• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    In a method for checking the identity of a person on a server (10) of a service provider, a terminal (2) of the person is connected to the server (10) via a data communication network. A picture (101) of an identification document transmitted by the terminal (2) to the server via the data communication network is received. Information about the person to be checked is provided on the server (10). An image (104) of the person to be identified is extracted from the image (101) of the identification document received by the server. A file transmitted by the terminal (2) to the server (10) via the data communication network is received with a visual representation (103) of the person to be checked. A correspondence between the file received on the server and the visual representation (103) of the person and the image (104) of the person to be identified is evaluated by means of a face recognition method. Finally, a successful verification of the identity is confirmed if predetermined criteria, at least to the agreement, are met.
    公开号:CH713528A2
    申请号:CH00296/18
    申请日:2018-03-09
    公开日:2018-09-14
    发明作者:Oppliger René;Rumpft Michael;Calzolari Mirco
    申请人:Finform Ag;
    IPC主号:
    专利说明:

    description
    Technical Field The invention relates to a method for checking the identity of a person on a server of a service provider, wherein a terminal of the person is connected to the server via a data communication network. The invention further relates to a method for generating a digital certificate for confirming the identity of a person assigned to the certificate and to a device for checking the identity of a person.
    [0002] On the basis of corresponding legal regulations, business relationships with certain service providers may only be opened if the customer identifies himself to the service provider with legal certainty. Also for the issuing of certain documents or electronic certificates an identification is necessary, which meets certain regulations.
    Thus, certain laws, bilateral and multilateral or international agreements to combat money laundering and terrorist financing require such identification of customers by their financial institution. Identification is also necessary if a person requires certain official IDs or an electronic proof of identity certificate.
    Conventionally, the customer has identified himself by personal interview with the service provider or a third-party service provider who performs the identification. Recent legal regulations also permit identification "at a distance", e.g. by means of a video chat with an employee of the service provider, in which connection also official IDs are presented (for example via the video connection).
    Because this video identification continues to require the work of an employee on the part of the service provider for an extended period of time, it is usually not always possible (ie not around the clock and not on all weekdays), it is relatively expensive and due to the given Number of available employees Capacity limits.
    DESCRIPTION OF THE INVENTION The object of the invention is to provide a method which belongs to the technical field mentioned at the beginning and which enables efficient identification and has high availability.
    The solution of the problem is defined by the features of claim 1. According to the invention, the method comprises the following steps: a) receiving an image of an identification document transmitted by the terminal to the server via the data communication network; b) providing information about the person to be checked on the server; c) extracting an image of the person to be identified from the image of the identification document received by the server; d) receiving a transmitted from the terminal to the server via the data communication network file with a visual representation of the person to be checked; e) evaluating a match between the file received on the server with the visual representation of the person and the image of the person to be identified; f) Confirmation of a successful verification of identity, if given criteria, at least to the agreement, are met.
    The steps a) -f) can be performed in different order, unless a particular step is not necessarily based on the result of another step. This also applies to the further possible method steps mentioned below.
    The terminal may be a mobile terminal such as a smartphone, tablet or notebook computer or may be a substantially stationary terminal, e.g. a desktop computer. On the side of the terminal, a dedicated application (App) for carrying out the inventive method can be brought to expiration. Alternatively, the terminal accesses the data communication network to a server (web server), on which a corresponding application (web app) is brought to expiration. This access can be done, in particular, by means of a browser application running on the terminal.
    The data communication network is in particular the Internet. In principle, however, within the scope of the method according to the invention, various communication networks and wireless as well as wired transmission technologies can be used, also in combination, e.g. LAN, WLAN, mobile networks, short-range networks, etc.
    In particular, the identification document is a document issued by an authority with predetermined characteristics, e.g. a passport, identity card, driver's license, etc. The identification document is associated with a (natural) person and includes inter alia a photograph of the person, in particular a portrait, showing the person's face.
    The image of the identification document and the visual representation of the person to be checked can be created directly in the context of the inventive method, in particular with an integrated in the terminal or connected to this camera. If necessary, the creation of the image or the visual representation can take place directly from the locally running application. Alternatively, a previously created with the terminal or transmitted to this image of the identification document or visual representation of the person can be used. For security reasons, it can be advantageous if the image or the visual representation can take place exclusively in real time and exclusively with a dedicated application. In particular, measures can be provided to ensure that the visual representation of the person to be checked is an image that was created within the scope of the inventive method directly by the person to be identified (life recognition, liveness detection). This is achieved, for example, by a request randomly selected in the context of the method, of moving the eyes and / or mouth in a specific manner, by 3-dimensional recordings (or recordings of us at different angles), by the use of infrared scanners, depth sensors and / or or point projectors.
