`
`US 8,001,055 B2
`(10) Patent No.:
`(12) United States Patent
`
` Weiss (45) Date of Patent: *Aug. 16, 2011
`
`
`(54) METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`
`(76)
`
`Inventor: Kenneth P. Weiss, Newton, MA (US)
`
`3/1992 Weiss
`5,097,505 A
`6155
`a
`a
`gggig 2 @133; $8488
`5,361,062 A
`11/1994 Weiss
`5,367,572 A
`11/1994 Weiss
`5,398,285 A
`3/1995 Borgelt et al,
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 596 days.
`
`EP
`
`(Contmued)
`FOREIGN PATENT DOCUMENTS
`0986209
`3/2000
`
`This patent is subject to a terminal dis-
`claimer.
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`(21) Appl.No.: 11/677,490
`
`(22)
`
`Filed:
`
`Feb. 21, 2007
`
`“FIPS PUB 46-3.” Oct. 25, 1999. National Institute of Science and
`Technology (NIST). All pages.*
`
`(65)
`
`Prior Publication Data
`
`(Continued)
`
`US 2007/0198436 A1
`
`Aug. 23: 2007
`
`Related US Application Data
`(60) Provisional application No. 60/775,046, filed on Feb.
`21, 2006, provisional application No. 60/812,279,
`filed on Jun. 9, 2006, provisional application No.
`60/859,235, filed on Nov. 15, 2006.
`
`(51)
`
`Int. Cl'
`(200601)
`G08Q 20/00
`(52) U'S' Cl' “““ 705/76; 713/186; 1314/4804; 382/128;
`382/129; 382/187
`(58) Field of Classification Search ..................... 705/76
`See application file for complete search history.
`_
`References Clted
`
`(56)
`
`U‘S' PATENT DOCUMENTS
`jagggaggg :
`$151333 we!”
`.
`,
`,
`6155
`4,885,778 A
`12/1989 Weiss
`,
`,
`4 998 279 A
`3/1991 Weiss
`5,023,908 A
`6/1991 Weiss
`5,058,161 A
`10/1991 Weiss
`
`Primary Examiner 7 Andrew J. Fischer
`Assistant Examiner 7 Calvin K Cheung
`(74) Attorney, Agent, or Firm 7 Lando & Anastasi, LLP
`
`ABSTRACT
`(57)
`According to one aspect, the invention provides a system for
`validating an identity of a user to enable or prevent an occur-
`rence of an event. In one embodiment, the system includes a
`first device including a wireless transmitter which is config-
`ured to transmit validation information, a second device
`including a wireless receiver, where the second device is
`configured to receive the validation information and further
`transmit the validation information; and a secure system in
`communication with the second device. According to one
`embodiment, the secure system includes a database. In a
`further embodiment,
`the secure system is configured to
`receive the validation information transmitted from the sec-
`ond device, and to transmit additional information to the
`second device following a receipt of the validation informa-
`1011 to a551st the second dev1ce 1n e1ther enablm or
`revent-
`t'
`.
`.
`.
`.
`.
`.
`g
`p
`mg the occurrence of the event.
`
`31 Claims, 28 Drawing Sheets
`
`218
`
`220
`
`222
`
`226‘
`
`Apple 1004
`Apple 1004
`
`
`
`“mum in re oco
`2m
`C
`Inlljal: Vagd t
`|
`_,
`
`
`
`Responder
`challenger /
`j m
`L...
`4
`_________
`containing Encrytpad Authentication
`
`“524.1112?3?.
`2’35\
`Transmit First var-4m Signal
`Infarmution to Daviu #2
`I Elumetrlc I
`
`
`
`
`2154
`21:2
`L__SEEE°I.-1
`LEEEEZLJ
`l
`zisofi'a‘j;
`‘
`,
`,,,,,,,,,,,,,,
`:52}777777
`fiiiéfil
`film}
`Authenticate identity oi User #1
`1 No
`L,,,,,,,,
`V0!
`l
`
`wxrai
`P
`I
`
`
`”'5
`cl m3“
`“ ”m”
`f"Wags-53:?§;a;.i'w7a'.;;’s’i§;a"i/
`i
`
`
`
`
`"m”
`m
`2’”
`1_ff?‘."l§'€o§w?§§£"§5PETE-35359151,-
`i
`
`
`
`2115
`2124
`1
`1
`mm
`mm,
`3N0 Ir----------------------------1
`
`
`
`2135
`2140
`L774
`Authenticate Identity oi User #2
`E
`Power Source
`Power Source
`J
`zuzx________
`___43114
`2154
`F Addititionui j
`FTEQ%;'HT Addltltionnl 1‘
`£19.15;
`L"‘r"‘L."fl’."l¥f.Il’3J
`
`
`
`
`2146
`Network
`~
`_T
`
`SW”
`Databas-
`21“
`
`Takl Apprwriut. Action
`
`<—
`
`j
`
`2110/
`
`\2112
`
`24
`
`
`
`US 8,001,055 B2
`
`Page 2
`
`'
`
`................... 600/26
`
`US. PATENT DOCUMENTS
`5,479,512 A
`12/1995 Weiss
`5485 519 A
`1/1996 W'
`5,657,388 A
`8/1997 We!“
`1
`5664109 A
`9/1997 J film”
`,
`,
`0
`50“ et a~
`5,813,006 A
`9/1998 Polnerow et a1.
