MULTIFACE DOCUMENT

Abstract

A novel multilayer card has embedded therein a faraday cage layer which protects a RFID or ICC chip that is also embedded in the card. The antenna for the RFID or ICC device has an actuable switch which can alternatively open and close the antenna circuit enabling the user to disable or enable the RFID or ICC chip. The card can also be converted into a hollow prism with the faraday cage layer nearer the outer surface of the prism so that the RFID or ICC chip can only be accessed from the prism interior. Private or sensitive information stored on the interior surface is also protected from unauthorized access.

Claims

1. In combination with an embedded RFID device, an antenna comprising: a. An interrupted antenna circuit that is normally inoperable; and b. Bridging means for completing said antenna circuit to make it operable, Whereby deploying said bridging means renders the RFID device operable to receive and transmit signals representing information so that the RFID device can be interrogated and respond to interrogation.

2. The apparatus of claim 1 in which said bridging means comprise a slide switch positioned to complete said antenna circuit when translated from a first orientation to a second orientation Whereby translating said switch connects said antenna circuit so that the RFID device can receive and transmit signals so long as said switch remains in said second orientation.

3. The apparatus of claim i in which said bridging means comprise a dome switch positioned to complete said antenna circuit when pressure is exerted on said dome whereby the RFID device is operable to receive and transmit signals only when pressure is exerted on said dome.

4. Means for confirming identity to gain access comprising: a. a multilayer card including data storage means and having an obverse face and a reverse face; b. an integrated circuit chip (ICC) on at least one of said layers; c. a faraday screen laminated in the interior of said card between an inner and outer face whereby said ICC cannot be accessed when said faraday screen is between said ICC and an interrogating device; d. obverse face data storage means reserved for data not deemed sensitive if viewed by third parties; and e. reverse face data storage means reserved for data deemed sensitive and private; whereby data is easily recovered from said obverse face when directly exposed to an interrogation device and, in order to recover data from said reverse face, a user must expose said reverse face to the interrogation device, and where access is only obtained utilizing data from said reverse face.

5. Means for confirming identity as in claim 4 wherein the opposite edges of said document are fastened together to form a hollow prism with said reverse face on the interior Thereby preventing access to said ICC and other private sensitive information stored on said reverse face.

6. Means for confirming identity as in claim 5 wherein said prism is cylindrical.

7. Means for confirming identity as in claim 5 wherein said prism is quadrangular.

8. Means for accessing information retrievable only from the interior of a hollow prism shaped document comprising: a. A probe element adapted to be inserted into the interior of a hollow prism shaped document; b. A signal conduit adapted to be connected to a data processor; and c. Signaling means in electrical communication with said signal conduit and said probe element for transmitting interrogating signals to the document and for receiving signals representing information from the document.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0059] FIG. 1 is a representation of a document according to a first embodiment of the present invention;

[0060] FIG. 2 is a representation of a document according to a second embodiment of the invention in which the parts are joined by an integral hinge;

[0061] FIG. 3 illustrate an alternative embodiment of the document of FIG. 1 but with different surface and construction features;

[0062] FIG. 4, including FIGS. 4A and 4B shows the assembled document of FIG. 3 and by example FIG. 1 with the component parts being joined with a grommet;

[0063] FIG. 5; shows the document of FIG. 1 connected using a grommet with an added document element;

[0064] FIG. 6 is an alternative embodiment of the invention with four documents elements joined by integral hinges;

[0065] FIG. 7 is an alternative embodiment of the document of FIG. 5 with elements joined by a grommet and with an additional element having distinctive surface features;

[0066] FIG. 8 shows the document of FIG. 5 in use with the display of a computer which will enable secure card not present transactions;

[0067] FIG. 9 is a representation of a computer screen containing information which is related to the use of a document for a secure card not present transaction;

[0068] FIG. 10 shows the use of the document of FIG. 5 with the computer screen image of FIG. 9 to complete a secure card not present transaction;

[0069] FIG. 11 shows the document of FIG. 5 in use with cellular telephone computer which will enable secure card not present transactions;

[0070] FIG. 12 shows the combination of FIG. 11 with a particular pattern presented on the telephone display to that of FIG. 9 which will enable secure card not present transactions;

[0071] FIG. 13 is view of an Automatic Ticket and/or Teller/Cash dispensing and/or receiving Machine (ATM) or an Automatic Individual Identification Machine (AIIDM) the presenting of a display to be used with a document according to the present invention.

[0072] FIG. 14 illustrates the use of the document of FIG. 5 with the ATM or an AIIDM machine of FIG. 13

[0073] FIG. 15 including FIGS. 15A, A5B, 15C and 15D is a view of the layers comprising one of a pair of laminated documents according to the present invention;

[0074] FIG. 16 including FIGS. 16A, 16B, 16C, 16D, 16E, and 16F is a view of the layers comprising the other of a pair of laminated documents according to the present invention;

[0075] FIG. 17, including FIGS. 17A, 17B, and 17C, is a representation of a camera and optional Face, Palm, fingerprint, iris, retina or voice recognition equipped telephone for user authentication;

[0076] FIG. 18 including FIGS. 18A and 18B is a view of a document or card that within its laminates is an interrupted RFID two part circuit which is completed with either a pressure domed micro type switch or a sliding switch;

[0077] FIG. 19 is a view of a wireless internet computer integrated display at the beginning of a secure transaction;

[0078] FIG. 20 is a view of the integrated computers display of FIG. 19 at a second stage of a secure transaction;

[0079] FIG. 21 is a view of the display of FIG. 19 at a third stage of a secure transaction;

[0080] FIG. 22 is a view of the display of FIG. 19 at a fourth stage of a secure transaction aided by the document of FIG. 3 or FIG. 2, 4, 6 or 7;

[0081] FIG. 23, including FIGS. 23A, 23B and 23C, shows the stages of a secure transaction using a smart cellular phone and a virtual card;

[0082] FIG. 24, including FIGS. 24A, 24B, 24C and 24D, shows the use of a smart cellular phone to invoke a transaction using a owner controlled and operated virtual wallet (FIG. 24D) or purse (FIGS. 24A 24B & 24C) to both secure virtual cards as well as facilitate their use by the owner with multiple entities;

[0083] FIG. 25 is a view of a display showing a virtual card at the beginning of a secure transaction;

[0084] FIG. 26 is a view of the display of FIG. 25 at a later stage of a secure transaction:

[0085] FIG. 27, including FIGS. 27A, 27B and 27C shows alternative forms of user authentication;

[0086] FIG. 28, including FIGS. 28A, 28B and 28C shows forms of user authentication for access to virtual wallets, purses and lockers;

[0087] FIG. 29 including FIGS. 29A-29E shows yet other alternative forms of user authentication for access to virtual wallets, purses and lockers;

[0088] FIG. 30, including FIGS. 30A and 30B show yet other alternative forms of user authentication for access to virtual wallets, purses and lockers;[.]

[0089] FIG. 31, including FIGS. 31A, 31B and 31C illustrates the display for a virtual vault;

[0090] FIG. 32, including FIGS. 31A-32D, illustrate the use of the opened imprinted faraday cage to access RFID chips;

[0091] FIG. 33, including FIGS. 33A, 33B and 33C show alternative forms of bar codes or matrices;

[0092] FIG. 34, including FIGS. 34A and 34B shows an example of an alternative multiface document;

[0093] FIG. 35, including FIGS. 35A, 35B and 35C show yet a different alternative multiface document;

[0094] FIG. 36, including FIG. 36A and FIG. 36B, is a diagrammatic representation of a method of facilitating travel of authorized persons according to the invention;

[0095] FIG. 37, diagrammatic representations of the interconnection of relevant functional areas and databases for the implementation of a system according to the invention;

[0096] FIG. 38, is a diagrammatic representations of the interconnection of relevant functional areas and databases for the implementation of a system in relating to inanimate object biometric identification and ownership and is a diagrammatic representation of a method of facilitating ownership and movement of motor vehicles, shipping containers etc. according to the invention;

[0097] FIG. 39, is a diagrammatic representation of a verifications system at transit point;

[0098] FIG. 40, is a diagrammatic representation of the verification system of FIG. 39 with added features;

[0099] FIG. 41, is yet another diagrammatic representation if the verification of FIG. 39, with additional added features;

[0100] FIG. 42, is a diagrammatic representation of biometric watch lists KKI, KUI and condition database/s to proactively detect and alert the presence of a potential UUI verification and for staff, protected individuals and administrators of a verification system;

[0101] FIG. 43, is a diagrammatic representation of FIG. 42, functionality in a travel loop or transit point with verification of all users and operators of the system; and

[0102] FIG. 44, including FIGS. 44A, 44B, 44C and 44D shows an example of an alternative single sided RF protected RF ICC and/or NFC chipped document interfacing with a compact USB RFID interrogating device;

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0103] In the embodiment shown in FIG. 1, a document 10 is provided with four (4) faces. In this embodiment, the document 10 includes two separate cards, card I 12, and card II 14. Each card 12, and 14 has an obverse face and a reverse face. As seen, card I 12 has an obverse face 16 and a reverse face 18. Similarly, card II 14 has an obverse face 20 and a reverse face 22.

[0104] As shown, the obverse faces 16, 20 include a distinctive colored pattern 24 to discourage counterfeiting and a document ownership statement 21. This pattern may further include security metallic ink and may be unique to each document's visible surface, including properties in the thermal infrared range. The obverse faces 16, 20, can also include an official user purpose or application generated with security ink, preferably a metallic ink 23 governmental seal, for example, a departmental seal 26 on obverse face 16 and a governmental seal 28 on obverse face 20.

[0105] A degraded image 30 of the bearer on obverse face 16 is sufficiently representative to enable a human observer to recognize the image 30 as that of the bearer. Such a degraded image 30 might be considered a caricature or cartoon and is intended to be unusable for facial recognition equipment. Accordingly, a surreptitious scan of the image would not allow any information obtained from obverse surfaces to be included in or associated with a database record that is otherwise associated with the bearer.

[0106] On the obverse face 20 of card II 14, an encoded matrix image 32 is imprinted, preferably with metal ink. This matrix image 32 can, in conjunction with a scanner, camera equipped PC, laptop, netbook, or tablet device, or any digital camera in a cell phone or other PDA device or application, be decoded to represent the address of a web site which, when invoked, can provide information about the document 10 and how it can be employed as, for example, as a travel document or a passport or other secure type application document.