    The image of the identification document and the visual representation of the person to be checked may be subjected to image processing prior to further processing, e.g. to compensate for poor lighting conditions by adjusting display parameters (such as brightness, contrast, color saturation, etc.) or applying other image enhancement algorithms (e.g., to improve image sharpness).
    The information to be provided on the server about the person to be checked can be entered manually by the person to be checked, they can - as described below - be extracted from the identification document or they can come from third party, e.g. from a location that initiated the identity verification process, or from a directory or registry accessible to the server. The information can also be compiled from several sources.
    The result of the evaluation of the match may be bivalent ("agrees", "does not match") or multi-valued, it may also be an i.W. stepless mass, e.g. a value between 0 and 100%, act. Especially in the second case, additional identification steps can be triggered to increase the reliability of the identification. Thus, additional visual representations and / or identification documents can be requested or additional, different types of identification steps are carried out as described below. Only when the criteria have been met according to certain specifications will the confirmation be confirmed.
    Not all process steps must take place directly on the server of the review performing service provider. Instead, the server may offload certain steps to other servers, if any, from third-party service providers, as described in more detail below. In particular, extracting the image of the person from the image of the identification document and evaluating the match can take place on another server.
    The confirmation of the successful verification of the identity (or a message of a negative result of the review) may be made to the verified person, to a third party or both.
    As will be explained in more detail below, in addition to the required correspondence between the visual representation and the mapping from the identification document further criteria can be specified so that a successful verification can be confirmed.
    With the inventive method of labor on the part of the service provider can be minimized or avoided altogether. Even with a manual evaluation of the conformity of the image on the identification document with the visual representation of the person to be identified, the temporal burden on the part of the service provider with the identification person is minimized. This means a higher availability of the system for a given employee capacity.
    Advantageously, the method runs in real time, i. E. the verification is essentially completed during the period in which the person under review interacts with the server.
    In a preferred embodiment of the method, the steps a) -f) are brought fully automatically, wherein the evaluation of the conformity of the file received on the server with the visual representation of the person and the image of the person to be identified by means of a face recognition process This has the advantage that the process can proceed fully automatically. This means that on the part of the service provider no manual operations such. a real-time interaction in the context of a video chat or a manual image comparison, must take place. Accordingly, there is a high availability, which is not dependent on the presence of a sufficient number of employees on the part of the service provider. The check can take place during 24 hours and on all days of the week. The result is not dependent on subjective influences due to the processing by different employees.
    Alternatively, the evaluation of the match is done manually, by a person working on the service provider. This evaluation can be done in a very short time, whereby the person working can be supported by the system, e.g. in that the image extracted from the identification document and the visual representation to be compared with respect to the image detail and / or presentation parameters (such as brightness, contrast, color saturation, etc.) are aligned and displayed side by side.
    The inventive method for checking the identity of a person can serve in particular as a prerequisite for the generation of a digital certificate, the digital certificate allows the confirmation of the identity of a person assigned to the certificate. If the check is successful, the digital certificate is created. This includes at least a name of the person, a public cryptographic key and data for the verification of an issuer of the certificate.
    However, the method according to the invention can also be used for other purposes, for example in the context of the opening of a business relationship between the person and a service provider, e.g. a financial service provider. With the aid of the method according to the invention, it is ensured that the service provider has knowledge of the actual identity of the person checked.
    In either case, the method allows verification of identity without the person having to personally audition at a location (e.g., a counter) of the service provider or issuer of the certificate.
    The method is used to verify the identity of a natural person (or several natural persons). If a natural person (or collectively a group of natural persons) is authorized to act for a legal entity, the process may also be used in the context of creating a digital certificate which is assigned to a legal person (eg a company, association or other entity) is. In this case, it advantageously includes the further step of examining the action entitlement of one or more natural persons for the corresponding legal entity. This verification may be based on evidence provided by the verified person (s) and / or information available on the server, e.g. from a directory or register.
