United States Patent
`US 8,001,055 B2
`(10) Patent No.:
`(12)
`Weiss
`(45) Date of Patent:
`*Aug. 16, 2011
`
`
`US008001055B2
`
`(54) METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`Inventor: Kenneth P. Weiss, Newton, MA (US)
`(76)
`(*) Notice:
`Subject to any disclaimer, the term ofthis
`patent issab)by5aAdhusted under 35
`is patent is subject to a terminal dis-
`
`S.C.
`
`ry
`
`ays.
`
`claimer.
`
`5,097,505 A
`oSets ‘
`’
`1
`5,361,062 A
`5,367,572 A
`5,398,285 A
`
`3/1992 Weiss
`‘a1903 weiss
`elss
`11/1994 Weiss
`11/1994 Wei
`3/1995 Borgelt et al.
`(Continued)
`FOREIGN PATENT DOCUMENTS
`(Continued)
`
`0986209
`
`3/2000
`
`EP
`
`(21) Appl. No.: 11/677,490
`
`(22)
`
`(65)
`
`Filed:
`
`Feb. 21, 2007
`
`Prior Publication Data
`US 2007/0198436 Al
`Aug. 23, 2007
`
`Related U.S. Application Data
`
`(60) Provisional application No. 60/775,046, filed on Feb.
`21, 2006, provisional application No. 60/812,279,
`filed on Jun. 9, 2006, provisional application No.
`60/859,235,filed on Nov. 15, 2006.
`51)
`Int.cl
`OD) Gt08
`>0/00
`2006.01
`;
`;
`(
`;
`Q
`a )
`(52) U.S. Cl.
`...... 705/76; 713/186; D14/480.4; 382/128;
`382/129; 382/187
`.
`.
`.
`(58) Field of Classification Search ...............see 705/76
`See applicationfile for complete search history.
`.
`References Cited
`U.S. PATENT DOCUMENTS
`4,720,860 A
`1/1988 Weiss
`ra ‘
`eiose weiss
`4.998.279 A
`3/199] Weiss
`5,023,908 A
`6/1991 Weiss
`5,058,161 A
`10/1991 Weiss
`
`(56)
`
`OTHER PUBLICATIONS
`
`“FIPS PUB 46-3.” Oct. 25, 1999. National Institute of Science and
`Technology (NIST). All pages.*
`
`(Continued)
`Primary Examiner — Andrew J. Fischer
`Assistant Examiner — Calvin K Cheung
`.
`.
`(74) Attorney, Agent, or Firm — Lando & Anastasi, LLP
`
`ABSTRACT
`(57)
`Accordingto one aspect, the invention provides a system for
`validating an identity of a user to enable or prevent an occur-
`rence of an event. In one embodiment, the system includes a
`first device including a wireless transmitter which is config-
`ured to transmit validation information, a second device
`including a wireless receiver, where the second device is
`configured to receive the validation information and further
`transmit the validation information; and a secure system in
`communication with the second device. According to one
`embodiment, the secure system includes a database. In a
`further embodiment,
`the secure system is configured to
`receive the validation information transmitted from the sec-
`ond device, and to transmit additional information to the
`second device following a receipt of the validation informa-
`tion to assist the seconddevice in either enabling or prevent-
`ing the occurrenceofthe event.
`
`31 Claims, 28 Drawing Sheets
`
`O 218
`
`|t
`
`Authenticate Identity of User #2
`
`1
`
`{I4
`
`
`
`
`
`Take Appropriate Action
`
`|
`
`224
`
`End
`
`Apple 1004
`Apple 1004
`
`
`
`_ [|__communicationProtocol
`
`
`I Yes
`Responder
`Challenger
`220
`
`EEE
`aaa
`cotsneree
`
`LBenser|
`2150~ Biomettic |
`222
`iIIIII'
`
`Lonaaia a a 2148 No|authenticate identity of User 4
`
`
`LU} Dlepleyfo]=2 a“|
`Assinar
`Yes
`228
`Databose|
`Wireless
`uProcessor
`T
`pooapen----=---¥-------==--.
`
`
`eam] |oe Ce zze|[—
`( aeee
`
`
`t
`L-—-__information toPevice#____.J
`2718.
`212¢
`
`IIII!IL
`Information to Device #1
`of
`
`
`
`
`Secure
`
`;No {
`Memory
`Memory
`2140 2146
`
`
`
`
`---{{
`Power Source
`Power Source
`ae
`
`
`
`
`
`
`
`
`
`2138
`
`aa|eae}
`|MrslessT/R|
`CSPSSE!ironsT/RI
`m0”
`
`€
`

