RS20120407A1 - SYSTEM FOR AUTOMATIC VERIFICATION OF VEHICLES OF VEHICLES, DRIVERS AND PASSENGERS IN VEHICLES WITH LIMITED AREAS AND SERVICES - Google Patents

Abstract

A system for automated control of the rights of access of vehicles, drivers and occupants to restricted areas and services uses smart documents and digital certificates in conjunction with automated recognition of a vehicle and its occupants. The collected visual and biometric information is compared against the corresponding reference data stored within vehicle and occupant identification documents, respectively. The matching result as well as the vehicle and occupants' identification data are transmitted to the stationary access control subsystem. The system and method described in the present invention can be used for controlling the access to private roads, parking areas, garages, car lifts, fueling stations, border crossings, security-risk areas or services, where it is necessary to prevent access or exit of unauthorized vehicles and occupants, without stopping authorized users and exposing their private data to unauthorized third parties.

Description

SYSTEM FOR AUTOMATIC VEHICLE RIGHT OF ACCESS CHECK,

DRIVER AND PASSENGER IN THE VEHICLE IN RESTRICTED AREAS I

SERVICES

(SYSTEM FOR AUTOMATED CONTROL OF THE RIGHTS OF ACCESS OF VEHICLES, DRIVERS AND OCCUPANTS TO RESTRICTED AREAS AND SERVICES)

TECHNICAL FIELD

The system for automatically checking the right of access of vehicles, drivers and passengers to restricted areas and services, according to the invention, belongs to the field of traffic control systems for road vehicles that identify vehicles (G08G 1/017), with devices for recognizing different types of vehicles (G08G 1/015), procedures or devices for recognizing using electronic means (G06K 9/62), devices for registering people at entrances or exits (G07C 9/00), mechanisms activated by objects other than money for switching on or activating devices for the sale, rental, issuing of metal or paper money or for the return of money by coded identity card or credit card (G07F 7/08), used simultaneously with a coded signal (G07F 7/10), means and devices for charging a toll or fee at a checkpoint (G07B 15/00), means or devices for collecting a toll or fee with release devices passage, using a turnstile or similar (G07B 15/04), devices and procedures for digital calculation or data processing, especially adapted for specific functions (G06F 17/00), devices and procedures for obtaining and determining data (G06F 17/40), burglar alarms, thefts and the like, using systems for scanning and comparing images (G08B 13/194), security solutions for protecting computers or computer systems from unauthorized operation recognizing unauthorized intrusion into a fenced area (G06F 21/06), procedures and devices for reading or recognizing printed or written characters or recognizing geometric figures (patterns), e.g. fingerprints (G06K 9/00), record carriers for use with machines and with at least one part provided for carrying digital marks, where at least one type of marking is used for authentication, e.g. credit cards or identification cards (G06K 19/10), methods and devices for identification using electronic means, record carriers with conductive markings, printed circuits or semiconductor circuit elements, e.g. credit cards or identification cards (G06K 19/067), systems for managing the traffic of road vehicles by bypassing the rules of managed traffic, e.g. according to the signal emitted by the vehicle for emergency purposes (G09G 1/087), vehicle equipment for preventing or detecting the unauthorized use or theft of the vehicle (B60R 25/00), vehicle identification signs (B60R 13/10), other vehicle equipment (B60R 99/00), as well as secret or secure communication devices (H04L 9/00).

According to the International Patent Classification (IPC), the invention belongs to classes: G08G 1/017, G08G 1/015, G08B 13/194

G07F 7/08, G07F 7/10, G07B 15/00, G07B 15/04, G07C 9/00

G06K 9/62, G06F 17/00, G06F 17/40, G06F 21/06, G06K 9/00, G06K 19/10, G06K 19/067

G09G 1/087

B60R 25/00

B60R 13/10

B60R 99/00

H04L 9/00

TECHNICAL PROBLEM

The system for automatically checking the right of access of vehicles, drivers and passengers to restricted areas and services, according to the invention, solves the problem of implementing a system for highly secure access of authorized road vehicles and authorized drivers and passengers to areas where access rights are limited and allowed for pre-registered vehicles and drivers or passengers, such as private roads, parking areas, garages, elevators for road vehicles, fuel stations, or security-risk areas, where it is necessary to ensure that unauthorized persons cannot to directly access or leave existing areas undetected, while preserving the privacy of authorized users, and preventing other possible abuses. Resources to be protected are physical, such as unfenced or fenced areas or entire buildings, whether physically protected by doors, gates, ramps or not. as well as logical, such as services and data that can be accessed in protected areas.

In practice, the control of access rights and identification of road vehicles is most often used to check license plates, including automatic recognition of license plates and characters on them. During more detailed checks, authorized officials check the body number, as well as the data from the traffic license, which they compare with the registration number, body number, model and color of the vehicle, and the identity of the traffic license holder. Driving licenses are increasingly issued in the form of smart cards ("smart cards"), which enable fast machine reading of these vehicle features. To protect against forgery and unauthorized reading, the data in the "smart" traffic license is often encoded with asymmetric key technology (PKI, in English "Public Kev Infrastructure"). Namely, the private digital key of the smart card encrypts data about the vehicle and the owner, and its public key, which is available to the access control device, decrypts this data and checks its authenticity.

Various means are used to control the access of persons: mechanical keys; biometric verification of a person's identity; and digital records stored on a readily portable medium, machine-readable by magnetic, electronic (eg smart card) or optical (eg "bar code" or optical character recognition) means. Often, a combination of biometric identity verification and digital record is used in the control of access rights based on the identification of a person. At the same time, the digital record contains coded information about the biometric features of the person who is the bearer of the medium (token, card), such as a fingerprint, iris, arrangement of blood vessels, voice, signature. Biometric features in the digital record on the medium are called reference biometric data. This data is read from the medium and compared with the biometric data scanned from the person who is the holder of the medium, at the time of the request for access to the protected area. In addition to biometrics, a digital record can also contain textual data about a person's identity and their rights within the protected area. This identification data can be contained in a "digital certificate" placed in the digital record on the medium, together with information about ways to verify the authenticity of the digital record and the identity of the bearer. Such digital records are increasingly used in standard identification documents such as biometric ID cards, passports, driver's licenses, residence permits, official identification cards, employee cards, biometric amusement park tickets, and the like.

