 1 1. The server 11 then compares the first national identifying number with the national identifying number of the first user and the second national identifying number with the national identifying number of the second user. A decision to send the identification confirmation is made if there is a full match The identification confirmation than has the form of a confirmation code representing a match of a person identifying itself at the first terminal 22 with the receiver of a digital letter of appointment.

Provided a sending of the identification confirmation has been determined, the operation process 304 then continues by sending 318 the identification confirmation to the first terminal 22, where it is shown on the display 24.

Fig.18 is a flow-chart illustrating an alternative embodiment of the setup process 302 described in relation to Fig.17. In this embodiment, a digital picture is received 320 from the sender showing the face of the first user. The personal identity of the first user operating the sender of the digital picture is verified in the same manner as the described in relation to Fig.17. An image is then provided 322 by converting the format of the digital picture to a predetermined JPEG format. Subsequently, the image is stored in the non-volatile memory 14. An additional digital picture is also received 324 from the additional sender showing the face of the second user. The personal identity of the second user operating the additional sender of the digital picture is verified in the same manner as the described in relation to Fig.17. An additional image is then provided 322 by converting the format of the additional digital picture to a predetermined JPEG format. Subsequently, the additional image is stored in the non- volatile memory 14. The identification confirmation includes the image and the additional image, which are thus made available to and displayed at the first terminal 22.

Fig.19 is a flow-chart illustrating an alternative embodiment of the operation process 304 described in relation to Fig.17. In this embodiment, a request for an identification verification is sent 328 by the server 22 to a second terminal 20 operated by the first user. An identification verification from the second terminal 20 is then received by the server. The identification verification includes information associated with an electronic identity card verifying the personal identity of the user operating the second terminal 20. In this embodiment, the server determines 316 to send the identification confirmation to the first terminal 22 if the personal identity of the user operating the second terminal 20 can be associated the personal identity of the first user.

Fig.20 is a flow-chart illustrating another embodiment of a method 400 for identifying a person. The method 400 is divided into setup process 402 and a subsequent operation process 404. The method 400 is executed in a system as described in relation to Fig.1. The non-volatile memory 14 contains program code instructions that, when executed on the processor 12 of the server 1 1 , causes the server 1 1 , or system 10, to perform the method 400.

In the setup process 402, the server 11 receives 406 first identification information and second identification information from a sender (not shown) via the internet 16. In a typical application, the sender is a communication device, such as a smartphone. The sender is operated by a first user. The first identification information is associated with the identity of the first user and the second identification information is associated with the identity of another person. The server 11 then obtains 408 information associated with an electronic identity card for verifying the personal identity of the first user operating the sender in a similar manner as described above in relation to Fig.3.

In a typical application, the first identification information is the national identifying number of the first user and the second identification number is the national identifying number of the other person.

In the operation process 404, the server 11 receives 414 a request for an identification confirmation from a first terminal 22 and the request includes third identification information obtained at the first terminal 22. In a typical application, the terminal 22 is located at a point-of-sale or a point-of-delivery and the third identification is the national identifying number of a person intending to make a purchase or retrieve a package.

The server then determines 416 to send the identification confirmation to the first terminal 22, provided a number of conditions are fulfilled.

In a first scenario, the third identification information can be associated with the second identification information. In a typical application, a national identifying number is obtained at the first terminal 22, for example by scanning a physical ID-card, which is then sent to the server 1 1. The server 11 compares it with the national identifying number of the other person, and a decision to send the identification confirmation is then made if there is a match. Thus, it is can be confirmed that the person having the physical ID-card is the holder of a digital letter of appointment from the first user.

In a second scenario, the third identification information can be associated with the first identification information. In a typical application, a national identifying number is obtained at the first terminal 22, for example by manually entering a number in the first terminal 22 or by retrieval from delivery information for a package, which is then sent to the server 11. The server 1 1 compares it with the national identifying number of the first user, and a decision to send the identification confirmation is then made if there is a match. The identification confirmation is then at least in part based on, or comprises, the second identification information associated with the identity of the other person. In a typical application, the identification confirmation includes the national identifying number of the first user. This way, information corresponding to the identity of a receiver of a digital letter of appointment is obtained.

Provided a sending of the identification confirmation has been determined, the operation process 404 continues by sending 418 the identification confirmation to the first terminal 22, where it is shown on the display 24.

Fig.21 is a flow-chart illustrating an alternative embodiment of the operation process 404 described in relation to Fig.20. In this embodiment, a request for an identification verification is sent 428 by the server 22 to a second terminal 20 operated by the other person. An identification verification from the second terminal 20 is then received by the server 22. The identification verification includes information associated with an additional electronic identity card verifying the personal identity of the user operating the second terminal 20. In this embodiment, the server determines 416 to send the identification confirmation to the first terminal 22 if the personal identity of the user operating the second terminal 20 can be associated the personal identity of the other person.