    An inventive device for checking the identity of a person, in particular for carrying out the inventive method, comprises a) a platform server of a service provider, b) a plurality of connected via a data communication network to the platform server, modular third-party server, comprising at least: b1) a document processing server for extracting an image of the person to be checked from an image of an identification document; b2) an evaluation server for evaluating a match between a first file having a visual representation of a person and an image of the person to be identified; Wherein the platform server receives data from a terminal of the person, for extracting and decoding information from the received data, for obtaining additional identification-relevant information and for performing identification-relevant evaluations parallel and / or serial transmits to the third-party server and receives response data, and Wherein the platform server is controlled such that it receives at least: - from a terminal of the person to be checked via the data communication network receiving the image of the identification document; - forwards the image of the identification document to the document processing server and receives first information about the person to be checked as well as the extracted image of the person; - receives from the terminal via the data communication network, the visual representation of the person to be checked; - transmit the extracted image and the visual representation to the evaluation server and receive a score of the match; evaluates predetermined criteria, at least to the evaluation of the agreement, and confirms a successful verification of the identity when the criteria are met.
    The modular third-party servers may be servers of the service provider or of third parties. The servers can be physical or virtualized. In particular, communication with the platform server is through predetermined interfaces (e.g., SOAP or the like). The terminology "platform server", "document processing server", "evaluation server" etc. does not mean that the servers have to be configured differently in terms of hardware, but they serve different purposes and are controlled differently at least at the software level.
    In a preferred embodiment, the evaluation server is an image processing server for evaluating the correspondence between the first file with the visual representation of the person and the image of the person to be identified by means of a face recognition method. This allows a fully automatic verification of the identity.
    Alternatively, the evaluation server represents the visual representation of the person and the image of the person on a screen, after which the evaluation of the agreement is carried out by a cooperating person of the service provider (or of a company commissioned by the service provider).
    Advantageously, to provide the information about the person to be checked for obtaining coded information, a machine-readable zone of the identification document is evaluated on the basis of the server received image of the identification document, and for obtaining the information, the coded information is decoded. "Decoding" in the present case can only mean that the encoded information is associated with multiple fields (e.g., name, date of birth, place of birth or hometown, etc.), but the information may also be in cipher form and deciphered. Furthermore, the information may also be present, for example, in graphically coded form (for example as a barcode, 2D code or QR code) and be converted into alphanumeric information by the decoding.
    Alternatively or additionally, the information is obtained in other ways, e.g. manually entered by the person to be checked and transmitted from the terminal to the server via the data communication network or obtained from a third party (e.g., from a directory or registry).
    If the identification document comprises a data memory which can be read by a terminal available to the person (for example a smartphone with NFG functionality), information present on this data memory can also be read out and transmitted to the server.
    The inventive method advantageously comprises the authenticity check of the identification document. For this purpose, the document is compared, for example, with data stored in a database on characteristics of identification documents (security features, fonts, size relationships, layout, etc.), using the corresponding illustration or illustrations. Also, optical security features such as holographic-kinematic displays or tilt-flip printing elements can be evaluated by presenting multiple images (e.g., still images from a video capture).
    Preferably, a match between the information obtained from the machine-readable zone of the identification document and existing second information about the person is evaluated, and the evaluation of the match is included in the criteria to be met.
    Thereby it can be ensured that the presented identification document is actually assigned to the person to be checked, e.g. a name, date of birth, place of birth or hometown, or other information. Ultimately, only those information should be confirmed as validated (and confirmed as appropriate by means of a certificate), which have actually been verified and are not based solely on information provided by the individual.
    Preferably, the visual representation of the person to be examined comprises several views of the person, in particular a cinematic representation of the person. Compared to a single view, this makes it difficult to attempt counterfeiting, and the reliability of the check can be increased. The several views of the person are, in particular, staggered and / or spatially different views. In addition, auditory information can also be recorded and transmitted to the server. But this can also be omitted.
    In the context of the inventive method, additional information about the person can be received via the data communication network from the terminal, after which their assignment to the person is verified. This additional information may be entered by the person or otherwise provided on the terminal. It may be information (e.g., the address, membership in associations, etc.) whose assignment is to be confirmed, or may be e.g. Biometric information that allows for greater security of identity verification.
    The confirmation of successful verification may be communicated to a third party along with at least a subset of the first information about the person. In particular, in the context of the transmitted information, it is noted which of the information is confirmed as correct (eg name, home address, e-mail) and which only as supplementary information (eg a transaction or customer number, additional information optionally entered by the person, etc.). available.