It is desirable that the format of the record of the above data is such that only devices for checking access to the protected area and services, controlled by the organization that issues identification documents, can read it and translate it into human-understandable information, thus protecting unwanted theft of private data. Namely, one of the ways of abuse is to plant a fake access control device on the authorized user - the driver, or for example to eavesdrop on the communication made by the access control device with the rest of the system, so the collected information is subsequently used for unauthorized access. In order to avoid such misuse, the technology of asymmetric digital keys (PKI, in English "Public Key Infrastructure") is also used. In such an embodiment, the access control device is identified by sending a digital certificate to the user's smart document, or to a computer that is physically connected to it. This digital certificate contains identification data, both of the device for checking access rights, and of the organization to which it belongs; device public key; as well as the digital signature of the organization authorized by the user or his organization to verify the right of access. The authenticity of the digital signature in the certificate can be checked if the smart identification document, or a computer connected to the reader of this document, has access to the public key of the organization to which the device for checking access rights belongs. Also, when requesting to send data from a smart identification document or media, the device for checking access rights can be presented with a message coded with its private key, and on the processing unit that is in direct physical connection with the smart medium (the processor on the medium itself or in the media reader installed in the vehicle), the authenticity of the device for checking access rights is checked with its previously submitted public key.

In the case of controlling the right of access of persons driving a vehicle, for the sake of the user's comfort and the speed of the procedure, it is preferable to check the identity in a way that does not require the person to get out of the vehicle, and preferably without stopping the vehicle. Also, in certain cases of interest for the safety of people, territory and property, it is necessary to check whether the person is driving the vehicle for which he is authorized or whether the people in the vehicle are authorized to access the restricted area. Typical examples of such areas are areas for parking rental vehicles, where the vehicle and driver are checked, or border crossings and high security facilities, where the passengers in the vehicle are also checked. These two requirements, i.e. checking the identity of both the vehicle and the people in it, can be reconciled by remote scanning of the visual features of the vehicle and the biometric features of the driver and passengers, while checking the same by remote reading of digital records with data on the features of the vehicle and people in it.

Remote reading of digital records stored in a moving vehicle can be performed by automatically establishing a radio communication connection between the vehicle and the access control device installed on the approach to the protected area, and as such does not distract the driver from driving. In contrast, the successful scanning of the driver's biometric features often requires redirecting the driver's attention to the scanning process, which often has to be repeated in order for the image (scanning result) to be of sufficient quality, which can be a hindrance to the smooth progress of driving, as well as a safety risk due to the distraction of the driver's attention from driving the vehicle. Examples of this are placing a finger on the fingerprint scanner, which often has to be repeated with the current quality of the scanner on the market, signing on the signature scanner, unsuccessful face recognition that occurs in a certain number of cases, voice recognition that depends on the health, emotional and psychological state of the speaker in conditions of background noise caused by the operation of the engine, the movement of the vehicle on the road, the reception of sound on the radio installed in the vehicle and the voices of other passengers in the vehicle. Even entering a password, as a non-biometric driver's secret data, via the appropriate keyboard, requires the driver's time and attention, which is risky for safety when the vehicle is in motion. In this case, the driver's identity verification system would have to provide a scan of the driver's biometric features when starting or before starting the vehicle itself, and would have to be automatically initiated upon detection of a change of driver or passenger in the vehicle.

The system proposed here solves the aforementioned problems. The proposed system consists of: a subsystem for checking the right of access installed on the approach to a restricted area, i.e. access to services with limited right of use, and a subsystem located in the vehicle. These two subsystems communicate via radio link.

The subsystem in the vehicle uses a smart medium for driver identification (for example, a medium with a microprocessor, such as a card with a microprocessor, in English "smart card") which, in addition to the record of the driver's reference biometric feature, may have implemented algorithms for comparing the scanned and reference biometric feature; digital record reader from a smart medium for driver identification; a biometric feature scanner (for example, a finger scanner, a digital camera for imaging the face or iris, a signature scanner, a voice recording device, and the like); detector of the driver's presence or absence on the driver's seat of the vehicle in an optoelectronic, piezoelectric or other version; a smart medium for vehicle identification, for example a traffic license with a microprocessor, on which data about the vehicle (type, brand, model, color, license plate, body number) and the medium itself (a digital certificate digitally signed by the organization that issued the smart medium) are stored; digital record reader from a smart medium for vehicle identification; own processing unit and memory for managing parts of the subsystem and their communication with the subsystem for checking access rights, as well as for executing algorithms for comparing the scanned and reference biometric features if they cannot be executed on the smart medium itself; an interface for radio communication with a device for controlling access to a protected area or services with limited right of use accessed by the user; and through which the user accesses other protected resources. Optionally, the subsystem in the vehicle can also contain one or more security modules, for example in the form of a smart card, or a SAM card (Securitv Access Module) the size of chip cards in mobile phones. These security modules contain digital certificates digitally signed by organizations authorized to collect data from identification media for drivers and vehicles, with the aim of avoiding the installation of a fake subsystem in the vehicle and misuse of the identification data collected in this way. Also, security modules can contain digital certificates of persons authorized to drive or use the vehicle. In addition, security modules can contain digital records of the vehicle's visual features, as well as the biometric features of authorized vehicle users, if the corresponding smart media do not possess them. In the event that it contains the user's biometric features in non-volatile memory inaccessible to other parts of the subsystem in the vehicle, the security module contains algorithms for comparing biometric features on its crypto-processor, which prevents the exposure of digitally recorded biometric features to its environment, thus also theft during unauthorized access to the subsystem in the vehicle. Finally, the security module may contain certificates that authenticate the subsystem in the vehicle as an authorized device to communicate with the subsystem for checking access to the restricted area and services. The subsystem in the vehicle may also contain a keyboard for entering a password, if the procedure for accessing a restricted area and services foresees the possibility of entering a password. Optionally, the subsystem in the vehicle may also contain equipment for voice communication with authorized persons in the organization that controls access to the restricted area or services.