`5 915 023 A
`6/1999 B
`t
`.
`6,073,106 A
`6/2000 Rem eltn31
`,
`,
`OZ?“ 6
`6,130,621 A
`10/2000 We1ss
`.
`6,253,202 B1
`6/2001 Gllmour
`,
`6,253,203 B1
`6/2001 0 Flaherty et al.
`7/2001 Schneck et a1.
`6,260,039 B1
`.
`6,308,203 B1
`10/2001 Itabashl et al.
`6,309,342 B1 * 10/2001 Blazey et al.
`6393421 B1
`5/2002 P 1.
`5
`a
`6,516,315 B1
`”003 Gigi:
`6,546,005 B1
`4/2003 Berkley et 31.
`6,581,059 B1
`6/2003 Barrett et a1.
`6,640,211 B1
`10/2003 Holden
`6,658,400 B2
`12/2003 Perell et a1.
`................... 340/552
`6,819,219 B1* 11/2004 Bolle et a1.
`6,845,448 B1
`1/2005 Chaganti et a1.
`6,941,271 B1
`9/2005 Soong
`7,237,117 B2
`6/2007 Weiss
`7,249,112 B2
`7/2007 Berardi et al.
`7,278,026 B2
`10/2007 McGowan
`7,489,781 B2
`2/2009 Klassen et 3L
`775025459 131*
`3/2009 Moseley
`7,548,981 Bl
`6/2009 Taylif 6t 3L 1~ ~~~~~~~~~~~~~~~~ 709/227
`7’571’139 B1
`8 2009 G10r ano eta '
`7,657,639 B2
`2/2010 H1nton
`.
`4/2010 B1shop et a1.
`7,705,732 B2
`10/2001 Mahmud et al.
`2001/0032100 A1
`“/2001 Uchida
`2001/0044900 A1
`4/2002 Wright et a1.
`2002/0046061 A1
`7/2002 Fujiwara et 31,
`2002/0090930 A1
`382/118
`2002/0176610 A1* 11/2002 Okazaki et a1.
`2002/0178364 A1* 11/2002 Weiss ............................ 713/ 182
`2003/0115490 A1
`6/2003 Russo et al.
`ggggéggggég 2%:
`$388; Sengl ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Egg/411i?
`2003/0163710 A1*
`8/2003 01:33 tml"""""""""""" 713/186
`12 e a ' """"""""""
`2003/0226041 A1
`12/2003 Palmer et al.
`2004/0017934 A1
`1/2004 Kocher
`2004/0034771 A1
`2/2004 Edgett et a1.
`2004/0059923 A1 *
`3/2004 ShamRao ..................... 713/186
`2004/0111625 A1
`6/2004 Duffy et 31.
`2004/0117215 A1
`6/2004 Marchosky
`2004/0117302 A1
`6/2004 Weichert et a1.
`2004/0133787 A1
`7/2004 Doughty
`2004/0151351 A1
`8/2004 Ito
`2004/0188519 A1 *
`9/2004 Cassone ........................ 235/382
`2004/0236699 A1
`11/2004 Beenau et 31'
`2005/0001711 A1
`“2005 Doughty et 31'
`2005/0039027 A1
`2/2005 Shaplro
`2005/0187843 A1
`8/2005 Lapsley et a1.
`
`
`
`2005/0210270 A1*
`2005/0235148 A1
`2005/0238208 A1
`2006/0016884 A1
`2006/0104486 A1
`2006/0122939 A1 *
`
`................ 713/186
`
`9/2005 Rohatgi et a1.
`10/2005 Scheldt et al.
`10/2005 S1m
`1/2006 Block et al.
`5/2006 Le Saint et a1.
`6/2006 Cohen et a1.
`.................... 705/59
`
`2006/0165060 A1
`2006/0256961 A1
`2007/0040017 A1 *
`2007/0079136 A1
`2007/0124597 A1
`2007/0186105 A1
`2008/0021997 A1
`2008/0212848 A1
`
`7/2006 Dua
`11/2006 Brainard et a1.
`2/2007 Kozlay .......................... 235/380
`-
`-
`4/2007 V1sh1k et al.
`-
`5/2007 Bedlngfield
`-
`8/2007 Balley et al.
`-
`1/2008 H1nton
`*
`9/2008 Doyle ........................... 382/115
`-
`-
`*
`11/2008 R1fa1 ..
`.. 705/44
`2008/0275819 A1
`
`*
`6/2009 Sacco
`726/6
`2009/0144814 A1 *
`7/2009 Schaffner ...................... 382/117
`2009/0175507 A1
`FOREIGN PATENT DOCUMENTS
`*
`
`EP
`GB
`W0
`WO
`W0
`
`1081632 A1
`2 382 006
`1992007436
`1996036934
`2002014985
`
`7/2001
`5/2003
`4/1992
`ll/l996
`20002
`
`OTHER PUBLICATIONS
`“PGP: An Introduction to Cryptography.” 2000. All pages.*
`International Search Report
`from corresponding PCT/US2007/
`070701 mailed Mar. 11, 2008.