`

`US 8,001,055 B2
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`2005/0210270 Al*
`
`al.
`
`9/2005 Rohatgiet al.
`
`................ 713/186
`
`102008 Sim
`20080238208 Al
`1211095 Weiss
`$479,512 A
`
`
`
`5657388 A 1/2006_Block et al.3/1997 Weiss 2006/0016884 Al
`5664109 A
`9/1997 J ins
`2006/0104486 Al
`5/2006 LeSaint et al.
`\
`nu"
`ohnsonet al.
`2006/0122939 A1*
`6/2006 Cohen etal. eee 705/59
`5,813,006 A
`9/1998 Polnerow etal.
`2006/0165060 Al
`7/2006 Dua
`cortoe *
`ezo00 Beamstein
`2006/0256961 Al
`11/2006 Brainardetal.
`wis
`ozen et
`2007/0040017 AL*
`2/2007 Kozlay vceccccscccceceen 235/380
`6,130,621 A
`10/2000 Weiss
`ht
`:
`2007/0079136 Al
`4/2007 Vishiket al.
`6,253,202 Bl
`6/2001 Gilmour
`:
`>
`5/2007 Bedingfield
`2007/0124597 Al
`6,253,203 Bl
`6/2001 O’Flaherty et al.
`:
`8/2007 Baileyet al.
`2007/0186105 Al
`6,260,039 Bl
`7/2001 Schnecketal.
`1/2008 Hinton
`2008/0021997 Al
`6,308,203 Bl
`10/2001 Itabashietal.
`x
`2008/0212848 Al
`9/2008 Doyle wee 382/115
`6,309,342 B1* 10/2001 Blazey etal. oo. 600/26
`ra
`x
`.. 705/44
`2008/0275819 Al*
`11/2008 Rifai
`..
`6393421 Bl
`5/2002 Pacli
`
`6/2009 Sacco....
`wi 726/6
`6516315 Bl
`2/2003 Gupta
`2009/0144814 A1*
`4
`’
`Es
`7/2009 Schaffner... 382/117
`6,546,005 BI
`4/2003 Berkley et al.
`2009/0175507 Al
`6,581,059 Bl
`6/2003 Barrett et al.
`FOREIGN PATENT DOCUMENTS
`6,640,211 Bl
`10/2003 Holden
`x
`
`6,658,400 B2 1081632 Al*7/200112/2003 Perellet al. EP
`
`
`6,819,219 BL* 11/2004 Bolleet al. eee 340/552
`GB
`2 382 006
`5/2003
`6,845,448 Bl
`‘1/2005 Chaganti et al.
`WO
`1992007436
`4/1992
`6,941,271 Bl
`9/2005 Soong
`WO
`1996036934
`11/1996
`7,237,117 B2
`6/2007 Weiss
`WO
`2002014985
`2/2002
`7,249,112 B2
`7/2007 Berardiet al.
`7,278,026 B2
`10/2007 McGowan
`OTHER PUBLICATIONS
`7,489,781 B2
`3,2009 xossen et al.
`“PGP: An Introduction to Cryptography.” 2000. All pages.*
`7,502,459 BI
`3/2009 Moseley
`International Search Report
`from corresponding PCT/US2007/
`7,548,981 BI *
`6/2009 Taylor etal. ee 709/227
`070701 mailed Mar. 11, 2008.
`7,571,139 Bl
`8/2009 Giordano etal.
`International Search Report from co-pending PCT Application No.
`7,657,639 B2
`2/2010 Hinton
`PCT/US2007/004646 mailed Nov. 27, 2007
`7,705,732 B2
`4/2010 Bishopetal.
`Kessler,
`G. “An O
`:
`fC a h ;, 92 Aug.
`22, 2002. All
`UB.
`2001/0032100 Al
`10/2001 Mahmudet al.
`essler,
`G.
`“An
`Overview of
`Cryptography.
`oes
`2001/0044900 Al
`11/2001. Uchida
`pages. Retrived via Wayback Machineon Jan. 19, 2010. http://www.
`2002/0046061 Al
`4/2002 Wrightet al.
`garykessler.net/library/crypto.html.
`
`2002/0090930 Al
`7/2002 Fujiwara etal.
`Pabrai, U. “Biometrics for PC-User Authentication: A Primer” Feb.
`ww 382/118
`2002/0176610 Al* 11/2002 Okazakietal.
`1, 2001. Access Controls & Security Systems. All pages. <http://
`2002/0178364 A1* 11/2002 Weiss 0... 713/182
`www.securitysolutions.com/mag/security_biometrics_pcuser_au-
`2003/0115490 Al
`6/2003 Russoetal.
`thentication/index.html>.
`2003/0123713 Al*
`T2003 GONG vrei 382/118
`“Information Security: Challenges in Using Biometrics” Sep. 9,
`2003/0129965 Al »
`T2003 Siegelsree 455/411
`2003. All pages. <http://www.gao.gov/new.items/d031137t-pdf>.
`2003/0163710 Al
`8/2003 Ortiz et ab. essere 713/186
`Huntington, G. “101 Things to Know About Single Sign On.” 2006.
`2003/0226041 Al
`12/2003 Palmeret al.
`‘Authentication World. All
`chitp://
`thenticati
`Id
`2004/0017934 Al
`1/2004 Kocher
`vn/Sinole-Sien-On-Authtaicati ne wwwautnentiealonwone.
`2004/0034771 Al
`2/2004 Edgett et al.
`cony/Single-Sign-On-Authentication
`2004/0059923 Al*
`3/2004 ShamRao w..eecsseccsseeceee 713/186
`101 ThingsToKnowAboutSingleSignOnpdf>.
`—
`2004/0111625 Al
`6/2004 Duffy et al.
`Single Sign on Authentication” Mar. 13, 2007. Authentication
`2004/0117215 Al
`6/2004 Marchosky
`World. All pages. Retrieved Jul. 9, 2010 via Wayback Machine.
`2004/0117302 Al
`6/2004 Weichert et al.
`<http://web.archive.org/web/200703 13200434/http://www.
`2004/0133787 Al
`7/2004 Doughty
`authenticationworld.com/Single-Sign-On-Authentication/>.
`2004/0151351 Al
`8/2004 Ito
`International Search Report from PCT/US2009/035282 mailed Jul.
`2004/0188519 Al*
`9/2004 Cassone wcsccsscsscsscsecseece 235/382
`10, 2009.
`2004/0236699 Al
`11/2004 Beenauetal.
`Treasury Board of Canada Secretariat, PKI for Beginners Glossary,
`2005/0001711 Al
`1/2005 Doughty et al.
`http://www.tbs-sct.gc.ca/pki-icp/beginners/glossary-eng.asp.
`2005/0039027 Al
`2/2005 Shapiro
`2005/0187843 Al
`8/2005 Lapsley etal.
`
`* cited by examiner
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 1 of 28
`
`US 8,001,055 B2
`
`12
`
`22
`
`18
`
`USR
`Software
`
`User
`Interface
`
`a
`
`Wide
`Area
`Network
`
`(
`
`Universal Secure
`Registry
`
`[Person
`[Personno2
`
`Person No. n
`
`FIG.
`
`7
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet2 of 28
`
`US 8,001,055 B2
`
`10
`
`Computer
`Module
`
`Module
`
`Module
`
`USR System
`
`Computer||Computer
`
`
`
`27
`
`Interface
`Center
`
`Interface |
`Center
`
`27
`
`Wide Area Network
`
`27
`
`Interface
`Center
`
`Interface
`Center
`
`Interface
`Center
`
`Interface
`Center
`
`27
`
`FIG. 2
`
`