The subsystem installed at the entrance to the restricted area or services contains one or more cameras that scan the visual features of the vehicle (registration marks, type, brand, model, color, logo); implemented image comparison algorithms (for example comparing logo images with reference logo images in the database, or vehicle images with a reference previously scanned image of that vehicle or reference two-dimensional or three-dimensional images of the vehicle model) and algorithms for license plate extraction and optical character recognition in license plates; own processing unit and memory for executing these algorithms; interface for radio communication with the vehicle; optionally, an interface for communication with the servers and databases of the organization authorized to check access rights; optionally, gangway release devices, ramps, gates, turnstiles or the like, or a communication interface thereto. Optionally, the subsystem at the approach to the restricted area or services may also contain a security module, which contains digital certificates digitally signed by organizations authorized to collect data from identification media for drivers, passengers and vehicles, in order to avoid the subversion of a fake subsystem at the approach to the restricted area or services and misuse of the identification data collected in this way;

STATE OF THE ART

The need to provide secure access has existed for a long time, so there are numerous examples of patents that describe ways to securely access individual or networked resources, such as: U.S. Pat. Pat. No. 6,256,737 (B1), which describes a system, method and computer program for controlling access to resources, using biometric devices where the user's biometric data is stored on a server;

U.S. Pat. No. 6,317,544 (B1), which describes a distributed mobile identification system with a centralized server and mobile workstations. With this system, the reference biometric data is stored on the server;

U.S. Pat. No. 6,320,974 (B1), which describes a distributed identification system with connected standalone workstations. With this system, the reference biometric data is placed on workstations;

U.S. Pat. No. 6,326,903 (B1) which describes a system and procedure for controlling traffic lights from emergency vehicles.

U.S. Pat. No. 6,434,259 (B1), which describes a procedure for secure user access to physical entrances and computer networks, which is based on searching stored biometric features based on an entered PIN code;

U.S. Pat. No. 6,681,034 (B1), which describes a system and method for comparing fingerprints, which includes the use of smart cards on which the reference prints are placed and on whose microprocessor the comparison of the read prints with the reference is performed;

U.S. Pat. No. 6,853,739 (B2), which describes a system for verifying identity using biometric features, where reference data is compared with read data;

U.S. Pat. No. 6,928,547 (B2), which describes a system and procedure for user authentication in a computer network, where biometric features and a password are combined;

U.S. Pat. No. 7,020,308 (B2), which describes a biometric authentication system based on the comparison of read biometric features with a reference biometric feature, with an emphasis on the method of comparing the biometric features;

U.S. Pat. No. 7,266,224 (B2), which describes a device and method for recognizing a person, and an access controller, where a facial image is used as a biometric feature, which is compared to a reference facial image stored in memory;

U.S. Pat. No. 7,299,360 (B2), which describes a system and method for comparing fingerprints, which includes the use of smart cards on which the reference prints are placed and on whose microprocessor the comparison of the read prints with the reference is performed;

U.S. Pat. No. 7,327,280 (B2), which describes a system and method for controlling traffic lights from emergency vehicles

U.S. Pat. No. 7,330,571 (B2), which describes a device and procedure for biometric verification and registration of a person's identity based on a fingerprint;

U.S. Pat. No. 7,454,041 (B2), which describes a person recognition system in which data about people is collected and restored, and is based on a biometric feature of a face image;

U.S. Pat. No. 7,735,728 (B2), which describes an access control system that includes a data carrier reader containing identification data, a database, and a camera that takes pictures of the person and compares them to reference images in the database;

U.S. Pat. App. No. 6018739 (A), which describes a distributed personnel identification system based on fingerprint and facial biometric features;

PCT Pat. App. No. VVO2005093993 (A1), which describes the device and procedure for secure access to the equipment, based on the verification of encrypted reference data with a biometric signature obtained from the user;

U.S. Pat. App. No. 20100017856 (A1), which describes the procedure for biometric access control to a secured computer system, where user data is stored on a server;

U.S. Pat. App. No. 20100242102 (A1), which describes the process of checking biometric data using a biometric identification device and authentication system, where biometric data is combined with a PIN code or password, and the verification of biometric data is performed on the server;

U.S. Pat. App. No. 20100131765 (A1), which describes a procedure for user authentication where anonymous certificates are created based on public keys;

U.S. Pat. App. No. 20100287369 (A1), which describes a system and procedure for biometric user authentication, where the reference biometric and other personal data are stored on the device, and the verification results are digitally signed before being sent to the server;

U.S. Pat. App. No. 20110153497 (A1), which describes a system and procedure for performing secure transactions based on biometric identification, where the read biometric features are sent to the biometric module on the server, where they are compared with reference biometric features; The mentioned patent application does not deal with vehicle identification, and it differs from ours in the place of comparison of biometric features, which in our application is performed on the user's biometric-cryptographic card itself.

U.S. Pat. App. No. 20120042369 (A1), which describes a system and method for fingerprint identification where the card itself contains a fingerprint scanning module;

U.S. Pat. App. No. 20120054842 (A1), which describes a system for secure access control based on the verification of read biometric features with reference biometric features stored in a cryptographic element and where a one-time access password is generated, which is sent to the server for verification; This patent application does not deal with vehicle identification, and is limited to verifying access to banking and telematics services.

U.S. Pat. App. No. 20120054842 (A1), which describes the system and procedure for secure user authentication on the host system, where the user data does not appear in an open form, but exclusively DES encrypted, where the DES key is encrypted with a PKI encrypted public key, and where the check is performed on the server.

U.S. Pat. App. 20080071882 (A1), which describes a method for obtaining an electronic vehicle identification number

PCT Pat. App. No. VVO2011043559, which describes a method for protecting vehicles from theft as well as a method for tracking passengers in a vehicle using biometric authentication and biometric identification documents, while not dealing with vehicle identification either visually or electronically.

EPO Pat. App. 1705085 (A1), which describes a method for verifying the identity of a driver based on facial recognition to allow authorized persons to operate a vehicle. This method does not deal with vehicle identification either visually or electronically.

PCT Pat. App. VVO2012090229 (A2), which describes a system for driver authentication, vehicle control and sending vehicle data to a remote server, where driver data is stored on an identification device ("identitv dongle"). This device is not in the form of a smart card or smart medium described in this application, but is a device in itself, equipped with a modem that can communicate with a remote server. Driver authentication is not done on the card but on the device installed in the vehicle. Vehicle data does not come from the smart card as in this application, but from the vehicle's engine control unit.

DESCRIPTION OF THE INVENTION

In the following description, the invention will be presented in a simplified manner with possible implementations. The embodiments given serve to explain the principles of the invention, and in no way limit the scope of protection afforded by the claims below.

