The following patent was granted by
the US Patent Office. We've listed the application
below for your information.
Below is the complete US Patent Office
application describing the pending
patent in more detail, which can also be
downloaded
as a PDF file (2213KB).
You can also reference the patent online at
the United States Patent office by selecting the
following link:
US Patent Number 7,118,027 .
The patent application's contents is as follows:
Please do not hesitate to
contact us if you have
any questions, etc.
| United States Patent |
7,118,027
|
|
Sussman
|
October 10, 2006
|
Method and system issue an electronic
visa of a foreign visitor at a country's foreign consular
premises
Abstract
This invention integrates with a country's customs and
immigration system to issue an electronic visitor's visa,
and to validate periodically, electronically a visitor's
visa within the country's borders. A computer-encoded visa
card is created and issued to the visitor at the country's
overseas consulate. Pertinent visa application information
is embedded in the issued card. Cryptographic technology is
used with the card to maintain privacy, as well as to reduce
fraud and other misuse. The card is used as the visitor's
official identification document whilst in the country.
During the visitor's stay, at specified intervals, the
visitor registers with self-service kiosks, which are placed
at various locations within the country. The kiosks are
securely integrated with the customs and immigration
database.
| Inventors: |
Sussman; Lester (Bethesda, MD) |
| Appl. No.:
|
10/841,863 |
| Filed:
|
May 10, 2004 |
| Current U.S. Class: |
235/375 ; 235/382 |
| Current International Class: |
G06F 17/00 (20060101); G06K 5/00 (20060101) |
| Field of Search: |
235/375,487,492
|
References Cited
[Referenced By]
U.S. Patent Documents
Other References
Ellen Groves, "To Make A Quick I.D., Play It By Ear", Apr. 12, 2004, p. 92, Businessweek, USA. cited by other
.
Panko, "Basic Error Rates", 1997, pp. 1-3, http://panko.cba.hawaii.edu/HumanErr/Basic.htm, USA. cited by other
.
USA Nonimmigrant Visa Application, DS-156, pp. 1-2, U.S. Dept. of State, Feb. 2003, USA. cited by other
.
Transaction Team 1500 Brochure, Oct. 2002, pp. 1-2, HHP, USA. cited by other
.
Issues & Elements of Credit Card Receipt & Signature Management, pp. 1-6, 17, ING@NICO, USA. cited by other.
|
Primary Examiner: St
Cyr; Daniel
Parent Case Text
CROSS REFERENCE TO RELATED APPLICATIONS
This is a continuation-in-part of
U.S. application Ser. No. 10/771,008,
filed on Feb. 4, 2004.
Claims
What is claimed:
1. A distributed immigration and non-immigration visa issuing and validation system for a visitor's visa application to visit, study or work in a visited country, comprising:
a)
a computer encoded card;
b) a plurality of first computers comprising:
i) a means for capturing a plurality of first biometric data from said visitor, said plurality of biometric data including a facial photograph of said visitor,
ii) a means for
entering first textual data,
iii) a means for storing said first biometric data and said first textual data on said computer encoded card;
iv) a means to communicate in a multiplicity of foreign languages on said first computers, wherein said visitor
selects a language to communicate with said first computers from said multiplicity of languages;
v) a means to translate said first textual data from said multiplicity of foreign languages to a language used by said visited country, said translation of
said first textual data are second textual data;
c) a first computer server remotely located from said first computers comprising:
i) a first database system,
ii) a plurality of programs for interacting with said first database system;
d) a first
communications network interconnecting said first computers to said first computer server;
e) wherein said computer encoded card includes a first unique identifier;
f) wherein said first computers store said first biometric data, said first textual
data and said second textual data in said first database system located on said first computer server system using said first communications network;
g) wherein said first textual data and said second textual data includes information about said
visitor's stay in said visited country and additional data.
2. The system of claim 1 wherein said first biometric data selected from the group consisting of a fingerprint, a photograph and a retina scan.
3. The system of claim 1 wherein said computer encoded card comprising:
a) a memory, said memory storing said first biometric data, said first textual data and said second textual data;
b) said first unique identifier visible on face of said
computer encoded card;
c) said facial photograph printed on face of said computer encoded card;
d) a magnetic stripe, wherein said magnetic stripe storing third textual data, said third textual data uniquely identifying said computer encoded card and
said visitor;
e) other descriptive and contact information visible on face of said computer encoded card.
4. The system of claim 1 wherein said first communications network comprising a secure network, wherein said secure network selected from the group consisting of X.25, dedicated telecommunication lines, satellite VSAT network and a virtual
private network over the Internet.
5. The system of claim 1 wherein said first biometric data, said first textual data and said second textual data stored in said first database system is accessed using said first unique identifier.
6. The system of claim 1 wherein said first computer selected from the group consisting of a computer terminal, a personal computer and a self-service computer kiosk.
7. The system of claim 1 wherein said first database system residing in said visited country.
8. The system of claim 1 wherein said computer encoded card selected from the group consisting of a smartcard and a laser card.
9. The system of claim 1 wherein said means for entering said first textual data comprises a keyboard displayed on said first computer screen in one of said multiplicity of foreign languages, selected by said visitor, said first computer screen
comprising a touch-screen input means.
10. A distributed immigration and non-immigration visa issuing and validation system for a visitor's visa application to visit, study or work in a visited country, comprising the steps of:
a) collecting first biometric data and additional first
data from said visitor with a first computer by a visa issuing authority in a foreign country;
b) said first data collected in a first language selected by said visitor from a multiplicity of foreign languages used to communicate with said first
computer, and said first data translated into a common language used by said visited country from said first language by said first computer, said translated language data are translated second textual data;
c) transferring said first biometric data,
said additional first data and said translated second textual data from said first computer to a second computer using a first communications network, said second computer comprising a first database system, said first database system residing in said
visited country;
d) storing said first biometric data, said additional first data and said translated second textual data in said first database system;
e) validating said first biometric data using a multiplicity of watch-list databases;
f)
validating said other first data and said translated second textual data;
g) issuing a computer encoded card to said visitor, provided said validating steps are approved by said visa issuing authority, said computer encoded card comprising a first
unique identifier, said first biometric data, said other first data and said translated second textual data;
h) using said computer encoded card to board transport carriers to said visited country;
i) using said computer encoded card to enter said
visited country in conjunction with a valid passport;
j) validating said visitor by collecting second biometric data using a third computer, said validating comprising transferring said second biometric data to said first database system and comparing
said second biometric data with said first biometric data stored in said first database system and said first biometric data stored in said computer encoded card;
k) instructing said visitor to check-in with a first self-service computer terminal by a
predetermined date, said first self service computer terminal located in a plurality of locations in said visited country;
l) connecting said self-service computer terminal to said first database using a second communications network;
m) using said
computer encoded card to check-in with said first self-service computer terminal;
n) accessing said first database system by said self-service computer terminal, using said first unique identifier, said first unique identifier read from said computer
encoded card;
o) validating said visitor by collecting third biometric data using said first self-service computer terminal, said validating comprising transferring said third biometric data to said first database system and comparing said third
biometric data with said first biometric data stored in said first database system and said first biometric data stored in said computer encoded card;
p) using said computer encoded card in said visited country as a personal identity means.
11. The system of claim 10 wherein said watch-list databases comprise undesirable persons selected from the group consisting of said visited country law enforcement databases, an originating country law enforcement databases, an Interpol
database, a multiplicity of intelligence services databases and said visa issuing authority databases.
12. The system of claim 10 wherein said second communications network comprising a secure network, wherein said secure network selected from the group consisting of X.25, dedicated telecommunication lines, satellite VSAT network and a virtual
private network over the Internet.
13. The system of claim 10 wherein said means for collecting said first textual data comprises a keyboard displayed on said first self-service computer terminal screen in one of said multiplicity of foreign languages, selected by said visitor,
said first self-service terminal computer screen comprising a touch-screen input means.
14. A distributed immigration and non-immigration visa issuing and validation system for a visitor's visa application to visit, study or work in a visited country, comprising the steps of:
a) collecting first biometric data and additional first
data from said visitor with a first computer by a visa issuing authority in a foreign country;
b) said first data collected in a language selected by said visitor from a multiplicity of foreign languages used to communicate with said first computer and
translated into a common language used by said visited country by said first computer, said translated language data are translated second data;
c) transferring said first biometric data, additional first data and said translated second data from said
first computer to a second computer using a first communications network, said second computer comprising a first database system, said first database system residing in said visited country;
d) storing said first biometric data, said additional first
data and said translated second data in said first database system;
e) validating said first biometric data using a multiplicity of watch-list databases;
f) validating said other first data and said translated second data;
g) issuing a computer
encoded card to said visitor, provided said validating steps are approved by said visa issuing authority, said computer encoded card comprising a first unique identifier, said first biometric data, said other first data and said translated second data;
h) using said computer encoded card to enter said visited country;
i) validating said visitor by collecting second biometric data using a fourth computer, said fourth computer comprising a mobile computer operated by a visited country immigration
official whilst said visitor is waiting in an immigration entry queue;
j) reading said first biometric data, said other first data and said translated second data from said computer encoded card by said fourth computer,
k) said validating comprising
transferring said second biometric data, said additional first data and said translated second data to said first database system and comparing said second biometric data with said first biometric data, said other first data and said translated second
data stored in said first database system and said first biometric data, said additional first data stored and said translated second data in said computer encoded card;
l) using said computer encoded card in said visited country as a personal identity
means.