`

`Aug.16, 2011
`
`Sheet 3 of 28
`
`US 8,001,055 B2
`
`of
`
`U.S. Patent
`
`
`PADDPED UO!}OWUOJuU|
`SOl UO!}DWO}U|
`
`
`
`|DOIPEW494}OPubUO!}DWIO}U|UO!}OWO}U|UO!}DWUO}UIjOIOUDUJXD]uolyD91|ddy
`gor,
`
`ssouppy
`
`UO!}DWIOJU|
`
`Ajougnd
`
`@/QD|IDAY
`
`UO!}DLWOJU|
`
`UO!}DWO4U|
`
`sseooy
`
`UO!}DPI|DA
`
`
`
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 4 of 28
`
`US 8,001,055 B2
`
`Financial
`Information
`
`Computer
`Module
`
`Module
`
`Module
`
` Interface
`
`Wide Area Network
`
`Interface
`Centers
`
`Job Application
`Information
`Interface
`Centers
`
`Centers
`
`Medical
`Information
`Interface
`Centers
`
`Financial
`Information
`Interface
`Centers
`
`Address
`Information
`Interface
`Centers
`
`FIG. 4
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 5 of 28
`
`US 8,001,055 B2
`
`Train the Database
`
`500
` Validate Person's
`
`Person Have Rights to
`Enter Data
`
`Identification Does
`°
` Enable Person to Enter
`Basic Personal Data Person Have Right to
`
`
`Enter Additional Data
`?
`
`
`
`Enable Person to Enter
`Advanced Personal Data
`
`
`510
`
`
`
`
`Enable Person to Specify Access
`to Advanced Personal Data
`
`FIG. 5
`
`512
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet6 of 28
`
`US 8,001,055 B2
`
`600
`
`Enable Access to
`
`Basic Personal Data
`
` Is
`No
`Additional Information
`
`Requested
`
`9
`
`
`
`
`
`Is Person
`Does Requestor
`
`Participating in
`
`Have Rights to Access
`
`Transaction
`Type of Requested
`
`
`
`
`Data ?
`
`Validate Person’s
`Identity
`
`Enable Person to
`Change Access
`Rights to Data
`
`
`
` Does Requestor
`Have Rights to Access
`Type of Requested
`Data ?
`
`606
`
`Cause USR to Enable
`Access to Type of
`Requested Data
`
`610
`
`
`FIG. 6
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 7 of 28
`
`US 8,001,055 B2
`
`700
`
`702
`
`704
`
`706
`
`708
`
`710
`
`712
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`(3) Amount of Purchase
`
`Merchant Transmits to Credit
`Card Company
`(1) Code from Secure ID
`(2) Store Number
`
`Credit Card Company
`Sends Code to USR
`
`USR Determines if Code is Valid, and if
`Valid Accesses User’s Credit Card
`Information and Transmits Credit Card
`
`Number to Credit Card Company
`Transfers $ to Merchant’s Account
`
`Credit Card Company Checks
`Credit Worthiness and Declines
`Card or Debits User’s Account and
`
`CCC Notifies Merchant of
`Result of Transaction
`
`FIG. 7
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 8 of 28
`
`US 8,001,055 B2
`
`800
`
`802
`
`804
`
`806
`
`808
`
`810
`
`812
`
`814
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to CCC
`(1) Credit Card Number
`(2) Store Number
`(3) Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`Declines Card or Debits User’s Account
`
`CCC Notifies USR of
`Result of Transaction
`
`USR Notifies Merchant of
`Result of Transaction
`
`FIG. 8
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 9 of 28
`
`US 8,001,055 B2
`
`900
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`User Initiates Purchase and
`Writes Check to Merchant
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Bank
`Information and Transmits to Bank
`(1) Bank Account Number
`(2) Store Number
`(3) Amount of Purchase
`
`
`
`Bank Checks Account Balance
`to Verify Availability of Funds
`
`Bank Notifies USR of
`Result of Verification
`