The system for automatically checking the right of access of vehicles, drivers and passengers to restricted areas and services, according to the invention, solves the above-mentioned problem of realizing a system for highly secure access of vehicles and their authorized drivers and passengers to physical objects and surfaces, fenced or unfenced, and services, as well as supply services of intangible products, energy resources and consumables, while at the same time protecting the privacy of data of authorized users, and preventing other possible abuses. In order for the user to access the system, he needs to have a smart medium, for example his personal smart card or a security module, the authenticity of which is verified by the certificates on it. This medium also contains the user's biometric data, for example a reference record of the user's fingerprint, palm print, iris, finger, palm or eye capillary network, face, signature or voice. The user confirms his identity by scanning his biometric features upon entering the vehicle or when using access to the desired resource, which are then compared with reference biometric data. A record of a biometric feature can be in the form of an image of the feature, but often due to limited resources and faster comparison, a derived record is used in which only data about key points describing the biometric feature (such as minutiae describing a fingerprint) is stored. The only thing that matters is that the record on the smart card and the record passed to the card for comparison are of the same type and that the comparison of records of that type is supported by the card. The data on the card can additionally be protected by a password that the user remembers and enters when logging into the system. The theft of the user's biometric data can be prevented by comparing the biometric data stored on the card with the scanned biometric data using algorithms that are located and executed on the smart medium itself, so for example the reference fingerprint stored on the user's smart card never leaves the card. If neither the user's smart identification document nor the security module has the necessary crypto-processor and memory for the above-described mode of operation, the reference biometric feature is compared with the one scanned on the device's processor in the vehicle. In addition to determining the authenticity of the card and the identity of the user, the system also checks the authenticity of individual parts by checking the module certificate of the subsystem in the vehicle and the subsystem at the approach to the restricted area and services.

One example of a possible use of such a system is in access control to restricted areas, roads and facilities that may or may not be fenced off and protected by gates, ramps and the like. Another example of the possible use of such a system is in the control of access to services such as energy supply or telecommunication services such as the Internet and other means of data and voice communication. Toll payments, fuel purchases and other items can also be made from the vehicle using this system as a personal biometric smart card can be linked to the user's account like a credit card.

This system relies on the methodology of symmetric/asymmetric encryption/decryption, and one of the examples of that methodology with which this system can be used is the infrastructure of public keys. PKI - Public key infrastructure).

The system for automatically checking the right of access of vehicles, drivers and passengers to restricted areas and services, according to the invention, is shown in the attached figures where the same reference marks indicate the same elements of the device and where: • Figure 1a shows a block diagram with the logical units of the system; • Figure 1 b shows an example of the physical realization of the entire system; • Figure 1c shows a block diagram with logical units of subsystems in the vehicle; • Figure 1d shows an example of driver and vehicle identification module installation; • Figure 1e shows an example of the installation of the passenger-passenger identification module; • Figure 1f shows an example of passenger identification module installation; • Figure 2a shows a block diagram with the logical units of the driver and vehicle identification module within the in-vehicle subsystem; • Figure 2b shows a block diagram with logical units of the passenger identification module within the subsystem in the vehicle; • Figure 3 shows a block diagram with the logic units of the restricted area approach subsystem. • Figures 4a, 4b and 4c show the sequence of steps in the process of checking smart media for the identification of drivers and passengers (biometric identity card, driver's license, official document, etc.), as well as vehicles (traffic ticket or similar smart

medium), to access a restricted area.

• Figure 5 shows the system used to generate the smart card certificate of the system user; • Figure 6 shows the process of generating the system user's smart card certificate.

Figure 1a shows a block diagram of the entire system with separate logical units: a subsystem located in the vehicle 101 and a subsystem for checking the right of access installed on the approach to a restricted area, i.e. access to services with a limited right of use 102. These two subsystems communicate by radio link. Subsystem for checking the right of access on access to a restricted area or access to services 102 can be connected to remote servers 103.

Figure 1b shows an example of the physical implementation of the entire system, where the subsystem 101 installed in the vehicle 104 sends data to the radio transceiver 106 of the subsystem on the approach 102. The vehicle data sent from the subsystem 101 is compared with the data obtained by processing images from the cameras 105 in the subsystem on the approach 102 or on the computer or server to which this subsystem is connected. If the data matches, the ramp or gate on the approach to the restricted area 107 can be activated or opened.

Figure 1c shows an example of an implementation of a subsystem in a vehicle 101 consisting of a driver and vehicle identification module 291 and a passenger identification module 292, 293, 294. In this implementation, the driver and vehicle identification module 291 serves as a telecommunications hub for the passenger identification module 292, 293, 294, with the limited access subsystem and services. The maximum number of passenger identification modules in the vehicle is equal to the number of seats reserved for passengers.

Figure 1d shows an example of the installation of the driver and vehicle identification module 291 subsystem in the vehicle 101 on the windshield near the rearview mirror. In the picture, the fingerprint scanner 241 is clearly visible as an example of the implementation of the biometric feature scanner, the traffic license 201, as well as the biometric driver's license, identity card or similar document 203, both in the form of a smart card, or a booklet with a contactless chip, such as a passport.

Figure 1e shows an example of the installation of an identification module in the space between the driver's and passenger's seats, which can be used to identify the driver or passenger-passenger. In this as well as in the previous picture, the fingerprint scanner 241 as an example of the implementation of the biometric feature scanner, and the biometric driver's license, identity card, passport or similar document 203 are clearly visible. The traffic license 201 for vehicle identification can be optionally used in the passenger module as well as in the driver's module, while it is not used in the other passenger modules.

Figure 1f shows an example of the installation of the passenger identification module 292 installed on the back of the seat back in front of the seat of the passenger to be identified. In this image, the fingerprint scanner 281 and the camera 298, as an example of the embodiment of the biometric feature scanner, and the biometric identity card, passport, driver's license or similar document 261 in the corresponding reader are clearly visible. The camera 298 can also be used as a detector of the presence or change of passengers on the seat. Instructions to the passenger can be displayed on the touch screen 299, which can serve as a signature scanner as an additional biometric feature, and as a keyboard for entering a personal identification number (PIN, from the English Personal Identification Number) if this data was used in the identification process.