    The information about the person to be checked may include address data of the person. The verification of the assignment of the address data to a name of the person can be done by at least one of the following steps: a) matching the address data and the name with an address database or a publicly accessible register; b) receiving from the terminal to the server via the data communication network transmitted image of a billing document, which includes name and address information, in particular a billing document of a trusted biller, extracting the name and address information and matching the address data and the name with the name and address information; c) receiving a confirmation code on the server, wherein the confirmation code of the person has been delivered by mail on the basis of the address data and wherein a confirmation of the successful verification of the identity takes place only if there is a match of the confirmation code with the delivered confirmation code.
    In order to be able to verify the assignment on the basis of an accounting document, the third-party servers advantageously comprise a second document processing server for extracting name and address information from an invoice document, the platform server being controlled to receive one of the person's terminal via the data communication network Transferring an accounting document to the second document processing server and receiving the extracted name and address information and an evaluation of the authenticity of the accounting document, after which the platform server reconciles the address data and the name with the name and address information.
    The illustration of the invoice document can be created directly in the context of the inventive method, in particular with a built-in terminal or connected to this camera. If necessary, the mapping can be created directly from the locally running application. Alternatively, a previously created with the terminal or transmitted to this image of the invoice document can be used. For security reasons, it can be advantageous if the mapping can only take place in real time and exclusively with a dedicated application.
    In particular, the trusted biller is an invoice from a provider of a public nature, e.g. a provider of electricity, water, gas, telephone or similar Invoices are suitable if they include the name of the person to be checked and an address (or other information) of the person to be checked, which should be confirmed in the course of the procedure. The method may additionally provide that, for the purpose of checking the authenticity of the invoice document, a request is made to the trusted bill divider online via a corresponding interface. In this case, for example, the database of the biller is used to check whether a customer or transaction number on the bill corresponds to the number stored in the database and / or is assigned to the correct name.
    In a preferred embodiment, the server may receive information about a person-initiated electronic funds transfer, after which a match of the information with the first information is verified.
    In this case, the third-party servers advantageously further comprise a transaction server for processing electronic money transfer and for communicating electronic money transfer information to the platform server, the platform server being controlled to compare this information upon receipt of the information existing information about the person to be checked.
    The server can initiate the electronic money transfer via the data communication network on the terminal of the person. The actual process is then triggered as usual by the person or at least confirmed. The initiation or at least the payment process can be done via the transaction server or another server.
    In addition, the money transfer is preferably a debit card debit, an immediate payment transaction or another, conclusion to the paying party giving, executed at short notice payment process. In the short term, here it means that it is a payment transaction which occurs during a typical online transaction, e.g. a purchase in a webshop, can be completed completely, e.g. that the financial statements, including notification to the payee, are made within 5 minutes or faster.
    In the context of the inventive method, a comparison of the person in the review process attributable information with publicly available information about this person, in particular with information from social electronic networks, carried out, the comparison provides a degree of agreement, which in the to be fulfilled Incorporates criteria.
    Advantageously, the third-party servers further comprise a social media server for gathering information related to the person to be audited on one or more social networks and for generating a match of the collected information with the existing information about the person.
    For matching, search algorithms are automated to one or more sources of information, e.g. Social media channels, applied. The information obtained is then checked to see if it shows an assignment of the relevant information to the person to be checked.
    The server may preferably receive location data and optionally calendar and / or contact data via the data communication network from the terminal, after which a comparison of the location data and optionally the calendar and / or contact data with information available on the server, in particular to a residential and / or workstation address of the person, the reconciliation provides a measure of conformity, which flows into the criteria to be met.
    In this context, the third-party servers advantageously further comprise a matching server for matching location data associated with a terminal of a person and optionally calendar and / or contact data with personal information, in particular a residential and / or workstation address, and for generating a corresponding degree of agreement in which the platform server is controlled in such a way that it transmits the location data received from the terminal of the person to be checked via the data communication network and optionally calendar and / or contact data to the matching server, receives the corresponding measure of conformity and includes this in the evaluation of the predetermined criteria.
    On the basis of the location data, for example, frequent locations of the user of a mobile terminal can be determined. If these correspond to the assumed place of residence or the place of work of the person to be checked, this is proof of the correct assignment of residence or place of work. When evaluating the movement profile, various criteria can be defined depending on the occupational activity (office work, field service). By means of time and calendar information as well as contact data, the assignment of the place of residence and / or work and / or further information to be confirmed can be further checked.
