US008001055B2
`
`US 8,001,055 B2
`(10) Patent No.:
`(121 United States Patent
`
` Weiss (45) Date of Patent: *Aug. 16, 2011
`
`
`(54) METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`
`(76)
`
`Inventor: Kenneth P. Weiss, Newton, MA (US)
`
`5,097,505 A
`,
`,
`giggg 2
`5,361,062 A
`5,367,572 A
`5,398,285 A
`
`3/1992 Weiss
`eiss
`1%;33% $9488
`11/1994 Weiss
`11/1994 Weiss
`3/1995 Borgelt et al,
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 596 days.
`
`EP
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`0986209
`3/2000
`
`This patent is subject to a terminal dis-
`claimer.
`
`(Continued)
`
`(21) Appl. No.: 11/677,490
`
`(22)
`
`Filed:
`
`Feb. 21, 2007
`
`OTHER PUBLICATIONS
`“FIPS PUB 46-3.” Oct. 25, 1999. National Institute of Science and
`Technology (NIST). All pages.*
`
`(65)
`
`Prior Publication Data
`
`(Continued)
`
`US 2007/0198436 A1
`
`A118 23, 2007
`
`Related US Application Data
`(60) Provisional application No. 60/775,046, filed on Feb.
`21, 2006, provisional application No. 60/812,279,
`filed on Jun. 9, 2006, provisional application No.
`60/859,235, filed on Nov. 15, 2006.
`
`(51)
`
`Int. Cl'
`(200601)
`G08Q 20/00
`(52) us Cl' """ 705/763 713/186; 1314/4804; 382/128;
`382/129; 382/187
`(58) Field of Classification Search ..................... 705/76
`See application file for complete search history.
`_
`References Clted
`
`(56)
`
`U‘S' PATENT DOCUMENTS
`jagggaggg :
`51;; 1333 we?”
`6155
`a
`a
`4,885,778 A
`12/1989 Weiss
`4,998,279 A
`3/1991 Weiss
`5,023,908 A
`6/1991 Weiss
`5,058,161 A
`10/1991 Weiss
`
`Primary Examiner 7 Andrew J. Fischer
`Assistant Examiner 7 Calvin K Cheung
`(74) Attorney, Agent, or Firm 7 Lando & Anastasi, LLP
`
`ABSTRACT
`(57)
`According to one aspect, the invention provides a system for
`validating an identity of a user to enable or prevent an occur-
`rence of an event. In one embodiment, the system includes a
`first device including a wireless transmitter which is config-
`ured to transmit validation information, a second device
`including a wireless receiver, where the second device is
`configured to receive the validation information and further
`transmit the validation information; and a secure system in
`communication with the second device. According to one
`embodiment, the secure system includes a database. In a
`further embodiment,
`the secure system is configured to
`receive the validation information transmitted from the sec-
`ond device, and to transmit additional information to the
`second device following a receipt of the validation informa-
`~
`~
`.
`.
`.
`.
`_
`tion to a551st the second dev1ce in either enabling or prevent
`mg the occurrence of the event.
`
`31 Claims, 28 Drawing Sheets
`
`2125
`
`,m
`
`
`
`Memory
`2140
`Power source
`2144
`2154
`\_ 77747-71
`fifiEu-ii Addititionai :‘
`L___x___41 vmiees T/R 1
`*-——————————4
`2112
`\
`
`0 :—----------------------------1|
`1
`1
`771
`Authenticate identity oi User #2
`:
`”5/———————————————7511'———————————
`{""WWWWW """""""]
`1
`Contact Secure Database
`1
`:
`tor Information
`:
`/1.____________________________u
`i
`Tukl Aparaeriat. Actian
`
`
`jEnd
`
`2”
`
`24
`
`
`
`
`
`
`C
`Inlljal: Vagd t
`|
`_,
`
`
`
`Responder
`challenger /2100
`j Yes
`
`“liéz‘i’i‘fiw‘fiisfii‘
`"fljflgfiéfi
`Z’Efizaisi
`
`
`
`__________
`
`1
`2130431;
`1
`1355539
`No
`1 Sansar
`|
`72175::
`{PEA
`
`,,,,,,,,,,,,,,
`,
`2126
`/
`"7}"1 r ”W
`L Display
`“I
`‘
`‘
`i
`2146
`1
`Authenticate Identity ei User #1
`
`Wireiess
`uPramsar
`—
`1
`____________________________
`ms
`
`
`Network
`1
`iv"
`L77777777J
`1
`
`Secure
`F
`i/R
`_i
`1
`Transmit Secana “fir-toss Signal '1/
` 2118
`212‘
`20
`11111111
`
`2,22
`
`
`"Pram”
`21
`1
`E Contalning Encrytped Authentication
`
`
`
`"WW"
`Memory
`
`2,35
`2145
`
`
`
`Power Source
`2142
`rx»»»»»»»»-1
`
`i Addititionai
`i
`1 Mrelese T/R |
`*-——————————4
`2110
`/
`
`
`
`218
`
`220
`
`213
`
`VISA - EXHIBIT 1204
`
`«—
`
`VISA - EXHIBIT 1204
`
`

`

`US 8,001,055 B2
`
`Page 2
`
`*
`
`................... 600/26
`
`US. PATENT DOCUMENTS
`A
`wee
`5,485,519 A
`“1996 W655
`5,657,388 A
`8/1997 W61“
`5,664,109 A
`9/1997 “111150“ etal
`5,813,006 A
`9/1998 Polnerow et a1.