15. The system of claim 14 wherein said mobile computer is connected to said first database system using a secure wireless network, wherein said wireless network selected from the group consisting of Bluetooth, IEEE 802.16, IEEE 802.11, IEEE
802.11a, IEEE 802.11b, IEEE 802.11d and WCDMA.
16. The system of claim 14 wherein said first communications network comprising a secure network, wherein said secure network selected from the group consisting of X.25, dedicated telecommunication lines, satellite VSAT network and a virtual
private network over the Internet.
17. The system of claim 14 wherein said first biometric data, said first textual data and said translated second data stored in said first database system is accessed using said first unique identifier.
18. The system of claim 14 wherein said first computer selected from the group consisting of a computer terminal, a personal computer and a self-service computer kiosk.
19. The system of claim 14 wherein said first database system residing in said visited country.
20. The system of claim 14 wherein said computer encoded card selected from the group consisting of a smartcard and a laser card.
Drawings
Select the following links to
view the associated figures:
Description
CROSS REFERENCE TO RELATED APPLICATIONS
This is a continuation-in-part of
U.S. application
Ser. No. 10/771,008, filed on Feb. 4, 2004.
TECHNICAL FIELD
This invention relates to computer service kiosks and
computer encoded cards, specifically, this invention relates
to a country's consulate's or embassy's service kiosk that
is used to question and gather information from a person who
is requesting a visa to enter and visit the said country.
The issued visa is encapsulated in a smartcard.
BACKGROUND OF THE INVENTION
Since the tragedy of Sep. 11, 2001 (9/11), the US has
been revising its methods and systems for issuing visas to
foreign visitors. Newspapers have reported that a number of
the 9/11 hijackers entered the US on fraudulent visas ("
Some
9/11 Hijackers Got Into the U.S. With Fraudulent Visas", AP,
Jan. 26, 2004). Furthermore, even prior to 9/11, theft and
fraudulent use of passports were common. The US has tackled
this problem in a number of ways, which are now briefly
discussed.
After 9/11, the US Congress imposed a deadline of
Oct. 26, 2004 for 27 industrialized countries to issue
computer-coded passports for their citizens wishing to
travel to the United States. This requirement is problematic
in that the solution relies on other nations, rather than
being under the control of the US. This invention addresses
this issue in conjunction with the requirement of
computer-coded travel documents.
In January 2004, the
US Department of Homeland
Security (DHS) implemented a new system at 115 airports and
14 seaports, which is designed to confirm the identity of
arriving foreign visitors. The new system is called the
US-VISIT program, i.e. the United States Visitor and
Immigrant Status Indicator Technology. Further information
on the US-VISIT program can be found at
www.dhs.gov/interweb/assetlibrary/USVisitRegulation1-5-04.pdf
Today the primary focus of US-VISIT is on entry. By
the end of 2005, it is planned that entrance and exit
procedures will be phased in at all border entrances in the
US. Currently 30 airports implement the exit portion of the
program.
The US-VISIT uses scanning equipment to collect
biometric identifiers, specifically digital fingerprints and
digital photos of a person's face.
Data collected from foreign visitors is securely
stored as part of a visitor's travel record. Upon exiting
the US, visitors check out at kiosks by scanning their
passport or visa and repeating the fingerprint scan.
The stored information will be available to
authorized officials and law enforcement agencies and will
help verify compliance with visa and immigration policies.
The information, e.g. the scanned fingerprints, will be
checked against a database of known and suspected terrorists
and other undesirables.
Two other existing US visitor systems are currently
in place that use optical memory-based cards. The first
system is the
US Permanent Resident Card system. The second
system is the
Border Crossing Card system implemented by the
Department of State. These systems do not use a computer
kiosk to issue and verify the optical cards, as the present
invention teaches.
A potential problem arises when a visitor overstays
his visa. An article titled "
Criminal aliens at large a
`crisis`" (The Washington Times, Feb. 11, 2004) highlights
the problem and consequences of criminal visitors
disappearing in the US, after deportation orders were
initiated. The common global phenomenon of terrorist sleeper
cells is another consequence of this problem.
In the current system, this overstay will be caught
if he exits the country. It is possible that a warrant for
visitor's arrest could be issued because the central
database has detected a visitor's overstay. The problem is
then locating the individual. The majority of visitor visas
are issued for a period of six months. Within six months, it
is possible for a visitor to fraudulently change his
identity. The invention proposes to close many of these loop
holes.
SUMMARY OF THE INVENTION
The invention integrates with a country's foreign
visitor visa issuing system and process that is primarily
the domain of the country's consular affairs. Visas are
applied for and issued in foreign countries at various
consulates and at the embassy of the issuing country.
The issuance of electronic visas includes:
The visa's applicant using a computer kiosk at the
country's overseas consulate.
The computer kiosk gathers all pertinent data from
the applicant in the applicant's language and translates the
responses into standardized English for US authorities.
Data gathered includes the applicant's biometrics,
such as a digital passport-type photo, fingerprints and
other biometrics that may be required, e.g. a retina scan,
etc.
The applicant's pertinent entered data is verified
and checked against various Watch-lists, e.g. criminal and
terrorist undesirables.
Storing an original copy of the visitor's immigration
(or non-immigration) information in a central, secure
database system--information, which is to be embedded in the
visitor's issued computer encoded card (i.e. a visitor visa
card), provided a visa is granted.
Once the applicant's data has been verified, an
electronic visa is issued at the consulate in the form of a
visitor visa card, in which pertinent immigration
information is embedded.
Use of cryptographic technology with the visitor visa
card is used to reduce fraud and other misuse.
The applicant is notified to collect her visitor visa
card visa at the consulate.
Prior to boarding an aircraft, ship, etc., the
visitor's visitor visa card visa is scanned by pertinent
authorities to verify its integrity and association with the
holder.
A self-service, automated kiosk/terminal, i.e. a
Visitor-Visa Automated Teller Machine (ATM)/Kiosk with which
the visitor interacts (i.e. checks in) at her issuing
consulate/embassy, Port-of-Entry, Port-of-Exit, etc. The
kiosk is also distributed at various locations within the
country.
Secure integration of an ATM terminal/computer kiosk
with the customs and immigration database.
The visitor's check-in periodicity depends upon
visitor's visa type and length of stay in the country.
BRIEF DESCRIPTION OF THE
DRAWINGS
FIG. 1A is a block diagram of the various components
of the present invention's embodiment of a Visitor-Visa
Automated Teller Machine/Self-Service Kiosk which is located
at various consulates around the world.
FIG. 1B is a block diagram of the various components
of the present invention's embodiment of a Visitor-Visa
Automated Teller Machine/Self-Service Kiosk which is located
at various locations in-country, including Port-of-Entry and
Port-of-Exit.
FIG. 2 is a flow chart of the various processes
embodied by the present invention.
FIG. 3A is a schematic of the front face of the
invention's computer encoded visa card, i.e. the
Visitor-Visa card.
FIG. 3B is a schematic of the rear face of the
invention's computer encoded visa card, i.e. the
Visitor-Visa card.
DETAILED DESCRIPTION OF THE
INVENTION
Below is a table of contents, listing the various
major sections of the detailed description of the invention.
Before continuing to describe the invention in more
detail, we first consider a quick overview of available
cryptography.
1.0) Cryptography for Verification,
Integrity and Confidentiality
Two key cryptographic technologies that the preferred
embodiment of the invention uses are public key and
conventional cryptography to ensure three things:
(1.1) To verify the integrity of the Visitor-Visa
Kiosk 1,
(1.2) Confidentiality of the data transmitted between
the Kiosk 1 and the Central Database 2 and
(1.3) That the data has not been altered during
either transmission between the Kiosk 1 and the Central
Database 2, as well as not being altered whilst stored on
the Visitor-Visa card 400.
Conventional cryptography is also called secret key
or symmetric key cryptography. The
Data Encryption Standard
(DES),
Triple Des and
Message Digest 5 (MD 5) are examples
of
symmetric key cryptography.
Message digests are the representation of
alphanumeric text in the form of a single string of digits,
created using a one-way hash function. Encrypting a message
digest with a private key creates a digital signature, which
is an electronic means of authentication.
Use of secret keys to encrypt data is much faster
than public key encryption, but the problem of using
symmetric keys is the safe distribution of the keys between
transaction partners, e.g. from a central office to remote
offices where the Visitor-Visa Kiosk 1 is stationed. This
key distribution is solved using public key cryptography.
Public key cryptography is an asymmetric method that
uses a pair of keys for encryption: a public key that
encrypts data and a private key (i.e. secret key) that
decrypts the data. The public key is openly distributed. The
key's owner keeps the private key secret. The secret key
cannot readily be derived from the public key. Furthermore,
if the key owner digitally signed the data using his private
key, then the signature can be verified using the key
owner's openly distributed public key.