    In one embodiment of the method, the server receives a transaction number which was transmitted to the person to be checked via a connection independent of the connection between the server and the terminal and which is present on the server, with confirmation of the successful checking of the identity only taking place if there is a match of the received with the existing transaction number on the server.
    A "transaction number" does not necessarily have to be information which is present as a numeric character string. It may also be in another form, which may be represented by a transaction number, e.g. as an alphanumeric string or in graphic form according to a defined representation.
    The transaction number may in particular be transmitted to the person to be checked in one of the following ways: via a short message (SMS) or another private short message service (e.g., WhatsApp or the like) (mTAN); - by post (e.g., as TAN list or indexed TAN list iTAN); - by phone; - via the Internet to a terminal other than that used in the verification procedure; via a specially protected connection to the used terminal, e.g. as a push TAN in a dedicated application (preferably protected by a password).
    The transaction number can also be generated by a TAN generator in the person to be checked. Such devices produce regularly or on demand new TANs.
    From the following detailed description and the totality of the claims, there are further advantageous embodiments and feature combinations of the invention.
    BRIEF DESCRIPTION OF THE DRAWINGS The drawings used to explain the embodiment show:
    Fig. 1 is a schematic representation of a device for carrying out a method according to the invention; and
    Fig. 2 is a schematic representation of the sequence of the inventive method.
    Basically, the same parts are provided with the same reference numerals in the figures.
    Means for Carrying out the Invention A device for carrying out a method according to the invention is shown schematically in FIG. The device comprises a platform server 10 of a service provider 3 and a terminal 2 of a person 1 whose identity is to be checked. The terminal 3 and the platform server 10 are both connected to the Internet 4 and exchange data about this.
    Also connected to the Internet 4 are multiple servers that perform particular tasks in the context of the inventive method. The servers can be operated by the service provider 3 or by third-party service providers, they can be designed as physical servers, virtualized servers or software modules. The servers can exchange 4 data with the platform server 10 via the Internet. The servers are a first document processing server 20, an image processing server 30, a second document processing server 40, a transaction server 50, optionally additionally a socialmedia server 60 and / or a matching server 70. Finally, there is a certificate server 80 which stores electronic certificates for Confirmation of the identity of a person can issue.
    2, the sequence of the inventive method is shown schematically. It is anticipated that a person may wish to establish a business relationship with a financial institution or obtain an electronic certificate for confirmation of their identity (e.g., for legal signing of digital documents). In the case described, this person uses her mobile terminal 2 (smartphone or tablet), which has an Internet connection and on which a dedicated application (app) is installed for carrying out the method. The person thus opens the app and requests the implementation of the identification to open a business relationship or to create a digital certificate.
    The person is prompted by the app to photograph an approved identification document (e.g., passport, ID card, driver's license, alien ID card or the like) with the camera of the mobile terminal 2. The recording 101 is automatically forwarded to the platform server 10 via the Internet.
    The person can capture further person-identifying data 102, which is also transmitted to the platform server 10 and verified in the further course of the process.
    The person is further requested to record with the camera of the mobile terminal 2 a video 103 of a certain minimum length, in which at least the head of the person is visible and which shows predetermined views. This video 103 is also transmitted automatically to the platform server 10.
    The platform server 10 forwards the capture 102 of the identification document to the first document processing server 20. This extracts the image 104 of the person contained in the identification document as well as the information 105 contained in a machine-readable zone (MRZ) of the document and returns both to the platform server 10.
    The platform server 10 forwards the image 104 extracted from the identification document and the video 103 received from the terminal to the image processing server 30. This evaluates a correspondence between the recording and the video, based on a known face recognition method, as described, for example, by R. Brunelli and T. Poggio, "Face Recognition: Features versus Templates", IEEE Trans, on ΡΑΜΙ, 1993, (10) 10: 1042-1052, or one of the numerous articles published since then. Corresponding software is commercially available. The image processing server 30 returns a match metric 106 or, optionally, an error message, e.g. if the resulting shot or video has qualitative defects. In the described method the measure is bivalent: «Agreement established», «Agreement not established». If the match could not be determined, the requesting person is informed accordingly by the platform server via their terminal. She can restart the process and in particular use another identification document and create a new video recording. If the match is found, the procedure continues with the steps outlined below.
    In the context of the described method, the residence address of the person should also be checked. If the address is included in the presented identification document and could be extracted by the first document processing server 20, it will be displayed in the app on the terminal 2 of the person and asked to indicate whether it is the current residence address to be confirmed. If this is not the case or if the address could not be determined, the person can enter the address 107 manually in the app. The address 107 is then transmitted to the platform server 10.