`5 915 023 A
`6/1999 B
`t
`.
`,
`,
`ems em
`6,073,106 A
`”000 Roz?“ etal'
`6,130,621 A
`10/2000 Weiss
`.
`”001 Gllmour
`652535202 Bl
`6/2001 O’Flaherty et a1.
`6,253,203 B1
`7/2001 Schneck et a1.
`6,260,039 B1
`10/2001 ItabaShi et al
`6,308,203 Bl
`/2001 Blaze et a1.
`10
`.y
`6,309,342 Bl
`5/2002 Paglln
`6,393,421 B1
`5
`a
`2/2003 Gupta
`6516315 B1
`4/2003 Berkley et 31.
`6,546,005 B1
`6/2003 Barrett et a1.
`6,581,059 B1
`10/2003 Holden
`6,640,211 B1
`12/2003 Perell et a1.
`6,658,400 B2
`................... 340/552
`6,819,219 B1* 11/2004 Bolle et a1.
`6,845,448 B1
`1/2005 Chagantiet a1.
`6,941,271 B1
`9/2005 Soong
`7,237,117 B2
`6/2007 Weiss
`7,249,] 12 B2
`7/2007 Berardi et al.
`7,278,026 B2
`10/2007 McGowan
`7,489,781 B2
`2/2009 Klassen et 3L
`725025459 B1
`3/2009 Moseley
`.................. 709/227
`7,548,981 B1 *
`6/2009 Taylor et £11.
`7’571’139 B1
`8/2009 Giordano et al.
`7,657,639 B2
`2/2010 Hinton
`.
`4/2010 B1shop et a1.
`7,705,732 B2
`10/2001 Mahmud et a1.
`2001/0032100 A1
`“/2001 Uchida
`2001/0044900 A1
`4/2002 Wright et a1.
`2002/0046061 A1
`7/2002 Fujiwara et 31,
`2002/0090930 A1
`. 382/118
`.
`2002/0176610 A1* 11/2002 Okazakiet a1.
`2002/0178364 A1* 11/2002 Weiss ............................ 713/ 182
`2003/0115490 A1
`6/2003 Russo et al.
`2003/0123713 A1*
`7/2003 Geng ............................ 382/118
`2003/0129965 A1:
`7/2003 Slegel """""""""""""" 455/411
`2003/0163710 A1
`8/2003 Ortlz et a1. """""""""" 713/186
`2003/0226041 A1
`12/2003 Palmer et al.
`2004/0017934 A1
`1/2004 Kocher
`2004/0034771 A1
`2/2004 Edgett et a1.
`2004/0059923 A1 *
`3/2004 ShamRao ..................... 713/186
`2004/0111625 A1
`6/2004 Duffy etal.
`2004/0117215 A1
`6/2004 Marchosky
`2004/0117302 A1
`6/2004 Weichert et a1.
`2004/0133787 A1
`7/2004 Doughty
`2004/0151351 A1
`8/2004 Ito
`2004/0188519 A1 *
`9/2004 Cassone ........................ 235/382
`2004/0236699 A1
`11/2004 Beenau et 31'
`2005/0001711 A1
`“2005 Doughty et 31'
`2005/0039027 A1
`2/2005 Shaplro
`2005/0187843 A1
`8/2005 Lapsley et al.
`
`
`
`2005/0210270 A1*
`3882/3283: :1
`2006/0016884 A1
`2006/0104486 A1
`2006/0122939 A1*
`
`................ 713/186
`
`9/2005 Rohatgi et a1.
`7
`.
`18/5882
`1/2006 Block et a1.
`5/2006 Le Saint et a1.
`6/2006 Cohen et a1.
`.................... 705/59
`
`7/2006 Dua
`2006/0165060 A1
`11/2006 Brainard et a1.
`2006/0256961 A1
`2/2007 Kozlay .......................... 235/380
`2007/0040017 A1 *
`-
`-
`4/2007 Vishlk et al.
`2007/0079136 A1
`5/2007 Bedingfield
`2007/0124597 A1
`-
`8/2007 Bailey et al.
`2007/0186105 A1
`1/2008 Hinton
`2008/0021997 A1
`9/2008 D0 1e
`2008/0212848 A1 *
`382/115
`“
`.y.
`""""""""""""""
`2008/0275819 A1* 11/2008 Rifai
`. 705/44
`
`*
`7
`
`>x<
`7
`2009/0144814 A1
`6/2009 Sacco
`726,6
`2009/0175507 A1
`7/2009 Schaffner ...................... 382/117
`FOREIGN PATENT DOCUMENTS
`*
`
`EP
`GB
`W0
`WO
`W0
`
`1081632 A1
`2 382 006
`1992007436
`1996036934
`2002014985
`
`7/2001
`50003
`4/1992
`11/1996
`20002
`
`OTHER PUBLICATIONS
`“PGP: An Introduction to Cryptography.” 2000. All pages.*
`International Search Report
`from corresponding PCT/US2007/
`070701 mailed Mar. 11, 2008.