`USR Notifies Merchant of
`Result of Verification
`
`FIG. 9
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 10 of 28
`
`US8,001,055 B2
`
`User Initiates Anonymous Purchase
`by Entering Secret Code in Secure
`ID and Transmitting Result to
`On—Line Merchant
`
`Merchant Transmits to USR
`
`(1) Code from Secure ID
`2) Store Number
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to CCC:
`
`(1) Credit Card Number
`‘33 Store Number
`
`3) Amount of Purchase
`
`3) Amount of Purchase
`
`
`CCC Checks Credit Worthiness and
`Declines Card or Debits User’s Account
`and Transfers $ to Merchant’s Account
`
`CCC Notifies USR
`of Result of Transaction
`
`1000
`
`1002
`
`1004
`
`1006
`
`1008
`
`1010
`
`1014
`
`lf Credit Declined,
`USR Notifies Merchant
`
`1012
`
`1016
`
`If Credit Accepted, USR
`Accesses Address Code
`
`with Address Code
`
`and Provides Merchant
`
`Merchant Labels Package
`with Address Code and Ships
`
`FIG. 10
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 11 of 28
`
`US8,001,055 B2
`
`User Provides Address
`Code on Public Area
`
`User Provides Address Information
`in Address Area of USR
`
`Person Places Public Code
`on Parcel
`to be Mailed
`
`Post Office Accesses USR
`to Retrieve Address Information
`
`1100
`
`1102
`
`1104
`
`1106
`
`1108
`
`1110
`
`to
`Post Office Delivers Parcel
`Address in Address Area of USR
`
`
`
`Post Office Prints Bar Code
`on Parcel
`to Automate
`Delivery of Parcel
`to Address
`in Address Area of USR
`
`FIG.
`
`117
`
`
`User Provides Telephone
`Code on Public Area
`
`User Provides Telephone Information
`in Telephone Area of USR
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Person Dials USR Phone Number and
`Enters Telephone Code for User
`
`USR Connects Person to Telephone
`Number Without Providing User
`Person with Telephone Number
`
`
`
`FIG. 12
`
`1200
`
`1202
`
`1204
`
`1206
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 12 of 28
`
`US 8,001,055 B2
`
`
`
`
`
`
`
`AJO}SIH[DUIPUD}SeyJO}S}UDUDM
`
`vlOW
`
`Jesp StOW
`
`
`
`
`
`
`
`Bulpuo}s}nQgsDYons‘spsodeyaa1jod(¢)
`
`0dr!
`
`corl
`
`rOrl
`
`9041
`
`80+!
`
`Q|e4nsegulapoyyes9eSsuezUyJesh
`
`
`
`
`
`
`
`
`Q|e4noagulepoygjyeuDEeSs4e}UqJAasy
`
`
`
`MSN0}S}wsuUDIL,UDWED!|O4
`
`Gle4noegwoapo9
`
`
`
`USN0}S}WSUDI]JOPOPIIOA
`
`
`
`G|einoagWoyapo
`
`
`
`PIIDAS|apoD41SeUlUezeqYSN
`
`PIIPASlpop4!seulUezeqYSN
`
`voll
`
`90£1
`
`80
`
`BAO]q0}S}dwazy
`
`UDWADI|Og0}UOl}ODIYI}UaP]
`
`
`
`SACIg0}S}dwa}}ysesn
`
`JOYOPI|DA0}UO}}DOYIUAP|
`
`™coftl
`
`00¢t
`
`UOI}OLUUOJU]PLOIDYBd1JOgPUDUO!OWIOJU|
`
`
`
`
`JOJOPIJOA0}S}lWWUSUDILPUDUO!}DWUOJU]
`
`ydoubojoudS.jesf)sessaooyYSN
`
`
`
`
`udosBojoudSJasf)sessaooyYSN
`
`
`
`UDWWSDI|Og0}S}IWSUDI,PUD
`
`JOP|OHGIa4NdaGJoB1N}Iq(Z)
`
`AyUap]JOUOIDOIUEA(|)
`JOP|OHGIa4NdegJosuNjzOIq(Z)
`
`
`
`AypUSP|JOUO!PODIZEA(1)
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 13 of 28
`
`US 8,001,055 B2
`
`00gl
`
`cog
`
`Oo!
`
`9091
`
`8091
`
`9tOl
`
`PIIDASIapogJasyJ!seulua}eqYSN
`
`PIIDASIapog4!seuluazeqYSN
`
`S|QDIIOAYS}WWSUDJ,PUDUO!}DUWIOJU|
`
`
`0}BulpuoooyAyD0}9/qD\|DAY
`
`uolyDol|\ddyseassessasoyYSN
`
`
`
`UOI}DUOJU|SJesf)SASsedoyYSN
`
`$d}8|dW0DJO48S0}UOl}DUWUOJU|
`
`Jas)ou}JOJJOYaGUOUOl}OOI|\ddyUD
`
`
`AyD0}UOl}DWUOJU|B/qDIIDAY
`
`
`
`S}IWSUDJ]PUD9poyAyDd_d
`
`sesh StOW
`
`Gleanoegulepodyeu9eSsuejUZses/y
`
`
`
`
`
`
`Gleunsegulepogjyes9egsue}yUZJes/]
