`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIONER FOR PATENTS
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`www.uspto.gov.
`
`
`
`APPLICATION NUMBER PILINGoF3710) GRP ART UNIT|FILFEEREC'D|ATTY.DOCKET.NO|DRAWINGS|TOT CLAIMS|IND CLAIMS
`
`60/859,235
`
`11/15/2006
`
`100
`
`W0537-701001
`
`24
`
`37462
`LOWRIE, LANDO & ANASTASI
`RIVERFRONT OFFICE
`ONE MAIN STREET, ELEVENTH FLOOR
`CAMBRIDGE, MA02142
`
`CONFIRMATION NO. 3590
`
`FILING RECEIPT
`
`Date Mailed: 11/29/2006
`
`It will not be examined for patentability and
`Receipt is acknowledged of this provisional Patent Application.
`will become abandoned not
`later than twelve months after its filing date. Be sure to provide the U.S.
`APPLICATION NUMBER, FILING DATE, NAME OF APPLICANT, and TITLE OF INVENTION when inquiring
`about this application. Fees transmitted by checkor draft are subject to collection. Please verify the accuracy
`of the data presented on this receipt.
`If an error is noted on this Filing Receipt, please mail to the
`Commissioner for Patents P.O. Box 1450 Alexandria Va 22313-1450. Please provide a copy of this
`Filing Receipt with the changes noted thereon. If you received a "Notice to File Missing Parts" for this
`application, please submit any corrections to this Filing Receipt with your reply to the Notice. When
`the USPTO processes the reply to the Notice,
`the USPTO will generate another Filing Receipt
`incorporating the requested corrections (if appropriate).
`
`Applicant(s)
`
`Kenneth P. Weiss, Newton, MA;
`
`Powerof Attorney: The patent practitioners associated with Customer Number 37462
`
`If Required, Foreign Filing License Granted: 11/28/2006
`
`The country code and number of your priority application, to be usedfor filing abroad under the Paris Convention, is
`US60/859,235
`
`Projected Publication Date: None, application is not eligible for pre-grant publication
`
`Non-Publication Request: No
`
`Early Publication Request: No
`
`** SMALL ENTITY **
`
`Title
`
`Universal secure registry
`
`PROTECTING YOUR INVENTION OUTSIDE THE UNITED STATES
`
`Since the rights granted by a U.S. patent extend only throughoutthe territory of the United States and have
`no effect in a foreign country, an inventor who wishes patent protection in another country must apply for a
`patent in a specific country or in regional patent offices. Applicants may wish to consider the filing of an
`international application under the Patent Cooperation Treaty (PCT). An international (PCT) application
`generally has the same effect as a regular national patent application in each PCT-member country. The
`PCT process simplifies the filing of patent applications on the same invention in member countries, but
`Apple 1222
`Apple 1222
`
`Page 1 of 95
`Page | of 95
`
`