`International Search Report from co-pending PCT Application No.
`.
`PCT/US2007/004646 mailed Nov. 27, 2007.
`K 1 G “AnO
`.
`fC
`h ”22A 22 2002 A11
`e33 er,
`'_
`_Vemew° WPFOng 3"
`ug'
`,
`~
`pages. Retrlved ylaWayback Machlne on Jan. 19, 2010. http://WWW.
`garykesslerneflllbrary/crypto.html~
`Pabrai, U. “Biometrics for PC-User Authentication: A Primer” Feb.
`1, 2001. Access Controls & Security Systems. All pages. <http://
`www.securitysolutions.com/mag/securityibiometricsipcuseriau-
`thentication/index.html>.
`“Information Security: Challenges in Using Biometrics” Sep. 9,
`2003. All pages. <http://Www.gao.gov/new.items/d031137t.pdf>.
`Huntington, G. “101 Things to Know About Single Sign On.” 2006.
`.
`.
`.
`.
`.
`Authenticatlon World. All pages. <http.//Www.authent1cat10nworld.
`m/
`.
`1
`.
`th
`.
`.
`/
`00
`SW3 e'SIgn'On'Au émlcatlfm
`_
`_
`10}Things?)KHOWAbOUtSmgleSIgHOH~Pdf>~
`“Slngle Slgn on Authentlcatlon” Mar. 13, 2007. Authentlcatlon
`World. All pages. Retrieved Jul. 9, 2010 Via Wayback Machine.
`<http://Web.archive.org/W%/20070313200434/http://WWW.
`authenticationworld.com/Single-Sign-On-Authentication/>.
`International Search Report from PCT/US2009/035282 mailed Jul.
`10, 2009.
`Treasury Board of Canada Secretariat, PKI for Beginners Glossary,
`http://www.tbs-sct.gc.ca/pki-icp/beginners/glossary-eng.asp.
`
`* cited by examiner
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 1 of 28
`
`US 8,001,055 B2
`
`12
`
`22
`
`18
`
`USR
`Software
`
`U ser
`Interface
`
`/70
`
`Wide
`Area
`Network
`
`.
`
`Universal Secure
`
`Registry
`
`—.
`
`—.
`
`Person No. n
`
`FIG.
`
`1
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 2 of 28
`
`US 8,001,055 B2
`
`10
`
`Computer Computer Computer
`Module
`
`USR System
`
`Computer Computer Computer
`
`Module
`27
`
`27
`
`Interface
`Center
`
`Interface '
`Center
`
`27
`
`Wide Area Network
`
`Interface
`Center
`
`Interface
`Center
`
`Interface
`Center
`
`|nterface
`Center
`
`27
`
`27
`
`27
`
`FIG. 2
`
`

`

`US. Patent
`
`uA
`
`mM3
`
`US 8,001,055 B2
`
`0m.
`
`$0.63.o_no__o>< 1comgoaN839585cozoELot:M,
`
`
`
`g323?.
`
`mmooo<
`
`530.585
`
`828:";
`
`8305.85
`
`musVV
`
`NV
`
`m.GE
`
`“my5:53233
`
`w8305.85cofioELoyE
`0V 5:05.85
`.no:
`
`P02
`
`6282
`
`cofioctovFE
`
`28:86
`
`35o26
`
`_o_ococ_.._
`
`
`
`
`
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 4 0f 28
`
`US 8,001,055 B2
`
`Medical
`Public
`Information Information
`
`Financial
`Information
`
`Computer Computer
`Module
`Module
`
`Computer
`Module
`
`USR System
`
`Job
`Address
`Information Application
`Computer
`Computer
`Module
`Module
`
`Tax
`Information
`
`Computer
`Module
`
`Wide Area Network
`
`Tax .
`Information
`lnterfa ce
`Centers
`
`Job Application
`Information
`Interface
`Centers
`
`Public
`Information
`Interface
`Centers
`
`Medical
`Information
`Interface
`Centers
`
`
`
`Financial
`Information
`Interface
`Centers
`
`Address
`Information
`Interface
`Centers
`
`FIG. 4
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 5 of 28
`
`US 8,001,055 B2
`
`Train the Database
`
`Validate Person's
`Identification
`
`
`
`500
`
`
`
`
` No
`
`502
`
`
`Does
`Person Have Rights to
`
`Enter Data
`?
`
`
`
`
`
`Enable Person to Enter
`Basic Personal Data
`
`
`
`
`
`Person Have Right to
`Enter Additional Data
`9
`
`Yes
`
`508
`
`Enable Person to Enter
`Advanced Personal Data
`
`5
`
`10
`
`Enable Person to Specify Access
`to Advanced Personal Data
`
`Return
`
`512
`
`FIG. 5
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 6 of 28
`
`US 8,001,055 B2
`
`600
`
`Enable Access to
`
`Basic Personal Data
`
` ls
`No
`Additional Information
`
`Requested
`
`9
`
`
`
`
`ls Person
`
`Does Requestor
`
`Participating in
`Have Rights to Access
`
`
`Transaction
`Type of Requested
`
`
`
`Data ?