[0107] The reverse faces 18, 22 are not normally visible but must be manipulated by the bearer or a person with the authority to view those faces. As shown, one of the reverse faces 18 includes a photographic image 34 of the bearer but partly overlaid with a departmental seal 27 to thwart facial recognition scans but still capable of human interpretation as being a photograph of the holder.

[0108] A magnetic strip 35 is included for the storage of magnetically coded information that can be read by a magnetic scanner. A digital matrix 36, when decoded, presents biometric data, preferably in an encrypted form, of the bearer which can be used to verify independently scanned biometric data at an inspection station.

[0109] The comparison of the stored biometric data with the independently obtained biometric data is used to confirm the identity of both the respective card and the bearer of the document 10. In accordance with the teachings of the present inventor, the biometric data of the document 10 and the currently presented biometric data can be compared with the bearer's biometric data that is stored in a remote data base and or the secure portable database contained in the matrix and card surface readable data to confirm that the bearer is the person that he purports to be.

[0110] In this example, the other reverse face 22 carries information usually found on a passport, including the governmental seal 28, an optically readable information strip 38 and a digital matrix 39. The caricature 30 is also included which sufficiently resembles the bearer so that a human operator can, in all probability, recognize the bearer as the person so caricatured to enable the visual matching of the two component parts 14 & 16 during assembly or should they become separated, deliberately or inadvertently.

[0111] In the example, card I and II are perforated at 11 in such a manner as to not interfere with the functionality of either card but to enable their conjoining with preferably an identifiable security grommet that allows their rotation by the holder's deliberate action to expose their obverse and reverse surfaces 12 and 14.

[0112] Turning next to FIG. 2, there is shown an alternative embodiment of the document of the present invention. The alternative document 31, as in the embodiment of FIG. 1, includes two cards joined by an integral hinge 41, card I 42 and card II 44. For the present example, the document 31 could be a District of Columbia Driver's, or any other type of License.

[0113] Accordingly, the obverse faces 46, 48 include a governmental seal 50, a caricature of the bearer 52 and a coded matrix pattern 54, which, when scanned by an appropriate device, resolves into a web address where additional information can be found, preferably specific to the user. As in FIG. 1, a color pattern 24, unique to each document surface, can help prevent counterfeiting.

[0114] An additional feature of this embodiment is a transparent and obstructed mask strip 56 of the same color as the dark magnetic strip 58. As an example here the strip is divided into five holder specific zones which may be used in conjunction with an encoded display (better seen in FIGS. 16 and 22) that can reveal a selected alpha numeric code combination which, when entered, validates a transaction or verifies an inspection of use specifically in card not present (virtual card) transactions. To preserve the integrity of the mask 56, a dark magnetic strip 58 is located on the reverse face of the opposing card 42 so that when the document 40 is folded, the masking elements of the strip 56 will be obscured and not discoverable while the document or card is securely closed.

[0115] The interior reverse faces, reverse face of card I 60 and reverse face of card II 62, contain information normally hidden from public scrutiny and which is exposed only when the bearer wishes to expose it. Which information is on which face is a matter of choice and the faces could be considered interchangeable. In the present embodiment, the reverse face of card II 62 contains the caricature 52 together with an encoded matrix 64 which, when decoded, can provide secure personal and biometric information unique to the bearer, preferably in an encrypted form.

[0116] The reverse face of card I has a photograph 66 of the bearer, partially obscured by the seal 50 to defeat facial recognition software. An additional code matrix 68 can include other secure personal information including image and other biometric data as well as other data such as date of birth and place of residence. Much of the same biographic and or encryption and or decryption key and or checksum-data information can also be encoded and stored on the magnetic strip 58, an important function of which is to obscure the mask pattern of the transparent, segmented mask 56. To facilitate the use of the mask 56, indexing or positioning points 57, here shown as clear spaces on both the obverse and reverse faces 48, 62 are provided. The card surface 44 is placed uppermost against the display screen of a computer, netbook, cell phone or other device which has an integral display screen, wherein the indexing apertures 57 can be positioned against single use indexing marks in order that the transparent apertures can be utilized.

[0117] Turning now to FIGS. 3 and 4, an alternative document 40, substantially identical to document 40 is shown with grommet holes 11 in lieu of the integral hinge 41, permitting the cards to be joined with, preferably, a security identifiable grommet (shown in FIG. 4). Similar, features will be given similar reference numbers with an added prime.

[0118] As in FIG. 2, the document 40 could be a District of Columbia Driver's License. Accordingly, the obverse faces 46, 48 include a governmental seal 50 and 47, logo type text specific to the documents functionality 51, a caricature of the bearer 52 and a coded matrix pattern 54, which, when scanned by an appropriate device, resolves into a web address where additional preferably individual user specific information can be found. As in FIG. 1, a color pattern 24, unique to each document, can help prevent counterfeiting.

[0119] An additional feature of this embodiment is a transparent mask strip 44, 56, 59 which may be used in conjunction with an encoded display (better seen in FIGS. 16 and 22) that can reveal a selected alpha numeric code combination which, when entered, can validate a transaction or verify an inspection. To preserve the integrity of the mask 56, a dark magnetic strip 58 is located on the reverse face of the opposing card 42 so that when the document 40 is joined closed as per hinge 14 as depicted, the masking elements of the strip 44 and 56 will be, as the user determines, either obscured or exposed.

[0120] The interior reverse faces, i.e. the reverse face of card I 60 and the reverse face of card II 62, contain information normally hidden from public scrutiny and which is exposed only when the bearer wishes to expose it. Which information is on which face is a matter of choice and the faces could be considered interchangeable. In the present embodiment, the reverse face of card II 62 contains the caricature 52 together with an encoded matrix 64 which, when, decoded, can provide personal and biometric information unique to the bearer and can act as a secure portable database.

[0121] The reverse face 60 of card I has a photograph 66 of the bearer, partially obscured by the seal 50 to defeat facial recognition software. An additional code matrix 68 can include other personal information such as date of birth and place of residence and can act as a secure portable database. Much of the same biographic information can also be encoded and stored on the magnetic strip 58 including encryption/decryption key and checksum data, which obscures the mask pattern or zones of the transparent portions of mask 56. To facilitate the use of the mask 56, indexing points 57, shown as clear spaces on both the obverse and reverse faces 48, 62 are provided.

[0122] FIG. 4 shows the assembled components of FIGS. 1 and 3 being conjoined by a grommet preferably of a security and identifiable type 41. It can be seen that when the document or card is in the closed position the five clear apertures 56 within the strip 59 are not perceivable against the matching dark background of the magnetic strip 58 which is specifically size matched for this purpose.

[0123] FIG. 5 shows an embodiment similar to that of FIG. 1, but with an added document or card element 70. The obverse face of card 1, 72 differs slightly from the obverse face 16 of card 112. However, the card II 14 of FIG. 1 can be used without modification.

[0124] Added card element 73 is preferably a laminate inserted between card I 72 and card II 14. Preferably, card element 73 is transparent with some additional features added such as the governmental seal 28 and a matrix element 74 which can perform the function of a secure encrypted portable database specific to that document or card 70 function and may include biometric data or templates of the holder. A plurality of viewing apertures 75, which may either be actual apertures in the card element or may be just printed or preferably security printed within the laminates with metallic ink circles defining the real apertures or otherwise. A horizontal indexing line 76 and a vertical indexing line 78 near one end of the horizontal line 76 are, preferably, again security printed within the laminates with metallic ink. The indexing lines 76 and 78 are used to align the card with an information presentation on a display screen so that elements of the presentation can be selected and can serve as a secure, one time, card not present (virtual card) personal identification characters, which, when entered, identify a particular user, much the same as PIN numbers.

[0125] Turning to FIG. 6, a hinged document 80 functions much in the same way as the document of FIG. 1, in which the elements are to be joined, preferably, by a security identifiable grommet. In this embodiment, reverse surfaces can be utilized in like manner to FIG. 1, however in this case they are hinged as in FIG. 2 with additional transparent card elements 82, 84. Both elements 82 and 84 are constructed, preferably, as laminates as in FIG. 5 and are respectively used to complement the reverse surfaces to provide multi functionality with one document or card.

[0126] The first card element 82 includes a mask 86, similar to transparent mask 56. Card element 82 need not be transparent but includes indexing apertures 88 so that the card element can be aligned with a display to reveal alpha numeric characters in the mask 56 clear areas.

[0127] The second card element 84 is similar to the transparent card 70 of FIG. 5 and includes the same features, such as the viewing apertures 75 and the horizontal and vertical alignment lines 76,78.

[0128] Turning next to FIG. 7, there is shown an alternative form of the document of FIG. 5 with a different additional inserted card 90 between a first card 72 and card II 14. As shown here, card II 14 includes a caricature 30, the digital information strip 38 and the digital, preferably encrypted matrix 39, which may contain data as previously described.

[0129] The inserted card 90 can include a departmental seal 26 and a governmental seal 28. Also included are transparent alignment apertures 57, a transparent mask 86 and semi transparent or obstructed components 87. When aligned using 57 on a preferably touch sensitive display screen, it can be viewed through mask 86 to determine which alpha numeric characters on a display screen are revealed to provide a unique validation code. Preferably, element 90 is constructed to be similar to the FIG. 5 element 73

[0130] FIGS. 8-10 illustrate the use of a document 70 in completing a secure transaction. In FIG. 8, the transparent card 70 is held against the screen of a display 100. Preferably, the display 100 includes an integral camera 102 and microphone 104. Also shown is a keyboard 106 that includes a touchpad 108 and a fingerprint scanner 110 in addition to the usual alpha numeric keys. The screen 114 is shown with a conventional cursor 116.

[0131] In FIG. 9, the screen 114 displays a matrix 118 made up, in this example, of various colored spheres or circles. A pair of indexing arrows 120 is shown adjacent the top of the matrix 118. During the transaction verification process, the matrix 118 can move about the screen 114 and the indexing arrows 120 can move vertically until all screen movement is paused by an appropriate key stroke or touch pad click, at which point, the matrix 118 and indexing arrows become stationary, with the indexing arrows 120 adjacent a selected one of the rows of the matrix 118. The screen 114 also displays a caricature 122 and a digital transaction confirmation trigger matrix 124.