`

`does notresult in a grant of "an international patent" and does not eliminate the need of applicantstofile
`additional documents and fees in countries where patent protection is desired.
`
`Almost every country has its own patent law, and a person desiring a patent in a particular country must
`make an application for patent in that country in accordance with its particular laws. Since the laws of many
`countries differ in various respects from the patent law of the United States, applicants are advised to seek
`guidance from specific foreign countries to ensure that patent rights are not lost prematurely.
`
`Applicants also are advised that in the case of inventions made in the United States, the Director of the
`USPTO mustissue a license before applicants can apply for a patent in a foreign country. Thefiling of a U.S.
`patent application serves as a request for a foreign filing license. The application's filing receipt contains
`further information and guidanceasto the status of applicant's license for foreign filing.
`
`Applicants may wish to consult the USPTO booklet, "General Information Concerning Patents” (specifically,
`the section entitled "Treaties and Foreign Patents") for more information on timeframes and deadlinesfor
`filing foreign patent applications. The guide is available either by contacting the USPTO Contact Center at
`800-786-9199, or it can be viewed on the USPTO website at
`http://www.uspto.gov/web/offices/pac/doc/general/index.html.
`
`For information on preventing theft of your intellectual property (patents, trademarks and copyrights), you
`may wish to consult the U.S. Government website, http://www.stopfakes.gov. Part of a Department of
`Commerceinitiative, this website includes self-help "toolkits" giving innovators guidance on howto protect
`intellectual property in specific countries such as China, Korea and Mexico. For questions regarding patent
`enforcementissues, applicants may call the U.S. Governmenthotline at 1-866-999-HALT (1-866-999-4158).
`
`LICENSE FOR FOREIGN FILING UNDER
`
`Title 35, United States Code, Section 184
`
`Title 37, Code of Federal Regulations, 5.11 & 5.15
`
`GRANTED
`
`if the phrase "IF REQUIRED, FOREIGN
`The applicant has been granted a license under 35 U.S.C. 184,
`FILING LICENSE GRANTED"followed by a date appears on this form. Such licenses are issued in all
`applications where the conditions for issuance of a license have been met, regardless of whether or not a
`license may be required as set forth in 37 CFR 5.15. The scope andlimitations of this license are set forth in
`3/7 CFR 5.15(a) unless an earlier license has been issued under 37 CFR 5.15(b). The license is subject to
`revocation upon written notification. The date indicated is the effective date of the license, unless an earlier
`license of similar scope has been granted under 37 CFR 5.13 or 5.14.
`
`This license is to be retained by the licensee and may be used at any time on or after the effective date
`thereof unlessit is revoked. This license is automatically transferred to any related applications(s) filed under
`37 CFR 1.53(d). This license is not retroactive.
`
`The grant of a license does not in any way lessen the responsibility of a licensee for the security of the
`subject matter as imposed by any Government contract or the provisions of existing laws relating to
`espionage and the national security or the export of technical data. Licensees should apprise themselves of
`current regulations especially with respect to certain countries, of other agencies, particularly the Office of
`Defense Trade Controls, Department of State (with respect to Arms, Munitions and Implements of War (22
`CFR 121-128)); the Bureau of Industry and Security, Department of Commerce (15 CFR parts 730-774); the
`Office of Foreign AssetsControl, Department of Treasury (31 CFR Parts 500+) and the Department of
`Energy.
`
`NOTGRANTED
`
`No license under 35 U.S.C. 184 has been grantedatthis time,
`
`if the phrase "IF REQUIRED, FOREIGN
`
`Page 2 of 95
`Page 2 of 95
`
`

`

`FILING LICENSE GRANTED" DOES NOTappear on this form. Applicant maystill petition for a license
`under 37 CFR 5.12,
`if a license is desired before the expiration of 6 months from the filing date of the
`application.
`If 6 months has lapsed from the filing date of this application and the licensee has not received
`any indication of a secrecy order under 35 U.S.C. 181, the licensee may foreign file the application pursuant
`to 37 CFR 5.15(b).
`
`Page 3 of 95
`Page 3 of 95
`
`

`

`
`
`Old'S'Ngeigl
`
`+
`
`This is a request for filing a PROVISIONAL APPLICATION under 37 CFR 1.53(c).
`
`DOCKET NUMBER: W0537-701001
`Express Mail Label No. EV 307787700 US
`Date of Deposit: November 15, 2006
`
`
`
`113260U.S.PTO60/859235
`
`“111506
`
`INVENTOR(S)/APPLICANT(S)
`Given Name(first and middle [if any])|Family Name or Surname Residence (City and either State or
`
`Foreign Country)
`
`[ ] Additional inventors are being named on the separately numbered sheet attached hereto.
`
`UNIVERSAL SECURE REGISTRY
`
`
`
`9OSELI PROVISIONAL APPLICATION COVER SHEET
`
`JCORRESPONDENCEADDRESS
`
`CUSTOMER NUMBER: 37462
`
`ENCLOSED APPLICATION PARTS(checkaif that apply)
`
`[X] Specification Number of Pages _65
`
`[X] Drawing(s) Number of Sheets _24
`
`[X] Application Data Sheet, See 37 CFR 1.76
`
`[X] Return receipt postcard
`
`{
`
`] Other (specify)
`
`The invention was made by an agencyof the United States Governmentor under a contract with an agencyof the
`United States Government.
`
`[X] No
`
`[
`
`] Yes, the name of the U.S. Government Agency and the Government Contract Numberare:
`
`METHOD OF PAYMENT(checkail that apply)
`
`[X] A check is enclosed to cover the Provisional Filing Fees, including the Application Size Fee(if applicable).
`
`[X] The Commissioneris hereby authorized to chargethefiling fee and the application size fee (if applicable) or credit
`overpayment to Deposit Account 50/2762, Ref. No. W0537-701001. A duplicate of this sheet is enclosed.
`
`[X] Small Entity Status is claimed.
`
`November15, 2006
`
`Date
`
`PROVISIONALFILING FEE AMOUNT
`
`$ 100.00
`
`Respectfully submitted,
`
`Aec ec
`
`Robert V. Donahoe, Reg. No. 46,667
`Telephone No.: 617-395-7000
`
`Send to: Commissionerfor Patents, P.O. Box 1450, Alexandria, VA 22313-1450
`
`Page 1 of 1
`797186.1
`
`Page 4 of 95
`Page 4 of 95
`
`