`
`
`
`
`Validate Person's
`Identity
`
`Enable Person to
`
`Change Access
`Rights to Data
`
` Does Requestor
`
`Have Rights to Access
`Type of Requested
`Data ?
`
`
`
`
`
`505
`
`610
`
`Cause USR to Enable
`Access to Type of
`Requested Data
`
`Return
`
`
`FIG. 6
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 7 of 28
`
`US 8,001,055 B2
`
`700
`
`702
`
`704
`
`706
`
`708
`
`710
`
`712
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to Credit
`
`Card Company
`
`(3) Amount of Purchase
`
`(1) Code from Secure ID
`(2) Store Number
`
`Credit Card Company
`Sends Code to USR
`
`USR Determines if Code is Valid, and if
`Valid Accesses User’s Credit Card
`Information and Transmits Credit Card
`
`Number to Credit Card Company
`
`Credit Card Company Checks
`Credit Worthiness and Declines
`
`Transfers $ to Merchant’s Account
`
`Card or Debits User's Account and
`
`000 Notifies Merchant of
`Result of Transaction
`
`FIG. 7
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 8 of 28
`
`US 8,001,055 B2
`
`800
`
`802
`
`804
`
`806
`
`808
`
`810
`
`812
`
`814
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Credit Card
`
`Information and Transmits to CCC
`
`(1) Credit Card Number
`(2) Store Number
`(3) Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User’s Account
`
`CCC Notifies USR of
`Result of Transaction
`
`USR Notifies Merchant of
`Result of Transaction
`
`FIG. 8
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 9 of 28
`
`US 8,001,055 B2
`
`900
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`User Initiates Purchase and
`Writes Check to Merchant
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Bank
`Information and Transmits to Bank
`
`(1) Bank Account Number
`(2) Store Number
`(3) Amount of Purchase
`
`
`
`Bank Checks Account Balance
`
`to Verify Availability of Funds
`
`Bank Notifies USR of
`Result of Verification
`
`USR Notifies Merchant of
`Result of Verification
`
`FIG. 9
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 10 0f 28
`
`US 8,001,055 B2
`
`User Initiates Anonymous Purchase
`by Entering Secret Code in Secure
`ID and Transmitting Result to
`On—Line Merchant
`
`3 Amount of Purchase
`
`Merchant Transmits to USR
`
`(1) Code from Secure ID
`2 Store Number
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to C00:
`
`(1) Credit Card Number
`2 Store Number
`3 Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User’s Account
`
`CCC Notifies USR
`of Result of Transaction
`
`1000
`
`1002
`
`1004
`
`1006
`
`1008
`
`1010
`
`1014
`
`If Credit Declined,
`USR Notifies Merchant
`
`1012
`
`1016
`
`If Credit Accepted, USR
`Accesses Address Code
`and Provides Merchant
`
`with Address Code
`
`Merchant Labels Package
`with Address Code and Ships
`
`FIG. 10
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 11 of 28
`
`US 8,001,055 B2
`
`1100
`
`User Provides Address
`Code on Public Area
`
`1102
`
`User Provides Address Information
`in Address Area of USR
`
`
`
`Person Places Public Code
`on Parcel
`to be Mailed
`
`Post Office Accesses USR
`to Retrieve Address Information
`
`1108
`
`1110
`
`to
`Post Office Delivers Parcel
`Address in Address Area of USR
`
`Post Office Prints Bar Code
`on Parcel
`to Automate
`Delivery of Parcel
`to Address
`in Address Area of USR
`
`1104
`
`
`
`FIG.
`
`11
`
`User Provides Telephone
`Code on Public Area
`
`User Provides Telephone Information
`in Telephone Area of USR
`
`Person Dials USR Phone Number and
`
`Enters Telephone Code for User
`
`USR Connects Person to Telephone
`Number Without Providing User
`Person with Telephone Number
`
`FIG. 12
`
`1200
`
`1202
`
`1204
`
`1206
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 12 0f 28
`
`US 8,001,055 B2
`
`Do:
`
`No:
`
`V03
`
`no:
`
`no:
`
`
`
`
`
`
`
`53$:BEEtovco“mot/w..6»,3:253
`
`3GE
`
`Low: m,“GE
`
`
`
`
`
`:aoLmBocm98m:mmmmmoo<mm:
`
`m>o._n_3waEmfiE
`
`5:50:0138308552
`
`
`
`o>o._n_33an3<Low:
`
`Logovzo>355005203
`
`9830mmE300“Scum93cm5w:
`
`n:oSoomE250yobow23cmLow:
`
`
`
`mm:3mtEmcE...coEoo__0n_
`
`9EsoomEototoo
`
`
`
`mm:8£58:382:;
`
`n__332%Eot250
`
`26>288x85,538mm:
`
`26>m_ovoot3585memm:
`
`/ND2
`
`Ooh.“
`
`‘92
`
`mom.“
`
`men.“
`
`
`
`
`
`cofioELouFEEooomco__0n_ucocozoELQE
`
`
`
`mEucEmaaomoLoam.mEooom0261A3
`
`3:52B858%;3coEco__on_3mtEwcPc.uco
`
`.620:9230mmD89321ANV
`
`
`
`
`
`EEGBOFEflow:mommmoo<mm:
`
`3:52Bcoaooczo>3Logouzo>3mtEmcE...vcocozoEgou—c.