[0132] At the next step in the transaction, after the matrix 118 is paused, the transparent card 70 is placed over the screen 114 and the vertical line 78 is placed adjacent the edge of the matrix 118 and the horizontal line 76 is aligned with the indexing arrows 120. The apertures 75 will then be aligned with selected spheres of the matrix 118 elements, which when cursor 116 is maneuvered over them and clicked, will, on completion, activate a confirmation code combination. If the screen 114 is a touch screen, an operator digit or stylus movement may be traced and may be used to record the time pattern sequence by the operator to touch each of the revealed variable colored spheres to enable a system recognized access code or one time PIN.

[0133] Alternatively, the cursor 116 can be drawn under each aperture and the selected character may be clicked. When all of the revealed code characters have been identified, in a preferred embodiment of the system, the caricature image 122 can be dragged over the digital trigger matrix image 124. The integral camera 102 can then take an image or sequence of images of the user and, with the predetermined triggering of the matrix with the caricature of the intended user, the image of the user and the confirmation code can be transmitted to an appropriate organization where the confirmation code and image can be verified. If verified, the transaction is consummated.

[0134] The transaction can range from a travel authorization or a visa to a transaction with a vendor of goods or services, as well as the issuance of a high density code or a virtual card which may have a single or multiple use functionality which, when displayed at a terminal or reader of any type, can provide verification and authentication, which can permit entry, payment or other useful purpose. The dragging of a caricature image 122 over the digital trigger matrix image 124 provides the basis for consistent positioning of the user for imaging and, where appropriate, be used subsequently for prosecution of fraud, inasmuch as all transactions are biometrically bound to the user and the customer with transaction specific encryption, decryption keys.

[0135] FIGS. 11 and 12 illustrate a similar transaction utilizing a smart cellular phone 130 that has a touch screen 132, a camera 134 and a fingerprint scanner 136. A document similar to that shown in FIG. 5 includes a transparent card 70 which can overlay the smart phone screen 132 for a transaction. As shown in FIG. 12, the matrix pattern 118 is presented and may, until paused, move about the screen 132.

[0136] As in the previous example, the phone screen 132 displays the matrix pattern 118, the caricature 122 and the digital matrix 124. When properly aligned over the matrix 118, the apertures 75 will selectively reveal to the user the appropriate images that correspond to the security or confirmation code. When these are selected, using a stylus or finger pressure, the transaction can proceed. The camera 134 will capture the image of the user when, as required, the caricature image 122 is dragged over the digital matrix image 124 to initiate the transaction. Shown is a submit button 126 for use as may be necessary within the transaction. It may also be necessary to utilize function keys of the phone 130. The dragging of caricature image 122 over the digital trigger matrix image 124 provides the basis for consistent positioning of the user for imaging. If fraud is involved, the image can subsequently be used in the prosecution as all transactions are biometrically bound to the user/customer with transaction specific encryption, decryption keys.

[0137] On completion of the transaction, a receipt image or virtual single or multiple use card may be stored in the phone or secured within a virtual wallet contained as an application within such a phone or other such user controlled device, 130 to be displayed to an appropriate detector which will be able to recognize the image as a proper authorization for an action or procedure. For example, the receipt may be a boarding pass for an airline or an authorization for a withdrawal of cash from an ATM machine.

[0138] FIGS. 13 and 14 illustrate a secure transaction at an ATM, an Approved Travel Movement machine or an AIIDM collectively an ATM machine 140. A integrated security camera preferably with thermal infrared capability 142 is provided for surveillance and/or counter-surveillance to assure that the user is not a potential threat such as one about to commit a criminal or terrorist act, or under a threat or duress or using disguise techniques such as plumper's, holding or wearing a face reconstruction, mask intended to defeat or trick face recognition techniques, mannequin or other ruse to defeat the biometric identification data gathering equipment as deployed. The ATM or an AIIDM machine 140 is also equipped with a camera 144 and, if stereoscopic or three dimensional images are desired, a second, stereo camera 146 will enable the detection of three dimensional images which might be used to simulate the appearance of the bearer of the document. A thermographic infrared detector 148 can also be utilized to provide biometric and condition data such as health, stress or other detectable parameter information and to detect the presence of facial prostheses or plumpers which may be used to create a disguise or other subterfuge. A microphone and speaker combination 149 allows voice communication or video conferencing capability with a system operator or manager.

[0139] As with a computer, the ATM or an AIIDM 140 may or may not also be equipped with a keyboard or optical document recognition device such as could read a machine readable passport 150, a touchpad ICC contact or contactless electronic document or virtual card reader according to this invention 152 and a fingerprint scanner 154. The ATM or AIIDM display with a remote document reader of any type including ICAO MRTD, NFC, RF ICC 156, which may be a touch screen, displays, after the user has been identified to the ATM or an AIIDM machine 140, possibly through the use of an appropriate digital matrix pattern 74 on the document 70 which is scanned by camera 144. The moving digital matrix 118 is displayed together with the caricature 122 of the user and the digital matrix 124.

[0140] With the digital matrix 118 image paused, the transparent card 70 can be aligned with indexing arrows and the confirmation code can be ascertained. As in the earlier examples, the individual code characters are selected and the caricature 122 is dragged and dropped on the digital matrix 124. The user's image is taken by the cameras 144, 146 in combination with cameras 142 and 148 as a part of the transaction record and a desired amount of cash can be dispensed through the dispenser 158.

[0141] FIGS. 15 and 16 show the construction of a typical document FIG. 15 including FIGS. 15A, 15B, 15C and 15D show the important layers in a laminated card 160 that includes an RFID circuit. In the preferred embodiment, there are six layers with the outermost layers being clear, wear resistant plastic.

[0142] The second layer 162, shown in FIG. 15A would be the obverse layer, here illustrated as a possible District of Columbia Driver's License. A next layer 164 would function as a Faraday cage and can either be a wire mesh or a layer imprinted into a mesh pattern with metallic conductive ink 166.

[0143] A fourth layer 168 is the RFID circuit 170 which can be printed using a conductive ink. If desired, a two part antenna circuit can be integrated and would be inactive under normal circumstances but can be activated by a user applying and maintaining pressure on a tactile detectable dome or micro type switch which would indicate that the card is being activated by an individual in a conscious state 172 through layers 1, 2 & 3 which is deactivated by manual release of pressure on the dome. Such a switch would make the RFID circuit normally inoperative and would require manual manipulation to complete the circuit and allow the RFID circuit to respond to interrogation at the total discretion of the user.

[0144] As seen in FIG. 15D, the layer which is to be the reverse surface 174 can be imprinted preferably using a metal ink [0012] in reverse on a clear substrate. The reverse surface 174 can include features (in reverse) such as the magnetic strip 58, the photo 66 and the code matrix 68. Preferably all laminates are constructed of fluid resistant flexible material and that, if bent or semi-deformed, will return substantially if not completely to its original finished shape or contour.

[0145] FIG. 16, including FIGS. 16A, 16B, 16C and 16D shows the construction of a card 178 containing a mask area 56 for acquiring authorization codes. The outer surface layers would be clear, wear resistant plastic. A second layer would be considered the reverse layer for this document and contains, for example, such features as a caricature 52 and a code matrix 64.

[0146] A next layer 176 is either a conductive mesh or a printed mesh 178 using conductive inks to act as a Faraday cage for this document. As can be seen, each of the layers includes the mask 56 with clear areas through which authorization or confirmation code characters could be seen. In preferred embodiments, each clear area could accommodate one or more characters which could be placed anywhere within the area. In one embodiment, four or even five characters positions 86 could be found or located in a single area, each in a different part of the area.

[0147] The next layer 180, (shown in FIG. 16C) contains an RFID circuit 182, similar to RFID circuit 170 of FIG. 18B wherein a side slider switch is provided to enable the RFID to be holder determined as always on or always off. The next layer 184 has the reverse printed obverse layer of the document including reverse prints of the caricature 52 and the code matrix 54. Preferably all laminates are constructed of fluid resistant flexible material and that, if bent or semi-deformed, will return substantially if not completely to its original finished shape or contour.

[0148] Using the above domed pressure switch controlled RFID and the slider type switch in combination within the same card as FIG. 2, 3, 4, 5, 6, or 7 provides a remarkable combination of user determinable functionalities within the single document or card and, in particular, disaster victim location, identification and subsequent management, as well as associated disaster relief services and accounting purposes when used in association with other real or virtual cards or applications within the scope of this invention.

[0149] FIG. 17, including FIGS. 17A, 17B and 17C illustrates an alternative use of the smart cellular phone 130 shown in FIGS. 11 and 12. Here a virtual card 400 which may be issued by an entity as a companion document to a physical card in any of the previously described forms would replace the need to carry the physical document disclosed above but retains the security and operational features of the above described real document.

[0150] Useful biometric identification data acquisition, particularly in an unsupervised environment, presents particular difficulties. Accordingly this invention utilizes a technique that insures the rightful owner of the card is, by task repetition, self pre-positioned for a camera, in similar manner to so called key stroke recognition, at the times when user verification is required to activate the virtual card.

[0151] In FIG. 17 A the card 400 has a caricature 52 of the individual and a transaction specific security coded matrix trigger 401 which when displayed to a merchant would activate their terminal for subsequent use as per FIGS. 9, 10 with a virtual card issued by the card entity to the vendor for the virtual card holder's subsequent use. The vendor's terminal may require the completed transaction to conclude with the card holder dragging the displayed caricature over the transaction specific security coded matrix trigger.

[0152] This activates the terminal's camera or cameras to collect an image or sequence of images or derived templates thereof and transmit all that data to the entity. On completion of a successful transaction, the entity would forward to the card holder's virtual card holding device 130 their receipt which may be in the form of a single use or multiple use matrix, which would be linked to the virtual card holder's biometrics. This could be required should the receipt be used as a boarding pass by, for example, the Department of Homeland Security or other agencies of the government.

[0153] In another method of use, the complete transaction can be initiated and completed via the virtual card holding device 130. After the virtual card holder opens the virtual card 131 via an application on device 130 a card transaction with the virtual card issuing entity 135 is illustrated by one such potential entity, namely an entity that conducts a ubiquitous universal biometric authorized and validated service to its customers but this could apply to a single card provider who each issues its own individual virtual cards in like manner.