`

`-l-
`
`Express Mail Label No.: EV 307787700 US
`Date of Deposit: November 15, 2006
`
`UNIVERSAL SECURE REGISTRY
`
`BACKGROUNDOF INVENTION
`Field of Invention
`
`1.
`
`This invention generally relates to a method and apparatusfor securely storing
`
`and disseminating information regarding individuals and, moreparticularly, to a
`
`computer system for authenticating identity or verifying the identity of individuals
`
`and other entities seeking access to certain privileges and for selectively granting
`
`privileges and providing other services in response to such
`
`identifications/verifications.
`
`2.
`
`Discussion of Related Art
`
`Control of access to secure systems presents a problem related to the
`
`identification of a person. An individual may be provided access to the secure system
`after their identity is authorized. Generally, access control] to secure computer
`networks is presently provided by an authentication scheme implemented,at least
`
`partly, in software located on a device being employed to access the secure computer
`network and on a server within the secure computer network. For example,if a
`corporation chooses to provide access control for their computer network, they may
`
`purchase authentication software that includes server-side software installed on a
`
`server in their computer system and correspondingclient-side software that is
`
`installed on the devices that are used by employeesto access the system. The devices
`
`mayinclude desktop computers, laptop computers, and handheld computers(e.g.,
`
`PDAsandthelike).
`
`In practice, the preceding approach has a numberof disadvantages including
`
`both the difficulty and cost of maintaining the authentication system andthe difficulty
`
`and cost of maintaining the security of the authentication system. Morespecifically,
`
`the software resides in the corporation’s computers where it may be subject to
`
`tampering/unauthorized use by company employees. That is, the information
`
`technology team that managesthe authentication system has accessto the private keys
`
`associated with each of the authorized users. As a result, these individuals have an
`Page 5 of 95
`Page 5 of 95
`
`

`

`-2-
`
`opportunity to compromisethe security of the system. Further, any modification
`
`and/or upgradeto the authentication system softwareis likely to require an update to
`
`at least the server-side software and mayalso require an update of the software
`
`located on each user/client device. In addition, where the company’s computer
`
`systems are geographically distributed, software upgrades/updates may be required on
`
`a plurality of geographically distributed servers.
`
`There is also a need, especially in this post September 11 environment, for
`
`secure and valid identification of an individual before allowing the individual access
`
`to highly secure areas. For example, an FBI agent or an air marshal may needto
`identify themselvesto airport security or a gate agent, without compromising security.
`
`Typically such identification may comprise the air marshal or FBI agent showing
`
`identification indicia to appropriate personnel. However, there are inherent flawsin
`
`this process that allow for security to be compromised, including falsification of
`
`identification information or the airport security or personnel not recognizing the
`
`situation. Of course this process could be automated, for example, by equipping
`
`airport personnelor security with access to a database and requiring the FBI agent or
`
`air marshal to appropriately identify themselves to the database, for example, by again
`
`providing identification which airport personnel can then enter into the database to
`
`verify the identity of the person seeking access to a secure area. However,this
`
`processalso has the inherent flawsin it as described above. In addition, there may be
`
`times whenairport security or personnel may not be able to communication with the
`
`database tocheck the identity of the person seeking access, for example, when they
`
`are not near a computer terminal with accessto a database or are carrying a hand-held
`
`device that does not have an appropriate wireless signal to access the database. In
`
`addition, there is a need to ensurethat if such a hand-held device ends up the wrong
`
`hands, that security is not compromised.
`
`Systemscapable of effectively performingall or someof these functions do
`
`not currently exist.
`
`SUMMARYOF INVENTION
`
`There is thus a need for an identification system that will enable a person to be
`
`accurately identified (“‘identification” sometimes being used hereinafter to mean either
`
`Page 6 of 95
`Page 6 of 95
`
`

