METHOD FOR CHECKING AN IDENTITY OF A PERSON

Abstract

The present invention relates to a method for checking an identity of an individual, which method comprises the following steps: a) presenting an optically readable code (14) with a mobile device (10); b) reading the optically readable code (14) with an optical reading device (20); c) extracting the data contained in the optically readable code (14); d) verifying the data contained in the optically readable code (14); and e) displaying at least a portion of the data on the optical reading device (20). The steps c) to e) are executed by the optical reading device (20).

Claims

1. A method for the offline checking of an identity of an individual, comprising the following steps: a) presenting an optically readable code (14) with a mobile device (10); b) reading the optically readable code (14) with an optical reading device (20); c) extracting the data contained in the optically readable code (14); d) verifying the data contained in the optically readable code (14); e) displaying at least a portion of the data on the optical reading device (20), the steps c) to e) being executed by the optical reading device (20).

2. The method according to claim 1, characterized in that the checking of the identity of the individual is performed solely by the optical reading device (20), without communication with an external apparatus.

3. The method according to claim 1, characterized in that the steps c) to e) are executed by the optical reading device (20) in communicative isolation from the outside world.

4. The method according to claim 1, characterized in that the optically readable code (14) is a QR code.

5. The method according to claim 1, characterized in that the optical reading device (20) is a mobile device having a camera device (22) and/or is a reader having a camera device (22).

6. The method according to claim 1, characterized in that the optically readable code (14) comprises a plurality of optically readable codes, especially a plurality of codes that permit optical readout in chronological sequence.

7. The method according to claim 1, characterized in that the step of extracting comprises the allocation of the data contained in the optically readable code (14) to different data segments.

8. The method according to claim 7, characterized in that the different data segments comprise at least one data group (DG1.sub.mobile, DG2.sub.mobile), a signature (Sig.sub.mobile) and/or a document signing certificate (C.sub.DS).

9. The method according to claim 1, characterized in that the step of verifying comprises the calculation of at least one hash value for each of the data groups and the concatenation of the hash values to form a calculated hash value (HASH.sub.calc).

10. The method according to claim 9, characterized in that the step of verifying further comprises the decrypting of the signature (Sig.sub.mobile) using an asymmetrical, public key (KPu.sub.DS) and results in a mobile hash value (HASH.sub.mobile).

11. The method according to claim 9, characterized in that the step of verifying further comprises the comparison of the calculated hash value (HASH.sub.calc) with the mobile hash value (HASH.sub.mobile).

12. The method according to claim 1, characterized in that the step of verifying further comprises the verification of the document signing certificate (C.sub.DS) using a key (C.sub.CSCA) available to the optical reading device (20), especially a site-specific key available to the optical reading device.

13. The method according to claim 1, characterized in that at least one of the data groups (DG1.sub.mobile, DG2.sub.mobile) comprises data that renders an image, especially a biometric photo, of the holder of the optically readable code, which data is presented on the optical reading device.

14. The method according to claim 1, characterized in that at least one of the data groups (DG1.sub.mobile, DG2.sub.mobile) comprises data that comprises at least one piece of information from the following group: document type, document number, issuing authority, holder, nationality, date of birth, place of birth, sex, date of validity.

15. The method according to claim 1, characterized in that the optically readable code (14) is provided by an issuing institution, the issuing institution introducing the signature and/or the document signing certificate into the optically readable code (14).

16. An optical reading device that is developed for executing the method according to claim 1.

17. A use of an optical reading device in a method according to claim 1.

18. A system comprising at least a mobile device (10) and an optical reading device (20), the optical reading device (10) being developed for executing a method according to claim 1.

Description

[0028] The present invention is explained in greater detail below by reference to an exemplary embodiment in the drawing. Shown are:

[0029] FIG. 1 a schematic diagram of the sequence of a method according to the present invention for checking an identity of an individual;

[0030] FIG. 2 a schematic diagram of an optical reading device according to the present invention;

[0031] FIG. 3 a system according to the present invention, consisting of a mobile device and an optical reading device for carrying out the method according to the present invention; and

[0032] FIG. 4 a flowchart of the method according to the present invention, in schematic diagram.

[0033] FIG. 1 shows, in a schematic diagram, the basic principle of the method according to the present invention for checking an identity of an individual. The data identifying an individual is stored in electronic form in a mobile device 10, e.g. in the form of a smartphone or tablet PC. The use of the mobile device 10, on which a mobile application is executed to display information identifying the individual, enables an inspecting individual to check whether the identity matches up with the real individual. For this, it is not necessary to hand over the mobile device 10 to the inspecting individual. As will likewise become clear from the following description, for checking the identity, it is also not required that a communication channel to an external device be established. This means that the identity check can be done offline. In this way, an interference of the identity check is impeded.

[0034] The information identifying an individual is displayed in the form of a barcode, e.g. a QR code version 25 or above, as an optical code 14 on a display 12 of the mobile device 10 (1 in FIG. 1). Various personal data is included in the barcode in hashed and signed form: information about the document type and/or the document number and/or the issuing authority and/or the holder and/or the nationality and/or the date of birth and/or the place of birth and/or the sex and/or the date of validity of the proof of identity. Of the information listed, a single piece or multiple pieces of information can be contained in the optical code 14 in any arbitrary combination. The information mentioned is allocated to a first data group DG1.sub.mobile. As further information, the barcode can comprise an image of the holder of the optical code 14, e.g. in the form of a biometric code. This information about the image is allocated to a second data group DG2.sub.mobile.