The present invention uses cryptography to digitally
sign the information stored on the Visitor-Visa card 400.
Public key cryptography (i.e. Public Key Infrastructure or
PKI) is used to communicate between a central office and the
remotely located Kiosk 1 machines.
A Digital Certificate is an attachment to an
electronic message used for security purposes. The most
common use of a digital certificate is to verify that a user
sending a message is who she claims to be, and to provide
the receiver with the means to encode a reply. An individual
wishing to send an encrypted message applies for a digital
certificate from a
Certificate Authority (CA). The CA issues
an encrypted digital certificate containing the applicant's
public key and a variety of other identification
information. Note that in the preferred embodiment of the
invention, the CA would most probably be an issuing
authority within the government. The CA, in the preferred
embodiment of the invention, makes its own public key
readily available via distribution on a secure network. The
recipient of an encrypted message uses the CA's public key
to decode the digital certificate attached to the message,
verifies it as issued by the CA and then obtains the
sender's public key and identification information held
within the certificate. With this information, the recipient
can send an encrypted reply. The most widely used standard
for digital certificates is
X.509.
Various implementations of cryptography are used in
the invention's preferred embodiment, such as Netscape's
Secure Socket Layer (SSL), the
IETF's
OpenPGP, the
Message
Digest 5 (MD5), etc.
Note that because this invention would be used by the
government, any cryptographic standards that the government
uses would be implemented in the invention. In the US, the
National Institute of Standards and Technology lists
government standards for smartcards on a web site at
smartcard.nist.gov. The Government Smart
Card-Interoperability Specification is freely available from
this web as the "NIST Interagency Report 6887-2003 edition
Version 2.1".
The invention's embodiment relies on cryptography as
described in further detail in the book titled "Applied
Cryptography" (second edition), by Bruce Schneier.
We now consider the various hardware components of
the invention before we discuss the process of the invention
and its use of various components.
2.0) Visitor-Visa Card
The present invention includes the creation of an
electronic visa card, which incorporates an identity card,
i.e. the Visitor-Visa card 400 (see FIG. 3A and FIG. 3B).
FIG. 3A depicts the front view of the Visitor-Visa
card 400. This card 400 becomes an ID card, as well as a
computer-encoded visa for the visitor during the visitor's
in-country stay. Furthermore, the card 400 can be used as an
official identification document by airlines, hotels, banks,
etc. The card 400 includes the following features:
(2.1) The card's physical format is similar to a
credit card issued by various banks, etc. The primary reason
for this is so that it can fit easily in a visitor's purse,
wallet, etc. Furthermore, the person is more likely to
securely store the card 400, whilst it's in his possession.
(2.2) A unique identification number 403 is embossed,
or printed on the front of the card 400 (see FIG. 3A), as
well as on the rear of the card (see FIG. 3B). This card
identification number 403 is associated with the visitor's
database 2 record. Technically, it is set up as an alternate
database record key, i.e. the visitor's database record can
be accessed directly by using this identifier 403.
(2.3) A card logo 402 is present on the front face of
the card to provide easy identification of the card type,
i.e. versus a person's credit card, etc. This logo can also
be implemented as an anti-fraud measure, e.g. using a
hologram picture, etc.
(2.4) Further card type identification information is
provided on the card 400, namely specific card type text
404. In FIG. 3A, the example given is "US-VISIT CARD ID".
This information is available on both sides of the card 400.
This information can be embossed, or printed on the card
400. Other visual card type indicators include the
representation of the issued visa type, i.e. US B1, B2, H1,
H2, J1, J2, etc. This visual indicator can be, for example,
by using color encoding of the card, or simply text printed
on the card face 400.
(2.5) If the visitor requires assistance, e.g.
locating a Visitor-Visa Kiosk 1 machine (more about this
later) as depicted in the "Locate Visitor-Visa Kiosk in
City", block 22 in FIG. 2, the visitor can call the number
listed on the Help line 405, which is listed on the front of
the card 400.
(2.6) A preferred embodiment of the invention
includes a smart integrated circuit, i.e. a smart-chip 401
on the card 400. This smart-chip 401 is similar to the
technology used in today's smartcards. An example of a
smartcard is the
ASECard Crypto from Athena. This smartcard
provides Public Key Infrastructure (PKI) encryption
technology to data stored on the card.
The invention uses the smart-chip 401 to store
information about the visitor, using encryption technology
to reduce the potential for fraudulent abuse of the card
400. The ASECard Crypto has up to 3 KB of non-volatile RAM
to store information. As is common with integrated circuit
technology, the size of memory will increase over time, and
hence more data will be able to be stored in the
smart-chip's memory.
Other electronic card technologies could as easily be
used by the invention. An example of such a technology is
the optical laser card, e.g. the
Drexler Technology
Corporation's Lasercard. The advantage to using an optical
laser card is that it can hold a larger amount of data, e.g.
two megabytes. Optical laser cards are used today in
frequent US border crossings on the Mexican border. The
security measures embedded in smartcards is preferable in
the preferred embodiment of the invention, but the invention
does not rule out the use of optical laser cards, or any
other available, portable digital data storage technologies.
(2.7) The visitor's photo 408 is printed directly
onto the front face of the card 400.
(2.8) Use of the smart-chip 401 on the card 400 could
be replaced by using a magnetic stripe 406, for example, on
the rear face of the card (see FIG. 3B), as is used by
today's credit cards, etc. Standard technology on today's
magnetic stripe cards has three tracks on which data can be
encoded. The first track allows seventy-nine (79)
alphanumeric characters to be encoded, the second track
allows forty (40) numeric characters to be encoded, and the
third track allows one hundred and seven (107) numeric
characters to be encoded. As can be seen, the smart-chip 401
allows more data storage on the card 400 than a magnetic
strip 406. Note that in the use of an optical laser card,
pertinent memory is used.
(2.9) The rear face of the card 400 (see FIG. 3B)
also includes information 407 that can be used to return the
card 400 if it is lost by a visitor and found by another
person.
3.0) Visitor-Visa Automated Teller Machine (Kiosk)
FIG. 1A and
FIG. 1B depict block diagrams of the
various components of the invention's Visitor-Visa Kiosk 1.
The difference between FIG. 1A and FIG. 1B is that FIG. 1A
is used in the various consulates, and other officially
authorized visa issuing stations, to issue a Visitor-Visa
card 400, whereas FIG. 1B represents the Kiosks used
in-country to verify the visitor's visa status, at
Port-of-Entry, Port-of-Exit and at various other locations
throughout the visited country.
The primary difference is the fact that the
embassy/consulate's Kiosk in FIG. 1A requires a Visitor-Visa
card dispenser 7a, whereas the Kiosk in FIG. 1B simply
requires a Visitor-Visa card scanner (reader) 7b. It is
obviously possible to have the Kiosk in FIG. 1B having the
means to generate a smartcard as well. For descriptive
purposes, this distinction is kept in the description of the
invention.
The Visitor-Visa Kiosk 1 is similar, for example to
the various ATMs that banks provide their customers. The
invention's Visitor-Visa Kiosk 1, includes the following
components:
(3.1) A digital camera 3 that is used to verify the
identity of the person using the Kiosk machine 1. The
resolution (i.e. dpi) of this camera 3 is similar to the
resolution of the digital camera used to photograph the
visitor at the originating consulate. This is important in
order to compare the original digital image with the Kiosk 1
captured digital image.
(3.2) Memory 4 to store both programs that control
the Kiosk 1, as well as memory to process data received via
the various interfaces of the Visitor-Visa Kiosk 1.
(3.3) A digital fingerprint scanner (i.e. reader) 5
that is used to scan in (i.e. read) the fingerprint to
verify the identity of the person using the Kiosk 1. The
resolution (i.e. dpi) of this fingerprint scanner 5 is
similar to the resolution of the digital fingerprint scanner
used to scan the visitor at the originating
consulate/embassy. This is important in order to compare the
original digital image with the Kiosk 1 captured digital
image. Note that if other forms of biometrics (e.g. retina
scans, DNA sampling, ear-photo ["To Make a Quick I.D., Play
It By Ear", Business Week, p.92, Apr. 12, 2004], etc.) were
used, then the relevant biometric scanner would be
incorporated into the Kiosk 1.
(3.4) A processing unit, i.e. a CPU 6 and associated
circuitry that controls all the various electronic
components of the Visitor-Visa Kiosk 1. Note that the
Visitor-Visa Kiosk 1 could simply be implemented as a
standard computer, e.g. a MS-Windows, or Linux PC, or any
other available computer system.
NCR's
EasyPoint (TM) 41
self-service kiosk runs under various Microsoft operating
systems, including Windows (TM) NT and XP.
(3.5) A card dispenser 7a in FIG. 1A is present in
the Kiosks at the various consulates, or other official visa
issuing stations. This component is used to issue the
Visitor-Visa card 400 to a valid visa applicant. The card
dispenser 7a component includes a physically secure safe
that holds the computer encoded cards for issue, i.e.
similar to a bank's ATM's cash dispenser. Physical security
of non-issued computer encoded cards is critical to
defending against potential fraudulent abuse.