`International Search Report from co-pending PCT Application No.
`.
`PCT/US2007/004646 malled Nov. 27, 2007.
`K 1 G “AnO
`.
`fC
`h ”22A 22 2002 A11
`3” er,
`~_
`Yemew 0 WPFOng Y
`11%
`,
`~
`pages. Retrlved ylaWayback Mach1ne on Jan. 19, 2010. http://WWW.
`garykesslerneflllbrary/crypto.html.
`Pabrai, U. “Biometrics for PC-User Authentication: A Primer” Feb.
`1, 2001. Access Controls & Security Systems. All pages. <http://
`www.securitysolutions.com/mag/securityibiometricsipcuseriau-
`thentication/index.html>.
`“Information Security: Challenges in Using Biometrics” Sep. 9,
`2003. All pages. <http://Www.gao.gov/new.items/d031137t.pdf>.
`Huntington, G. “101 Things to Know About Single Sign On.” 2006.
`.
`.
`.
`.
`.
`Authentlcatlon World. All pages. <http.//Www.authent1cat10nworld.
`m/
`.
`1
`.
`th
`.
`.
`/
`Sl_ng e'SIgn'On'Au émlcafion
`00
`_
`_
`10}Things“)KHOWAbOUtSmglesignOn~Pdf>~
`Slngle Slgn on Authentlcatlon Mar. 13, 2007. Authentlcatlon
`World. All pages. Retrieved Jul. 9, 2010 Via Wayback Machine.
`<http://Web.archiworg/web/20070313200434/http://WWW.
`authenticationworld.com/Single-Sign-On-Authentication/>.
`International Search Report from PCT/US2009/035282 mailed Jul.
`10, 2009.
`Treasury Board of Canada Secretariat, PKI for Beginners Glossary,
`http://www.tbs-sct.gc.ca/pki-icp/beginners/glossary-eng.asp.
`
`* cited by examiner
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 1 0f 28
`
`US 8,001,055 B2
`
`12
`
`22
`
`18
`
`USR
`Software
`
`U ser
`Interface
`
`/10
`
`Wide
`Area
`Network
`
`.
`
`Universal Secure
`
`Registry
`
`—.
`
`—.
`
`Person No. n
`
`FIG.
`
`7
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 2 0f 28
`
`US 8,001,055 B2
`
`10
`
`Computer Computer Computer
`Module
`
`USR System
`
`Computer Computer Computer
`Module
`
`27
`
`27
`
`Interface
`Center
`
`Interface '
`Center
`
`27
`
`Wide Area Network
`
`Interface
`Center
`
`Interface
`Center
`
`Interface
`Center
`
`|nterface
`Center
`
`27
`
`27
`
`27
`
`FIG. 2
`
`
`
`U.S. Patent
`
`uA
`
`mM3
`
`US 8,001,055 B2
`
`0m.
`
`mmmguu<o_no__o>< 1comgoamcozoctot:cozoELot:M,
`
`
`
`g323?.
`
`mmooo<
`
`830.585
`
`8202:;
`
`839585
`
`9‘3‘
`
`NV
`
`m.GE
`
`way5:8:833
`
`wcozoctohgcofioELSE
`0V 5:05.85
`.no:
`
`P02
`
`6282
`
`cofioctovFE
`
`28:86
`
`35o26
`
`_o_ococ_.._
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 4 0f 28
`
`US 8,001,055 B2
`
`Medical
`Public
`Information Information
`
`Financial
`Information
`
`Computer Computer
`Module
`Module
`
`Computer
`Module
`
`USR System
`
`Job
`Address
`Information Application
`Computer
`Computer
`Module
`Module
`
`Tax
`Information
`
`Computer
`Module
`
`Wide Area Network
`
`Public
`Information
`Interface
`Centers
`
`Medical
`Information
`Interface
`Centers
`
`Tax .
`Information
`lnterfa ce
`Centers
`
`Job Application
`Information
`Interface
`Centers
`
`
`
`Financial
`Information
`Interface
`Centers
`
`Address
`Information
`Interface
`Centers
`
`FIG. 4
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 5 0f 28
`
`US 8,001,055 B2
`
`Train the Database
`
`Validate Person's
`Identification
`
`
`
`500
`
`
`
`
`502
`
` No
`
`
`
`Does
`
`Person Have Rights to
`Enter Data
`9
`
`
`
`Enable Person to Enter
`Basic Personal Data
`
`Person Have Right to
`Enter Additional Data
`?
`
`Yes
`
`508
`
`Enable Person to Enter
`Advanced Personal Data
`
`5
`
`10
`
`
`
`
`
`Enable Person to Specify Access
`to Advanced Personal Data
`
`Return
`
`512
`
`FIG. 5
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 6 0f 28
`
`US 8,001,055 B2
`
`600
`
`Enable Access to
`
`Basic Personal Data
`
` ls
`No
`Additional Information
`
`Requested
`
`9
`
`
`
`
`ls Person
`
`Does Requestor
`
`Participating in
`Have Rights to Access
`
`
`Transaction
`Type of Requested
`
`
`Data ?