`

`-3-
`
`identified or verified) and/or authenticated without compromising security, to gain
`access to secure systems and/or areas. Likewise, there is a need for an identification
`
`system that will enable a person to be identified universally without requiring the
`
`person to carry multiple formsof identification.
`
`Accordingly, this invention relates, in one embodiment,to an information
`
`system that may be usedas a universal identification system and/or usedto selectively
`
`provide information abouta person to authorized users. Transactions to and from a
`secure database may take place using a public key/private key security system to
`
`enable users of the system and the system itself to encrypt transaction information
`
`during the transactions. Additionally, the private key/public key security system may
`
`be used to allow users to validate their identity. For example, in one embodiment, a
`smart card such as the Secure ID™card from RSI Security, Inc. may be provided
`with the user’s private key and the USR system’s public key to enable the card to
`
`encrypt messagesbeing sent to the USR system andto decrypt messages from the
`
`USR system 10.
`
`The system or database of the invention maybeusedto identify the person in
`
`many situations, and thus maytakethe place of multiple conventional forms of
`
`identification. Additionally, the system may enable the user’s identity to be
`confirmedorverified without providing any identifying information about the person
`to the entity requiring identification. This can be advantageous where the person
`
`suspects that providing identifying information may subject the identifying
`
`information to usurpation.
`Access to the system may be by smart card, such as a Secure ID™ card, or any
`
`other secure access device. The technology enabling the user to present their identity
`
`information may be physically embodiedas a separate identification device such as a
`
`smart ID card, or may be incorporated into another electronic device, such as a cell
`phone, pager, wrist watch, computer, personaldigital assistant such as a Palm Pilot™,
`key fob, or other commonly available electronic device. The identity of the user
`
`possessing the identifying device may beverified at the point of use via any
`
`combination of a memorized PIN numberor code, biometric identification such as a
`
`fingerprint, voice print, signature,iris or facial scan, or DNA analysis, or any other
`
`method of identifying the person possessing the device. If desired, the identifying
`
`Page 7 of 95
`Page 7 of 95
`
`

`

`-4-
`
`device mayalso be provided with a picture of the person authorized to use the device
`
`to enhancesecurity.
`According to one embodiment of the invention, a method of controlling access
`
`to a plurality of secure computer networksusing a secure registry system located
`
`remotely from the secure computer networksis disclosed. The secure registry system
`
`includes a database containing selected data of a plurality of users each authorized to
`
`access at least one of the plurality of secure computer networks. The method
`comprises acts of receiving authentication information from an entity at a secure
`
`computer network, communicating the authentication information to the secure
`
`registry system, and validating the authentication information at the secure registry
`
`system. The methodalso includesreceiving from the secure registry system an
`
`indication of whether the entity is authorized to access the secure computer network,
`
`granting the entity access to the secure computer network whenthe authentication
`
`information of the entity correspondsto oneof the plurality of users, and denying the
`
`entity access to the secure computer network when the authentication information of
`
`the user does not correspond to one ofthe plurality of users.
`
`Another embodiment of the invention comprises a methodof controlling
`
`access to a secure computer networkusing a secure registry system. The secure
`
`registry system includes a database containing selected data of a plurality of users
`
`authorized to access the secure computer network and selected data identifying the
`
`secure computer network. The method comprises receiving an access request
`
`including authentication information and a computer network ID from an entity,
`
`determining whetherthe authentication information is valid for any of the plurality of
`
`users, accessing data when the authentication information of the entity is valid for one
`
`of the plurality of users to determine whether the entity is authorized to access the
`
`computer network identified by the computer network ID, and allowingthe entity to
`
`access the secure computer network whenthe authentication information ofthe entity
`
`is valid for one of the plurality of users authorized to access the computer network
`
`identified by the computer networkID.
`
`Another embodimentof the invention comprises a methodof authenticating an
`
`identity of a first entity. The method comprises the acts of wirelessly transmitting
`
`from a first device, first encrypted authentication information ofthe first entity,
`
`Page 8 of 95
`Page 8 of 95
`
`