Figure 2a shows a detailed block diagram of the driver and vehicle identification module of the subsystem installed in the vehicle. This module uses data from two sources. One of the sources is a smart medium for vehicle identification 201 (for example, a traffic license in the form of a card with a microprocessor as used for this purpose in Serbia), which is read in a medium reader 202 (for example, a smart card reader). Data about the vehicle 104 (type, make, model, color, license plate, body number) and about the medium 201 itself (digital certificate digitally signed by the organization that issued the smart medium) are stored on this medium 201. Another source is a smart medium for driver identification 203 (for example, a driver's license, ID card or official identification card equipped with a suitable memory and microprocessor) which, in addition to the record of the driver's reference biometric feature, may have implemented algorithms for comparing the scanned and reference biometric feature. The smart driver identification medium 203 is read in the digital record reader 204. The driver and vehicle identification module of the subsystem in the vehicle, in addition to the aforementioned readers, also contains a biometric feature scanner 240, which may contain a fingerprint scanner 241, a digital camera for imaging the face or iris 243, a signature scanner 242, a voice recording device 244 and the like. The detector of the presence or absence of the driver on the driver's seat of the vehicle in the optoelectronic, piezoelectric or other version 208 enables the repetition of the identification process when the driver is changed, that is, after his departure from the vehicle seat 104. The subsystem in the vehicle 101 contains its own memory and processing unit 200 for managing the processes of communication, data processing and identification, including the comparison of scans with biometric features stored on the smart medium if the same cannot be done within the smart medium; an interface for radio communication 250 with a device for controlling access to a protected area or services with limited right of use accessed by the user 102; and through which the user accesses other protected resources, for example servers 103; optionally, the subsystem in the vehicle 101 can also contain a security module 205, which on an additional, third smart medium 206 (for example of SAM type - the English abbreviation of "Security Access Module") contains digital certificates digitally signed by organizations authorized to collect data from identification media for drivers 203 and vehicles 201, in order to avoid impersonation of a fake subsystem in the vehicle and misuse of the data collected in this way identification data; optionally, the subsystem in the vehicle 101 can also contain a keyboard 224 or a touch screen 222 for entering a password 225, if the procedure for accessing a restricted area and services foresees the possibility of entering a password; optionally, the in-vehicle subsystem may also include voice communication equipment, ie, a microphone 232 and a speaker 231 or headset with authorized persons in an organization that controls access to a restricted area or services. The driver and vehicle identification module 291 within the in-vehicle subsystem 101 may also include status indicators 223 and displays 221 and 222, as well as a vehicle interlock unit 210 in the event that the driver identification process does not result in a match of the scanned biometric features or password with the data stored on the smart driver identification medium. This module 291 is connected to the passenger identification modules 292, 293, etc., which it manages and whose output data it forwards via the radio communication interface to the subsystem on the approach to the restricted area and services 102.

Figure 2b presents a block diagram of the passenger identification module. This module is almost identical to the driver and vehicle identification module, and contains all functional blocks except for the smart media reader for vehicle identification, the radio-communication interface and the engine control unit, i.e. the vehicle lock. This module uses a smart medium for passenger identification 261 (for example an ID card, passport, driver's license or official ID card equipped with a suitable memory and microprocessor) which, in addition to the record of the driver's reference biometric feature, may have implemented algorithms for comparing the scanned and reference biometric feature. The smart medium for passenger identification 261 is read in the digital record reader 262. The passenger identification module in the vehicle, in addition to the above-mentioned reader, also contains scanners of biometric features 280, which can include a fingerprint scanner 282, a digital camera for imaging the face or iris 285, a signature scanner 283, a voice recording device 286 and the like. The detector of the presence or absence of the passenger 267, on the seat of the vehicle where he previously registered, can be implemented as an optoelectronic, piezoelectric, electromechanical or optical sensor and enables the repetition of the identification process when the passenger changes the seat, i.e. after his departure from the vehicle seat 104. This module 292 contains its own memory and processing unit 260 for managing communication, data processing and identification processes, including comparing scans with biometrics stored on a smart medium markings if the same cannot be done within a smart medium; interface for communication290 with the driver and vehicle identification module291 and through which data is exchanged with the subsystem at the approach to the protected area or services with limited right of use; optionally, this module can also contain a security module 263, which on an additional, second smart medium 264 (for example SAM card type) contains digital certificates digitally signed by organizations authorized to collect data from identification media for passengers 261, in order to avoid setting up a fake subsystem in the vehicle and misuse of identification data collected in this way. Optionally, the passenger identification module 292 can also contain a keyboard 274 or a touch screen 272 for entering a password 275, if the identification procedure through a smart medium foresees the possibility of entering a password; optionally, the passenger identification module may also contain equipment for voice communication, ie a microphone277 and speaker276 or headphones, with authorized persons in the organization that controls access to the restricted area or services. The passenger identification module 292 within the subsystem in the vehicle 101 may contain status indicators 273 and displays 271 and 272. This module 292 is connected to the driver identification module 291, which controls it and which forwards its output data via the radio communication interface to the subsystem on the approach to the restricted area and services 102.

Figure 3 shows a block diagram of the subsystem installed at the approach to the restricted area, ie services 102. This subsystem contains one or more cameras301 that scan the visual features of the vehicle (registration marks, type, brand, model, color, logo); implemented image comparison algorithms (for example comparing logo images with reference logo images in the database, or vehicle images with a reference previously scanned image of that vehicle or reference two-dimensional or three-dimensional images of the vehicle model) and algorithms for license plate extraction and optical character recognition in license plates; own processing unit and memory for executing these algorithms 300; interface for radio communication with the vehicle 322; optionally, an interface for communication321 with the servers and databases of the organization authorized to check access rights; optionally, passageway release devices 302 , ramps, gates, turnstiles or the like, or a communication interface thereto; optionally, the subsystem at the approach to the restricted area or services may also contain a security module310, which contains digital certificates digitally signed by organizations authorized to collect data from identification media for drivers203 and vehicles201, in order to avoid the installation of a fake subsystem102 at the approach to the restricted area or services and misuse of the identification data collected in this way. This digital data can be stored on a hard disk, but also on a SAM card311 or another medium.

Figures 4a, 4b, 4c show the sequence of steps in the process of checking smart media with records about the driver (biometric identity card, driver's license, official document, etc.) and about the vehicle (traffic ticket or similar smart media) in order to access a restricted area or services.

Figure 4 shows a part of the access control algorithm that verifies the authenticity of the smart medium for driver identification and the right of its holder to use it. The verification process starts with the user starting the reading401 of his smart medium203 in the reader 204. This can be achieved by inserting the smart medium203 into the slot provided for this purpose in the reader204 for the purpose of data exchange, the driver's license is easily mentioned explicitly in step401, any other biometric document can be used instead, including the security module206 if reference biometric features are stored on it. Data exchange is done through electrical contacts on a smart medium203 (an example of such a medium is the biometric ID card in Serbia), or by bringing the smart medium203 closer to the antenna of the reader204 (an example of such a medium is the Serbian biometric passport) in order to enable radio transmission of data. The steps for passenger identification are the same as steps 410 and 420 in Figure 4 and step 430 in Figure 4b.