    In the app, the person is then asked to make with the camera integrated in the terminal a recording 108 of a bill document of a plurality of trusted billers, the bill document containing the person's address to be confirmed. The receptacle 108 is in turn automatically transmitted to the platform server 10 and is forwarded by the latter to a second document processing server 40. It is automatically determined from which biller the bill comes from and it is checked based on stored features, whether the bill is to be classified as genuine. If so, the recipient's name 109 and the corresponding address information 110 are extracted and transmitted to the platform server 10. If the authenticity of the invoice can not be confirmed, if the invoice is from an unauthorized biller or if other errors have occurred, an error message is sent to the platform server.
    In the case of received name and address information is checked whether the name matches the name of the person to be checked and if so, whether the address information matches the address to be confirmed. If this is the case, ultimately the residence address can be confirmed.
    权利要求:
    Claims (20)
    [1]
    In order to secure the identity of the requesting person, this is subsequently requested in the app to make an electronic money transfer to an operator of a transaction server 50. For this purpose, a small amount of money is transferred by means of a standard online payment directly from the app from a personalized account of the person to an account of the operator. After verification, the transfer can optionally be canceled or the amount refunded. The transaction server 50 forwards the received payee information 111 to the platform server 10. There it is checked whether this information, in particular the name (possibly also an address) with the person to be checked match. If this check is also successful, the business relationship with the financial institution can be opened or the certificate can be created. In the second case, before issuing the certificate, the requesting person is informed of the conditions attached and asked to confirm the exhibition. Based on the successful verification of the identity of the person then an electronic certificate 113 is generated on the certificate server 80 according to a transmitted from the platform server 10 to the certificate server 80 of the service provider itself or another service solicitor 112, which the identity of the certificate assigned Person confirmed. It is used in particular for legally valid signing of electronic documents or for proof of identity in online transactions. The certificate contains the following information: a) a serial number; (b) the indication that the certificate is a certificate (indicating, where applicable, the nature of the certificate, (c) the name or the name of the person who owns the associated private cryptographic key; if there is a possibility of confusion, the name or designation is given a distinguishing addition; d) if applicable, a pseudonym supplementing or replacing the name; (e) in the case of undertakings, an identification identifying that name, in Switzerland e.g. the so-called company identification number (UID); f) the public cryptographic key; g) the period of validity; h) the name, the country of establishment and a forgery-proof electronic seal of the issuer of the certificate. The certificate 113 (or a link thereto and, if appropriate, supplementary information) is then transmitted via platform server 10 to the terminal 2 of the person. The invention is not limited to the illustrated embodiment. Thus, the method can be e.g. also on a notebook computer or a stationary terminal (e.g., a desktop computer). Instead of a dedicated application installed on the terminal, a web application can be used. As mentioned above, not all identification steps need to be performed. Which of the identification steps are to be carried out can also be determined dynamically during the course of the method, in particular as a function of an already achieved security level and / or depending on the data assigned to the person whose correctness is to be confirmed. Instead of based on an invoice (or in addition thereto), the address data can be verified by means of matching with address databases or with other public registers, with a trusted private database or such a directory. As already described above, social media data and / or location, calendar or contact data can additionally be included on the terminal of the person. The latter data can be transmitted from the person's terminal to the platform server, as long as the person on his terminal expressly authorizes the transmission. In summary, it should be noted that the invention provides a method for checking the identity of a person, which enables efficient identification and has high availability. claims
    A method for verifying the identity of a person on a server of a service provider, wherein a terminal of the person is connected via a data communication network with the server, comprising the steps of: a) receiving a transmitted from the terminal to the server via the data communication network mapping of an identification document; b) providing information about the person to be checked on the server; c) extracting an image of the person to be identified from the image of the identification document received by the server; d) receiving a transmitted from the terminal to the server via the data communication network file with a visual representation of the person to be checked; e) evaluating a match between the file received on the server with the visual representation of the person and the image of the person to be identified; f) Confirmation of a successful verification of identity, if given criteria, at least to the agreement, are met.
    [2]
    2. The method according to claim 1, characterized in that the steps a) -f) are brought fully automatically to the process, wherein the evaluation of the conformity of the file received on the server with the visual representation of the person and the image of the person to be identified by means of a Face recognition process is done.