[0154] A transaction is activated by initiating the displayed card's Open button 131. Thereafter, one such transaction could be with an air carrier that is required to interface with the US TSA for US domestic air passenger identification and travel authority. Accordingly the transaction may be conducted via several screens leading to FIG. 17B which initially displays 131, 135, change 137, save & enter, open 131 buttons and text 137. This screen is further used by activating the verification and validation transaction specific security coded matrix trigger 124 which is activated by dragging caricature 122 and dropping it over matrix 124. During this process, the device's camera or cameras 134 then collect an image or sequence of images or derived templates thereof and transmit all that data to, in this case, the entity interfacing with the TSA other A-T, C-T or O-C agencies directly.

[0155] On a satisfactory result, further display 400 is added with which is incorporated an active matrix relative to the template locators 57. The transaction continues in one of three ways, one button save & exit 139 is activated which terminates the transaction at that point to be resumed at a later time. Two, change button 137 is activated which results in another template 400 being issued, or. Three, the template 409 active matrix 141 is activated by touch, stylus, or cursor click.

[0156] Subsequently an active screen 120, as seen in FIG. 17C, is displayed as previously generally discussed in FIGS. 9 and 10, wherein locator 120 randomly moves about and is stopped on the user's selection by activating the transaction matrix 141 which stops locator 120 movement. The template is then dragged into alignment with locator 120 as illustrated and the displayed colored spheres are activated via the template 75 locators.

[0157] The system then recognizes the allocated alpha numeric code relative to matrix 141 against the position selected by locator 120. When the card holder completes this card not present action caricature 122 is dragged over active matrix trigger 141 which again activates biometric camera sensor 134 as previously discussed. A successful transaction is indicated, preferably, by the addition of their departmental seal 407 or further biometric identification may be signaled to be submitted via finger print sensor 136. Actuating the submit button 405 terminates the transaction.

[0158] Thereafter, as previously discussed, a virtual receipt or pass may be issued that bears the respective caricature. A single or multiple use active matrix, is required as to the requesting individual's use of respective entities system or network of systems. Preferably, a caricature 122 of the expected card holder is displayed together with a transaction encrypted security matrix issued for the next appropriate use.

[0159] For additional security purposes, a fingerprint may be required to be scanned by the scanner 136 and a photo image can also be taken by the camera 134 before any transaction commences. Should it be necessary, the open button remains inactive until this action is completed at which time it is illuminated to signal that the required biometric data has been collected. Thereafter, the transaction proceeds after the open button is touched on screen 132. This touch results in the transmission of the fingerprint and photo for biometric recognition and, when recognized, a transaction screen is presented, as shown in FIG. 17B. Thereafter, all actions are the same as the above.

[0160] Again, on completion as above, a confirmation receipt of a successfully completed transaction can then be sent to the phone for later use. If the transaction sought is a travel authorization, the stored receipt could later be used at embarkation and or debarkation points to permit access to the facility, transport vehicle or other appropriate uses.

[0161] FIG. 18, including FIGS. 18A and 18B, shows alternative RFID devices which can be separate documents on a card that can be inserted into or on a laminate of the card of, for example, FIG. 2, 3, 4, 5, 6 or 7. The RFID device 190 of FIG. 18A is provided with a dome or micro type 172 press and hold to activate pressure switch 192 which is normally open and, accordingly, interrupts the antenna portion 194 of the RFID circuit. Manual pressure on the switch 192 completes the circuit, allowing the RFID circuit to respond to interrogations and accordingly such activation indicates a living individual is intending to transmit said RF ICC responding signal. This functionality is significant in a search and rescue or Disaster Victim Identification (DVI) situation.

[0162] Similarly, the alternative RFID device 190 of FIG. 18B is provided with a slide switch 196 which interrupts the antenna portion 194 of the RFID circuit, thus disabling it. When the slide switch 196 is closed, the circuit is completed and the RFID circuit can respond to interrogations. Using the slide switch 196 permits the RFID circuit to be in an active or inactive state without the need for maintaining pressure on a switch 192, which indicates that the individual operator is at that location but may not still be conscious or living. This functionality is significant in a search and rescue or DVI situation. An official Government Seal 28 or corporate icon 51 can be security printed with metal ink for authentication purposes and may have an imbedded coded number.

[0163] FIGS. 19-22 illustrate the steps in a secure transaction utilizing a different form of an authenticating or confirming code while utilizing a document as in FIG. 4 and a touch screen display as shown, for example, in FIG. 8. In FIG. 20, groups of indexing elements 200 are displayed to enable alignment with the indexing apertures 57 so that the mask 56 can be used to find the characters comprising a confirmation code.

[0164] In FIG. 21, the display shows a matrix of numbers which also could be alpha numeric characters 202 which includes the confirmation code characters. In FIG. 22, the card II 44 is placed against the screen with the indexing apertures 57 aligned with indexing elements 200 so that the mask 56 displays only the characters of the number matrix 202 making up the confirmation code, in this example, the numbers 795284. As noted earlier, the characters can appear in any area of the mask 56 windows and, more than one character can appear in a window.

[0165] FIG. 23, including FIGS. 23A, 23B and 23C illustrate a similar transaction using a smart cellular phone such as previously described which includes a camera and a fingerprint reader. In FIG. 23A, a transaction is started by contacting a web site which transmits the caricature image 52 of the user and an image of a digital matrix 64. If the caricature 52 is dragged and dropped over the matrix 64, the camera 134 takes an image of the user and transmits it back to the website. If the user is verified, a new image is transmitted as shown in FIG. 23B.

[0166] The new image includes a virtual card 204 which includes a caricature 52, indexing apertures 206 and a virtual mask 208 with individual windows 210. Also present are indexing elements 200 and a confirmation matrix 202. The virtual card 204 can be positioned so that the indexing apertures 206 align with the indexing elements 200. This places the characters constituting the confirmation code into the windows 210 of the virtual mask 208 as seen in FIG. 23C.

[0167] By moving the virtual card 204, a partially obscured photo image 212 of the user is revealed. As before, the confirmation code, here 795284 is selected with a stylus and a transmit key on the phone is accessed, transmitting the information back to the web site. As before, a photo may be taken to maintain a record of the user of the phone at the time the transaction was consummated.

[0168] Considering the safety and security of transactions using the concepts of the present invention, whether with real or virtual documents, yet additional applications have been made possible. A user controlled virtual wallet or purse in which several different entities' virtual cards can be securely kept collectively and used only when the rightful owner chooses. This aspect takes on particular importance should the device holding the cards be lost or stolen. Virtual credit or other entity cards, in addition other user credentials, may be created as secure files and subfiles in a remote server accessible securely through the interne by their own user or individual owner being able to effect the creation of a personal virtual card with its own unique encryption/decryption trusted key exchange for the user's personal use, Such virtual accessible documents could be a birth certificate, marriage certificate, deeds to property, and any other valuable document whose presentation may be required.

[0169] Such a key exchange may involve the use of multiple encrypted and re-encrypted session key exchanges and which may be triple or more times key transfer sequences to ensure system integrity throughout all transactions. At least one of the keys used may be biometrically based, being derived from the user's biometrics.

[0170] These security steps are taken in order to facilitate an evidentiary chain of accountability for later use should that be necessary in a legal proceeding. Contacting the server and establishing identity through the use of a smart phone with fingerprint scan capabilities and a camera can retrieve an identity verification document.

[0171] As shown in FIG. 24, which includes FIGS. 24A, 24B, 24C and 24D, the various steps in such a transaction are illustrated. A smart cellular telephone 130 with touch screen 132, such as is shown in FIG. 11, is employed in the present example. A camera 134 and a fingerprint reader 136 provide biometric verification as the identity of the user is confirmed. An opening display for the process can include a caricature 30 and a digital matrix 32. In the embodiment, the process is begun by dragging the caricature 30 over the digital matrix 32 which transmits a signal to provide the next screen as shown in FIG. 24B, as well as taking a picture & or an iris image of the phone user via camera 134. Alternatively, a finger scan 135 or a voiceprint from microphone 133 may be used alone or in any combination.

[0172] In FIG. 24B, a confirmation matrix 202 is displayed and supplies the necessary confirmation characters to the virtual card 204 which has indexing apertures 206 and a mask 208 with which to view the confirmation code which is a onetime PIN. The code characters are revealed when the indexing apertures 206 are superimposed over the indexing elements 200. The clear windows in the mask 208 display the confirmation code characters, here the number 795284. As in the other examples, the confirmation code characters are selected with manual touch or with a stylus and the information is transmitted with, if desired, the photo of the user.

[0173] The server or onboard processor acknowledges receipt of correct confirmation code input supported by biometric evidence by displaying, if correctly entered, the virtual wallet. If confirmed, the wallet's clasp 207 will open as shown. The virtual wallet can now be dragged open or for privacy may be dragged closed or opened again without locking it at any time. FIG. 24D, shows an open virtual wallet 214 together with a caricature 30 and a digital matrix 32. The user can then select a virtual credit card or other virtual document contained within the wallet 214 to enable a subsequent secure transaction.

[0174] At the conclusion of the owner's use, the virtual wallet 214 is dragged closed and the clasp 207 double tapped or clicked to lock it, at which time another photograph may be taken to memorialize the action. The visual impact of the easily visible clasp position, indicating the security or accessibility of the virtual cards contained therein, is a safety feature that cannot be underestimated, particularly for individuals that may be, in part, visually impaired. Of course all functions that are satisfactorily accomplished may be accompanied by function distinctive vibrations and sounds.

[0175] All transactions for the user's audit benefit can be date time stamped and encrypted within all records that the user chooses to maintain. However, the virtual cards provided by entities other than the virtual wallet owner are not accessible unless the entity provides that authority within the foregoing described process.

[0176] Turning next to FIGS. 25 and 26, they illustrate a secure transaction using a computer display 220 and a virtual card. The computer display 220 is preferably a touch screen. In FIG. 25, there s shown on the display 220 an image 222 of a document substantially similar to the virtual card 204 of FIG. 24 which is to be used in substantially the same way. Also shown on the display 220 is a caricature 30 and a digital matrix 32. For this phase of the transaction, indexing elements 200 are also displayed.