For Kiosks that are located in-country, a card
scanner (i.e. reader) 7b is part of the Kiosk rather than
the dispenser 7a. The card scanner 7b scans (i.e. reads) the
Visitor-Visa card 400 that was initialized during the
"Initialization At Consulate" 19 process. The card scanner
7b is able to read information stored in either the card's
magnetic stripe 406, and/or the card's smart-chip 401. If an
optical lasercard, or any other data storage technology is
used, then the card scanner 7b would be able to read the
data stored in the card's memory.
(3.6) A display unit 8 (e.g. a computer screen) on
which to display messages for the visitor. The preferred
embodiment of the invention uses a touch-screen display. The
display 8 is also used to display an interactive keyboard if
information is required to be entered by the visitor. The
display of a multitude of language alphabets is relatively
easy using such a touch-screen keyboard.
Note that a physically, separately installed keyboard
could be part of the Kiosk 1, but for a number of reasons
this option is not used in the invention. Two reasons
opposed to using a physical, mechanical keyboard include (a)
it would be very difficult to accommodate the various
alphabets of the multitude of global languages on a, e.g.
PS/2 keyboard and (b) a physical keyboard would increase the
maintenance and potential mechanical problems arising from
such a device.
One other note at this point is that the present
invention does not exclude the use of computerized audio,
person-computer interaction (i.e.
computer voice recognition
technology), rather than a visual menu system on the display
8 with the visa applicant via the Kiosk 1.
(3.7) A network interface 9 is provided so that the
Visitor-Visa Kiosk 1 can interact over a secure network 10
with the Central Database 2, as well as other needed
computer and communications systems. The secure network 10
can be implemented as a private network (e.g. via
X.25,
dedicated telecommunication lines, satellite
VSAT network, a
wireless network, etc.), a
virtual private network over the
Internet, etc.
(3.8) A printer 11 is available to print any
messages, directions, and other information on a piece of
paper 12 for the visitor to take away with her.
(3.9) A signature capture terminal 13 is used to
input an applicant's signature that is required on all
relevant documents. For example, on the U.S. Department of
State form DS-156, the Nonimmigrant Visa Application form,
an applicant's signature is required. An example of a
signature capture terminal is the
Transaction Team
(TM) 1500
from HHP.
These signature capture terminals are common in
today's point of sales credit card transactions. Today
signatures captured in this manner are commonly accepted.
Furthermore, the legality of such signatures is clearly
defined in the Uniform Commercial Code Section 1-201(39).
Other components not shown in FIG. 1A and FIG. 1B
include a visible marker (e.g. markers in the shape of
footprints) on the ground, or elsewhere, on which the
visitor is to stand, etc. in order to be within the focal
length of the digital camera 3. Although not used in the
preferred embodiment, it is possible to include a component
in the Visitor-Visa Kiosk 1 that can electronically measure
the height and/or weight of the visitor and to process the
information accordingly.
Each Visitor-Visa Kiosk, i.e. in FIG. 1A and in FIG.
1B has a unique Digital Certificate embedded in its memory 4
(not depicted in FIG. 1). This certificate is used to
uniquely identify the Kiosk 1, used in secure communications
with the Central Database 2 (e.g. via SSL), as well as being
used to encode any information for transmission. The digital
certificate is used similarly as a digital certificate is
used in electronic commerce (e-commerce) on the Internet
today. Note that the present invention does not exclude
other means for uniquely identifying the Kiosk 1, e.g. using
a computer
MAC address, etc.
Furthermore, the public-key that was used to issue
the Visitor-Visa card 400 at the consulate is stored in
memory 4 as well for in-country Kiosks (i.e. as in FIG. 1B).
This public-key (or set of public keys from various
consulates, each with their own unique public key) is used
to verify the digital signature stored on the Visitor-Visa
card 400.
4.0) Visitor-Visa Process
We now consider the visitor visa card process and
system in more detail. The visa process starts with the
"Initialization At Consulate", block 19 in FIG. 2.
4.1) Initialization At Consulate--Block 19 in FIG. 2
This initial step (i.e. visitor registration) in the
process includes the digital photographing and
fingerprinting, or other biometric information gathering of
the visitor. The information is gathered at the consulate in
the visitor's country of origin, using a computer Kiosk 1
(see FIG. 1A). This information is stored 100 by each Kiosk
1 in a Central Database 2, which is remotely located from
each of the Kiosks. The Central Database 2 is securely
networked to each of the Kiosks. The Central Database 2 is
controlled by a server computer (not shown in diagrams), and
a variety of software running on the server.
Note that because of the dispersed location of the
issuing Kiosks around the globe at various consulates, it
may be necessary to initially store the applicants' data
locally within the consulate before transmitting it to the
Central Database 2, i.e. store-and-forward computer
technology processing. This process is not depicted in the
diagrams.
The visa applicant is shown an available Kiosk 1 by a
consulate staff. The Kiosk 1 has markings (not illustrated
in FIG. 1A nor FIG. 1B) as to where the person needs to
stand, or be seated depending on the ergonomics of the Kiosk
1, in order to appear correctly within the focal length of
the Visitor-Visa Kiosk's digital camera 3. The consulate
staff initially assists the applicant in the use of the
Kiosk 1, as well as initially selecting the applicant's
language of choice, in which all the displayed information
on the kiosk's screen 8 (display unit) will be communicated.
It is also the language in which the alphabet on the kiosk's
touch-screen keyboard is displayed. This language preference
is stored in the Kiosk's Memory 4 as part of the visa
applicant's record.
The CPU 6l retrieves the relevant language menus that
are pre-stored in the Kiosk's memory 4. The reason for this
is obvious, i.e. to minimize any potential communications
problems with the visitor regarding any conveyed
instructions, etc. Note that it is possible for the
invention to simply store in memory 4, say the English menu
system, and then to programmatically translate to the
visitor's preferred language. The preferred embodiment of
the invention uses the simpler method of pre-storing menus
in all of the accepted foreign languages. This reduces the
need and expense for today's relatively sophisticated
language translation software to be embedded in the Kiosk 1.
The first thing that the Kiosk 1 does is to collect
the applicant's biometric data, e.g. via the kiosk's Digital
Camera 3 and Digital Fingerprint Scanner 5. All information
gathered from the visa applicant is temporarily stored in
the kiosk's Memory 4 as part of the applicant's record. The
first message to appear on the Kiosk's display 8 is for the
visitor to remove any headgear, sunglasses, etc. that could
interfere with the facial identification of the person.
Next, the person is informed that a photo will be taken.
Preferably, a countdown indicator is displayed on the
display 8 informing the visitor of the imminent photo
taking.
After the digital photo has been taken, the visitor
is prompted via the Kiosk's display 8 to place his pertinent
finger on the surface of the digital fingerprint scanner 5.
His fingerprint is digitally scanned in and temporarily
stored in memory 4. Other biometric information is collected
at this stage, provided, that such biometrics are part of
the personal validation process.
The date and time of the transaction, as well as the
identification number of the Visitor-Visa Kiosk 1 is
recorded in Memory 4 as part of the applicant's record.
Amongst the various reasons for this step is for auditing
purposes.
The visa applicant is then prompted on the display
unit 8 to enter all pertinent data for his visa application.
Any data that are deemed imperative is a required field on
the data entry system of the Kiosk 1. If the applicant
refuses, or cannot enter the required data, a number of
actions take place. Firstly, the applicant is prompted
whether they need personal assistance. If this is in the
affirmative, then the consulate personnel are notified that
assistance is required by the applicant at a specific Kiosk
1. On the other hand, if the applicant does not have the
required data in-hand, then they can elect to suspend the
visa application process and return at a later date. Another
option is simply for the applicant to abandon the visa
application and walk out of the consulate. In the latter two
options, the applicant's record in Memory 4 is tagged with a
pertinent reason code and the kiosk session is terminated.
At no point is the applicant allowed to continue with the
visa application unless the current required field is
satisfied. This simple, commonly available computer data
entry technique of using required fields, reduces the
possibility of an incomplete visa being issued to an
applicant.
If during a visa application, the applicant needs to
submit additional paperwork, then the Kiosk 1 would
communicate this requirement. The paperwork could be
submitted in a number of ways, for example:
(a) The Kiosk 1 could have a facility for the
applicant to submit the paperwork to in a supplied envelope,
which is appropriately labeled/tagged for tracking purposes.
(b) Alternatively, a consulate staff member is called
by the Kiosk 1 and collects the pertinent paperwork from the
applicant.
The applicant's record in memory 4 is accordingly
updated, e.g. with the ID number of the consulate staff who
collected the paperwork, or with the supplied envelope's tag
identifier.
Once the visitor has submitted all of his required
information, the visitor's temporary data record stored in
the Kiosk's memory 4, is sent to the Central Database 2, via
a secure network 10. In FIG. 2, this step in the process is
identified as "Log Visit in Central Database", block 101.
Depending upon the speed that the system can process
the verification of the applicant's data, the applicant may
have to be notified to return later whilst her application
is being processed. On the other hand, if the system is
highly responsive, then the visa applicant could wait at the
consulate whilst her application is being processed.