Checking the right of use at this stage of the access control process, i.e. identification of the driver or passenger, can be achieved by a request to enter a password or a personal identification number (eng. PIN) that the reader 204 can display via the indicator 223, on the regular screen 221, on the touch screen 222 or by a voice message through the speaker 231. Checking the right of use via the password 410 is an optional step in reading the digital record from the smart medium for identification. driver or passenger. The password or PIN 225 is entered 411 via the keyboard 224, the touch screen 222 or by voice through the microphone 232. The password or PIN 225 from one of the above-mentioned inputs (222, 224, 232) comes to the central processing unit, i.e. the microcontroller 200 of the subsystem in the vehicle 101, from where 412 is forwarded via the reader 204 smart medium for driver or passenger identification 203. The PIN or password 225 entered on the microprocessor of the smart medium 203 is compared 413 with the PIN or password stored in the memory of the smart medium 203. If the entered data 225 is identical to the stored data, the smart medium is unlocked 414 for further operation, and the result of the comparison 413 from the smart medium is sent via the reader 204 415 to the central processor 200 subsystem in the vehicle 101. The central processor 200 sends the result of the comparison 413 to one or more audiovisual outputs 221, 222, 223 or 232 and decides on further steps 416 depending on the result of the comparison 413. In case the result of the comparison 413 is negative, i.e. if the input 225 and the stored PIN or password do not match, the process returns to a request to re-enter a password or PIN 411, or to reinsert or approach 401 the smart medium for driver identification 203 to the reader 204. In the event that the input 225 and the stored PIN or password match, the process of reading the smart medium 203 in the reader 204 can continue. This completes the optional check 410 of the right of the holder of the smart medium 203 to use the same 203.

The next step shown in Figure 4a is a part of the access control algorithm that performs authentication 420 of the smart medium for driver or passenger identification 203. In this step, the smart medium sends 421 its digital certificate to the central processing unit, i.e. the microcontroller 200 in Figure 2a. The central processing unit 200 compares the received digital certificate with a list of smart media digital certificates stored on non-volatile memory to which the central processing unit has access, for example on the hard disk within the device or on the SAM card 206. If the digital certificate from the smart media does not match any certificate stored on the non-volatile memory, the processor 200, via the audiovisual outputs 221, 222, 223 or 232, sends the user an error message and invites him to re-insert the corresponding card, i.e. returns him to step 401, where he optionally disables the use of the vehicle by sending a signal to the engine control unit 210. In this way, the number of smart media for driver identification, for example driver's licenses in the form of a smart card, and their authorized holders, i.e. drivers who have the right to use the vehicle, is narrowed. If the digital certificate from the smart medium matches one of the certificates stored on the non-volatile memory, for example on the SAM card 206, this stage of the algorithm ends, and the process of checking the right of access continues with the steps of biometric verification of the driver and authentication of the smart medium for vehicle identification described in Figure 4b.

Part of the process of the right of access described in Figure 4b consists of checking the driver's or passenger's biometric features 430 and the process of downloading data from the smart medium for vehicle identification 437 with the verification of the matching of the certificate 440 from the smart medium with the data stored on the non-volatile memory of the subsystem in the vehicle 101. In this step one or more biometric features of the driver or passenger are scanned 431 by a suitable sensor from the group of audiovisual inputs 240 to the in-vehicle subsystem 101. For example, a camera 243 may scan a face or iris, a fingerprint scanner 241 may scan a finger 245, a signature scanner 242 may record a driver or passenger's signature 246, and a voice recording device 244 may record a voice. The central processing unit or microcontroller 200 forwards these scanned data 432 to the reader of the smart medium 204 for their comparison with the appropriate reference biometric mark or marks stored on the memory of the smart medium 203. Namely, it is preferable that the algorithms for biometric comparison 433 are executed on the microprocessor of the smart medium 203, because in this way the reference biometric marks never leave this medium. 203, which reduces the possibility of their theft and unauthorized use. In case this is not possible, the reference biometric features can be stored on the SAM 206 security module and compared on it. If this is also not possible, the reference features must be stored at least temporarily on the memory of the reader 204 or the central processing unit 200, which is a security risk due to the connection of these parts of the subsystem in the vehicle 101 with the outside world, via the radio communication interface 250. Additional security in this optional step is provided by the digital signing 434 of the results of the comparison of biometric features, which is performed by the smart medium for identifying the driver or passenger 203, that is, the security module 206, with its private signing key. This ensures that the comparison result in the vehicle subsystem 101 is authentic and not tampered with by unauthorized and malicious modification of the subsystem 101. The central processing unit 200 reads 436 the comparison result, optionally with its prior decryption and signature verification. If the result of the biometric comparison is negative or if it is unintelligible or if the signature check has failed, the user is directed to rescan the biometric features 430 via the audiovisual outputs 221, 222, 223 or 232, with an optional blocking of the vehicle by sending a signal to the engine control unit 210.

If the result of the comparison of the scanned and reference biometric feature 436 is positive, and if it has previously successfully passed the decryption and signature verification steps, the person being verified, in this case the verified authorized user, driver or passenger, is directed via audiovisual outputs 221, 222, 223 or 232 to the next stage shown in Figure 4b, the purpose of which is to download and verify data from the smart medium for vehicle identification 201.

If the presence of a smart medium 201, for example a traffic permit in the form of a smart card, has not already been detected by the subsystem in the vehicle, it is requested via the audiovisual outputs 221, 222, 223 or 232 to insert it into the reader 202, or, if it is contactless (RFID), to bring it to the antenna of the reader 202. This is described in Figure 4b as a mandatory step 437, which enables the reading of data on to the vehicle from the smart medium 201. If the data from the smart medium for vehicle identification 201, for example the name of the authorized person, the vehicle data or the digital certificate 440 of the medium (for example traffic permits) matches the data stored on the subsystem in the vehicle 101 or on its security module 206, as well as if the data from the smart medium for driver identification is verified by at least one successful comparison in steps 410, 420 or 430, vehicle can be started in the option in which it is controlled by the engine control unit 210. Even if this option is not present, the subsystem in the vehicle 101 stores data ready for exchange with the system installed at the approach of the restricted area or services 102 until the detector of the presence of the driver indicates the absence or change of the driver, which would lead to the request to repeat the entire procedure of checking the driver and the vehicle described in Figures 4a and 4b.