`
`doyAijddy0}soeulseq
`
`yUuswyDdy4Ojpeg‘qorDo
`
`
`
`SPIAOId0}SoeuIsegJes)
`
`KIO0}UOl}OdIj1}Uap|
`
`“zos!
`
`00s!
`
`
`
`WOlJ9PODYSN0}sS}wsups,ses
`
`
`
`
`
`SponuoljyooI|ddypuDgj]sunses
`
`apo)YSN0}S}wsuDsyAyIDg
`
`
`
`apoyAyDpudgq]eunsesWoy
`
`vos!
`
`9051
`
`80S!
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet14 of 28
`
`US8,001,055 B2
`
`10
`
`USR System
`
`Lap Top
`Computer
`
`
`
`Electronic
`Device
`
`Automobile
`
`FIG. 17
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 15 of 28
`
`US 8,001,055 B2
`
`CO | 7
`Lo
`Lo
`|
`|
`|
`| Access |!
`| Access|
`| Device |
`| Device |
`Device a
`
`1802
`
`1802
`
`1802
`
`Access
`
`1800
`
`|
`|
`|
`|
`Lo Lo
`A
`A
`Po$e
`
`10
`
`USR System
`
`Secure
`System
`No.
`1
`
`Secure
`System
`No. 2
`
`Secure
`System
`No. 3
`
`Secure
`System
`No. n
`
`1804
`
`1804
`
`1804
`FIG. 18A
`
`1804
`
`
`1802
`
`Access
`Device
`
`1810a
`
`
`
`1804~2—---------- 1804
`
`Secure
`System
`No.
`1
`
`Secure
`System
`No. 2
`
`Secure
`System
`No. n
`
`
`
`USR System
`
`FIG. 18B
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet16 of 28
`
`US8,001,055 B2
`
`1900— 1902
`
`Entity Initiates Access Request
`
`Entity Supplies
`1) Authentication Info
`2) Computer Network ID
`
`USR Receives Access
`Request Including
`
`1) Authentication Info
`2) Computer Network ID
`
`
`
`
`Provide Indication that
`Entity is Denied Access
`
`
`
`
`
`
`Info Valid
`Auth.
`for a User
`9
`
`
`
`Is Entity Authorized
`
`
`to Access the Computer Network
`
`Identified by the ID
`?
`
`
`
`1912
`
`
`
`Allow Communications Between
`the Entity and Secure System
`
`
`FIG. 19
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 17 of 28
`
`US 8,001,055 B2
`
`2002
`
`2004
`
`2006
`
`2008
`
`2010
`
`2014
`
`2016
`
`2000 ~~
`
`Entity Initiates Access Request
`
`Entity Supplies
`Authentication Information
`
`Secure System Receives
`Authentication Information
`
`Secure System Communicates
`Authentication Information to USR
`
`USR Validates
`Authentication Information
`
`Secure System Receives
`Indication from USR
`
`on the Indication
`
`Secure System Grants or
`Denies Access Based
`
`FIG. 20
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 18 of 28
`
`US8,001,055 B2
`
`Responder
`Challenger eo
`Sensor
`2152—interface|
`21965
`
`| Biometric !
`
`2100
`
`tA
`2718
`sagem
`
`2140
`
`2142
`
`
`
`2144
`~. nnaan
`7
`7
`
`| Addititional |||rVo 1! Addititional |
`
`
`
`|Interfoce|} Wireless T/R|
`
`NN—-
`I Wireless T/R|
`
`FIG. 27
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 19 of 28
`
`US8,001,055 B2
`
`202
`
`208
`
`To suetcn
`Periodically
`| Noy
`Communicate with—|
`
`Shutdown
`Device #2
`
`FIG. 22A
`
`| Secure Database| L
`1 Nor
`
`
`
`210
`
`216
`
`214
`
`eeLo LO
`No |.
`Periodically
`|
`(
`| Communicate with;
`Data
`
`Authenticate
`User #2
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 20 of 28
`
`US8,001,055 B2
`
`
`
`Initiate Valid
`Communication Protocol
`
`Yes
`
`220
`
`Transmit First Wireless Signal
`Containing Encrytped Authentication
`Information to Device #2
`
`Authenticate Identity of User #1
`
`Yes
`
`222
`
`226
`
`|
`Transmit Second Wireless Signal
`| Containing Encrytped Authentication |
`|
`Information to Device #1
`|
`
` 218
`
`
`
`
`224
`
`Contact Secure Database
`for Information
`
`Take Appropriate Action
`
`FIG. 22B
`
`