[0177] In FIG. 26, a confirmation matrix 202 is displayed and, when covered by the virtual cards mask portion of the virtual card image 222, reveals a confirmation code when indexing apertures 206 are aligned with indexing elements 200. In this example, the confirmation code is 79584.

[0178] As with the other examples, the code can be entered by touching the display 220 at those numbers. The transaction can be completed with the provision of a virtual submit button on the display 220 or by any other predetermined combination of image movement or manual activation of the display 220.

[0179] Turning now to FIGS. 27A, 27B and 27C there is shown sequenced actions 2700 progressing from left to right, to create a password type access sequence to an operating system or application that can be accredited with operator verified status. This sequence is designed to be input on a touch sensitive or similar display unit such as a smart phone or tablet PC, but can also be used with a traditional type mouse controller for a device without touch sensitive or other gesture detecting capabilities.

[0180] In FIG. 27A, there is shown a virtual masking screen template 2701, which is size adjustable by the operator. The process begins in the active screen area 2702 using for this process, preformatted color sphere matrices 2704, 2406, 2408 in various color spectrums which are selectable by the operator to suit its own color acuity. A custom formatted matrix 2710 is operator created. The selected matrix 2704 is depicted within the template being four by six colored spheres as an example but may be more or less in number. The operator can select the number of points (indexing elements) 2712 required for the access sequence, from a minimum of two but potentially to 16 or more. Here, the operator has selected five (5) indexing elements 2714 for the matrix. Within the template 2701, the operator selects the locations 2715 of the five indexing elements. On the selection of the final element, the color spheres are concealed.

[0181] In FIG. 27B, from the available size templates 2716, the operator selects the size for the five indexing elements or targets of the desired matrix choosing the next to the largest sized active indexing element 2718 from a choice ranging from a size equal to full sized color sphere to a reduced size target. Selecting the larger size provides simpler input but with a lower entropic value. Selecting the smallest target size requires greater accuracy with a more challenging input and a higher entropic value. The operator next selects the input order 2720 of the indexing elements. This can be all indexing elements or a reduced set to allow for drag and drop functionality of any or all of the elements. As shown is four indexing elements have been selected.

[0182] In FIG. 27C, the operator has elected to use drag and drop functionality 2724 for the final two indexing points, from location 2728 to location 2730. A menu 2722, containing preformatted and customizable templates 2726 for drag and drop functionality. The operator has selected option 2724 from the menu and must then identify the starting point 2728 and end point 2730. Once the start and end points of the gesture are identified, the operator must then perform that function on the screen 2725.

[0183] In FIG. 28A, the five selected colored spheres become visible at the selected indexing locations 2802, 2804, 2806, 2808 and 2810. The operator confirms the input sequence 2812 using the colored spheres, including drag and drop function. In FIG. 28B, an additional security measure can be implemented in the form of sequential cadence, being the speed, length of contact, gesture and pause between each indexing location. Additionally, the operator may elect to use each location more than once for this feature. A display 2814 of the operator's entered cadence uses identifying characters to represent the relative colored spheres where A represents location 2802, B represents location 2804, C represents location 2806, D represents location 2808 and E represents location 2810. The length of time both in contact and pause can be seen, including a long solid contact for the drag and drop action between location C and location E. In this example the operator has entered location 2802 once, location 2804 four times in quick succession, location 2806 once, location 2808 once, then utilized drag and drop between location 2806 and location 2810 and a final tap or click at location 2810. To complete setup, the operator must then confirm the sequence in FIG. 28B by repeating the input sequence correctly. Upon successful completion, the device, operating system or application will be unlocked as depicted in FIG. 28C.

[0184] In FIG. 28C a group of application icons 2816 are displayed, unlocked by the foregoing described login sequence. Two applications require additional security for access, a Virtual Wallet application icon 2818 for financial cards and transactions and a Virtual Vault application icon 2820 for secure documents such as Marriage or Birth Certificates, Passports or Visa documents and the like. These applications can only be unlocked with any user controlled input sequence as previously described, being simpler or more complex as desired. For any of these proposed uses, any or all of the outlined features or options can be used independently or together at the operator's and/or operating system/application manager's discretion. A sector 2822 is a shortcut to instantly lock the device, pausing any transactions and saving the device's state prior to locking. This is independent of the device's shutdown. Other security features for compatible devices could be the ability to invert a handheld device or set a physical shortcut button or an emergency alert tap sequence that when entered may in addition to the foregoing initiate a covert background alert, contact or record or activate a camera or location function.

[0185] Turning next to FIGS. 29A, 29B, 29C, 29D and 29E, a series of screens 2700 are shown which illustrate and extend the functionality described in FIGS. 27 and 28. A menu 2902 contains a selection of stock images or the option to select from the user's own images an alternative background to the colored spheres described in FIG. 27. This option allows the operator to select images that suit personal color spectrum acuity and to utilize memory prompts from the selected image which the operator may insert or modify in order to recognize and select it specifically if presented as a choice between it and the original image.

[0186] For an example, the operator selects an image 2904 from the available menu 2902 which now includes the operator modifications to uniquely differentiate it to the operator from the original image to appear on the screen 2906 of the device. FIG. 29B to FIG. 29E follow the same process as previously described for the colored spheres of FIGS. 27A, 27B, 27C and FIGS. 28A, 28B, 28C with the only difference being a operator selected and preferably operator modified image in order to assist in the ability to recognize and select it specifically if presented as a choice between it and the original image at a later time as the background image in the place of the spheres. An image may be used by an operator to either facilitate a more complex input sequence or to simplify the process by using memory jogs of the picture as opposed to colored spheres.

[0187] Turning to FIG. 30A, being an extension of the functionality described in FIGS. 27, 28 and 29, there is shown a series of screens 2700 A menu 2902 contains a selection of stock images or the option to select from the user's own images, an alternative background to the colored spheres described in FIG. 27. This option allows the operator to utilize personalized memory prompts from the selected image. For this example, the operator has selected an image 2904 from the available menu 2902 which is a cartoon that will now appear on the screen 3002 of the device. The option of an operator selected cartoon or image also allows the potential to add custom elements to the image through a modification menu (not depicted). This would be a further aid for memory retention of complex custom designed gestures resulting in an access sequence password with an extremely high entropic value while retaining operator simplicity and speed of use.

[0188] The operator's selected indexing elements 3004, as described in FIGS. 27A and 27B are shown here. The indexing elements are represented as triangles rather than crosshairs, as they are more suited to a picture background. The operator can select the size of the indexing elements from a menu 2716, similar to that described in FIG. 27B. As the indexing elements are placed in selected locations 3006 and are displayed on the screen, the triangle shaped indexing elements 3004 are hidden, revealing the image locations which the operator has selected. In this example the operator has chosen index location points represented by sections of tree, a bird in the sky and the door handle of the depicted car. A gesture menu 2722 allows the operator to create a custom gesture sequence with a start point 2728 and an end point 2730 for the custom gesture on the screen. The menu 2722 can then provide visual, audible and/or haptic feedback, according to operator's settings as confirmation.

[0189] The operator selects a custom gesture 3008 from a menu 2722, which could be performed on the touch sensitive screen of a device by gesture or by another pointing device. The menu can then provide visual, audible and/or haptic feedback according to operator's settings as confirmation.

[0190] In FIG. 30B, the selected custom gesture 3008 is depicted in the preloaded templates of gesture menu 2722 of FIG. 30B. Once the operator confirms the gesture is correct, it is now stored in this location permanently and available for future use as shown in the third screen of FIG. 30A. The cadence menu 2814 of FIG. 28B, in this instance, has not been elected for use by the operator. A confirmation of the access sequence must then completed to finalize setup before the device can be unlocked as detailed at FIG. 28C.

[0191] Turning to FIG. 31A, the process of unlocking a secure application in the device, having already successfully entered the access sequence password for the device and its operating system is depicted. The device 3012 is shown in an unlocked state. Depicted on the screen are a number of applications icons as explained in FIG. 28C. The application represented by icon 3112 is locked irrespective of the unlocked state of the device, this application being the Virtual Vault, as detailed in FIG. 28C.

[0192] FIG. 31B depicts the login or access screen which is invoked to open the application. This screen is accessed by selecting icon 3102 in FIG. 31A. A series 3104 of personally selected colored spheres as outlined in FIG. 27 is displayed. In this instance the operator has previously established an access sequence password for the application and one must input this sequence to unlock the application. As with the device operating system, all, some or only one aspect of the access sequence setup need be adopted as the operator deems appropriate for requirements.

[0193] In FIG. 31C, the Virtual Vault application is shown unlocked with a series of options on the screen. A simple instruction to select a document is shown as a command 3106 on the screen. A shortcut 3108 is displayed, which, when accessed, quickly secures the Vault if the operator is disturbed whilst accessing a potentially secure document. A filing cabinet icon 3110, when selected, will open a gallery of the contained documents, which could include but is not be limited to Driver's Licenses, Birth Certificates, Marriage Certificates, Passports or Visa documents.

[0194] Referring back to FIG. 31A, there is a similar locked icon 3112 for a Virtual Wallet application which, when accessed would permit use of stored financial documents which could permit credit or debit card transactions or permit banking or similar transactions. The access sequence password could be the same as that for the Virtual Vault or another independent completely different password. As before, all, some or only one aspect of the access sequence setup need be adopted as the operator deems suitable for its requirements.

[0195] In FIGS. 32A and 32B, an alternative embodiment of a Multiface Document is shown. There is shown the Obverse Surface 3202 of Card I and the Reverse Surface 3204 of Card II. A grommet 11 holds Cards I and II together securely but preserving the ability of the cards to rotate about the grommet 11. For added security, an identifiable sealing grommet 3224 can be combined with or can uniquely identify the grommet 11 is intact and not a forgery.

[0196] A RSA, ECC PKI or AES cryptographic key 3206 is shown as a two dimensional barcode or matrix form which has been issued by an entity with which the holder has a relationship. This PKI is machine readable in order to effect secure transactions or communication between the individual and the issuing entity. In this reading process the 2D or 3D barcode or matrix would appear on the utilized device's display. A NFC, RF ICC chip 3208 is included to effect transactions by the individual and the issuing entity. On the reverse surface 3204 of card II there is provided either a conventional read-only or reprogrammable magnetic stripe 3210 with onboard processor capabilities, allowing it to reprogram itself after each use.