Also indicated in Figure 4b is the possibility of using optional data authentication 440 from a smart vehicle identification medium. It can be done both by sending the certificate 441 from the smart medium for vehicle identification 201 to the subsystem in the vehicle 101, i.e. its central processing unit 200 and comparing it 442 with the certificate stored on the device 101 or the security module SAM 206, as well as by checking the digital signature of data from the medium 201, if it enables digital signing of data, in a manner analogous to that of biometric features signed, as described in step 434 in the same figure.

At the end of the process described in Figures 4a and 4b, the subsystem in the vehicle 101 stores data, the sending of which to the subsystem installed at the approach to the restricted area or services 102 can be initiated at the request of this subsystem 102. Malicious replacement of the authenticated driver by an unauthorized person is prevented by the presence detector of the driver 208, which registers the departure or change of the driver from the driver's seat of the vehicle. This detector can be implemented as an electromechanical, piezoelectric or optoelectronic sensor in or on the seat, or as an optical sensor or camera 243, where any of these sensors is connected to the central processing unit 200 of the subsystem in the vehicle 101. If the driver presence detector, for example the camera 243 with a suitable image processing algorithm that can be executed on the processor 200, indicates the absence or change of the driver, the subsystem in the vehicle 101 would request via audio-visual outputs 221, 222, 223 or 232 to repeat the entire driver and vehicle verification process described in Figures 4a and 4b, optionally stopping the engine or preventing the engine from starting via a signal sent from the processor 200 to the engine control unit 210.

It is important to note that the fulfillment of the authentication and identification steps from Figures 4a and 4b, which precedes the procedure for checking access to the area and services in Figure 4c, enables smooth driving, because any of the steps 401, 410, 420, 430, 437 and 440 can be performed before starting the engine or before entering the vehicle into traffic, while potentially malicious replacement of the person behind the wheel is detected by checking the presence or absence of the driver with optical, electromechanical, piezoelectric or optoelectronic sensor 208.

Figure 4c shows the procedure for checking the right of access of the authorized vehicle and the driver to the restricted area and services, assuming that the driver's authentication using the identification smart medium and the vehicle's identification have already been performed in accordance with the steps described in Figures 4a and 4b. When the vehicle 104 enters 461 radio signal range of the restricted area approach and services subsystem (abbreviated PPOP) 102, the on-vehicle (PV) subsystem and the PPOP exchange digital certificates 462 to establish communication trust. In the same step, when exchanging certificates, PPOP generates a symmetric key and sends it encrypted with the public key PV. Public key encryption is used to keep this information known only to these two parties, as only the PV has a private key (located on one of the three smart media, 201, 203, 206) that can decrypt this message. The symmetric key is further used for encrypted communication between PV and PPOP in both directions. All messages exchanged below are first signed with the sender's certificate and then encrypted with a symmetric key. During each session, PPOP generates a new symmetric key unique to that session in order to avoid possible abuses and ensure communication secrecy. The PPOP is connected to the issuing organization of one of the 3 smart media, 201, 203, 206, for example SAM 206. This allows the PPOP to access the digital certificate of the corresponding smart media, which can be stored in the non-volatile memory of the PPOP itself or pulled via a remote database server accessible via interface 321. The PPOP will provide the pull of the digital certificate for that vehicle system, whose access right it controls, by will identify the corresponding certificate in the database or on its own non-volatile memory thanks to the identification data (eg license plate number) previously sent from the vehicle as part of the certificate exchange process. After establishing secure communication, PPOP sends a request to send data about the vehicle and driver 463, and PV sends data464 that PPOP checks by analyzing images 465 of the vehicle 104 obtained by the camera 105 or 301. By analyzing the images, data such as license plate numbers, vehicle category, vehicle color, as well as vehicle make and, in some cases, model can be automatically obtained. This data is compared on the processing unit 300 of the PPOP approach subsystem 102 with the reference data from the smart medium for vehicle identification 201 sent in the previous step 464 of this algorithm. If these reference and scanned data do not match 467, access to the restricted area and services is disabled. If the reference and scanned data match 467, it is checked whether the driver and the vehicle are authorized468 to access the restricted area and services. If the result of this check is positive469, access to the restricted area or services is enabled 470, otherwise it is blocked. Also, any absence or absence of the driver 450 disables access while the entire process of checking access rights described in Figures 4a, 4b, 4c is repeated.

Digital certificates are used to ensure high security in communication between two parties. By sending the certificate, the owner of the certificate proves his identity to the other party in the communication. A digital certificate of a smart medium is a document that contains the name of the holder or owner of the smart medium, the holder's asymmetric public key for encrypting data intended for the holder and decrypting data sent by the holder, the name of the certification body that issued the certificate and the smart medium, the digital signature of the certification body and other identification data. In order to explain how in practice digital certificates are created and stored on smart media, Figure 5 shows a block diagram of the system for generating certificates on smart media. The parts of that system are a smart media that is shown in the picture as the user's driver's license 203, but it can also be a smart media for vehicle identification such as a traffic license with a chip, a SAM module and the like, then a smart media reader 510, which is also a smart media record editor, a computer in the production process 520 to which the reader 510 is connected, as well as a certification body (eng. CA - Certificate Authority) 530. The certification body530 represents an entity that issues digital certificates, which in practice is a computer under the control of the organization that issues the certificates, protected from theft, alteration and falsification of data either physically or by IT or telecommunication means. Therefore, it is understood that the certification body530 is trusted by both parties who want to establish communication (eng. trusted third party), both the owner of the certificate and the one who relies on that certificate to verify the identity of the owner and the authenticity of his messages. It is important to remember that both parties, and in this application they are the subsystem at the approach to the restricted area and services (PPOP)102 as one party, through a certificate recorded on a device or on a smart medium311, and the subsystem in the vehicle101 through at least one smart medium201 203 206 (SAM modules, driver's, traffic licenses, official identification cards, passports, etc.) are connected to the organization that issued these certificates and their corresponding smart released the media.