`
`
`
`
`
`
`Validate Person's
`Identity
`
`Enable Person to
`
`Change Access
`Rights to Data
`
` Does Requestor
`
`Have Rights to Access
`Type of Requested
`Data ?
`
`
`
`
`
`505
`
`610
`
`Cause USR to Enable
`Access to Type of
`Requested Data
`
`Return
`
`
`FIG. 6
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 7 0f 28
`
`US 8,001,055 B2
`
`700
`
`702
`
`704
`
`706
`
`708
`
`710
`
`712
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to Credit
`
`Card Company
`
`(3) Amount of Purchase
`
`(1) Code from Secure ID
`(2) Store Number
`
`Credit Card Company
`Sends Code to USR
`
`USR Determines if Code is Valid, and if
`Valid Accesses User’s Credit Card
`Information and Transmits Credit Card
`
`Number to Credit Card Company
`
`Credit Card Company Checks
`Credit Worthiness and Declines
`
`Transfers $ to Merchant’s Account
`
`Card or Debits User's Account and
`
`000 Notifies Merchant of
`Result of Transaction
`
`FIG. 7
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 8 0f 28
`
`US 8,001,055 B2
`
`800
`
`802
`
`804
`
`806
`
`808
`
`810
`
`812
`
`814
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Credit Card
`
`Information and Transmits to CCC
`
`(1) Credit Card Number
`(2) Store Number
`(3) Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User’s Account
`
`CCC Notifies USR of
`Result of Transaction
`
`USR Notifies Merchant of
`Result of Transaction
`
`FIG. 8
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 9 0f 28
`
`US 8,001,055 B2
`
`900
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`User Initiates Purchase and
`Writes Check to Merchant
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Bank
`Information and Transmits to Bank
`
`(1) Bank Account Number
`(2) Store Number
`(3) Amount of Purchase
`
`
`
`Bank Checks Account Balance
`
`to Verify Availability of Funds
`
`Bank Notifies USR of
`Result of Verification
`
`USR Notifies Merchant of
`Result of Verification
`
`FIG. 9
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 10 0f 28
`
`US 8,001,055 B2
`
`User Initiates Anonymous Purchase
`by Entering Secret Code in Secure
`ID and Transmitting Result to
`On—Line Merchant
`
`3 Amount of Purchase
`
`Merchant Transmits to USR
`
`(1) Code from Secure ID
`2 Store Number
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to CCC:
`
`(1) Credit Card Number
`2 Store Number
`3 Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User’s Account
`
`CCC Notifies USR
`of Result of Transaction
`
`1000
`
`1002
`
`1004
`
`1006
`
`1008
`
`1010
`
`1014
`
`If Credit Declined,
`USR Notifies Merchant
`
`1012
`
`1016
`
`If Credit Accepted, USR
`Accesses Address Code
`
`with Address Code
`
`and Provides Merchant
`
`Merchant Labels Package
`with Address Code and Ships
`
`FIG. 10
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 11 0f 28
`
`US 8,001,055 B2
`
`User Provides Address
`Code on Public Area
`
`User Provides Address Information
`in Address Area of USR
`
`Person Places Public Code
`on Parcel
`to be Mailed
`
`Post Office Accesses USR
`to Retrieve Address Information
`
`1100
`
`1102
`
`1104
`
`1106
`
`1108
`
`1110
`
`to
`Post Office Delivers Parcel
`Address in Address Area of USR
`
`Post Office Prints Bar Code
`on Parcel
`to Automate
`Delivery of Parcel
`to Address
`in Address Area of USR
`
`
`
`FIG.
`
`11
`
`User Provides Telephone
`Code on Public Area
`
`1200
`
`1202
`
`1204
`
`1206'
`
`
`
`User Provides Telephone Information
`in Telephone Area of USR
`
`Person Dials USR Phone Number and
`
`Enters Telephone Code for User
`
`USR Connects Person to Telephone
`Number Without Providing User
`Person with Telephone Number
`
`FIG. 12
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 12 0f 28
`
`US 8,001,055 B2
`
`Do:
`
`No:
`
`V03
`
`be:
`
`no:
`
`
`
`
`
`
`
`ESE:EEEtovco“mot/w..6»,3:233
`
`3GE
`
`Low: m,“GE
`
`m>oLn_3waEmfiE
`
`5:50:0138508552
`
`
`
`o>oi3man—tog:meD
`
`862?38385202
`
`9830mmE300“Room93cm5w:
`
`9EsoomE300yobow23cmLow:
`
`
`
`mm:3mtEmcE...coEoo__0n_
`
`n:EsoomEototoo
`
`
`
`mm:8£58:332:;
`
`n:oSommEotwuoo
`
`26>288x85,538mm:
`
`20>m_$8:85,538mm:
`
`/No.2
`
`Ooh.“
`
`$92
`
`mom.“
`
`men.“
`
`
`
`
`
`:aoLmBocm98m:mmmmmoo<mm:
`
`
`
`cozoELouFEEooommo__0n_uco5:05.85
`
`3:52B858%;3coEco__on_3mtEwcPFuco
`
`.620:99308D89321ANV
`
`
`
`9533330moLoam$90on0261A3
`
`
`
`caEmBgmMam:mommmoo<mm:
`
`3:52Bcozooczo>3Logo—36>3mtEmcE...ucocozoEgoE.