[0035] The optical code 14 thus comprises, in the first data group DG1.sub.mobile, biographical data of the holder of the optical code, and in a second data group DG2.sub.mobile, an image of the holder of the optical code. Further, the optical code 14 includes a digital signature Sig.sub.mobile via the first and second data group DG1.sub.mobile and DG2.sub.mobile, and a document signing certificate C.sub.DS.

[0036] To the extent that the information to be made available for a personal identification is too large for a single barcode (QR code of a certain version), multiple barcodes can be displayed sequentially on the mobile device 10.

[0037] The optical code 14 comprising one or more pieces of information in the form of one or more QR codes is read according to 2 by an optical reading device 20. For this, the optical reading device has a camera device 22 with which the optical code 14 depicted on the display 12 of the mobile device 10 can be acquired. To visually check that a reading is correct, the optical code 14 can be displayed on a display 24 of the optical reading device 20. A processing occurs in a processing unit, not further shown in FIG. 1, of the optical reading device.

[0038] A schematic diagram of the optical reading device 20, e.g. likewise in the form of a smartphone, a tablet PC or an application-specific mobile device, with its camera device 22, the display 24 and processing unit 26, is further depicted in FIG. 2.

[0039] The operation of the optical reading device 20 is done by an inspector, depending on the situation e.g. by an official or an individual monitoring an admission, or a cashier.

[0040] According to 3 in FIG. 1, the optical code 14 is extracted by the optical reading device 20, the data included in the optical code 14 being allocated to different data segments 30, 32, 34, 36. As shown for 3 in FIG. 1, the first data group DG1.sub.mobile is allocated to the data segment 30, the second data group DG2.sub.mobile to the data segment 32, the digital signature Sig.sub.mobile to the data segment 34, and the document signing certificate C.sub.DS to the data segment 36. The allocation to the data segments 30, 32, 34, 36 serves the further processing of the information in the optical code 14.

[0041] According to 4 in FIG. 1, the optical reading device 20 calculates a so-called calculated hash value HASH.sub.calc from the information in the first data group (HASH(DG1.sub.mobile)) and the information in the second data group (HASH(DG2.sub.mobile)) and concatenates these to form the calculated hash value HASH.sub.calc. Furthermore, the optical reading device 20 decrypts the signature Sig.sub.mobile using an asymmetrical, public key KPu.sub.DS. The result of the decrypting yields a mobile hash value HASH.sub.mobile. The signature Sig.sub.mobile is provided by an issuing institution using an asymmetrical, private key KPr.sub.DS and is introduced into the optically readable code together with the document signing certificate C.sub.DS.

[0042] According to 5 in FIG. 1, a comparison of the calculated hash value HASH.sub.calc with the mobile hash value HASH.sub.mobile and a verification of the document signing certificate C.sub.DS using a key C.sub.CSCA available to the optical reading device 20 occur. If said verifications that were carried out were correct, this ensures that the content of the optical code is trustworthy and the information allocated to data groups DG1.sub.mobile and DG2.sub.mobile is authentic and unmodified.

[0043] Further, according to 6 in FIG. 1, from the second data group DG2.sub.mobile, the image of the holder of the optically readable code 14 can be rendered on the display 24 of the optical reading device 20. The image can be included in the second data group DG2.sub.mobile as a JPG, for example. Here, the size of the image should not exceed the maximum capacity of a QR code including the first data group DG1.sub.mobile, the digital signature Sig.sub.mobile and the document signing certificate C.sub.DS. Otherwise, as described, multiple QR codes should be displayed on the mobile device. It is expedient to maintain the original image aspect ratio. Furthermore, it is expedient to provide, in the optical code 14, a colored image of the holder of the optical code. Said image should expediently not fall below the size 6080 pixels.

[0044] The data required to produce the optical code 14 is expediently provided by the issuing institution. The data provided by said institution comprises the first and the second data group DG1.sub.mobile, DG2.sub.mobile, and the digital signature Sig.sub.mobile, the digital signature resulting from an encrypting of a hash value via the first data group DG1.sub.mobile and a hash value via the second data group DG2.sub.mobile and a concatenation of said two hash values. Here, an asymmetrical, private key KPr.sub.DS is used for encrypting. Further, the document signing certificate C.sub.DS is provided. The image that is encrypted in the second data group DG2.sub.mobile should have a size as said image is on a paper data carrier.

[0045] FIG. 3 shows, in a schematic diagram, the system according to the present invention consisting of the already described mobile device 10 and the likewise already described optical reading device 20 that are developed according to the above description. Besides the possibility to be able to capture the optical code 14 by camera device 22, in particular, no data connection to an external server and the like is needed.

[0046] FIG. 4 shows a flowchart in which the individual method steps are illustrated again.

[0047] In step S1, a presentation of an optically readable code with a mobile device takes place. In step S2, a reading of the readable code with an optical reading device takes place. In step S3, an extracting of the data contained in the optically readable code takes place, an allocating of the data contained in the optically readable code to different data segments taking place in step S31. In step S4, a verifying of the data contained in the optically readable code takes place. Here, step S4 comprises steps S41 to S44. In S41, a calculating and concatenating of hash values calculated for data groups takes place to form a calculated hash value. In S42, a decrypting of a signature and calculating of a mobile hash value takes place. In S43, a comparing of the mobile hash value with the calculated hash value takes place. In S44, a verifying of a document signing certificate with a key takes place. In S5, the displaying of at least a portion of the data on the optical reading device takes place.