`

`U.S. Patent
`
`Sheet 21 of 28
`
`US 8,001,055 B2
`
`avle
`
`aa<DYOPCI494IO>D}OPI4}yeWOIGpaydKuouaAaySAG
`
`
`
`
`
`ScoIY
`
`Aug. 16, 2011
`
`
`
`
`
`
`
`
`
`>AhoySIGewi}—eUu_CpezdAuous|y¥g‘ePpodsWI}—9UE>~olf\gor
`
`oor
`
`
`
` einyoubis|07!61q>N90£
`
`vOf
`
`oor
`JOpDeH>\zoe
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 22 of 28
`
`US8,001,055 B2
`
`400™
`
`Sense Header #1
`
`Verify Protocol
`
`| Verify/Decrypt Respondent #1
`!
`Digital Signature
`
`|
`!
`
`Authenticate User #1
`
`406
`
`FIG. 24
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 23 of 28
`
`US 8,001,055 B2
`
`520aw
`
`Receive Public ID #1 PKI Encrypted DES
`Key, Encrypted Portion of Biodata
`
`Look Up from ID #1, Public Key #1
`
`522
`
`524
`
`526
`
`528
`
`|
`
`|
`
`Look Up Remainder of
`Biodata Information #1
`
`
`
`Combine Biodata Information to
`Recreate Biodata Information
`
`
`
`536
`
` Process Biodata information
`
`FIG. 25
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 24 of 28
`
`US 8,001,055 B2
`
`620 rw
`
`Receive Public Key ID #1, PKI
`Encrypted DES Key (Optional)
`
`Look Up Public Key #1
`
`628
`
`622
`
`624.
`
`626
`
`|
`
`|J
`
`630 6352
` 6354 656
` 6358
`
`
`I
`|
`
`
`
`
`
`
`
`Generate Non—predictable Code
`From 1D1
`Information (Time—varying)
`
`
`
`Transmit Public ID #1 from Device #2
`to Secure Database
`
`Access with Secure Database at Least
`Portion of Bio Information of Entity #1
`
`Transmit Bio Information of
`Entity #1 to Device #2
`
`Display Bio Information
`
`Process Biodata Information
`
`FIG. 26
`
`

`

`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 25 of 28
`
`US 8,001,055 B2
`
`720 —__.
`
`Private Key of #2
`
`Public Keys of
`Plural 1st Entities
`
`Biodata of #2
`
`Portion of Biodata
`Files of Other Users
`
`722
`
`724
`
`726
`
`728
`
`FIG. 27
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 26 of 28
`
`US 8,001,055 B2
`
`aoct
`
`SWa\shSJ9UIO9Ll
`
`
`1WOd0409
`————==
`
`4J
`
`8¢Old
`
`ysnil
`
`
`
`@01NOSJaMod
`
`cll
`
`wll
`
`901
`
`espqnj}0q
`
`vogt
`
`Obl
`
`W9}ShS
`
`Jossed0id
`
`:
`49}|01,U09
`
`Jo
`
`G01
`
`|
`
`a1euboW
`
`p4o3
`
`Jappey
`
`csi
`
`LZOS!
`
`“Zonaq”JBAIB99%
`
`SS3/31IM
`
`JOSSa001del
`
`L--_.——
`
` I|=|$S@/OUIM
`
`
`JBAIBOSUDAL
`
`|!40}D18Ue5|platyBowfomed
`
`001
`\
`
`me4OSSE00.140}UUSUDALeet
`6cdSSO/O1IM
`
`
`
`ozt
`
`cel
`
`gzt
`
`a
`
`901
`
`WweyskS
`
`SO9DjJ3}U|
`
`Zo”zlagi
`
`JOsuas
`
`
`
`ouewolgDIDIPU]_P4oD
`
`
`
`
`
`rolad1AeqJas()
`
`
`
`
`
`
`
`

`

`262
`264
`
`
`
`
`
`
`
`Simulate Data
`
`266
`
`268
`
`U.S. Patent
`
`Aug.16, 2011
`
`Sheet 27 of 28
`
`US 8,001,055 B2
`
`260—___
`
`Authenticate User
`
`!
`Receive User
`!
`|
`Information
`|
`Loe a
`
`270
`
`FIG. 29
`
`

`

`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 28 of 28
`
`US 8,001,055 B2
`
`SNzoe
`
`See
`
`wee
`
`GOs
`I
`
`ove“ZOL
`
`VOLOW
`
`SNzor
`
`cee
`
`woo
`
`ose
`
`dos
`IU
`
`wee
`
`I0LIO
`
`
`