A program at the Central Database 2 then processes
the received visa applicant's information. A key part of the
processing is a check against criminal, terrorist and other
undesirable watch-list databases. These databases could
include those of Interpol, intelligence agencies, national
and local law enforcement, etc. It is also possible for the
watch-lists in the applicant's country to be checked. This
would assist countries in curbing criminals escaping being
brought to justice.
The next step in the visa application process is
similar to the later check-in process, which is depicted in
block 25 in FIG. 2, i.e. the "All's Well?" symbol. The
following scenarios are possible:
(4.1.a) If a problem is encountered, e.g., the
visitor's biometric, or other identification data is found
in a watch-list database, then a pertinent anomaly message
is returned to the consulate, which the applicant visited in
applying for the visa. The consulate staff would then take
appropriate action, e.g. direct the applicant to a personal
interview with a skilled consulate staff member. The
applicant's record in the Central Database 2 is tagged
accordingly, as well as with any other pertinent data, such
as the consulate's identifier, etc.
Another problem that could be encountered could be
that the applicant's data is unsatisfactory, e.g.
insufficient funds may be available for the visitor's
planned stay in the US., etc. In this case, a message is
communicated to the consulate. Once again, the visitor's
Central Database 2 record is tagged as problematic, with the
appropriate code, as well as any other pertinent data. The
consulate would then contact the applicant to correct the
problem.
(4.1.b) On the other hand, it is possible that
authorities have tagged the visitor's pre-existing Central
Database 2 record as "need to apprehend". In this case, a
message is communicated to the consulate, and/or if a
trusted relationship exists between the US and the
originating country, then the country's law enforcement
could be notified as well. Once again, the visitor's Central
Database 2 record is tagged as problematic, with the
appropriate code, as well as any other pertinent data.
(4.1.c) For most visitors, no problems would be
encountered. The Central Database 2 visa application program
sends a message to the consulate to issue the applicant's
visa, i.e. in the form of a Visitor-Visa Card 400.
Other possible "All's Well?" scenarios could exist,
and even though they are not described here, they are not
excluded from the present invention.
Even though the preferred embodiment of the invention
does not specify the following process, it nevertheless
could be incorporated into the system. This process relates
to the pre-application part of the visa application. Today
an applicant must report to the nearest embassy or consulate
to apply for a visa. The wait in line is generally very
long. Even though the use of multiple kiosks will speed up
the process, data entry prior to using a Kiosk 1 is briefly
discussed. It is possible to allow the visa applicant to
apply via the Internet. This step would allow the applicant
to enter pertinent data, say via a web site on the internet,
preferably via secure connection (e.g. using SSL). The
applicant would then be given a confirmation number, which
she would then use when applying at the consulate's Kiosk 1.
The applicant still needs to apply at a Kiosk 1 at an
embassy or consulate. The reason is primarily to gather
biometric data from the applicant, which for obvious
reasons, is preferably done at the consulate or embassy. The
confirmation number that was given to the applicant via the
online web site is then entered when continuing the process
at a Kiosk 1. A great amount of time would be saved by
having most of the visa application's data already entered
into the system.
We now consider the case in which the applicant's
visa has been granted. The purpose of the Visitor-Visa Card
400 is similar to the use of a state driver's license in the
US, i.e. a means of personal identification. Today the
visitor primarily has his passport as a means of
identification when visiting a foreign country.
In the preferred embodiment of the invention, the
visitor's photo 408 is directly printed onto the front face
of the card 400. This makes the card 400 representative of a
foreign visitor's in-country id document. Note that it is
possible to embed the visitor's date of entry (see Table 1,
item [2]) in the photo. This feature would help simplify the
visual validation of the visitor's authorized stay in the
country.
Table 1 illustrates the type of data stored on this
card 400, when using the smart-chip 401, or other technology
that can store a large amount of data, such as a lasercard.
This information is also stored (see "Log Visit in Central
Database", block 100 in FIG. 2, via the on-page connector
"60") in the Central Database 2.
| 1) |
Last Name, Middle Initial[s], First Name |
Visitor's full name. |
| 2) |
Date of Entry Date |
(e.g., MM/DD/YY) on which the card was created
and issued at the overseas consulate. |
| 3) |
Visitor-Visa Card Number |
This unique identification number 403 is
embossed on the front of the card 400, as well as on
the rear of the card (see FIG. 3B). This card
identification number 403 is associated with the
visitor's database 2 record. This number is also
stored on the card's smart-chip 401 memory and/or
magnetic stripe 406. |
| 4) |
Length of Stay |
Authorized length of stay in country. For
example, a B2 visa could have a six-month stay. |
| 5) |
Visa Type |
Visa classification, e.g. B2, H1-B, J1, M1, etc.
This data could be encrypted to be used only by
authorized personnel. |
| 6) |
Digital Photo |
Copy of digital photo. |
| 7) |
Height |
Self-explanatory. |
| 8) |
Color of Eyes |
Self-explanatory. |
| 9) |
Color of Hair |
Self-explanatory. |
| 10) |
Language(s) |
Visitor's language of preference, as well as
others that the visitor understands. This language
will be used on the display unit 8 of the Kiosk 1
when the visitor interacts. |
| 11) |
Other Data |
Other data needed for the visa checking process,
e.g. issuing consulate code, Country of Origin,
Residential Address, Residential Phone Number,
visitor's weight, Passport #, Occupation, Signature,
etc. |
| 12) |
Digital Fingerprint |
Copy of scanned digital (encrypted) fingerprint.
Encrypted to be used only by authorized personnel. |
| 13) |
Digital Signature |
Digital signature of the above information
(e.g., [1] to [11]) to prevent fraudulent change of
information. |
TABLE 1 - Visitor's Information Description
Other information could also have been gathered at
the time of the visa application, e.g. the person's weight
could be entered by having the visitor unobtrusively be
standing on a weight scale when being fingerprinted, etc.
This information would be stored in the Central Database 2,
i.e. in Table 1, "Other Data". Other data that can be
captured includes any data that is needed on the various
immigrant (e.g. US forms
I-140,
I-485, etc.) and
nonimmigrant (e.g. US forms
DS-156,
I-129, etc.) application
forms.
Referring to Table 1, some of the information is
encrypted to prevent unauthorized viewing of the specific
information. The invention does not prevent the encrypting
of other, or all of the information. The primary purpose of
the card 400 is for use of the identification of the
visitor, as well as ensuring that the visitor does not
overstay his visit in the country.
One example of data that would be encrypted for
privacy, would be data that is voluntarily entered about the
applicant's health. For example, the applicant could include
data about her health, for example, she suffers from
diabetes, high blood pressure, allergies (e.g. to specific
medications, etc.), medications that the applicant needs,
etc. This data would be encrypted using a public key that
the relevant authorities would be able to decrypt and
extract from the card 400, e.g. Emergency Medical Teams,
hospitals, etc.
In the case where the smart-chip 401 is not used,
e.g. because of implementation costs, etc., then the
magnetic stripe 406 would be used. Unfortunately, today the
magnetic strip 406 cannot store all of the information as
described in Table 1 (see section "1] Visitor-Visa Card",
sub-section [1.7]). In this case, only the Visitor-Visa Card
Number (Table 1, item [3]) and the Digital Signature (Table
1, item [12]) is stored in the magnetic stripe 406. Note
that the Digital Signature is created at the consulate, or
other official visa issuing station, based on all of the
pertinent information depicted in Table 1, which could be
stored in a smart-chip 401, if one was used. Later for
validation purposes, the Digital Signature is centrally
validated against the original data.
The actual location of where the card's data is
gathered, encrypted and digitally signed needs further
explanation. Bearing in mind that PKI cryptography is used
in the preferred embodiment of the invention, this means
that careful consideration needs to be given to the
availability of the visa issuing authorities private key.
The private key is used to encrypt data, as well as
to create the above-mentioned Digital Signature (see Table
1, item [13]). We now consider the following possible
implementations (where encryption implies both data
encryption, as well as creating the data's digital
signature) at the consulate--listed by decreasing risk of
potential abuse:
4.1.1) Encryption at each Kiosk 1 located in the
consulate. This would require a copy of the private key to
be distributed to every Kiosk 1 in the consulate. The risk
for misuse is highest in this scenario. Each Kiosk 1 would
have to be sufficiently powerful enough to handle the
encryption process in a relatively short period.
4.1.2) Encryption at a central computer server
located in each consulate, which serves the multiple Kiosks
in the consulate (see [4.1.1] above). This would require a
copy of the private key to be distributed to every central
computer server located in each consulate. The risk for
misuse is relatively high in this scenario, but much lower
than in case [4.1.1] above. The misuse risk can be mitigated
by strict control of access to the consulate's central
computer server. Furthermore, the consulate's central
computer server processing power would have to be much
larger than the above-mentioned scenario, because of the
aggregation of processing for multiple kiosks at the
consulate. Each Kiosk 1 would have to be securely networked
to the consulate's central computer server.
4.1.3) Encryption at a central computer server
located in each region, i.e. country of the consulate
service, which serves multiple consulates (see [4.1.2]
above). The obvious location of such a computer would be at
the country's embassy. This would require a copy of the
private key to be distributed to every central computer
server located in each service region, i.e. country/embassy.