`
`.6201m:9.208yo830EANV
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 13 of 28
`
`US 8,001,055 B2
`
`00.3
`
`No.3
`
`+93
`
`.093
`
`man.
`
`
`
`
`
`cozoozaa<m.._om3mommooo<mm:
`
`
`
`m_n_o__o><3_Emco._._.ncocozoctohE
`
`
`
`m30_ano.65m:3coZuctova
`
`Low:05.5tozmmcocofioozaad‘co
`
`m“.0:
`
`.563 .0N.QE
`
`
`
`3cmEtoa<.5:35do“,0L35%?38:30
`
`ou_>o._n_33:30Low:
`
`ban.3838552
`
`
`
`0.930mmE300301.com23cm5m:
`
`9930mm5$00“Boom232m5m:
`
`E9:230mm:3mtEmcE...8m:
`
`
`
`300cozoozaa<.2590.58m
`
`wuoomm:3mtEchF3.61
`
`0.80Atom2.6n:BaoowEot
`
`26>m_38Lam::35553mm:
`
`26>238a3555memm:
`
`/News
`
`00.2
`
`$02
`
`won.
`
`mom.N
`
`
`
`
`
`cozoELOVFEmmwm:mwwmooo<mm:
`
`
`
`thmcE...UcomvooAnton.3mEEooo<3.613m_no__o><
`
`
`
`xtom3cozoELSEm_no__o><
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 14 0f 28
`
`US 8,001,055 B2
`
`10
`
`
`
`USR System
`
`Lop Top
`Computer
`
`
`
`Electronic
`
`Device
`
`Automobile
`
`FIG. 17
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 15 0f 28
`
`US 8,001,055 B2
`
`1802
`
`1802
`
`1802
`
`r4 r4
`
`
`
`| Access |
`| Access |
`I
`.
`I
`|
`.
`|
`I DeVIce I
`I DeVIce I
`I
`I
`I
`I
`
`1801
`L__$__J
`L__$__J
`
`L __________ ¢ __________
`
`
`1800
`
`/
`
`10
`
`USR System
`
`
`
`
`
`1804
`
`1804
`
`1 04
`
`1804
`
`Fl
`
`. 18A
`
`1804
`
`[1802
`
`1802
`
` L______J
`
`USR System
`
`FIG. 188
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 16 0f 28
`
`US 8,001,055 B2
`
`1900\ 1902
`
`Entity Initiates Access Request
`
`
`
`1914
`
`Provide Indication that
`
`Entity is Denied Access
`
`
`
`Entity Supplies
`1) Authentication Info
`2) Computer Network ID
`
`USR Receives Access
`
`Request Including
`
`1) Authentication Info
`2) Computer Network ID
`
`
` ls
`Auth.
`Info Valid
`
`for a User
`
`9
`
`
`
`
`ls Entity Authorized
`
`to Access the Computer Network
`
`Identified by the ID
`
`
`
`
`
`
`1912
`
`Allow Communications Between
`
`the Entity and Secure System
`
`
`
`FIG. 79
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 17 0f 28
`
`US 8,001,055 B2
`
`2002
`
`2004
`
`2006
`
`2008
`
`2010
`
`2014
`
`2016
`
`2000 \
`
`Entity Initiates Access Request
`
`Entity Supplies
`Authentication Information
`
`Secure System Receives
`Authentication Information
`
`Secure System Communicates
`Authentication Information to USR
`
`USR Validates
`Authentication Information
`
`Secure System Receives
`Indication from USR
`
`Secure System Grants or
`Denies Access Based
`
`on the Indication
`
`FIG. 20
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 18 0f 28
`
`US 8,001,055 B2
`
`Responder
`
`2’52‘rTn—tEFfEEEW
`
`Challenger /
`
`2100
`
`I_ __________ _l
`
`Wireless
`
`T/R
`
`2118
`
`M—mory
`2138—
`2142\
`| Addititional—:
`I
`I Wireless T/R :
`I_ __________ _l
`
`Secure
`Database
`
`2140
`\‘II Addititional_I
`l_lnterface II
`I_ ______ _ll Wireless T/R i
`
`FIG. 27
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 19 0f 28
`
`US 8,001,055 B2
`
`
`
`Authenticate
`
`User #1
`
`Yes
`
`
`
`
`
`202
`
`208
`
`206'
`
`204
`
`i___P_e?E,EE:Efiy"i No.r
`'Communicate withi—i
`3525199399.ng
`
`L _________ J
`
`7
`
`Data
`
`Shutdown
`
`Device #1
`
`
`
`210
`
`216
`
`214
`
`
`No r‘——P——fai‘fi—zNo F__[____—l
`
`:
`Delete
`I
`i
`er|o_ 'Cc' y ,
`I
`{Communicate With:—:
`Data
`:
`L§§EEC9__DEE‘le_SEJ
`I_ _________ J
`
`212
`
`Shutdown
`Device #2
`
`
`
`
`
`Authenticate
`User #2
`
`Yes
`
`
`
`FIG. 22A
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 20 0f 28
`
`US 8,001,055 B2
`
`218
`
`Initiate Valid
`Communication Protocol
`
`Yes
`
`220
`
`
`Transmit First Wireless Signal
`Containing Encrytped Authentication
`Information to Device ,2
`
`Authenticate Identity of User #1
`
`
`
`
` 222
`
`
`
`/226
`
`I
`Transmit Second Wireless Signal
`:—
`I Containing Encrytped Authentication I
`L
`Information to Device #1
`I
`
`Contact Secure Database
`for Information
`
`Take Appropriate Action
`
`230/
`
`224
`
`FIG. 223
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 21 0f 28
`
`US 8,001,055 B2
`
`
`
`onxmmooEzlocovmyaboco21.0300oEzlocov//QR.//%oh
`
`
`
`
`
`4/8n
`
`93.2%6:99/8»
`
`Qgfliv
`
`VON
`
`LovooIv
`
`//N9m.