`

`-5-
`
`receiving with a second device the wirelessly transmitted first encrypted
`
`authentication information, decrypting with the second device, the first wirelessly
`
`encrypted authentication information to provide the first authentication information of
`
`the first entity to the second device; and authenticating the identity of the first entity
`
`based uponthefirst authentication information; and acting based on the assessed
`
`identity of the first entity.
`
`Another embodimentof the invention comprises a system for authenticating
`
`an identity of a first entity, comprising a first wireless device comprisinga first
`
`wireless transmitter and receiver configured to transmit a first wireless signal
`
`including first encrypted authentication information,a first processor configured to
`
`compare stored biometric data with detected biometric data ofthe first entity and
`
`configured to enable or disable use of the first device based on a result of the
`
`comparison, and configured to encrypt first authentication information withafirst
`
`private key of the first entity into the first encrypted authentication information,a first
`
`biometric detector for detecting biometric data of the first entity, and a first memory
`
`for storing biometric data ofthe first entity, a private key of the first entity authorized
`
`to use the first device, and the first authentication information.
`
`According to some embodiments, the system further comprises a second
`
`wireless device comprising a second wireless transmitter and receiver configured to
`
`receive the first wireless signal and to processthefirst wireless signal, a second
`
`processor configured to compare detected biometric data of a second entity with
`
`stored biometric data and configured to enable or disable use of the second device
`
`based upona result of the comparison, and configured to decrypt thefirst
`
`authentication information received in the first wireless signal, a biometric detector
`
`for detecting biometric data of a second entity, and a second memorystoring
`
`biometric data of the second entity and a plurality of public keys of a plurality offirst
`
`entities.
`
`Another embodimentof the invention providesa first wireless device
`
`comprising a processor configured to enable operation ofthe first wireless deviceif it
`
`receives an enablementsignal validating first biometric information of a first entity
`and configured to generate a non-predictable signal from the biometric information, a
`first wireless transmitter and receiver configured to transmit a first wireless signal
`
`Page 9 of 95
`Page 9 of 95
`
`

`

`-6-
`
`including first encrypted biometric information ofthe first entity and to receive the
`
`enablementsignal, and a first biometric detector for detecting the first biometric
`
`information ofthe first entity.
`
`BRIEF DESCRIPTION OF DRAWINGS
`
`This invention is pointed out with particularity in the appended claims. The
`
`above and further advantagesof this invention may be better understood byreferring
`
`to the following description when taken in conjunction with the accompanying
`
`drawings. The accompanying drawingsare not intended to be drawnto scale. In the
`
`drawings, each identical or nearly identical componentthatis illustrated in various
`
`figures is represented by a like numeral. For purposes of clarity, not every component
`
`may belabeled in every thawing. In the drawings:
`
`FIG. 1 is a functional block diagram of a computer system configured to
`
`implement the universal secure registry (“USR”), including a USR database,
`
`according to one embodimentof the invention;
`
`FIG.2 is a functional block diagram ofa first embodiment of a networked
`
`environmentincluding the computer system of FIG. 1;
`
`FIG. 3 is a functional block diagram of an entry of a database forming the
`
`USRdatabase of FIG. 1;
`
`FIG.4 is a functional block diagram of a second embodimentof a networked
`
`environmentincluding the computer system of FIG. 1;
`
`FIG. 5 is a flow chart illustrating steps in a processof inputting data into the
`
`USRdatabase;
`
`FIG.6 is a flow chart illustrating steps in a process of retrieving data from the
`
`USRdatabase;
`FIG. 7 is a flow chart illustrating a first protocol for purchasing goods from a
`
`merchant via the USR database without transmitting credit card information to the
`
`merchant;
`
`FIG.8 is a flow chart illustrating a second protocol for purchasing goods from
`a merchant via the USR database without transmitting credit card information to the
`merchant;
`
`Page 10 of 95
`Page 10 of 95
`
`