`

`US 8,001,055 B2
`
`1
`METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application claimspriority under 35 U.S.C. §119(e)to
`each of the following co-pending U.S. provisional patent
`applications: Ser. No. 60/775,046 entitled “METHOD AND
`APPARATUS FOR EMULATING A MAGNETIC STRIPE
`READABLE CARD,”filed Feb. 21, 2006; Ser. No. 60/812,
`279 entitled “UNIVERSAL SECURE REGISTRY,” filed
`Jun. 9, 2006; and Ser. No. 60/859,235 entitled “UNIVERSAL
`SECURE REGISTRY,”filed Nov. 15, 2006 each of which is
`hereby incorporated herein by reference in its entirety.
`
`BACKGROUND OF INVENTION
`
`1. Field of Invention
`Embodiments of the invention generally relate to systems,
`methods, and apparatus for authenticating identity or verify-
`ing the identity of individuals and other entities seeking
`accessto certain privileges and forselectively granting privi-
`leges and providing other services in response to such iden-
`tifications/verifications.
`In addition, embodiments of the
`invention relate generally to systems and methodsfor obtain-
`ing information from and/or transmitting information to a
`user device and, in particular, to systems, methods, and appa-
`ratus that provide for contactless information transmission.
`2. Discussion of Related Art
`
`Control of access to secure systems presents a problem
`related to the identification of a person. An individual may be
`provided access to the secure system after their identity is
`authorized. Generally, access control to secure computernet-
`works is presently provided by an authentication scheme
`implemented, at least partly, in software located on a device
`being employed to access the secure computer network and
`ona server within the secure computer network. For example,
`if a corporation chooses to provide access control for their
`computer network, they may purchase authentication soft-
`warethat includesserver-side software installed ona server in
`
`their computer system and corresponding client-side soft-
`warethat is installed on the devices that are used by employ-
`ees to access the system. The devices may include desktop
`computers, laptop computers, and handheld computers(e.g.,
`PDAsandthelike).
`In practice, the preceding approach has a numberofdisad-
`vantages including both the difficulty and cost of maintaining
`the authentication system andthe difficulty and cost of main-
`taining the security of the authentication system. More spe-
`cifically, the software resides in the corporation’s computers
`where it may be subject to tampering/unauthorized use by
`company employees. That is, the information technology
`team that managesthe authentication system has access to the
`private keys associated with each of the authorized users. As
`aresult, these individuals have an opportunity to compromise
`the security of the system. Further, any modification and/or
`upgrade to the authentication system software is likely to
`require an updateto at least the server-side software and may
`also require an update of the software located on each user/
`client device. In addition, where the company’s computer
`systems are geographically distributed, software upgrades/
`updates may be required on a plurality of geographically
`distributed servers.
`There is also a need, especially in this post September 11
`environment, for secure and valid identification of an indi-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`vidual before allowing the individual access to highly secure
`areas. For example, an FBI agentor an air marshal may need
`to identify themselves to airport security or a gate agent,
`without compromising security. Typically such identification
`may comprise the air marshal or FBI agent showing identifi-
`cation indicia to appropriate personnel. However, there are
`inherent flaws in this process that allow for security to be
`compromised, including falsification of identification infor-
`mation and failureofthe airport security or other personnelto
`not recognize the situation. Of course this process could be
`automated, for example, by equipping airport personnel or
`security with access to a database and requiring the FBI agent
`or air marshal to appropriately identify themselves to the
`database, for example, by again providing identification
`which airport personnel can then enter into the database to
`verify the identity of the person seeking access to a secure
`area. However, this process also has the inherentflawsin it as
`described above. In addition, there may be times whenairport
`security or personnel may not be able to communicate with
`the database to check the identity of the person seeking
`access, for example, when they are not near a computerter-
`minal with access to a database or are carrying a hand-held
`device that does not have an appropriate wireless signal to
`access the database. In addition, there is a need to ensure that
`if such a hand-held device ends up the wrong hands, that
`security is not compromised.
`Systems capable of effectively performing all or some of
`these functions do not currently exist.
`Further, both commercial (e.g., banking networks) and
`non-commercial (e.g., security systems) information systems
`often rely on magnetic card readers to collect information
`specific to a user (e.g., a security code, a credit card number,
`etc.) from a user device (e.g., a transaction card). Credit card
`purchases made in person provide an example of the most
`commontransaction-type that relies on a user device, the
`credit or debit card, which is read by a magnetic card reader.
`User devices that rely on magnetic-stripe based technology
`magnetically store information (e.g., binary information) in
`the magnetic stripe. The magnetic stripe reader provides an
`interface to a larger computerized network that receives the
`user’s information to determine, for example, whether to
`authorize a transaction, to allow the user access to a secure
`area, etc.
`Recently, such devices have seen technological advances
`that increase their capabilities and improvetheir security. For
`example, such devices may now include embedded proces-
`sors, integral biometric sensors that sense one or more bio-
`metric feature (e.g., a fingerprint) of the user, and magnetic
`stripe emulators. As one result, today’s user devices may
`provide greater security by dynamically generating the nec-
`essary information, for example, generating the credit card
`numberat the time of a transaction. Improved security can
`also be provided by such devices because more sophisticated
`authentication schemes can be implemented with the devices.
`In addition, user devices such as transaction cards may now
`also provide for one or more modesof information transmis-
`sion other than transmission via a magnetic stripe/card reader
`combination. For example, user devices that may transmit
`information optically or via radio frequency (“RF”) signal
`transmission to a compatible system interface are now avail-
`able. Further, the architecture of a user device that includes a
`processor is generally compatible with both the improved
`security features described above and the contactless trans-
`mission modessuch as optical and RF signal transmission. As
`a result of the improved security and greater functionality of
`some current user devices, there is a desire to replace mag-
`
`