The risk for misuse is much lower in this scenario, than in
both of the above cases (see [4.1.1] and [4.1.2] above). The
misuse risk can be mitigated further by strict control of
access to the embassy's central computer server. The problem
in this scenario is that the card 400 data (i.e. Table 1)
would have to be sent to the embassy's central computer
server for encryption, etc. This would require a highly
available and secure communications network between the
various consulates and the embassy's central computer
server. The embassy's central computer server processing
power would have to be much larger than the above mentioned
scenarios, because of the aggregation of processing for
multiple consulates.
4.1.4) Encryption at a central computer server
located in a single location of a country's consular
affairs, which serves multiple countries (see [4.1.3]
above). For example, this computer could be located within
the embassies' home country borders, e.g. for US embassies,
the server could be located in a Washington, D.C. facility.
This would require a single copy of the private key to be
distributed on the single central computer server. The risk
for misuse is lowest in this scenario, compared to all of
the above cases. The misuse risk can be mitigated further by
strict control of access to the single central computer
server. The problem in this scenario is that the card 400
data (i.e. Table 1) would have to be sent to the single
central computer server for encryption, etc. from all of the
Kiosks, from all over the world. This would require a highly
available; secure communications network, and relatively
large bandwidth, between the various consulates around the
world and the single central computer server. Furthermore,
the central computer server's processing power would have to
be much larger than all of the above mentioned scenarios,
because of the aggregation of processing for all consulates.
The single central computer server could be a supercomputer,
a mainframe computer, or a cluster of mainframe computers,
or a cluster of mid-size computers, etc.
Note that the problem of a reliable and secure
network could be overcome by using process and technology.
One process solution would be to collect all of the
applicant visa data from the multitude of consulates around
a specific country, and then have them sent to a central
location, e.g. the country's embassy, for transmission to
the central computer. Alternatively, technology such as VSAT
satellite networking could be used to connect the various
consulates to the embassy.
The preferred embodiment implements option [4.1.3]
above, i.e. encryption at a central computer server located
in each country (i.e. embassy, which serves multiple
consulates within a country). The card 400 data is
transferred to the country's central computer server,
pertinently encrypted and digitally signed (i.e. created in
"cryptographic state"), and then the data are returned in
the cryptographic state to the consulate's computer server
in order for a card 400 to be created and issued by one of
the consulate's Kiosks.
As soon as the applicant's encrypted visa data is
available at the consulate, i.e. the applicant's visa has
been granted, the applicant is contacted by mail, telephone,
etc. to stop by the consulate and pick up his Visitor-Visa
card 400, if this visa verification process cannot be
implemented in a relatively short period, i.e. within a few
hours.
The Visitor-Visa applicant personally comes to the
consulate to collect the card 400. To collect the card 400,
the applicant again uses the Kiosk 1 in the consulate. This
time, the applicant has his biometrics re-entered into the
system and any other data such as his name, etc. The Kiosk's
card dispenser 7a then populates a card 400 with the
approved visa applicant's data. Once the card 400 has been
created, it is ejected from the Kiosk 1 and taken in hand by
the applicant. The applicant's database record in the
Central Database 2 is updated that a card 400 has been
issued. The Visitor-Visa card's unique identification number
403, date and time of issue, place of issue, etc. is
included in the update transaction sent to the Central
Database 2.
Note that the applicant could also collect the card
400 from a staff member of the consulate, but for auditing
purposes, the preferred embodiment of the invention has the
Kiosk 1 issuing the card 400 to the applicant.
Once the Visitor-Visa Card 400 is ejected from the
Kiosk 1, the applicant can now travel to the US. If prior to
traveling to the US, the visitor loses his card 400, then he
needs to contact the consulate to initiate the "Losing a
Visitor-Visa Card" process (similar to the process described
in section 4.3 below titled "Losing a Visitor-Visa Card").
An explanation is given to the visitor, e.g. via a
pamphlet, regarding the use and relevance of the card 400.
The US visitor now simply takes his Visitor-Visa card 400
with him, along with his passport, when he travels to the
USA.
Note that the Visitor-Visa card 400 can be used by
transport carriers, e.g. airlines, as verification of the
traveler prior to boarding the carrier. The various
verification methods described in section "4.5) Check-In
With Visitor-Visa Kiosk" (Block 23 in FIG. 2) can be fully,
or partially incorporated by the transportation carriers.
One of the key goals of the present invention is to prevent
the unauthorized travel of a US bound visitor, at the
earliest point in time and location.
4.2) Verification at Port-of-Entry--Block 20 in FIG.
2
On entering the US, the visitor proceeds through the
customs and immigration process. This process, as embodied
in the present invention, builds upon the currently
implemented US-VISIT system.
The addition includes a form of the Kiosk 1,
specifically as depicted in FIG. 1B. This kiosk is
preferably placed at each immigration official's
workstation. Consequently, the physical footprint of this
Kiosk would most likely be different from the Kiosks used at
the consulates. The key reason for this difference is the
physical space limitations at each immigration official's
workstation.
The Kiosk 1 has markings (not illustrated in FIG. 1A
nor FIG. 1B) as to where the person needs to stand in order
to appear correctly within the focal length of the
Visitor-Visa Kiosk's digital camera 3.
The visitor enters her card 400 into the Kiosk's card
scanner 7.
A quick note about data entry errors. There have been
numerous studies on the error rates of people typing in
computer data. In an online paper by Panko (http://panko.cba.hawaii.edu/HumanErr/Basic.htm)
various human error rates under various contexts are
summarized. In one study by Grudin (1983), the error rate
per keystroke of professional typists was 1% per keystroke.
The Panko paper lists other data entry rates as well.
Consequently, it can be seen that the current invention's
use of minimizing data entry is advantageous.
The data retrieved from the visitor's card 400 is
temporarily stored in the Kiosk's memory 4 for processing
purposes, as well as along with the date and time of the
transaction, as well as the geographic location of the
Visitor-Visa Kiosk 1. Note that the geographic location of
the Visitor-Visa Kiosk 1 could simply be implemented as a
device id, which the Central Database 2 then translates into
the known geographic location. Pertinent scanned card 400
information is displayed on the immigration official's
workstation computer screen. This eliminates any possible
data entry errors that the official may introduce if the
immigration official had to type in the visitor's
information.
The Kiosk's CPU 6 next verifies that the visitor's
card 400 has a valid digital signature (see Table 1, item
[13]). If the digital signature is invalid, then the CPU 6
notes this information as part of the temporarily stored
data record of the visitor in memory 4. The reason for this
is that further validation of the person's identity is
required, i.e. via biometrics such as a digital fingerprint
scan and a digital photo. All anomalies and the status of
the various checks are displayed on the immigration
official's workstation computer screen.
Note that at no time does the invention forewarn the
visitor of any problems. The reason for this is not to alarm
the visitor before more data is gathered and/or the relevant
authorities are notified and have had time to act, etc.
The Kiosk 1 retrieves the language (See Table 1, item
[10]) in which the visitor prefers to communicate. The CPU 6
retrieves the relevant language menus that are pre-stored in
the Kiosk's memory 4. The reason for this is obvious, i.e.
to minimize any potential communications problems with the
visitor regarding any conveyed instructions, etc. Note that
it is possible for the invention to simply store in memory
4, say the English menu system, and then to programmatically
translate to the visitor's preferred language. The preferred
embodiment of the invention uses the simpler method of
pre-storing menus in all of the accepted foreign languages.
This reduces the need and expense for today's relatively
sophisticated language translation software to be embedded
in the Kiosk 1.
The first message to appear on the Kiosk's display 8
is for the visitor to remove any headgear, sunglasses, etc.
that could interfere with the facial identification of the
person. Next, the person is informed that a photo will be
taken. Preferably, a countdown indicator is displayed on the
display 8 informing the visitor of the imminent photo
taking.
After the digital photo has been taken, the visitor
is prompted via the Kiosk's display 8 to place his pertinent
finger on the surface of the digital fingerprint scanner 5.
His fingerprint is digitally scanned in and temporarily
stored in memory 4. If other biometrics are used in the
personal identification of the visitor, then the relevant
data are gathered at this stage.
For the casual visitor to the country, this would
suffice for the Kiosk check-in process. On the other hand,
if the visitor is say a student, then other information
could be asked to be verified by the visitor, for example,
the visitor's current residential address, place of study,
etc. (i.e. in "Other Data", Table 1). If any information has
changed, a touch-screen keyboard is displayed on the display
8, and the visitor is prompted to enter the correct
information. Other examples of longer-term foreign visitors
are temporary workers, visiting academics, political
refugees, etc.
Once the visitor has submitted all of his required
information, the visitor's temporary data record stored in
the Kiosk's memory 4, is sent to the Central Database 2, via
a secure network 10. In FIG. 2, this step in the process is
identified as "Log Visit in Central Database", block 101.
A program at the Central Database 2 then processes
the received information by comparing all the pertinent data
(see Table 1) with a copy of the visitor's identification
data (i.e. in Table 1), which was originally stored in the
Central Database 2 at the time that the visitor's card 400
was created and issued.