`

`FIG.9 is a flow chart illustrating a protocol for purchasing goods from a
`
`merchant via the USR database byvalidating the user’s check;
`
`FIG. 10 is a flow chart illustrating a protocol for purchasing goods from an on-
`
`line merchant via the USR database without transmitting credit card information to
`
`the on-line merchant, and enabling the on-line merchant to ship the goodsto a virtual
`
`address;
`
`FIG. 11 is a flow chart illustrating a protocol for shipping goodsto a virtual
`
`address via the USR database;
`
`FIG. 12 is a flow chart illustrating a protocol for telephoning a virtual phone
`
`numbervia the USR database;
`
`FIG.13 is a flow chart illustrating a protocol for identifying a person via the
`
`USRdatabase;
`
`FIG. 14 is a flow chart illustrating a protocol for identifying a person to a
`
`policeman via the USR database;
`
`FIG.15 is a flow chart illustrating a protocol for providing information to an
`
`authorized recipient of the information via the USR database;
`
`FIG. 16 is a flow chart illustrating a protocol for providing application
`
`information to an authorized recipient of the information via the USR database;
`
`FIG. 17 is a functional block diagram of an embodiment configured to use
`
`information in the USR system to activate or keep active property secured through the
`
`USR system; and
`
`FIG. 18A is a functional block diagram of an embodiment configured to use
`
`the USR system to control access to a secure computer network;
`
`FIG. 18B is a functional block diagram of another embodiment configured to
`
`use the USR system to control access to a secure computer network;
`
`FIG. 19 is a flow diagram of a process for controlling access to a secure
`
`computer network with the USR system in accordance with an embodimentof the
`
`invention;
`
`FIG.20 is a flow diagram of a process for controlling access to a secure
`
`computer network with the USR system in accordance with another embodiment of
`
`the invention;
`
`Page 11 of 95
`Page 11 of 95
`
`

`

`-8.-
`
`FIG. 21 illustrates an embodimentof a system for validating the identity of an
`
`individual;
`
`FIGS. 22A and 22Billustrate one embodimentofa process for validating the
`
`identity of an individual;
`
`FIG. 23 illustrates one embodimentof various fields included withinafirst
`
`wireless signal and a secondwirelesssignal as transmitted by the system of FIG. 21;
`
`FIG. 24 illustrates one embodimentof a process for verifying or authenticating
`
`the identity of a first user of a first wireless transmission device;
`FIG. 25 illustrates another embodimentof a process for authenticating the
`
`identity of a first user of a wireless transmission device;
`FIG.26illustratesstill another embodimentofa process for authenticating the
`identity of a first user of a wireless transmission device; and
`
`FIG. 27 illustrates one embodimentofa data structure that can be used by any
`
`wireless device of the system of FIG. 21.
`
`DETAILED DESCRIPTION
`
`This invention is not limited in its application to the details of construction and
`
`the arrangement of componentsset forth in the following description orillustrated in
`
`the drawings. The invention is capable of other embodiments and of being practiced
`
`or of being carried out in various ways. Also, the phraseology and terminology used
`
`herein is for the purpose of description and should not be regarded as limiting. The
`27 66
`93 66
`93
`86
`“containing”,
`
`“involving”, and
`
`use of “including,”
`
`“comprising,” or “having,”
`
`variations thereof herein, is meant to encompassthe items listed thereafter and
`
`equivalents thereof as well as additional items.
`
`In one embodiment, an information system is formed as a computer program
`
`running on a computer or group of computers configured to provide a universal secure
`
`registry (USR) system. The computer, in this instance, may be configured to run
`
`autonomously (without the intervention of a human operator), or may require
`
`intervention or approvalfor all, a selected subset, or particular classes of transactions.
`
`The invention is not limited to the disclosed embodiments, and may take on many
`
`different forms depending on the particular requirements of the information system,
`
`the type of information being exchanged, and the type of computer equipment
`
`Page 12 of 95
`Page 12 of 95
`
`