`
`
`
`ABow9350vBowoEoEoEUBQCocm>3mmo
`
`\in.
`
`\NR.
`
`MNSt
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 22 0f 28
`
`US 8,001,055 B2
`
`400
`
`\
`
`Sense Header #1
`
`Verify Protocol
`
`: Verify/Decrypt Respondent #1
`:
`Digital Signature
`
`i
`:
`
`Yes
`
`|
`|Verify/Decrypt One—time Code
`|_ ________________________ _l
`
`/ 404
`
`|
`
`:|
`
`
`
`Authenticate User #1
`
`406
`
`FIG. 24
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 23 0f 28
`
`US 8,001,055 B2
`
`520\
`
`522
`
`Receive Public ID #1 PKI Encrypted DES
`Key, Encrypted Portion of Biodata
`
`Look Up from ID #1, Public Key #1
`
`524
`
`526'
`
`528
`
`Look Up Remainder of
`Biodata Information #1
`
`
`
`i
`:
`
`Combine Biodata Information to
`Recreate Biodata Information
`
`I
`:
`
`
`
`536
`
` Process Biodata information
`
`FIG. 25
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 24 0f 28
`
`US 8,001,055 B2
`
`620
`
`\ Receive Public Key ID #1, PKI
`Encrypted DES Key (Optional)
`
`Look Up Public Key #1
`
`622
`
`624
`
`626
`
`628 Determine Whether ID #2 Has Right
`
`Transmit Public ID #2 Information
`to Secure Database
`
`to Access Secure Database
`
`F___ELEEFJt;_fiSH—_préii_c15&3_65d_e_"—1
`From |D1 Information (Time—varying)
`:
`L ______________________________ J
`
`
`
`
`
`
`
`
`
`Transmit Public ID #1 from Device #2
`to Secure Database
`
`
`
`Access with Secure Database at Least
`
`Portion of Bio Information of Entity #1
`
`Transmit Bio Information of
`
`Entity #1 to Device #2
`
`Display Bio Information
`
`Process Biodata Information
`
`FIG. 26
`
`6.30
`
` 632
` 634
` 636
` 6.38
`
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 25 0f 28
`
`US 8,001,055 B2
`
`720
`
`\
`
`722
`
`724
`
`726
`
`728
`
`Private Key of #2
`
`Public Keys of
`Plural 1st Entities
`
`Biodota of #2
`
`Portion of Biodota
`Files of Other Users
`
`FIG. 27
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 26 of 28
`
`US 8,001,055 B2
`
`02\
`
`Ns
`u
`
`V
`h
`N
`
`003
`
`a$3300
`
`VON“
`
`o:
`
`NON“
`
`Eon—9m
`
`LowmoooLn.
`
`.6
`
`16:95:00
`
`.02
`
`Qua
`
`
`
`wEoymxm.650
`
`m:
`
`m:
`
`_Lmuomm
`
`ozocmoz
`
`Boo
`
`__n
`
`fl|||||||||._ito;38LJ
`
`mN6E
`
`2”:8:
`
`LOH0.5:00
`
`329:3
`
`8200mm
`
`Ewymxw
`
`mmoot3c_
`
`VS
`
`NS
`
`ma
`
`*3
`
`oh.“
`
`8300Em:
`
`Lommmooki
`
`329:3
`
`EEEchF
`
`llllllllllLH
`
`QEoEoE
`
`Low:8
`
`
`
`OULDOM1.0301
`
`mNu
`
`AN“
`
`mN.
`
`mm.“
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Aug. 16, 2011
`
`Sheet 27 0f 28
`
`US 8,001,055 B2
`
`262
`
`260\
`
`
`
`
`
`
`
`
`
`
`264
`
`266
`
`268
`
`
`
`Simulate Data
`
`Authenticate User
`
`
`
`:
`Receive User
`:
`I
`Information
`I
`|_ __________________ _l
`
`270
`
`
`
`U.S. Patent
`
`Aug. 16, 2011
`
`Sheet 28 of 28
`
`US 8,001,055 B2
`
`*hn.