`
`.5201n:Enoomyo832aANV
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 13 of 28
`
`US 8,001,055 B2
`
`00.3
`
`No.3
`
`+93
`
`.093
`
`man.
`
`.5:35do“,0L33%?38:30Low: .0N.QE
`
`E9:230mm:3mtEmcE...8m:
`
`
`
`
`
`0.30coroozaa<.259830mm
`
`wuoomm:3mtEchF3.61
`
`300Atom9.0QBaoowEot
`
`26>m_38Lam::35553mm:
`
`26>238a3555memm:
`
`
`
`
`
`cozuozaa<wmomammmmooo<mm:
`
`
`
`m_no__o><mtEmcoc.vcoco_3oE._£c_
`
`
`
`m30_ano.6Sn:3cozuctovpg
`
`Low:05.5tozmmcocofioozaad‘co
`
`ESE
`
`
`
`
`
`cozoELOVFEmmwm:mwwmooo<mm:
`
`
`
`thmcE...vcomvooEton.3mEEooo<3.613m_no__o><
`
`
`
`xtom3cozoELSEm_no__o><
`
`3cmEtoa<
`
`2938;33.:onLow:
`
`ban.3838552
`
`
`
`
`
`0.anomc_ovoo301.com93cmLow:
`
`
`
`
`
`
`
`99300Mc_onoo“Boom9.32m.Low:
`
`/News
`
`00.2
`
`Vans
`
`won.
`
`mom.N
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 14 of 28
`
`US 8,001,055 B2
`
`10
`
`
`
`USR System
`
`Lop Top
`Computer
`
`Electronic
`
`Device
`
`
`
`Automobile
`
`FIG. 17
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 15 0f 28
`
`US 8,001,055 B2
`
`1802
`
`1802
`
`1802
`
`r4 r4
`
`
`
`| Access |
`| Access |
`I
`.
`I
`|
`.
`|
`I DeVIce I
`I DeVIce I
`I
`I
`I
`I
`
`1801
`L__$__J
`L——A——J
`
`L __________ ¢ __________
`
`
`1800
`
`/
`
`10
`
`USR System
`
`
`
`
`
`1804
`
`1804
`
`1 04
`
`1804
`
`Fl
`
`. 18A
`
`1804
`
`[1802
`
`1802
`
` L______J
`
`USR System
`
`FIG. 183
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 16 of 28
`
`US 8,001,055 B2
`
`1900\ 1902
`
`Entity Initiates Access Request
`
`
`
`7974
`
`Provide Indication that
`
`Entity is Denied Access
`
` USR Receives Access
`
`Entity Supplies
`1) Authentication Info
`2) Computer Network ID
`
`Request Including
`
`1) Authentication Info
`2) Computer Network ID
`
`Is
`Info Valid
`Auth.
`for a User
`9
`
`
`
`
`
`
`
`
`ls Entity Authorized
`
`
`to Access the Computer Network
`
`Identified by the ID
`
`
`1912
`
`
`
`
`Allow Communications Between
`
`the Entity and Secure System
`
`FIG. 79
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 17 of 28
`
`US 8,001,055 B2
`
`2002
`
`2004
`
`2006
`
`2008
`
`2010
`
`2014
`
`2016
`
`2000 \
`
`Entity Initiates Access Request
`
`Entity Supplies
`Authentication Information
`
`Secure System Receives
`Authentication Information
`
`Secure System Communicates
`Authentication Information to USR
`
`USR Validates
`Authentication Information
`
`Secure System Receives
`Indication from USR
`
`Secure System Grants or
`Denies Access Based
`
`on the Indication
`
`FIG. 20
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 18 of 28
`
`US 8,001,055 B2
`
`Responder
`
`2’52‘rTn—tEFfEEEW
`
`Challenger /
`
`2100
`
`I_ __________ _l
`
`Wireless
`
`T/R
`
`2118
`
`memory
`2138—
`2742\—________
`_|
`I
`| Addititional
`i Wireless T/R :
`
`I_ __________ _l
`
`Secure
`Database
`
`2140
`A?!“
`\‘II Addititional
`Llrltfrfffgji Wireless T/R i
`
`|____
`
`FIG. 27
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 19 of 28
`
`US 8,001,055 B2
`
`
`
`Authenticate
`
`User #1
`
`Yes
`
`
`
`
`
`202
`
`208
`
`J//”
`i___P_e?E,EE:Efiy"i No.r
`'Communicate withi—i
`L§§EEL9_99’£‘1bE§EJ
`
`206'
`__,::::__
`
`7
`
`Data
`
`L _________ J
`
`204
`
`Shutdown
`
`Device #1
`
`
`
`210
`
`216
`
`214
`
`
`No r——;;—:3:—fi—4f:’,or——z<:::——w
`
`:
`Delete
`I
`i
`er|o_ 'Cc' y ,
`I
`{Communicate With:—:
`Data
`:
`L§§EEC9__DEE‘le_SEJ
`I_ _________ J
`
`212
`
`Shutdown
`Device #2
`
`
`
`
`
`Authenticate
`User #2
`
`Yes
`
`
`
`/:7<SL ,2222/4
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 20 of 28
`
`US 8,001,055 B2
`
`218
`
`Initiate Valid
`Communication Protocol
`
`Yes
`
`220
`
`
`Transmit First Wireless Signal
`Containing Encrytped Authentication
`Information to Device ,2
`
`Authenticate Identity of User #1
`
`
`
`
` 222
`
`
`
`/226
`
`I
`Transmit Second Wireless Signal
`:—
`I Containing Encrytped Authentication I
`L
`Information to Device #1
`I
`
`Contact Secure Database
`for Information
`
`Take Appropriate Action
`
`230/
`
`224
`
`FIG. 223
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 21 0f 28
`
`US 8,001,055 132
`
`ABown:.650V
`
`SonoEoEoE33305Auxmmo
`
`\in.