`

`-9.
`
`employed. An information system according to this invention, may optionally, but
`
`need not necessarily, perform functions additional to those described herein, and the
`
`invention is not limited to a computer system performing solely the described
`
`functions.
`
`In the embodiment shownin FIG. 1, a computer system 10 for implementing a
`
`USRsystem according to the invention includesat least one main unit 12 connected
`
`to a wide area network, suchas the Internet, via a communications port 14. The main
`
`unit 12 may include one or more processors (CPU 16) running USR software 18
`
`configured to implement the USR system functionality discussed in greater detail
`
`below. The CPU 16 may be connected to a memory system including one or more
`
`memory devices, such as a random access memory system RAM 20,a read only
`
`memory system ROM 22, and one or more databases 24.
`
`In the illustrated
`
`embodiment, the database 24 contains a universal secure registry database. The
`
`invention is not limited to this particular manner of storing the USR database. Rather,
`
`the USR database maybeincluded in any aspect of the memory system, such asin
`
`RAM 20, ROM 22 or disc, and mayalso be separately stored on one or more
`
`dedicated data servers.
`
`The computer system maybe a general purpose computer system which is
`
`programmable using a computer programming language, such as C, C++, Java, or
`
`other language, such as a scripting language or even assembly language. The
`
`computer system mayalso be specially programmed, special purpose hardware, an
`
`application specific integrated circuit (ASIC)or a hybrid system including both
`
`special purpose components and programmed general purpose components.
`
`In a general purpose computer system,the processoris typically a
`
`commercially available microprocessor, such as Pentium series processoravailable
`
`from Intel, or other similar commercially available device. Such a microprocessor
`executes a program called an operating system, such as UNIX, Linux, Windows NT,
`
`Windows95, 98, or 2000, or any other commercially available operating system,
`
`which controls the execution of other computer programsand provides scheduling,
`
`debugging, input/output control, accounting, compilation, storage assignment, data
`
`management, memory management, communication control andrelated services, and
`
`many other functions. The processor and operating system defines a computer
`
`Page 13 of 95
`Page 13 of 95
`
`

`

`-10-
`
`platform for which application programsin high-level programming languages are
`
`written.
`
`The database 24 maybeany kind of database, includinga relational database,
`
`object-oriented database, unstructured database, or other database. Examplerelational
`
`databases include Oracle 81 from Oracle Corporation of Redwood City, California;
`
`Informix Dynamic Server from Informix Software, Inc. of Menlo Park, California;
`
`DB2 from International Business Machines of Armonk, New York; and Access from
`
`Microsoft Corporation of Redmond, Washington. An example object-oriented
`
`database is ObjectStore from Object Design of Burlington, Massachusetts. An
`
`example of an unstructured database is Notes from the Lotus Corporation, of
`
`Cambridge, Massachusetts. A database also may be constructed usinga flat file
`
`system, for example by using files with character-delimited fields, such as in early
`
`versions of dBASE, now knownas Visual dBASEfrom Inprise Corp. of Scotts
`
`Valley, California, formerly Borland International Corp.
`
`The main unit 12 may optionally include or be connected to an user interface
`
`26 containing, for example, one or more input and output devices to enable an
`
`operator to interface with the USR system 10. Illustrative input devices include a
`
`keyboard, keypad, track ball, mouse, pen and tablet, communication device, and data
`
`input devices such as voice and other audio and video capture devices. Illustrative
`
`output devices include cathode ray tube (CRT)displays, liquid crystal displays (LCD)
`
`and other video output devices, printers, communication devices such as modems,
`
`storage devices such as a disk or tape, and audio or video output devices. Optionally,
`
`the user interface 26 may be omitted, in which case the operator may communicate
`
`with the USR system 10 in a networked fashion via the communication port 14. It
`
`should be understood that the invention is not limited to any particular manner of
`
`interfacing an operator with the USR system.
`
`It also should be understood that the invention is not limited to a particular
`
`computer platform, particular processor, or particular high-level programming
`
`language. Additionally, the computer system may be a multiprocessor computer
`
`system or mayinclude multiple computers connected over a computer network. It
`
`further should be understood that each module or step shown in the accompanying
`
`figures and the substeps or subparts shown in the remaining figures may correspond
`
`Page 14 of 95
`Page 14 of 95
`
`

`

`-1ll-
`
`to separate modules of a computer program, or may be separate computer programs.
`
`Such modules may be operable on separate computers. The data produced by these
`
`components maybe stored in a memory system or transmitted between computer
`
`systems.
`
`Such a system may be implemented in software, hardware, or firmware, or any
`
`combination thereof. The various elements of the information system disclosed
`
`herein, either individually or in combination, may be implemented as a computer
`