`
`Gem,GE mom,GE
`
`NV»./NR.
`
`
`
`«Gm,.91...
`
`/«on
`
`NMH.
`
`Run.
`
`0mm.
`
`4/won
`
`
`
`Den..0:
`
`\
`
`\D“““““““4‘
`
`who
`
`
`
`
`
`US 8,001,055 B2
`
`1
`METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority under 35 U.S.C. §1 19(e) to
`each of the following co-pending US. provisional patent
`applications: Ser. No. 60/775,046 entitled “METHOD AND
`APPARATUS FOR EMULATING A MAGNETIC STRIPE
`READABLE CARD,” filed Feb. 21, 2006; Ser. No. 60/812,
`279 entitled “UNIVERSAL SECURE REGISTRY,” filed
`Jun. 9, 2006; and Ser. No. 60/859,235 entitled “UNIVERSAL
`SECURE REGISTRY,” filed Nov. 15, 2006 each of which is
`hereby incorporated herein by reference in its entirety.
`
`BACKGROUND OF INVENTION
`
`1. Field of Invention
`
`Embodiments of the invention generally relate to systems,
`methods, and apparatus for authenticating identity or verify-
`ing the identity of individuals and other entities seeking
`access to certain privileges and for selectively granting privi-
`leges and providing other services in response to such iden-
`tifications/verifications.
`In addition, embodiments of the
`invention relate generally to systems and methods for obtain-
`ing information from and/or transmitting information to a
`user device and, in particular, to systems, methods, and appa-
`ratus that provide for contactless information transmission.
`2. Discussion of RelatedArt
`
`Control of access to secure systems presents a problem
`related to the identification of a person. An individual may be
`provided access to the secure system after their identity is
`authorized. Generally, access control to secure computer net-
`works is presently provided by an authentication scheme
`implemented, at least partly, in software located on a device
`being employed to access the secure computer network and
`on a server within the secure computer network. For example,
`if a corporation chooses to provide access control for their
`computer network, they may purchase authentication soft-
`ware that includes server-side software installed on a server in
`
`their computer system and corresponding client-side soft-
`ware that is installed on the devices that are used by employ-
`ees to access the system. The devices may include desktop
`computers, laptop computers, and handheld computers (e.g.,
`PDAs and the like).
`In practice, the preceding approach has a number of disad-
`vantages including both the difficulty and cost of maintaining
`the authentication system and the difficulty and cost of main-
`taining the security of the authentication system. More spe-
`cifically, the software resides in the corporation’s computers
`where it may be subject to tampering/unauthorized use by
`company employees. That is, the information technology
`team that manages the authentication system has access to the
`private keys associated with each of the authorized users. As
`a result, these individuals have an opportunity to compromise
`the security of the system. Further, any modification and/or
`upgrade to the authentication system software is likely to
`require an update to at least the server-side software and may
`also require an update of the software located on each user/
`client device. In addition, where the company’s computer
`systems are geographically distributed, software upgrades/
`updates may be required on a plurality of geographically
`distributed servers.
`
`There is also a need, especially in this post September 11
`environment, for secure and valid identification of an indi-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`vidual before allowing the individual access to highly secure
`areas. For example, an FBI agent or an air marshal may need
`to identify themselves to airport security or a gate agent,
`without compromising security. Typically such identification
`may comprise the air marshal or FBI agent showing identifi-
`cation indicia to appropriate personnel. However, there are
`inherent flaws in this process that allow for security to be
`compromised, including falsification of identification infor-
`mation and failure ofthe airport security or other personnel to
`not recognize the situation. Of course this process could be
`automated, for example, by equipping airport personnel or
`security with access to a database and requiring the FBI agent
`or air marshal to appropriately identify themselves to the
`database, for example, by again providing identification
`which airport personnel can then enter into the database to
`verify the identity of the person seeking access to a secure
`area. However, this process also has the inherent flaws in it as
`described above. In addition, there may be times when airport
`security or personnel may not be able to communicate with
`the database to check the identity of the person seeking
`access, for example, when they are not near a computer ter-
`minal with access to a database or are carrying a hand-held
`device that does not have an appropriate wireless signal to
`access the database. In addition, there is a need to ensure that
`if such a hand-held device ends up the wrong hands, that
`security is not compromised.
`Systems capable of effectively performing all or some of
`these functions do not currently exist.
`Further, both commercial (e.g., banking networks) and
`non-commercial (e.g., security systems) information systems
`often rely on magnetic card readers to collect information
`specific to a user (e. g., a security code, a credit card number,
`etc.) from a user device (e.g., a transaction card). Credit card
`purchases made in person provide an example of the most
`common transaction-type that relies on a user device, the
`credit or debit card, which is read by a magnetic card reader.
`User devices that rely on magnetic-stripe based technology
`magnetically store information (e.g., binary information) in
`the magnetic stripe. The magnetic stripe reader provides an
`interface to a larger computerized network that receives the
`user’s information to determine, for example, whether to
`authorize a transaction, to allow the user access to a secure
`area, etc.