`
`\NR.
`
`MNGE
`
`
`
`
`
`
`
`onxmmooEzloconmyaboco21.230oEzlocov932mm_3_m_n_vQBflEV//0R.
`
`//mon/8n
`
`
`
`
`
`
`
`
`
`VON
`
`LovooIv
`
`//N9m.
`
`/8n
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 22 of 28
`
`US 8,001,055 B2
`
`400
`
`\
`
`Sense Header #1
`
`Verify Protocol
`
`: Verify/Decrypt Respondent #1
`:
`Digital Signature
`
`i
`:
`
`Yes
`
`|
`|Verify/Decrypt One—time Code
`|_ ________________________ _l
`
`/ 404
`
`|
`
`:|
`
`
`
`Authenticate User #1
`
`406
`
`FIG. 24
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 23 of 28
`
`US 8,001,055 B2
`
`520\
`
`522
`
`Receive Public ID #1 PKI Encrypted DES
`Key, Encrypted Portion of Biodata
`
`Look Up from ID #1, Public Key #1
`
`524
`
`526'
`
`528
`
`Look Up Remainder of
`Biodata Information #1
`
`
`
`Combine Biodata Information to
`Recreate Biodata Information
`
`
`
`536
`
` Process Biodata information
`
`FIG. 25
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 24 of 28
`
`US 8,001,055 B2
`
`620
`
`\ Receive Public Key ID #1, PKI
`Encrypted DES Key (Optional)
`
`Look Up Public Key #1
`
`622
`
`624
`
`626
`
`628 Determine Whether ID #2 Has Right
`
`Transmit Public ID #2 Information
`to Secure Database
`
`to Access Secure Database
`
`I___ELEEFOIE_|GSH—_pr23i_cl<§t§;_65d_e_"—1
`From ID1
`Information (Time—varying)
`:
`L ______________________________ J
`
`
`
`
`
`
`
`
`
`Transmit Public ID #1 from Device #2
`to Secure Database
`
`
`
`Access with Secure Database at Least
`
`Portion of Bio Information of Entity #1
`
`Transmit Bio Information of
`
`Entity #1 to Device #2
`
`Display Bio Information
`
`Process Biodata Information
`
`FIG. 26
`
`630
`
` 632
` 634
` 6.36
` 6.38
`
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 25 of 28
`
`US 8,001,055 B2
`
`720
`
`\
`
`722
`
`724
`
`726
`
`728
`
`Private Key of #2
`
`Public Keys of
`Plural 1st Entities
`
`Biodota of #2
`
`Portion of Biodota
`Files of Other Users
`
`FIG. 27
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 26 of 28
`
`US 8,001,055 B2
`
`Qua
`
`
`
`wEflmxm.650
`
`m:
`
`fl|||||||||._ito;38LJ
`
`m:
`
`mN6E
`
`Ns
`u
`
`V
`h
`N
`
`003
`
`a$3300
`
`VON“
`
`o:
`
`MONK
`
`Eon—9m
`
`Lowmoooi
`
`.6
`
`16:95:00
`
`__
`
`_I
`
`n111111ngl92__1528201;..u.153550
`
`1.1-.mmwéin2”:EE:/3.:
`
`$021.92:mm.“
`
`300329:3"ozocmoza:
`quomm8200mmN:
`
`be
`
`Ewymxw
`
`Low:8
`
`o_.;oEo_m_Ha.
`
`02\
`
`*3
`
`
`
`03Lommoooi329:3
`
`
`
`1.3:Emcofi.AN“
`
`NSmeV9833Low:
`
`
`
`
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 27 of 28
`
`US 8,001,055 B2
`
`262
`
`260\
`
`
`
`
`
`
`
`
`
`
`264
`
`266
`
`268
`
`
`
`Simulate Data
`
`Authenticate User
`
`
`
`:
`Receive User
`:
`I
`Information
`I
`|_ __________________ _l
`
`270
`
`

`

`US. Patent
`
`Aug. 16, 2011
`
`Sheet 28 of 28
`
`US 8,001,055 B2
`
`*hn.