    [3]
    3. The method according to claim 1 or 2, characterized in that for providing the information about the person to be checked for obtaining coded information, a machine-readable zone of the identification document is evaluated on the basis of the server received image of the identification document and that for obtaining the information coded Information is decoded.
    [4]
    4. The method according to claim 3, characterized in that a match between the information obtained from the machine-readable zone of the identification document and existing second information about the person is evaluated and that the assessment of the match is incorporated into the criteria to be met.
    [5]
    5. The method according to any one of claims 1 to 4, characterized in that the visual representation of the person to be examined comprises several views of the person, in particular that it comprises a cinematic representation of the person.
    [6]
    6. The method according to any one of claims 1 to 5, characterized in that are received via the data communication network from the terminal additional information about the person, and that their assignment to the person is verified.
    [7]
    7. The method according to any one of claims 1 to 6, characterized in that the confirmation is transmitted together with at least a subset of the first information about the person to a third party.
    [8]
    8. The method according to any one of claims 1 to 7, characterized in that the information about the person to be checked address data of the person include and that a review of the assignment of the address data to a name of the person by at least one of the following steps: a) matching the address data and the name with an address database or a publicly accessible register; b) receiving from the terminal to the server via the data communication network transmitted image of a billing document, which includes name and address information, in particular a billing document of a trusted biller, extracting the name and address information and matching the address data and the name with the name and address information; c) receiving a confirmation code on the server, wherein the confirmation code of the person has been delivered by mail on the basis of the address data and wherein a confirmation of the successful verification of the identity takes place only if there is a match of the confirmation code with the delivered confirmation code.
    [9]
    9. The method according to any one of claims 1 to 8, characterized in that the server receives information about a triggered by the person electronic money transfer and that a match of the information with the first information is checked.
    [10]
    10. The method according to claim 9, characterized in that the server initiates the electronic money transfer via the data communication network on the terminal of the person and that it is preferably a transfer of a debit card, a Sofortbezahlvorgang or another in the money transfer, inference to the paid Party-giving, short-term payment transaction is.
    [11]
    11. The method according to any one of claims 1 to 10, characterized in that a comparison of the person as part of the verification process attributable information with publicly available information about this person, in particular with information from social electronic networks, is carried out, the comparison provides a degree of agreement , which flows into the criteria to be met.
    [12]
    12. The method according to any one of claims 1 to 11, characterized in that the server locating data and optional calendar and / or contact data are received via the data communication network from the terminal, after which a comparison of the location data and optionally the calendar and / or contact data with information available on the server, in particular to a person's home and / or work address, the reconciliation providing a measure of compliance that feeds into the criteria to be met.
    [13]
    13. The method according to any one of claims 1 to 12, characterized in that the server receives a transaction number which has been transmitted to the person to be checked via a connection independent of the connection between server and terminal and which is present on the server, wherein an acknowledgment the successful verification of the identity takes place only if there is a match between the received and the transaction number present on the server.
    [14]
    14. A method for generating a digital certificate for confirming the identity of a person assigned to the certificate, characterized by the following steps: a) carrying out a method for checking the identity of the person according to one of claims 1 to 13; b) creating a digital certificate comprising at least a name of the person, a public cryptographic key and data for verifying an issuer of the certificate.
    [15]
    15. A device for verifying the identity of a person, comprising a) a platform server of a service provider, b) a plurality of modularly connectable third-party servers connected to the platform server via a data communication network, comprising at least: b1) a document processing server for extracting an image of the person to be checked from a picture of an identification document; b2) an evaluation server for evaluating a match between a first file having a visual representation of a person and an image of the person to be identified; wherein the platform server receives data from a terminal of the person for extracting and decoding information from the received data, obtaining additional identification-relevant information and performing identification-relevant assessments in parallel and / or serial to the third-party servers and receives response data, and the platform server is controlled in such a way that it receives at least: - receives the image of the identification document from a terminal of the person to be checked via the data communication network; - forwards the image of the identification document to the document processing server and receives first information about the person to be checked as well as the extracted image of the person; - receives from the terminal via the data communication network, the visual representation of the person to be checked; - transmit the extracted image and the visual representation to the evaluation server and receive a score of the match; evaluates predetermined criteria, at least to the evaluation of the agreement, and confirms a successful verification of the identity when the criteria are met.
    [16]
    16. The device according to claim 15, characterized in that the evaluation server is an image processing server for evaluating the correspondence between the first file with the visual representation of the person and the image of the person to be identified by means of a face recognition method.