[0197] Each type of magnetic stripe, matrix, NFC or ICC 3210 is vulnerable to damage and both contain sensitive data related to the holder if copied and accordingly been placed on the protected reverse face of card II. An internal faraday cage 3212 is inserted to the rear or closest to the obverse card surfaces to protect the NFC chip 3208 and the circuitry of the magnetic stripe at 3210 from being compromised by unauthorized access.

[0198] In FIG. 32B there is shown the Reverse Surface 3214 of Card I and the Obverse Surface 3216 of Card II. Also shown is the grommet 11 and the identifiable sealing grommet 3224. A second Public Key Infrastructure (PKI) cryptographic key 3218 in two dimensional barcode or matrix form issued by an entity with which the holder has a relationship. This PKI two dimensional barcode or matrix is machine readable in order to effect secure transactions or communication between the individual and the issuing entity. In this reading process the 2D barcode would appear on the utilized device's display.

[0199] A second NFC RF ICC chip 3220 to effect transactions by the individual and the issuing entity is placed in card I. Also on the reverse face of card I is a second either a conventional read-only or reprogrammable magnetic stripe 3222 with onboard processor capabilities allowing it to reprogram itself after each use. Each type of magnetic stripe is vulnerable to damage and has accordingly been placed on the protected reverse face. An internal faraday cage 3212 component is placed closest to the external or obverse surface to protect the second NFC 3220 and the circuitry of the magnetic stripe 3222 from being compromised by unauthorized access. Due to the location of the NFC chips 3208 and 3220, a partial opening of the Multiface Document is possible; meaning only the desired NFC or RF ICC is unprotected by the faraday cage at any one time during use.

[0200] Such a document does not need to incorporate all of the depicted features, and could also include other features as required by an issuing entity in order to be used retrospectively with legacy equipment. Furthermore, such a document could be used in a tamper evident delivery environment function to issue both Public and Private Key data in a cryptographic environment that, for example, uses a Public Key Infrastructure between individuals or an individual and an issuing entity or to effect the confidential exchange of other symmetric/asymmetric key issues in order to effect trusted digital signatures between parties in lieu of delivery by, for example, diplomatic exchange.

[0201] Referring now to FIGS. 32C and 32D, there is shown a mini-sized Multiface Document or token for convenient carriage or concealed operation. A miniature form 3226 of the cards of FIG. 32A, is shown, in this instance, lacking a magnetic stripe. Similarly, a miniature form 3228 of the cars of FIG. 32B, is shown also lacking a magnetic stripe. This card is intended to be used in like manner as FIGS. 32A and 32B, and may be carried on a key-ring or as a fob.

[0202] Turning now to FIGS. 33A, 33B, and 33C, there are shown alternative barcode or matrices. For example, in FIG. 33A, the reverse surface of Multiface Document 3204 (similar to that shown in FIG. 32A), includes 2 or 3D Barcode or matrix 3206 which may include a PKI Key in addition to other sensitive information.

[0203] FIG. 33B, shows a 2D Barcode or matrix 3206, but indicates the four positioning markers 3304. A mask 3306 can be placed on a lamina that is positioned over the bar code to obscure the barcode on the screen of the operator's device scanning the code. The code itself is obscured to prevent it being scanned or copied by a possible third party either by covert device or screenshot.

[0204] At FIG. 33C, the obscured code 3308 is depicted on the screen of a smart device 3318, such as a mobile phone or tablet or PC which has been preloaded with the obscuring template as part of the application that reads the barcode. This would obviate the necessity of an obscuring lamina.

[0205] At FIG. 33A, another form of barcode or matrix 3310 is depicted as an example of other types of matrices, all of which are or could be used in like manner. In FIG. 33B, a series of indexing lines or positioning markers 3312 are shown, similar to the positioning markers 3304, but in a different form.

[0206] The generated mask 3314 for this type of barcode or matrix 3310, when displayed on the screen of the operator's device scanning the code obscures the code itself to prevent it being scanned or copied by a possible third party either by covert device or screenshot. In FIG. 33C, the obscured code 3316 is shown on the screen of a smart device 3318, such as a mobile phone or tablet PC which has been preloaded with the obscuring template as part of the application that reads the barcode or matrix.

[0207] FIGS. 34A and 34B show yet another alternative Multiface Document similar to that shown in FIG. 1. In this embodiment, there is included a transparent document 3402 containing a visible faraday cage which is interleaved between the reverse surface of Document I and the reverse surface of Document II. This is done to protect the contained RF responsive ICCs, NFCs or RFIDs or any readable surfaces contained on or in Document I or Document II. This transparent portion may also include indexing capabilities as a substantially clear document which will have little or no effect on a visual display screen or device, particularly if the display is of a touch sensitive type. An NFC 3404 or other contactless chip on reverse face of document II is protected by an embedded Faraday cage 3408 between it and obverse face of document II. The chip's 3404 location 3406 is shown in dashed lines on the obverse surface of Document II, concealed beneath an embedded faraday cage 3408. Should a chip be embedded in Document I in addition to Document II, an identical, embedded faraday cage would be specified in each.

[0208] Yet another embodiment of the multiface document is shown in FIGS. 35A, B and C, wherein there are two obverse and two reverse surfaces, but affixed in a fashion that it is intended to be used as a single document. The reverse surfaces of the document are only accessible to authorized parties which could include technicians of the issuing body of the document. Further, should the reverse surfaces be exposed by unauthorized parties, security features will ensure that the tampering is evident and the card becomes unusable. These security features can include light sensitive inks and interdependent circuitry and in construction would preferably be laid down starting with the reverse surface as each documents base and built up from there where metallic ink/paint may be used or metal deposition to create the internal structure.

[0209] Obverse Face I and Reverse Face I of the document could potentially be issued by one entity and Obverse Face II and Reverse Face II by a second entity who by agreement intends the functions to be utilized as a co-joined multiface document or capable if used as a companion pair of two individual card or documents would protect each other in like manner as if they were cojoined. Both documents could also be issued by the same entity, for example, to access two or more different services or provide increased functionality over a traditional dualface document. The Obverse 3502 of Document I includes all of the features that would traditionally be included on the two surfaces of a standard dual face document. These include an image of the bearer 3504, NFC logo 3510, a magnetic stripe 3518, a 2D barcode 3408 and NFC or RF chip and its transmitting antenna 3514. A predetermined non-faraday cage protected area 3506 is provided in order that the NFC or RF ICC chip on Reverse II 3552 may be read through Obverse I 3502.

[0210] A faraday cage 3512 is embedded between Obverse I 3502 and Reverse I 3520 and above the containing layer 3526 of electronic circuitry. A concentrated faraday cage screen 3516 is placed above the RF chip and its antenna 3514. Apertures 3524 at points on Reverse I allow unimpeded RF communication through these points only. Circuitry 3526 is laid down by metal ink or deposition applied to surface 3520 to create metal structures. A combined Obverse Reverse of Document I 3530 displays all functions and circuitry from both Faces of the Document.

[0211] FIG. 35B shows, in this example, a document identical to that displayed in FIG. 35A, but designed to work in concert with Document I when co-joined. FIG. 35C depicts the two Documents being co-joined by Reverse I and Reverse II. The co-joining may incorporate an invisible hinge 41. as depicted in FIG. 2, The invisible hinge 42 can also facilitate communication and, if necessary, be a power link between Document I and Document II. The finished Multiface Document will have the same dimensions including depth as a conventional financial institution dual face documents, allowing compatible use with all existing technology and functions.

[0212] FIG. 36A, including FIGS. A and B is a diagrammatic representation of a method of facilitating travel of authorized persons according to the invention; The facilitation of travel by authorized persons is illustrated schematically in FIGS. 36A, 36B and 37 is described hereinafter. Persons wishing to travel internationally apply for and are issued an identification card of the type described above. The card is issued by a card issuing station 40 whereat the appropriate unique description is programmed into the card. Either at the same time or subsequently, the biometric data of choice unique to each person and suitably a thermogram is prepared and stored (preferably in digital form) in the database of the file holding station at a file location designated by the unique description. The thermogram is suitably of the type described in U.S. Pat. No. 5,163,094 to Prokowski.

[0213] The individual may subsequently indicate a desire to travel to Australia or the USA. Such a desire for example, may be indicated by the purchase of an airline ticket or making an application for a visa. The individual's identification card may be read 42 at this time and the airline ticket would be issued in the name of the person to whom the card was issued.

[0214] At this time the individual's add-on file in the national database would be updated to show that he is authorized to travel to Australia and remain there for a specified period of time. Upon updating of his add-on file the individual may be issued with a suitable receipt or ticket for his own benefit and record although such a receipt would not be used for any official purpose.

[0215] In a preferred embodiment the individual's thermo gram or other biometric data is retrieved from the database or prepared at this time and stored in a departure station database arranged to collate thermograms in respect of individuals ticketed for each particular flight.

[0216] Accordingly, information specific to each person as well as information in regard to authorized length of visit and the like or other information enabling quick and easy access to that information in respect of each person on a particular flight is prepared as a packet of identification data prior to the time of departure. As passengers move towards the departure lounge or through the departure gates, for example, they are scanned by at an ATM or by the associated remote scanner to create a contemporary thermographic data which may be instantly compared with past seen individual data thermographic data previously loaded into the departure station database to both positively identify each passenger and other changed condition data which may reveal a KUI or a UUI. Those passengers positively ATM identified 44 as authorized passengers by a sufficient correlation between the contemporary thermographic and face image data against the departure station database thermographic and face image data are afforded an uninterrupted passage to the departing aircraft 46. Those passengers in respect of whom the correlation is below the requisite level are directed to a designated area for further identification or if suspected KUI/UUI are referred to A-T, C-T command elements responsible for public safety.

[0217] This process is carried out for all persons boarding the aircraft. The departure ATM station may also maintain a database of prohibited KKI & KUI persons which preferably is accessed for comparison with all passengers. Any person who is identified as a prohibited passenger may be prevented from boarding the aircraft.

[0218] With respect to FIG. 36B, at the same time or timely during the flight, the packet of information data containing all of the passenger data is transmitted to the destination station where it is stored in the destination station database. As the individuals arrive in the country, a ATM three way error detection cross check is performed in element 48 wherein the current information of arriving passengers is available for a comparison.