`

`US 8,001,055 B2
`
`3
`netic-stripe based user devices with devices that include
`formsof information transmission other than the reading ofa
`magnetic-stripe.
`There is, however, a substantial installed base of interfaces
`(for example, at points of sale, at automatic teller machines
`(“ATM”), and the like) that include magnetic card readers
`which are not equipped to receive information from a user
`device in any other format other than from a magnetic stripe.
`Asa result of the cost to replaceorretrofit the installed base,
`efforts to more-widely introduce user devices that do not
`employ magnetic stripe devices have not been developed.
`Because of the potential to substantially reduce fraud, how-
`ever, the further implementation of such devicesis of great
`interest to financial institutions amongothers. RF devices that
`transmit information wirelessly are expected to become much
`more prevalent and at some point, the predominant form of
`information transmission for user authentication based on a
`
`hand-held device, for example, credit card, debit card, drivers
`license, passport, social security card, personalidentification,
`etc. Thus, new and improved methodsfor transitioning from
`apurely magnetic based form of communicationto a wireless
`form of communication are desired.
`
`One current approach that is intended to “transform” a
`smart card for use with a magneticstripe card reader employs
`a “bridge” device. The bridge device requires that the smart
`card be inserted within it. The bridge device includes a slot for
`receiving the smart card, a key pad whereby the user may
`enter information (e.g., a PIN number), and a credit card sized
`extension member. Operation of the bridge device requires
`that the smart card be inserted within it and that an electrical
`contact surface of the smart card engage a similar surface
`within the bridge device before the bridge device (i.e., the
`extension member) can be used with a magnetic card reader.
`Thus, the contactless nature of more advanced information
`transmission systemsis lost with the bridge device becauseit
`does not support wireless signal transmission.
`
`SUMMARYOF INVENTION
`
`There is thus a need for an identification system that will
`enable a person to be accurately identified “identification”
`sometimesbeing used hereinafter to meaneitheridentified or
`verified) and/or authenticated without compromising secu-
`rity, to gain access to secure systems and/orareas. Likewise,
`there is a need for an identification system that will enable a
`personto be identified universally without requiring the per-
`son to carry multiple forms of identification.
`Accordingly, this invention relates, in one embodiment,to
`an information system that may be used as a universal iden-
`tification system and/or usedto selectively provide informa-
`tion about a person to authorized users. Transactions to and
`from a secure database may take place using a public key/
`private key security system to enable users of the system and
`the system itselfto encrypt transaction information during the
`transactions. Additionally, the private key/public key security
`system may be usedto allow users to validate their identity.
`For example, in one embodiment, a smart card such as the
`Secure ID™ card from RSI Security, Inc. may be provided
`with the user’s private key and the USR system’s public key
`to enable the card to encrypt messages being sent to the USR
`system and to decrypt messages from the USR system 10.
`The system or database of the invention may be used to
`identify the person in manysituations, and thus may take the
`place of multiple conventional forms of identification. Addi-
`tionally, the system may enable the user’s identity to be
`confirmedorverified without providing any identifying infor-
`mation aboutthe personto the entity requiring identification.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`This can be advantageous where the person suspects that
`providing identifying information may subject the identify-
`ing information to usurpation.
`Access to the system may be by smart card, such as a
`Secure ID™ card, or any other secure access device. The
`technology enabling the user to present their identity infor-
`mation may be physically embodied as a separate identifica-
`tion device such as a smart ID card, or may be incorporated
`into another electronic device, such as a cell phone, pager,
`wrist watch, computer, personal digital assistant such as a
`Palm Pilot™, key fob, or other commonly available elec-
`tronic device. The identity of the user possessing the identi-
`fying device may be verified at the point of use via any
`combination of a memorized PIN numberor code, biometric
`identification such as a fingerprint, voice print, signature,iris
`or facial scan, or DNA analysis, or any other method of
`identifying the person possessing the device. If desired, the
`identifying device may also be provided with a picture of the
`person authorized to use the device to enhancesecurity.
`According to one embodimentof the invention, a method
`of controlling access to a plurality of secure computer net-
`worksusing a secure registry system located remotely from
`the secure computer networksis disclosed. The secureregis-
`try system includes a database containing selected data of a
`plurality of users each authorized to access at least one of the
`plurality of secure computer networks. The method com-
`prises acts of receiving authentication information from an
`entity at a secure computer network, communicating the
`authentication information to the secure registry system, and
`validating the authentication information at the secure regis-
`try system. The method also includes receiving from the
`secure registry system an indica