`
`Gem,GE mom,GE
`
`‘t‘fi:-:--~
`
`
`
`«Gm,.91...
`
`NMH.
`
`Run.
`
`0mm.
`
`4/won
`
`can.fit
`
`1
`
`_\_'““““““"4\‘
`
`NR.
`
`NV»./NR.
`
`/won
`
`
`
`
`
`

`

`US 8,001,055 B2
`
`1
`METHOD, SYSTEM AND APPARATUS FOR
`SECURE ACCESS, PAYMENT AND
`IDENTIFICATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority under 35 U.S.C. §1 19(e) to
`each of the following co-pending US. provisional patent
`applications: Ser. No. 60/775,046 entitled “METHOD AND
`APPARATUS FOR EMULATING A MAGNETIC STRIPE
`READABLE CARD,” filed Feb. 21, 2006; Ser. No. 60/812,
`279 entitled “UNIVERSAL SECURE REGISTR ,” filed
`Jun. 9, 2006; and Ser. No. 60/859,235 entitled “UNIVERSAL
`SECURE REGISTR ,” filed Nov. 15, 2006 each of which is
`hereby incorporated herein by reference in its entirety.
`
`BACKGROUND OF INVENTION
`
`1. Field of Invention
`
`Embodiments of the invention generally relate to systems,
`methods, and apparatus for authenticating identity or verify-
`ing the identity of individuals and other entities seeking
`access to certain privileges and for selectively granting privi-
`leges and providing other services in response to such iden-
`tifications/verifications.
`In addition, embodiments of the
`invention relate generally to systems and methods for obtain-
`ing information from and/or transmitting information to a
`user device and, in particular, to systems, methods, and appa-
`ratus that provide for contactless information transmission.
`2. Discussion of RelatedArt
`
`Control of access to secure systems presents a problem
`related to the identification of a person. An individual may be
`provided access to the secure system after their identity is
`authorized. Generally, access control to secure computer net-
`works is presently provided by an authentication scheme
`implemented, at least partly, in software located on a device
`being employed to access the secure computer network and
`on a server within the secure computer network. For example,
`if a corporation chooses to provide access control for their
`computer network, they may purchase authentication soft-
`ware that includes server-side software installed on a server in
`
`their computer system and corresponding client-side soft-
`ware that is installed on the devices that are used by employ-
`ees to access the system. The devices may include desktop
`computers, laptop computers, and handheld computers (e.g.,
`PDAs and the like).
`In practice, the preceding approach has a number of disad-
`vantages including both the difficulty and cost of maintaining
`the authentication system and the difficulty and cost of main-
`taining the security of the authentication system. More spe-
`cifically, the software resides in the corporation’s computers
`where it may be subject to tampering/unauthorized use by
`company employees. That is, the information technology
`team that manages the authentication system has access to the
`private keys associated with each of the authorized users. As
`a result, these individuals have an opportunity to compromise
`the security of the system. Further, any modification and/or
`upgrade to the authentication system software is likely to
`require an update to at least the server-side software and may
`also require an update of the software located on each user/
`client device. In addition, where the company’s computer
`systems are geographically distributed, software upgrades/
`updates may be required on a plurality of geographically
`distributed servers.
`There is also a need, especially in this post September 11
`environment, for secure and valid identification of an indi-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`vidual before allowing the individual access to highly secure
`areas. For example, an FBI agent or an air marshal may need
`to identify themselves to airport security or a gate agent,
`without compromising security. Typically such identification
`may comprise the air marshal or FBI agent showing identifi-
`cation indicia to appropriate personnel. However, there are
`inherent flaws in this process that allow for security to be
`compromised, including falsification of identification infor-
`mation and failure ofthe airport security or other personnel to
`not recognize the situation. Of course this process could be
`automated, for example, by equipping airport personnel or
`security with access to a database and requiring the FBI agent
`or air marshal to appropriately identify themselves to the
`database, for example, by again providing identification
`which airport personnel can then enter into the database to
`verify the identity of the person seeking access to a secure
`area. However, this process also has the inherent flaws in it as
`described above. In addition, there may be times when airport
`security or personnel may not be able to communicate with
`the database to check the identity of the person seeking
`access, for example, when they are not near a computer ter-
`minal with access to a database or are carrying a hand-held
`device that does not have an appropriate wireless signal to
`access the database. In addition, there is a need to ensure that
`if such a hand-held device ends up the wrong hands, that
`security is not compromised.
`Systems capable of effectively performing all or some of
`these functions do not currently exist.
`Further, both commercial (e.g., banking networks) and
`non-commercial (e.g., security systems) information systems
`often rely on magnetic card readers to collect information
`specific to a user (e. g., a security code, a credit card number,
`etc.) from a user device (e.g., a transaction card). Credit card
`purchases made in person provide an example of the most
`common transaction-type that relies on a user device, the
`credit or debit card, which is read by a magnetic card reader.