[0219] First, the national data is compared to the departure data (DPT), the national data is compared to the current arrival data (AVE) at (1), (2) and, at (3), the arrival data (AVE) is compared to the departure (DPT) data transmitted from the departure point. Those persons not positively identified in the short period before boarding and allowed to board are investigated

further during the relatively long period in which the aircraft is in transit. Accordingly, those passengers for whom authorization is eventually established are provided with easy entry 50 to the destination airport and those who have not been positively identified are detained 52 for further identification.

[0220] At the destination airport all passengers proceed past a scanning station where each passenger's identification card is read remotely, thereby enabling the stored thermogram for that card to be retrieved. Each passenger is coincidentally thermogrammed by a remote thermographic scanner focussed on the person carrying the sensed card. The thermograms are compared and where a sufficient correlation is achieved such persons progress to their destination without further interruption by officials through selection gates which may be actuated by the monitoring equipment automatically.

[0221] Suitably the ATM associated selection gates unobtrusively capture unauthorized individuals for safe further investigation. The add-on database may be updated at this time automatically to record the arrival of each passenger in the destination country. Alternatively, the departure airport may package the information contained on the ATM issued identification receipt of individuals on a flight and send this to the arrival destination which compiles the packet of identification data for their use to facilitate free passage of bona fide disembarking travelers.

[0222] Preferably each station and each ATM station which can access the database has an individual station access code and each operator manning such a station has an individual operator's code. Suitably this information is added to the add-on only file each time an access is made or attempted. Suitably, authorization to access the database is provided in a similar manner wherein biometric correlation is required. Accordingly, an audit trail of actions is maintained and a log of authorized movements of each individual is recorded in such a manner that a history report including details of the operator updating the file can be established.

[0223] Foreign travelers in a host country need only carry their Identification cards. If queried as to whether they are authorized to be in the particular country, they only need to accompany a government official to a reading station where a contemporary thermogram can be taken and where their identification cards can be used to access the national database to retrieve each individual's thermo gram and authorized travelling particulars.

[0224] These process steps are broadly indicated in the diagrams of FIGS. 36A, 36B and 37, in varying degrees of detail. In addition to the foregoing this invention could be used to monitor individuals entering and exiting a secured area such as border crossings or prisons. Furthermore, the method of providing identification may be utilized to establish the identity of persons undergoing medical treatment. For example, the database may include information in regard to medical condition, blood group or the like and such information may be utilized by hospital staff upon receipt of confirmation of an injured person's identity rather than performing on the spot blood tests to determine that person's blood group. Advantageously, such method will save time. Alternatively, a medical practitioner could prescribe drugs or treatment to a distant patient upon establishment of the patient's identity by the foregoing method, secure in the knowledge that the person's identity has been correctly established.

[0225] The facilitation of movement of shipping containers or motor vehicles are illustrated schematically in FIG. 38. The term biometric data as used in relation to the freightable articles means an identifiable attribute specific to the article such as a surface image. Entities wishing to export on a regular basis will be required to make application to become authorized exporters. On approval of such application all personnel employed by the authorized entity will be issued with a personal identification device 70 as previously described. Information in respect of the preparation, packaging and contents of individual parcels to be shipped in a shipping container will be entered into the add on file in respect of that particular container, which will be identified according to the method previously described 72. Upon closure, the container will be sealed with identification means 74 such as a seal assembly as previously described which has been issued to the authorized entity by an official issuing authority. Details of the seal will be entered into the database 76 and married with the identification data in respect of the container as an add-on file. If the container is a non-identified container, then the seal details will be married with details of the shipping entity. The same process will be carried out by all authorized exporting entities.

[0226] Containers arriving at a shipping station will be remotely scanned to check for any unauthorized access to each container between the dispatching station of the exporting entity and the shipping station and also for any damage to the seal. Information in respect of all containers to be loaded on a particular ship will be compiled to form a package of data which will be transmitted to the destination port. At the destination port the containers will be unloaded and scanned automatically to determine if the seals have been damaged. The seals and the identification data will be compared with the transmitted packet of data. Visual checking to determine whether the containers have been entered by removal of a remote wall panel of the container may also be carried out. A plurality of sealing assemblies may be applied to suitable parts of the container if necessary. Those containers positively identified (i.e. with a suitable correlation between the transmitted data and the data obtained at the destination) and having the seal intact, (that is the seal sends a valid signal), will be directed from the destination port without further checking. However, those containers which are either not positively identified or whose seal assemblies do not provide a valid signal will be directed to a checking station for further investigation. By use of this method freight forwarded by bona fide exporting entities will be afforded an uninterrupted passage unless an unauthorized party has gained access to the container during shipment or a seal has been accidentally damaged. The method therefore is expected to improve the efficiency of freight movement.

[0227] Turning now to FIG. 39, there is illustrated, in diagrammatic form, a walk past process according to the invention using contactless radio frequency identification means. Before the process starts, the local application unit 80, at midnight, local time (or any other suitable time), requests and receives from transport operator's central reservation server 82 the entire passenger data to be processed within the next 24 hours. Local application unit 80 receives data in packets according to departure and arrival times. A request for ID Data is made to a network centric server application 84, which sends inquiries to a first seen (or enrollment) database 86, a last seen database 88, an individual condition database 90 and a watch list The server 84 collects the information including a pro-active database 92, alert warning flag in advance of the arrival of individuals 94 at an entry data collection station 96. The local application device 80 updates this data regularly throughout each 24 hour period.

[0228] When an individual approaches the data collection or access point 96, a radio frequency identity detector (RFID) 98 detects the individual's identification device and cameras 100 and other biometric data gathering devices such as thermal, audio and vapor etc. sensors 102 devices record the individual's respective biometric data. The local application unit 80 associates the card unique description, with one or more pieces of noninvasively obtained biometric data of card holder. The local application unit 80 passes card unique description and biometric data to the network server 84 for comparison. The server application unit 80 requests a search of the watch list database 92 and the condition database 90 for any match or close match of data collected from the RFID reader 98 and the biometric data gathering device 102. The result of any match sends appropriate flags to appropriate authorities. Further, the server application unit 80, on receipt of data from the RFID reader 98 and the biometric data gathering device 102, also requests the linked biometric data from enrollment or first seen and last seen databases 86, 88.

[0229] The first seen database 86 passes back recorded biometric data and authorizes the last seen database 88 to pass back last seen recorded biometric data to the server application 84. The last seen and first seen biometric data are compared to validate the integrity of the first seen and last seen databases 86, 88. Any failure to reach required comparison threshold causes an alert to be transmitted to internal security. The first and last seen data are held until current data is received from the biometric data gathering device 102. Current-seen, last-seen and first-seen biometric data are compared and if identity is confirmed, an enabling signal is sent to an access control device 104 which enables a gate controller 106 to permit passage or access Similarly, if identity is not confirmed, the signal to the access control device 104 results in a different signal to the gate controller 106 and access is denied. If three way biometric data comparison is inconclusive, an appropriate signal is sent to the local application unit 80 and either a request is made for more biometric data or, if a threshold has been reached, a decision can be made to deny access and flag for additional evaluation, which may be a manual investigation. In such an event, the local A-T, C-T or O-C command L1R, L2R and other security detachment phase developed confrontation plan dependent, may be advised and off the incident law enforcement official may be instructed to deny access and possibly detain the individual.

[0230] FIG. 40 illustrates a walk past process according to the invention using contactless RFID as in FIG. 6, above and a smart card reader 110. As in the system of FIG. 6, the server application unit 80 is initialized and receives data from the same databases and sources. When an individual approaches the access point 96, one of three possible scenarios start:

[0231] 1) Identification means are carried by the individual through the RFID antenna 99 reading area, wherein the RFID reader device 98 detects the individual's identification means and cameras 100 and other biometric data gathering devices 102 record respective biometric data; or

[0232] 2) Identification means' surface is presented on the fly to the unique description reader device 110 wherein it detects the individual's identification means. The cameras and other devices 100 record respective biometric data; or

[0233] 3) The identification means carried by the individual contains both an RFID microprocessor and a surface mounted unique description. Under this scenario, scanning may be

conducted overtly or covertly, as well as the individual presenting the dual format identification means to the unique description reader device 110 wherein it detects the individual's identification means and the cameras and other devices 100 record the individual's respective biometric data.

[0234] The local application unit 80 associates the retrieved RF Card Unique Description, and/or smart card, with one or more pieces of noninvasively obtained biometric data of card holder. Local application unit 80 passes the card unique description and biometric data to the several servers for comparison. The server application unit 84 requests a search of the watch list database 92 and the individual condition database 90 for any match or close match of the data collected from the individual as in FIG. 39. In FIG. 40, the response is categorized as before, server application unit 80 requests the linked biometric data from enrolment or first seen and last seen databases 86, 88, the first seen database 86 passes back recorded biometric data and authorizes the last seen database 88 to pass back last seen recorded biometric data to the server application unit 84.

[0235] Last-seen and first-seen biometric data are compared to validate the integrity of the first seen and last seen databases. Failure to reach required threshold causes an alert signal to be sent to internal security personnel. First and Last-seen data are held until the current data received from the access point 96 data collection devices. Then, current seen, last-seen, and first-seen biometric data are compared. If the three way comparison of the biometric data matches, that result is communicated to the local application unit 80. In the absence of a match, more biometric data can be requested, or, if a threshold value indicated that the data do not match has been reached, either the is an instruction to deny access or, alternatively, to flag for manual evaluation. In this event, internal security or law enforcement officials can be advised and the access control device 104 is instructed to deny access.

[0236] FIG. 41 illustrates the system of FIG. 40 to which has been added a separate validation system for assuring the identity and validity of all equipment and system operators to whom encryption keys are allocated. For this embodiment, thermal cameras are deployed to detect; [0237] 1) facial or other Disguise/s that an individual may employ in order to impersonate another authorized Individual, [0238] 2) Changed medical or other condition changes such as narcotic, adrenal or contagion such as the Ebola, Typhoid or other such virus or pandemics among others that represent a terrorist use that endangers public safety is proactively detectable by variance away from a baseline established on enrolment and all ensuing last seen records of their established status, and a covert and/or Overt Counter surveillance system that is Network Centric enabled.