`Recently, such devices have seen technological advances
`that increase their capabilities and improve their security. For
`example, such devices may now include embedded proces-
`sors, integral biometric sensors that sense one or more bio-
`metric feature (e. g., a fingerprint) of the user, and magnetic
`stripe emulators. As one result, today’s user devices may
`provide greater security by dynamically generating the nec-
`essary information, for example, generating the credit card
`number at the time of a transaction. Improved security can
`also be provided by such devices because more sophisticated
`authentication schemes can be implemented with the devices.
`In addition, user devices such as transaction cards may now
`also provide for one or more modes of information transmis-
`sion other than transmission via a magnetic stripe/card reader
`combination. For example, user devices that may transmit
`information optically or via radio frequency (“RF”) signal
`transmission to a compatible system interface are now avail-
`able. Further, the architecture of a user device that includes a
`processor is generally compatible with both the improved
`security features described above and the contactless trans-
`mission modes such as optical and RF signal transmission. As
`a result of the improved security and greater functionality of
`some current user devices, there is a desire to replace mag-
`
`
`
`US 8,001,055 B2
`
`3
`netic-stripe based user devices with devices that include
`forms of information transmission other than the reading of a
`magnetic-stripe.
`There is, however, a substantial installed base of interfaces
`(for example, at points of sale, at automatic teller machines
`(“ATM”), and the like) that include magnetic card readers
`which are not equipped to receive information from a user
`device in any other format other than from a magnetic stripe.
`As a result of the cost to replace or retrofit the installed base,
`efforts to more-widely introduce user devices that do not
`employ magnetic stripe devices have not been developed.
`Because of the potential to substantially reduce fraud, how-
`ever, the fur‘ther implementation of such devices is of great
`interest to financial institutions among others. RF devices that
`transmit information wirelessly are expected to become much
`more prevalent and at some point, the predominant form of
`information transmission for user authentication based on a
`
`hand-held device, for example, credit card, debit card, drivers
`license, passport, social security card, personal identification,
`etc. Thus, new and improved methods for transitioning from
`a purely magnetic based form of communication to a wireless
`form of communication are desired.
`
`One current approach that is intended to “transform” a
`smart card for use with a magnetic stripe card reader employs
`a “bridge” device. The bridge device requires that the smart
`cardbe inserted within it. The bridge device includes a slot for
`receiving the smart card, a key pad whereby the user may
`enter information (e.g., a PIN number), and a credit card sized
`extension member. Operation of the bridge device requires
`that the smart card be inserted within it and that an electrical
`
`contact surface of the smart card engage a similar surface
`within the bridge device before the bridge device (i.e., the
`extension member) can be used with a magnetic card reader.
`Thus, the contactless nature of more advanced information
`transmission systems is lost with the bridge device because it
`does not support wireless signal transmission.
`
`SUMMARY OF INVENTION
`
`There is thus a need for an identification system that will
`enable a person to be accurately identified (“identification”
`sometimes being used hereinafter to mean either identified or
`verified) and/or authenticated without compromising secu-
`rity, to gain access to secure systems and/or areas. Likewise,
`there is a need for an identification system that will enable a
`person to be identified universally without requiring the per-
`son to carry multiple forms of identification.
`Accordingly, this invention relates, in one embodiment, to
`an information system that may be used as a universal iden-
`tification system and/or used to selectively provide informa-
`tion about a person to authorized users. Transactions to and
`from a secure database may take place using a public key/
`private key security system to enable users of the system and
`the system itselfto encrypt transaction information during the
`transactions. Additionally, the private key/public key security
`system may be used to allow users to validate their identity.
`For example, in one embodiment, a smart card such as the
`Secure IDTM card from RSI Security, Inc. may be provided
`with the user’s private key and the USR system’s public key
`to enable the card to encrypt messages being sent to the USR
`system and to decrypt messages from the USR system 10.
`The system or database of the invention may be used to
`identify the person in many situations, and thus may take the
`place of multiple conventional forms of identification. Addi-
`tionally, the system may enable the user’s identity to be
`confirmed or verified without providing any identifying infor-
`mation about the person to the entity requiring identification.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`This can be advantageous where the person suspects that
`providing identifying information may subject the identify-
`ing information to usurpation.
`Access to the system may be by smart card, such as a
`Secure IDTM card, or any other secure access device. The
`technology enabling the user to present their identity infor-
`mation may be physically embodied as a separate identifica-
`tion device such as a smart ID card, or may be incorporated
`into another electronic device, such as a cell phone, pager,
`wrist watch, computer, personal digital assistant such as a
`Palm PilotTM, key fob, or other commonly available elec-
`tronic device. The identity of the user possessing the identi-
`fying device may be verified at the point of use via any
`combination of a memorized PIN number or code, biometric
`identification such as a fingerprint, voice print, signature, iris
`or facial scan, or DNA analysis, or any other method of
`identifying the person possessing the device. If desired, the
`identifying device may also be provided with a picture of the
`person authorized to us