The next step in the check-in process is depicted in
block 25 in FIG. 2, i.e. the "All's Well?" symbol. The
following scenarios are possible:
(4.2.a) If a problem is encountered, e.g., the
visitor's digital fingerprint does not match the original
fingerprint that was originally scanned in at the consulate,
then a pertinent anomaly message is returned to the
Visitor-Visa Kiosk 1 and/or to the immigration official's
workstation screen. The official then takes the appropriate
action. The visitor's Central Database 2 record is tagged as
problematic, with the appropriate code, as well as any other
pertinent data.
(4.2.b) On the other hand, it is possible that
authorities have tagged the visitor's Central Database 2
record as "need to apprehend". In this case, a message is
communicated to the nearest law enforcement authorities to
proceed immediately to the location of visitor's Kiosk 1
location, as well as to the immigration official's
workstation screen. Once again, the visitor's Central
Database 2 record is tagged as problematic, with the
appropriate code, as well as any other pertinent data.
(4.2.c) For most visitors, no problems would be
encountered. The Visitor-Visa Kiosk 1 would then calculate
when the visitor next needs to check in, provided he does
not leave the country prior to the calculated date. As
mentioned previously above, this information is displayed to
the visitor on the display unit 8, and if a printer 11 is
available, a note 12 is printed for the visitor in his
preferred language (see Table 1, item [10]). The visitor
then proceeds to customs prior to entering the country.
Other possible "All's Well?" scenarios could exist,
and even though they are not described here, they are not
excluded from the present invention.
Once the visitor has been cleared by the customs and
immigration officials, he enters the country with his
Visitor-Visa Card 400 in-hand. An explanation is given to
the visitor, e.g. via a pamphlet, preferably in the language
that the visitor understands, regarding the use and
relevance of the card 400.
Before proceeding with the preferred embodiment of
the invention, a note is made of one alternate
implementation of the invention. This implementation
addresses the situation in which long waiting lines of
visitors are present to pass through the customs and
immigration process at a Port-of-Entry. A mobile Kiosk 1
(not depicted in any diagram) is used to gather initial data
from each visitor whilst waiting in line. This mobile Kiosk
1 would be mounted on, for example, a wheeled cart, which an
immigration official handles. Another implementation of the
mobile Kiosk 1 could be a hand-held device. The [mobile]
immigration official approaches various visitors waiting in
line and has them enter their Visitor-Visa card 400,
collects visitor biometrics, etc. In other words, this step
is similar to the visitor verification process described
above in this section. The collected visitor's data is
transmitted securely, for example wirelessly (e.g. using
existing technologies such as
WiFi
(TM),
Bluetooth
(TM),
WiMax/802.16,
WCDMA,
UMTS,
SDR,
802.11, 802.11a, 802.11b,
802.11d, etc.), to a computer server for further processing
and verification. When the pre-processed visitor reaches an
immigration official's workstation, the visitor scans her
card 400 in order to pull up her pre-processed record which
was collected via the mobile Kiosk 1 and processed/stored in
the computer server. The normal visitor verification would
then continue, i.e. current visitor biometrics have already
been entered and verified in the pre-processing stage. This
process could be used as well at land border crossings, i.e.
at land-ports, but rather officials would approach motor
vehicles and their occupants waiting in line.
4.3) Losing a Visitor-Visa Card
If the card 400 is lost, then the visitor must
immediately report its loss and go to the nearest
immigration office to generate a new card 400. In this
process, the visitor would have to pay for a new card 400.
At the time that the loss is reported, the Central Database
2 would be updated that the card 400 is no longer valid,
i.e. the Visitor-Visa Card Number 403 is invalid and the
visitor is scheduled to obtain a new card 400.
The visitor would be photographed and fingerprinted
again, as he originally was at the consulate (block 19 in
FIG. 2). The visitor's new digital photo and fingerprint
images are first compared with those stored in the Central
Database 2, that were inputted during the process of
"Initialization At Consulate" (block 19 in FIG. 2). If the
images match, then a new card 400 is generated for the
visitor and his Central Database 2 record is updated. Note
that the originally issued card's identification data
remains in the Central Database 2, but is tagged as "lost".
The reason for this is in the advent that the stolen card is
fraudulently used, it can be detected and the miscreant
apprehended. If the card 400 is returned, the database 2 is
updated, but a record is still kept of the card 400 theft in
case fraudulent use is made of the data on the card 400.
Sometimes it may be feasible to simply retire the stolen
card 400 from circulation, even if it is returned to
authorities.
4.4) Time To Check-in Block 21 in FIG. 2
At some predetermined time interval, e.g. every three
months or six months, etc. from the date of arrival in the
country, the visitor must check-in at a local immigration
office, or at a place, that has a Visitor-Visa Kiosk 1
available. The visitor can use the phone contact information
405 that is printed on the front face of the card 400 to
locate where the nearest Kiosk 1 is located.
Although not illustrated, the preferred embodiment of
the invention uses a common telecommunications technique,
which is based on a telephone 's caller-id. The number that
the visitor dials, per the contact phone number 405, is
implemented using an
Interactive Voice Response (IVR)
computer system. Firstly, the visitor is prompted to enter
his card identification number 403 using the keypad on the
phone. These instructions are printed on the pamphlet that
was given to the visitor at her Port-of-Entry (see section
[4.2] above). The number 403 is used to access the Central
Database 2 to find out what is the visitor's preferred
language, or languages. This language is then used to issue
all further instructions, etc.
The IVR computer recognizes from where the call is
placed, and if the appropriate menu option is selected (e.g.
"Where is the nearest Kiosk location?"), the system tells
the visitor where the nearest Visitor-Visa Kiosk 1 is
located.
The preferred embodiment provides this information
via the Internet as well (e.g. on a web site, which is not
illustrated). This step in the process is illustrated by the
"Locate Visitor-Visa Kiosk in City", block 22 in
FIG. 2.
Note that it is preferable for the Kiosk 1 to be in a
secure location to prevent vandalism and other abuses of the
system. Examples of such locations are as follows (see Table
2):
| 1) |
Local government offices, e.g. immigration
office, post offices, etc. |
| 2) |
Select local police stations that are located in
public areas. |
| 3) |
College campus Registrar's office or campus
police stations. |
| 4) |
Airport locations, e.g. monitored by the US
Transportation Security Administration. |
| 5) |
Train stations, e.g. monitored by railway staff.
|
TABLE 2
Locations of In-Country Visitor-Visa Kiosks
The visitor then goes to the nearest Visitor-Visa
Kiosk 1 and takes his Visitor-Visa card 400 along with him.
Note that at this stage the visitor does not need his
passport and hence can leave it stored securely at his
hotel, etc.
4.5) Check-in With Visitor-Visa Kiosk--Block 23 in
FIG. 2
Before continuing with the detailed description of
this step in the process, a note needs to be made regarding
the various data storage implementation methods of the
Visitor-Visa card 400, as mentioned above in the section
titled "4.1) Initialization At Consulate". In this section,
it was mentioned that identification information about the
visitor (i.e. Table 1) is stored in a number of
technologies, i.e. a smart-chip 401 and/or a magnetic stripe
406, or a laser-card. Because of the previously mentioned
physical data storage limitations of the magnetic stripe
406, the preferred embodiment of the invention implements
data storage on the card 400 in a smart-chip 401.
On the other hand, if a smart-chip 401 implementation
is not used, then this information would be retrieved from
the Central Database 2. This is done by retrieving the
visitor's record in the Central Database 2, using the secure
network 10 and the card identification number 403. This
record contains the original copy of all of the pertinent
identification information about the visitor that is listed
in Table 1.
After locating the nearest Visitor-Visa Kiosk 1, the
foreign visitor approaches the Kiosk 1 with his Visitor-Visa
Card 400 in-hand.
Note that the Visitor-Visa Kiosk 1 could be monitored
by video cameras to deter vandalism, etc.-- as bank ATMs are
monitored today
4.5.1) Visitor-Visa Card Verification
The Kiosk 1 has markings (not illustrated in FIG. 1A
nor FIG. 1B) as to where the person needs to stand, or be
seated depending on the ergonomics of the Kiosk 1, in order
to appear correctly within the focal length of the
Visitor-Visa Kiosk's digital camera 3.
The person enters her card 400 into the Kiosk's card
scanner 7.
The data retrieved from the visitor's card 400 is
temporarily stored in the Kiosk's memory 4 for processing
purposes, as well as along with the date and time of the
transaction, as well as the geographic location of the
Visitor-Visa Kiosk 1. Note that the geographic location of
the Visitor-Visa Kiosk 1 could simply be implemented as a
device id, which the Central Database 2 then translates into
the known geographic location.
The Kiosk's CPU 6 next verifies that the visitor's
card 400 has a valid digital signature (see Table 1, item
[13]). If the digital signature is invalid, then the CPU 6
notes this information as part of the temporarily stored
data record of the visitor in memory 4. The reason for this
is that further validation of the person's identity is
required, i.e. via biometrics such as a digital fingerprint
scan and a digital photo.
Note that at no time does the invention forewarn the
visitor of any problems. The reason for this is not to alarm
the visitor before more data is gathered, etc.