    [17]
    A device according to claim 15 or 16, characterized in that the third-party servers further comprise a second document processing server for extracting name and address information from an accounting document, the platform server being controlled to display an image received from the person's terminal via the data communication network of an accounting document is transmitted to the second document processing server and receives the extracted name and address information and an evaluation of the authenticity of the accounting document, whereafter the platform server carries out a comparison of the address data and the name with the name and address information.
    [18]
    An apparatus according to any one of claims 15 to 17, characterized in that the third party servers further comprise a transaction server for handling electronic money transfer and for communicating electronic money transfer information to the platform server, the platform server being controlled to act upon receipt the information makes a comparison of this information with existing information about the person to be checked.
    [19]
    An apparatus according to any one of claims 15 to 18, characterized in that the third-party servers further comprise a social-media server for collecting information related to the person to be checked on one or more social networks and for generating a degree of consistency of the collected information with the existing information about the person.
    [20]
    20. Device according to one of claims 15 to 19, characterized in that the third server further comprise a matching server for the comparison of a terminal of a person associated location data and optional calendar and / or contact data with personal information, in particular a residential and / or workstation address , and for generating a corresponding degree of conformity, wherein the platform server is controlled such that it transmits from the terminal of the person to be checked via the data communication network received location data and optional calendar and / or contact data to the matching server, the corresponding measure of conformity receives and this in the evaluation of the given criteria.
    类似技术:
    公开号 | 公开日 | 专利标题
    WO2004034343A2|2004-04-22|Method for concluding a payment transaction in electronic commerce
    AT512070B1|2018-02-15|METHOD AND DEVICE FOR IMPLEMENTING CASH-FREE PAYMENTS
    EP1209579A1|2002-05-29|System for automatic performing transactions by active identity managment
    EP1869630A1|2007-12-26|Method for confirming a service request
    EP3295354A1|2018-03-21|Method and apparatus for authenticating a service user for a service that is to be provided
    DE102011079317A1|2013-01-24|MOBILE SYSTEM FOR FINANCIAL TRANSACTIONS
    DE102012205904A1|2013-10-17|Secure generation of a user account in a service server
    CH713528A2|2018-09-14|Procedure for checking the identity of a person on a server.
    DE102009022381B4|2012-08-09|Method for web-based personal identification
    EP3107029B1|2018-05-23|Method and device for customized electronically signing of a document, and computer program product
    DE102013012409A1|2015-01-29|identification method
    DE10043554C2|2002-10-24|Data network based identification procedure
    DE102021003724A1|2021-10-07|Method for the identification of a person by means of a credit card number and identification system
    DE102014014109A1|2016-03-24|transaction process
    WO2003070493A2|2003-08-28|Data processing system and method for electronic payment transfer
    DE202019101478U1|2019-03-22|Automated control system of a chain of successive interconnected transactions of an electronic platform for the Internet payment system
    DE102020119512A1|2022-01-27|Method for storing verified identity data of an end user, method for providing verified identity data to an acceptance point, computer program product
    EP3407234A1|2018-11-28|Device and method for verifying an identity of a person
    DE202019106383U1|2020-01-31|Electronic payment device
    EP3244362A1|2017-11-15|Method for carrying out transactions
    DE102013223082B4|2021-12-23|Identity Verification Process and Identity Verification System
    WO2003091860A1|2003-11-06|Method for authenticating and/or authorising a person
    DE10229619A1|2003-01-23|Conducting a payment process by mobile telephone involves checking identification characteristic in transaction center, completing payment process if identification check satisfactory
    AT521646A1|2020-03-15|System for processing requests from mobile devices
    EP1371038B1|2005-12-28|Method and device for carrying out at least one commercial transaction in return for payment
    同族专利:
    公开号 | 公开日
    CH713528A8|2018-12-28|
    CH713559A2|2018-09-14|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2018-10-31| PK| Correction|Free format text: BERICHTIGUNG ERFINDER |
    2018-12-28| PK| Correction|Free format text: BERICHTIGUNG ERFINDER. |
    2020-09-30| PFA| Name/firm changed|Owner name: FINFORM AG, CH Free format text: FORMER OWNER: FINFORM AG, CH |
    2021-08-16| AZW| Rejection (application)|
    优先权:
    申请号 | 申请日 | 专利标题
    CH00292/17A|CH713559A2|2017-03-10|2017-03-10|Procedure for checking the identity of a person on a server.|
    [返回顶部]