Figure 6 shows the process of generating a certificate for use on a smart medium. The procedure in Figure 6 is executed when issuing a document in the form of a smart medium to its user, and therefore precedes subsequent access controls. This image also explains where the certificates and keys that are stored on the protected non-volatile memory of the smart media come from. The generation of a pair of private and public keys611 is performed on the smart medium itself201, 203 or 206, upon request initiated on the computer in the production process520 and forwarded to the smart medium through the reader-editor 510. The private key or secret key is stored exclusively in the place where it was generated, that is, on the protected non-volatile memory of the smart medium. This memory is accessible only to the cryptographic processor on the smart medium, and its contents cannot be revealed by reading the digital record of the smart medium by readers, including readers used in the production and verification process (202, 204, 207, 312, 510). The holder of the smart medium, i.e. the owner of the key, uses his private key for encryption and digital signing of data. This data can be available on the smart medium itself to the outside world, or it can be entered from the outside world onto the smart medium for encryption and digital signature. This type of private key protection guarantees that encrypted or signed data originates from its owner. The public key is used to decrypt data and is publicly available to parties interested in communicating with its owner. The public key is assigned to interested parties as part of a digital certificate, along with identification data about its owner. The recipient of a digitally signed or encrypted message uses the sender's public key for decryption and thus verifies that the message originates from the owner of the key. In addition to generating a private and public key on the smart medium, it is necessary to confirm that the smart medium was issued by an organization that guarantees its authenticity. Therefore, after creating the private and public key on the non-volatile memory of the smart medium, the computer in the production process520 creates a request to the certification body for signing the certificate (eng. CSR - Certificate signing request)612. Before sending, the computer in the production process 520 through the reader 510 delivers this request to the smart medium 203. The smart medium through its cryptographic processor digitally signs this request 614 with its previously generated private key. The signed request 615 is forwarded via the reader 510 to the computer in the production process 520. The computer 520 then addresses the certification body 530 with a request for issuing a certificate 616. The certification body 310 generates a certificate 617 and sends it to the computer in the production process 618. The computer forwards the certificate 619 via the smart reader 510 to the smart medium 203. Thus, during each access rights check, the smart the medium can send its certificate signed by the certification body. The recipient, for example PPOP, will be able to verify the authenticity of this certificate by checking the signature of the certification body with the public key of this body. This implies that the recipient is connected to an organization that controls the certification body and that can deliver its public key to all interested parties, including him.

The described system for automatically checking the right of access of vehicles and drivers to restricted areas and services ensures the implementation of a system for highly secure access to areas or services with restricted right of use, while preserving the privacy of authorized users, and preventing other possible abuses.

Claims (10)

1. The system for automatically checking the right of access of the vehicle, driver and passengers in the vehicle includes: a mobile subsystem in the vehicle that collects biometric data about the driver and passengers, as well as data from smart media that identify the driver, passengers and the vehicle; within the in-vehicle subsystem, the driver and vehicle identification module and passenger identification modules; within the subsystem in the vehicle, a security module with its own processing unit, working, program and protected memory that stores identification data of the subsystem in the vehicle, private and public key as well as a digital certificate that authenticates the subsystem in the vehicle to other parts of the system; within the module for identification in the subsystem in the vehicle, scanners of biometric features, which scan the biometric features of the user who accesses the restricted area, i.e. services; within the module for identification in the subsystem in the vehicle, readers of smart media through which the system communicates with smart media that carry data about the driver, passengers, the vehicle and about the subsystem in the vehicle itself; within the module for identification in the subsystem in the vehicle, a smart medium with its own processing unit, working, program and protected memory, which contains identification data about the vehicle; within the module for identification in the subsystem in the vehicle, smart media with their own processing units, working, program and protected memory, which contain identification data about the driver and passengers; within the vehicle and driver identification module of the in-vehicle subsystem, a processor unit for processing, with working memory, program memory and communication channels through which it is connected to scanners of biometric features, smart media readers, passenger identification modules and a stationary subsystem for checking the right of access to a restricted area and services; within the passenger identification module of the subsystem in the vehicle, a processing processing unit, with working memory, program memory and communication channels through which it is connected to biometric feature scanners, smart media readers and the driver and vehicle identification module; a stationary subsystem installed at the approach to a restricted area and services that checks the right of access of vehicles, drivers and passengers to the area and services it protects, and that establishes a connection via a radio communication channel with a mobile subsystem with which it exchanges digital certificates for mutual authentication; indicated that the stationary subsystem scans the visual features of the vehicle and wirelessly receives digitally recorded data from the vehicle identification document read in the vehicle itself, and compares the scanned and read data in order to verify the vehicle's identity, and based on the results of the comparison, decides on the right of access to the vehicle; and to wirelessly receive data read in the vehicle from smart media for driver and passenger identification, as well as data created by comparing biometric data scanned in the vehicle with corresponding biometric data stored on smart media, carried out in order to verify the identity of the driver and passenger, and based on the results of the comparison, decides on the right of access of people in the vehicle to a restricted area or services; and to decide on the right of people in the vehicle to use the vehicle, either at the entrance or at the exit from the restricted area, based on the data delivered from the vehicle or from the databases with which it is connected. 2. The system according to claim 1, characterized by the fact that the comparison of biometric data is performed on a smart identification medium on which the biometric data is stored. 3. The system according to claim 1, characterized in that the comparison of the reference biometric data stored on the smart identification medium with the scanned biometric data is performed on the security module. 4. The system according to claim 1, characterized in that the comparison of the reference biometric data stored on the smart identification medium with the scanned biometric data is performed on the processing unit. 5. The system according to claim 1, characterized by the fact that the mobile subsystem is authenticated by smart identification media with a digital certificate. 6. The system according to claim 1, indicated by the stationary subsystem, checks the certificate of the mobile subsystem in the vehicle by asking the certification body that issued it. 7. The system according to claim 1, indicated by the stationary subsystem, checks the certificate of the mobile subsystem in the vehicle locally, based on the list of invalid certificates. 8. The system according to claim 1, characterized in that the messages exchanged between the stationary and mobile subsystems are digitally signed and encrypted. 9. The system according to claim 1, indicated by the stationary system, prevents unauthorized persons or vehicles from entering the restricted area or exiting the restricted area using a ramp, mobile barrier, gate or similar obstacle controlled remotely. 10. The system according to claim 1, characterized by the fact that the mobile subsystem automatically detects a change of driver or passenger in a certain seat in the vehicle and initiates a re-identification procedure of the driver or passenger after each automatically registered change.