`User devices that rely on magnetic-stripe based technology
`magnetically store information (e.g., binary information) in
`the magnetic stripe. The magnetic stripe reader provides an
`interface to a larger computerized network that receives the
`user’s information to determine, for example, whether to
`authorize a transaction, to allow the user access to a secure
`area, etc.
`Recently, such devices have seen technological advances
`that increase their capabilities and improve their security. For
`example, such devices may now include embedded proces-
`sors, integral biometric sensors that sense one or more bio-
`metric feature (e. g., a fingerprint) of the user, and magnetic
`stripe emulators. As one result, today’s user devices may
`provide greater security by dynamically generating the nec-
`essary information, for example, generating the credit card
`number at the time of a transaction. Improved security can
`also be provided by such devices because more sophisticated
`authentication schemes can be implemented with the devices.
`In addition, user devices such as transaction cards may now
`also provide for one or more modes of information transmis-
`sion other than transmission via a magnetic stripe/card reader
`combination. For example, user devices that may transmit
`information optically or via radio frequency (“RF”) signal
`transmission to a compatible system interface are now avail-
`able. Further, the architecture of a user device that includes a
`processor is generally compatible with both the improved
`security features described above and the contactless trans-
`mission modes such as optical and RF signal transmission. As
`a result of the improved security and greater functionality of
`some current user devices, there is a desire to replace mag-
`
`

`

`US 8,001,055 B2
`
`3
`netic-stripe based user devices with devices that include
`forms ofinforrnation transmission other than the reading of a
`magnetic-stripe.
`There is, however, a substantial installed base of interfaces
`(for example, at points of sale, at automatic teller machines
`(“ATM”), and the like) that include magnetic card readers
`which are not equipped to receive information from a user
`device in any other format other than from a magnetic stripe.
`As a result of the cost to replace or retrofit the installed base,
`efforts to more-widely introduce user devices that do not
`employ magnetic stripe devices have not been developed.
`Because of the potential to substantially reduce fraud, how-
`ever, the further implementation of such devices is of great
`interest to financial institutions among others. RF devices that
`transmit information wirelessly are expected to become much
`more prevalent and at some point, the predominant form of
`information transmission for user authentication based on a
`
`hand-held device, for example, credit card, debit card, drivers
`license, passport, social security card, personal identification,
`etc. Thus, new and improved methods for transitioning from
`a purely magnetic based form of communication to a wireless
`form of communication are desired.
`
`One current approach that is intended to “transform” a
`smart card for use with a magnetic stripe card reader employs
`a “bridge” device. The bridge device requires that the smart
`cardbe inserted within it. The bridge device includes a slot for
`receiving the smart card, a key pad whereby the user may
`enter information (e.g., a PIN number), and a credit card sized
`extension member. Operation of the bridge device requires
`that the smart card be inserted within it and that an electrical
`
`contact surface of the smart card engage a similar surface
`within the bridge device before the bridge device (i.e., the
`extension member) can be used with a magnetic card reader.
`Thus, the contactless nature of more advanced information
`transmission systems is lost with the bridge device because it
`does not support wireless signal transmission.
`
`SUMMARY OF INVENTION
`
`There is thus a need for an identification system that will
`enable a person to be accurately identified (“identification”
`sometimes being used hereinafter to mean either identified or
`verified) and/or authenticated without compromising secu-
`rity, to gain access to secure systems and/or areas. Likewise,
`there is a need for an identification system that will enable a
`person to be identified universally without requiring the per-
`son to carry multiple forms of identification.
`Accordingly, this invention relates, in one embodiment, to
`an information system that may be used as a universal iden-
`tification system and/or used to selectively provide informa-
`tion about a person to authorized users. Transactions to and
`from a secure database may take place using a public key/
`private key security system to enable users of the system and
`the system itselfto encrypt transaction information during the
`transactions. Additionally, the private key/public key security
`system may be used to allow users to validate their identity.
`For example, in one embodiment, a smart card such as the
`Secure IDTM card from RSI Security, Inc. may be provided
`with the user’s private key and the USR system’s public key
`to enable the card to encrypt messages being sent to the USR
`system and to decrypt messages from the USR system 10.
`The system or database of the invention may be used to
`identify the person in many situations, and thus may take the
`place of multiple conventional forms of identification. Addi-
`tionally, the system may enable the user’s identity to be
`confirmed or verified without providing any identifying infor-
`mation about the person to the entity requiring identification.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`This can be advantageous where the person suspects that
`providing identifying information may subject the identify-
`ing information to usurpation.
`Access to the system may be by smart card, such as a
`Secure IDTM card, or any other secure access device. The
`technology enabling the user to present their identity infor-
`mation may be physically embodied as a separate identifica-
`tion device such as a smart ID card, or may be incorporated
`into another electronic device, such as a cell phone, pager,
`wrist watch, computer, personal digital assistant such as a
`Palm PilotTM, key fob, or other commonly available elec-
`tronic device. The identity of the user possessing the identi-
`fying device may be verified at the point of use via any
`combination of a memorized PIN number or code, biometric
`identification such as a fingerprint, voice print, signature, iris
`or facia