[0239] When an Individual approaches, the Access Point 96, RFID detects the Individual's Identification Means and cameras and other devices record the individual's respective biometric data. By using an advance local application RF reader 112 of card's unique description for tamper detection, substantial advance processing time is afforded if tampering is detected. Where no tampering is detected, the detected description reaches the server in well in advance of regular data collectors, allowing additional time for all first seen and last seen information to be retrieved from any global location and have the local application unit 80 performs pre-cross check before the now seen or current identification data retrieved.

[0240] On completion of the identification sequence, the local application unit 80 sends all contemporaneously collected biometric data to its own dedicated secure last-seen database 114. The local application unit 80 then advises the server application unit 84 of the new address of this individual's newest last seen biometric data. Such biometric data collecting devices can also be utilized to apprehend an individual without an identification means but with a record in the database, including a medical condition record as a previously KUI or UUI individual commonly referred to as a sleeper. A secure and remote network centric encryption key exchange and metrics (or statistic) reporting and audit module 114, archives all encryption keys used against each piece of equipment and all system operator/s, then completes all metric measurements (or measurable activity) of actions, timings and personnel involved, including complete costing's and then automatically generates governmental required activity reports as well as simultaneously generating invoices for all services performed during each operator's shift and, in encrypted form and via the trusted network centric system, submits each activity report and invoice to the respective government department and civilian operators that utilize each respective system module.

[0241] Turning next to FIG. 42, there is illustrated a system 200 for validating staff and system resources that would be employed in the systems of FIGS. 6-8. Initially, an enrolment module 202 is created which gathers both biometric and unique identification data for each member of the system staff. This data is stored in both a staff portable record 204, which may take the form in Chapman U.S. Pat. No. 8,342,414, and U.S. Pat. No. 9,286,461 or the form of the devices shown in FIGS. 1a-1c. The data is also maintained in an archival database 206. A local application unit 208 then interrogates an original biometric database 210, an original condition database 212 and a watch list database 214 to verify the identity of the individual and to assure that there is no impediment to employment. A last seen locator database 216 is used to verify that there have been no biometric changes since initial enrollment into the national database where identity is initially established.

[0242] A protected individual database 218 is also checked to establish security clearances for individuals that may have been afforded protection under programs such as witness protection or other such programs including Federal Agents and associated family members in order to deny Terrorist or organized criminal elements who can gain access to central reservation systems advance knowledge or warning of their travel movement/s and associated addresses/s and banking details and other such bio-data. Such protected individuals have their ID data changed with the intention to covertly morph the individual in order to prevent discovery of their true identity for national security or other reasons, so that they may have access to restricted areas and restricted assets and information in their changed or morphed identity. A protected individual application unit 220 can be used to reflect the actual assignment and access afforded a particular protected individual which can be reflected in the portable staff record 204 without any routine staff system operators' knowledge. All protected individuals' enrolment and privileges granted are handled by officials at the highest level of a multi-level system, which are capable of enrolling other staff and granting initial staff access. Thereafter, such staff access is granted by an immediate supervisor on a rostered duty and area function. A protected individual application unit 220 can be used to reflect the actual assignment and access afforded a particular individual, which can be reflected in the portable staff record 204.

[0243] The responsibility for overall supervision of the system is given to individuals of proven fidelity and who have the confidence of the highest ranked administrators of the government. These individuals are listed in a system engineer and staff access duty roster and, through a staff authority unit 224 are assigned their privileges and accesses. Once staff assignments are made, a suitably encrypted key is created for each individual who is linked to the level of responsibility, the access that has been afforded and when that access can be achieved, all in a key creation unit 226. All of the information thus created is stored in a staff audit activity database 228.

[0244] Through a staff network server apparatus 230, staff assignments are scheduled in a staff authority device 232. In an operation that is substantially similar for both domestic and international departure and arrival staff, the person presents a staff record to sensing means 234, which may include an RF antenna unit 236. The staff member's biometrics and unique data is obtained from the record and from the staff member and compared to the original biometric database 210, the original condition database 212, the watch list database 214, the last seen locator database 216 and the protected individual database 218. In addition, a departure staff access duty roster database 238 is checked to assure that the staff member has been assigned to this post on this shift. Similarly, the arrival staff undergoes the same process with an arrival staff access and duty roster database 240. Once identity is verified and all other authorizations are in order, the staff member takes the assigned post and awaits travellers.

[0245] In FIG. 43, the system of FIG. 42 is enhanced for the traveller by the addition of a transport operations central domestic and international reservation database 242 which includes the information acquired at the time of the authorization of travel and which is sent on to the travel point in advance of the arrival of the travellers. At the departure point, there is an additional departing vessel database for the vehicle which will transport the travellers. The vessel may be a ship, a plane, a train or even a bus. Similarly, on the arrival side, an arrival vessel database 246 will contain the records of the passengers arriving on each vessel.

[0246] In FIG. 44, including FIGS. 44A, 44B, 44C and 44D, at 44A is a diagrammatic representation of a card or document that has a reverse side 20 and an obvers side 26 and with a RF blocking faraday cage 24 inserted between those two surfaces 30 where the reverse surface has RF ICC and/or NFC 22 chip/s that can be interrogated from that directional facing side but not from the obverse side because the faraday cage 24 prevents the RF ICC and/or NFC chip/s operation. As shown, the obverse side 26 includes an image 32 which may be a caricature and a matrix code 28/In a first embodiment, the card is rolled into a cylinder 34 with opposite edges sealed together. In this configuration, the exterior now displays a matrix code 28a and a caricature 32a The private information on the reverse face 20 as well as any other information of a private or sensitive nature is now shielded by the faraday cage 24, obviating the need for a protective envelope for the card as the private and sensitive information can only be accessed from the cylinder's interior.

[0247] FIG. 44B shows the same flat card 40 re-configured into a collapsible flat card 46 that can be expanded into a hollow rectangular tube 44 in use wherein the internal hollow reverse surface 42 can be interrogated by a RFID compact USB 54 probe 56 best seen in FIG. 44C.

[0248] FIG. 44C further shows a document 42 with the addition of a lanyard attachment 68. Also shown in FIG. 44A, is the flat card or document rolled to form a compact tubular token 50 formed to fit around a central sliding core 54 which may include a faraday cage 56. The token 50 is attached to a retractable lanyard type device 20 that may also have a NFC chip 62 and/or an owner/operator image 64 thereon as well as an optional 2-3D matrix 66. In addition a compact USB device 58 with an attached pole or probe type RFID internal RF ICC and/or NFC chip interrogating device. 58. The device 58 can be a practical automatic protected data acquisition device that can suitably have, as an integral component a Device Equipment IDentifier (MEID) number that is globally unique to identify a physical piece of mobile Data acquisition equipment, including ATM and other associated components.

[0249] FIG. 44D shows yet another embodiment of the FIG. 44A tube as slide type tube around a stylus, laser pointer or pen 60 in any combination, in addition to help prevent accidental loss there is provided a lanyard attaching spindle 62. Further, FIGS. 44C and 44D show, as an example in use via a USB plug in 58 having a pole or probe type interrogating device 60 capable of interrogating and reading the RFID internal RF ICC and/or NFC chip.

[0250] Thus there has been disclosed a novel document having a plurality of sides, most of which are normally concealed. The document includes features that are images that are sufficiently degraded so as to defeat facial recognition equipment yet not so degraded as to prevent a human observer to confirm that the image is that of a legitimate bearer of the document. Real images of the bearer on the concealed side are strategically covered with a non transparent official seal that obstructs enough of the image to substantially defeat face recognition techniques but sufficiently exposed to facilitate human confirmation of the holder.

[0251] Other features include masks that can be used with displays to select authorization or confirmation code characters from a matrix of characters. The documents can also include magnetic strips and other types of machine readable lines of text which can store information about the person with whom the document is associated and information strips containing data susceptible to optical scanning.

[0252] The document can have embedded an RFID processor circuit or a plurality of RFID processor circuits, any one or all of which can be interrogated and, alternatively, the RFID processor circuit can be made operable or inoperable by the bearer.

[0253] Moreover, the document need not be a physical document but can exist as a virtual document which possesses the features of the real document and which can be used in a similar fashion in conjunction with computer or other machine displays or with smart cellular telephones or the like. The telephones and displays can have, associated with them, cameras, fingerprint scanners, thermographic infrared sensors and other devices capable of acquiring biometric information about the authorized bearer as well as reading high density data images from other documents in both real and virtual displays.

[0254] All of the foregoing embodiments may utilize computer, smart phone or the like with specific applications that, during the loading sequence, will incorporate the identification data of the device, including its display size and features such as touch sensitive, as well as that of the authorized user or users should there be more than one. This facilitates specific verification and or authentication sequences that will facilitate speedy transactions between different computer-smart phone or the like combinations.

[0255] All of the techniques taught or described herein preferably utilize a four factio test when enabling access to secured data. Such a test is defined by the presence of the following elements:

1. Something one hasa device;
2. Something one recognizesa self formatted and colored spheres or a self modified image or cartoon;
3. Something one knowsa selected sequence of entry locations; and
4. Something one can do or performthe rhythm and consistent timing of a complete data entry sequence.
The above also requires simplicity and memory prompts achieved by the individual's own modification of a presented image and the ability to select it from other similar images

[0256] Further, each specific application embodying this feature will be enabled in such a way as to facilitate its remote decommissioning should it be lost or stolen. Additionally under such circumstances, the specific application that has been decommissioned may be capable of operation in a stolen mode to self report its location via inbuilt GPS functionality as well as gathering biometric data from any attempted uses for evidentiary use in any subsequent legal action.

[0257] Yet another disclosure is an ATM machine that does not need a card transport and security reading mechanism or a keyboard despite its illustrated presence in FIGS. 13 and 14. Such an ATM can operate in conjunction with a touch screen or the like in conjunction with virtual card transactions being instigated or completed via mobile smart phone in all aspects except the confirmed cash dispensing function which can be enabled by an appropriate image on a handheld device. This will save substantial time in front of an ATM, freeing it up for other users in high volume areas. All of the foregoing ATM features and the physical machine as well as users being under direct integrated counter surveillance cameras can proactively detect unlawful acts and record encrypted evidence of the same under any lighting condition.

[0258] Other embodiments and techniques within the scope of the invention will manifest themselves to those skilled in the art. Therefore, the scope of the invention should only be limited by the claims appended hereto.