Image analysis – Applications – Reading bank checks
Reexamination Certificate
1996-10-04
2002-12-03
Johns, Andrew W. (Department: 2153)
Image analysis
Applications
Reading bank checks
C382S115000, C382S116000, C382S118000, C382S119000, C340S870030
Reexamination Certificate
active
06490367
ABSTRACT:
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention is intended to be used in contexts which will become apparent from the preambles of the main claims which are attached.
As a result of developments in telecommunications and data communications, an increasing number of sensitive operations are being performed without the participating parties being “present” for a possible check on their identity. A consequence of this is that it must be possible for individuals and parties participating in an operation to be identified “electronically”. The methods for doing this up until now have, if they have existed at all, been based on the password technique taken from the espionage trade. During the last few years, the weaknesses of a password technique as the only method of identification have been amply demonstrated by the numerous instances of so-called “hacking”.
A method which establishes more secure identification is that of digital signatures, which method can be applied in all the areas where an identification of the source of an operation or a document needs to be verified. This method simulates the normal manner of identification which is used for transactions outside the electronics field. The method using digital signatures is based on the party who is to be identified signing for the transaction (compare ordinary signature on, for example, a contract) and the identity being checked against a comparison original which has the same role as an ID card has for ordinary signatures. For this method to be able to function in an electronics context, an infrastructure needs to be available in order to be able to create electronic identity documents.
The information which we use to verify an ordinary ID card has (as
FIG. 1
shows) its equivalent in the electronic identity document. Another definition for electronic identity document is certificate.
An electronic ID document contains additional information which is of no importance for this comparison. It is also possible to add other information, in the same way as a given ID card can contain information specific to a company.
In order to identify an individual with the aid of an ID document, we require that the individual concerned will resemble the person in the photograph and will be able to reproduce the signature. In the case of certificates, this is replaced by a technical procedure based on cryptography which uniquely identifies the user.
The confidence we have in an ID document is really a result of the confidence we have in the organization which issues it, for example a company or an authority, combined with the fact that the document is sufficiently secure in technical terms. As an example of the latter, we can compare the old driving licences, with a photo stuck on and a stamp, with today's licences which are sealed in plastic.
Just as is the case for issuing an ordinary ID document, the issuing of electronic ID documents requires a technical and administrative infrastructure.
Crucial to the quality of any ID document is the identification of the individual which takes place in conjunction with the issuing; this is the absolutely crucial aspect, the quality of which totally determines the quality of the whole document, regardless of whether it is an ordinary ID card or a certificate.
This identification is normally done by the person in question being known, or by some person or persons, already trusted, vouching for the identity. It is obviously preferable if this identification can take place at as “low” a level as possible, for example departmental level in a company, where, by and large, all individuals are known to each other and it is easy to determine who belongs to the organization, with what powers, and in what capacity.
As far as this part of the administration is concerned, there is no great difference between a traditional ID document and a certificate, and in the same way there must be the possibility of verifying that the document is still valid etc.
In the case of certificates, the authority which issues and which may revoke these is usually called a Certification Authority or CA. A difference between certificates and ordinary ID documents is that the holder always carries the latter on his or her person, which need not be the case with certificates; the issuer (CA) also has the role of publishing the electronic ID documents (the certificates) in such a way that these are accessible to anyone requiring access to them. If appropriate, information on revoked certificates may be stored together with the certificates.
As regards the CA (Certification Authority), reference is made to ISO 9594-8 (The Directory Authentication Framework). In the text which follows, we introduce, in the same way as in, for example, Privacy Enhanced mail (RFC 1114), the restriction that the CA is a clearly definable part of an organization.
On the basis of the above, the functions of the CA are defined as follows:
The CA represents an organization or a clearly definable part of such an organization in the issuing of certificates. The CA verifies the identity of the person for whom a certificate is to be created. The CA personalizes a “token” linked to the identified person. By means of this, the CA lets the organization or organization unit guarantee an organizational identity for the person to which a certificate is issued.
The CA represents an organization or a clearly definable part of such an organization in the publication of certificates. The CA makes the certificate known and accessible to anyone, for example through one or more catalogue services.
The CA represents an organization or a clearly definable part of such an organization in the revocation of certificates. The CA discloses, in a reliable manner, that the organization or the organization unit no longer vouches for the previously conferred organization identity.
The CA represents an organization or a clearly definable part of such an organization in the renewal of certificates. The CA extends the validity of the conferred organization identity by issuing a new certificate for this.
SUMMARY OF THE INVENTION
Since the CA always represents an organization or organization unit, the CA, independently of its internal structure, will be regarded by those around it as a unit related to the represented organization or organization unit.
Since the familiarity with the persons involved in an organization is often best at the level where the business is conducted, it is also there that a person can best be identified, both in terms of the physical identity of the person and his or her role in the organization. In larger organizations or organization units, no single authority can be expected to be familiar with the various individuals and their roles in the way which is necessary to be able to guarantee the organization identity of the person.
In consideration of the above, the internal organization of the CA will allow certificates to be issued at the organizational level where the abovementioned familiarity is found.
In the following text it is assumed that the identification procedure is based on the technique using public keys, and that the “token” which is used is an IC card with built-in computing capacity.
In order to issue a certificate, access is needed to the following:
1. A pair of cipher keys unique to the CA, one public and one private, the private one being used for the digital signature which guarantees the identity of the issuer and that the contents of the certificate are not manipulated. The private key must be stored in such a way that unauthorized access is not possible in practice.
2. A terminal where the person carrying out the issuing procedure keys in personal data, a certificate is created and signed (this signature protects against manipulation of the contents in the certificate). For each certificate there is a unique key pair which is linked via the certificate to the individual.
3. A medium where the certificate holder can safely store his private key and carry out the computations necessary during the identification proce
Carlsson Jan
Hoglund Per
Skagerberg Jesper
Johns Andrew W.
Le Hiev C.
Telia AB
LandOfFree
Arrangement and method for a system for administering... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Arrangement and method for a system for administering..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Arrangement and method for a system for administering... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2918350