The Kiosk 1 retrieves the language (See Table 1, item
[10]) in which the visitor prefers to communicate. The CPU 6
retrieves the relevant language menus that are pre-stored in
the Kiosk's memory 4. The reason for this is obvious, i.e.
to minimize any potential communications problems with the
visitor regarding any conveyed instructions, etc. Note that
it is possible for the invention to simply store in memory
4, say the English menu system, and then to programmatically
translate to the visitor's preferred language. The preferred
embodiment of the invention uses the simpler method of
pre-storing menus in all of the accepted foreign languages.
This reduces the need and expense for today's relatively
sophisticated language translation software to be embedded
in the Kiosk 1.
The first message to appear on the Kiosk's display 8
is for the visitor to remove any headgear, sunglasses, etc.
that could interfere with the facial identification of the
person. Next, the person is informed that a photo will be
taken. Preferably, a countdown indicator is displayed on the
display 8 informing the visitor of the imminent photo
taking.
After the digital photo has been taken, the visitor
is prompted via the Kiosk's display 8 to place his pertinent
finger on the surface of the digital fingerprint scanner 5.
His fingerprint is digitally scanned in and temporarily
stored in memory 4. If other forms of biometric data are
used, then it would be gathered by the Kiosk 1 at this
stage.
For the casual visitor to the country, this would
suffice for the check-in process. On the other hand, if the
visitor is say a student, then other information could be
asked to be verified by the visitor, for example, the
visitor's current residential address, place of study, etc.
(i.e. in "Other Data", Table 1). If any information has
changed, a touch-screen keyboard is displayed on the display
8 using the visitor's preferred language, and the visitor is
prompted to enter the correct information. Other examples of
longer-term foreign visitors are temporary workers, visiting
academics, political refugees, etc.
Once the visitor has submitted all of his required
information, the visitor's temporary data record stored in
the Kiosk's memory 4, is sent to the Central Database 2, via
a secure network 10. In
FIG. 2, this step in the process is
identified as "Log Visit in Central Database", block 101.
A program at the Central Database 2 then processes
the received information by comparing all the pertinent data
(see Table 1) with a copy of the visitor's identification
data (i.e. in Table 1), which was originally stored in the
Central Database 2 at the time that the visitor's card 400
was created and issued.
The next step in the check-in process is depicted in
block 25 in FIG. 2, i.e. the "All's Well?" symbol. The
following scenarios are possible:
(4.5.1.a) If a problem is encountered, e.g., the
visitor's digital fingerprint does not match the original
fingerprint that was scanned in at the consulate, then a
pertinent anomaly message is returned to the Visitor-Visa
Kiosk 1. The Kiosk 1 then informs the visitor via the
display unit 8 that he needs to visit, in person, the
nearest Customs and Immigration office within a specified
time-period. This step is depicted by the "Visit
Visitor-Visa Office", block 80 in FIG. 2. The Visitor-Visa
office location is displayed to the visitor on the display
8, and the Kiosk's integrated printer 11 prints the location
and the specified time-period out for the visitor on a piece
of paper 12. The visitor's Central Database 2 record is
tagged as problematic, with the appropriate code, as well as
any other pertinent data.
(4.5.1.b) On the other hand, it is possible that
authorities have tagged the visitor's Central Database 2
record as "need to apprehend". In this case, a message is
communicated to the nearest law enforcement authorities to
proceed immediately to the location of visitor's Kiosk 1
location. Another message code is transmitted to the
Visitor-Visa Kiosk 1 to stall the person. The stall process
could entail asking many other seemingly related questions,
as well as displaying other information. Once again, the
visitor's Central Database 2 record is tagged as
problematic, with the appropriate code, as well as any other
pertinent data.
(4.5.1.c) For most visitors, no problems would be
encountered. The Visitor-Visa Kiosk 1 would then calculate
when the visitor next needs to check in, provided he does
not leave the country prior to the calculated date. As
mentioned previously above, this information is displayed to
the visitor on the display unit 8, and if a printer 11 is
available, a note 12 is printed for the visitor in his
preferred language (see Table 1, item [10]).
Other possible "All's Well?" scenarios could exist,
and even though they are not described here, they are not
excluded from the present invention.
4.6) Data Mining of the Central Database
The information stored in the Central Database 2,
including the check-in events of the foreign visitor, can be
searched (i.e. mined) by various authorized computer
programs. We now consider a number of these processes:
4.6.1) Check for Unusual Behavior--Block 201 in FIG.
2:
A computer program 201 runs constantly checking for
unusual behavior 200 patterns in the data collected in the
Central Database 2. Unusual behavior would simply imply
searching for anomalies such as fraudulent use of a
particular Visitor-Visa Card 400, or a visitor's overstay.
In the fraud case, it could be that a person simply
copied all the information from one card 400 to another
card. This behavior could be detected on a number of levels:
a. The same Visitor-Visa Card Number 403 is present
in the data storage memory of both Visitor-Visa cards.
b. The encrypted digital biometric images (e.g.
fingerprint and/or photo) that are stored in the Central
Database 2 are not the same as that captured at check-in
time by the Kiosk's digital camera 3, or digital fingerprint
scanner 5.
Common fraudulent document detection methods would
apply to this program 201, but are not explicitly discussed
here.
Other uses 300 (see FIG. 2) of the Central Database 2
by authorized parties include:
(4.6.2) Traffic Stop
If the visitor were pulled over by police 301 (see
FIG. 2), say for speeding, then the police officer would
scan 399 the visitor's Visitor-Visa card 400 on equipment
supplied to the police authorities (not shown in FIG. 2).
The visitor's information would then be logged and checked
102 in the Central Database 2. If any anomaly is discovered,
or the visitor's Central Database 2 record has been tagged,
the police officer can take the appropriate action.
(4.6.3) Financial Transaction Validation
The Visitor-Visa card 400 check-in process could be
modified and used in other circumstances during the
visitor's visit. For example, the card 400 can be scanned
whenever the visitor checks into a hotel, or rents a car, or
travels by rail, etc. (see block 302 in FIG. 2). Currently,
a valid ID document is required in these situations, hence
the requirement to use the Visitor-Visa card 400 would not
be exceptional.
Supplying this information could help in various
ways, including for routine crime reduction. An example of
routine crime reduction could be in the advent that a
visitor's wallet was stolen in which his credit cards and
identification documents were located. The visitor would
report the theft to the relevant authorities, including the
Visitor-Visa card 400 authorities (see above section
(4.3)
titled "Losing a Visitor-Visa Card"). The thief would then
have to use the Visitor-Visa card 400 whenever he'd use,
e.g. a credit card within the country. This process would
need the possible process modification by the credit card
companies. For example, if a credit card is used, and the
credit card number belongs to an overseas visitor (i.e. it
was issued by an overseas bank), then the visitor's
Visitor-Visa card 400 would have to be scanned as well,
rather than simply having to display the card 400 as
identification.
4.7) Check Out at Port-of-Exit--Block 110 in FIG. 2
When the visitor is ready to leave the country, he
needs to check-in one last time with a Visitor-Visa Kiosk 1.
This time, the Kiosk 1 is located within the exit process
implemented by the country's customs and immigration
authorities, i.e. at the Port-of-Exit (i.e. at airports,
seaports and land-ports).
The check out process is similar to that outlined in
the above section (4.5) titled "Check-in With Visitor-Visa
Kiosk" (Block 23 in FIG. 2), with the following exception:
the visitor's card 400 is "swallowed" by the Visitor-Visa
Kiosk 1, i.e. it is not returned to the visitor.
This card 400 "swallow" process does not apply to
certain visa types, i.e. types that are authorized for
long-term stay in the country and have not overstayed
permitted time in the country. In the US, examples of these
visa types include:
A visa--Diplomatic and other government officials,
and their families and employees.
G visa--Representatives to international
organizations and their families and employees.
J visas--Exchange Visitors and their families.
H-1B visas--Persons in a specialty occupation, which
requires the theoretical and practical application of a body
of highly specialized knowledge requiring completion of a
specific course of higher education.
L visas --Intra-company transferees who, within the
three preceding years, have been employed abroad
continuously for one year, and who will be employed by a
branch, parent, affiliate, or subsidiary of that same
employer in the U.S. in a managerial, executive, or
specialized knowledge capacity.
I-551--US permanent residents, i.e. "green card"
holders.
Numerous other immigrant and non-immigrant visa
classifications apply as well, but are not listed here.
The visitor's Central Database 2 record is updated
accordingly.
At check out, the visitor's Central Database 2 record
is checked for any anomalies before the visitor is allowed
to exit the country.
Once the card 400 has been returned to the
authorities at check out, the visitor related data on the
card 400 is erased and it is now available to be reused with
a new visitor entering the country. On the other hand, it is
as feasible to simply safely discard the card 400.
In the case where the card 400 is not "swallowed", on
re-entry to the country, the cardholder goes through a
similar process as to the one detailed in the section titled
"Check-in With Visitor-Visa Kiosk" (Block 23 in FIG. 2). The
difference in this case is that the check-in process is via
the immigration authority at a Port of Entry. The same
validation tasks, as described in section (4.2) titled
"Verification at Port-of-Entry" are undertaken to ensure
that the cardholder is correctly listed in the database 2.
* * * * *
