`Date of Deposit: June 9, 2006
`
`UNIVERSAL SECURE REGISTRY
`
`BACKGROUND OF INVENTION
`Field of Invention
`
`1.
`
`This invention generally relates to a method and apparatus for securely storing
`and disseminating information regarding individuals and, more particularly, to a
`computer system for authenticating identity or verifying the identity of individuals
`and other entities seeking access to certain privileges and for selectively granting
`privileges and providing other services in response to such
`
`identifications/verifications.
`
`2.
`
`Discussion of Related Art
`
`Control of access to secure systems presents a problem related to the
`identification of a person. An individual may be provided access to the secure system
`after their identity is authorized. Generally, access control to secure computer
`networks is presently provided by an authentication scheme implemented, at least
`partly, in software located on a device being employed to access the secure computer
`network and on a server within the secure computer network. For example, if a
`corporation chooses to provide access control for their computer network, they may
`purchase authentication software that includes server-side software installed on a
`server in their computer system and corresponding client-side software that is
`installed on the devices that are used by employees to access the system. The devices
`may include desktop computers, laptop computers, and handheld computers (e.g.,
`PDAs and the like).
`In practice, the preceding approach has a number of disadvantages including
`both the difficulty and cost of maintaining the authentication system and the difficulty
`and cost of maintaining the security of the authentication system. More specifically,
`the software resides in the corporation's computers where it may be subject to
`tampering/unauthorized use by company employees. That is, the information
`technology team that manages the authentication system has access to the private keys
`
`787047.1
`
`USR Exhibit 2009, Page 1
`
`
`
`-2
`
`associated with each of the authorized users. As a result, these individuals have an
`opportunity to compromise the security of the system. Further, any modification
`
`and/or upgrade to the authentication system software is likely to require an update to
`at least the server-side software and may also require an update of the software
`located on each user/client device. In addition, where the company's computer
`
`systems are geographically distributed, software upgrades/updates may be required on
`
`a plurality of geographically distributed servers.
`
`There is also a need, especially in this post September 11 environment, for
`
`secure and valid identification of an individual before allowing the individual access
`
`to highly secure areas. For example, an FBI agent or an air marshal may need to
`
`identify themselves to airport security or a gate agent, without compromising security.
`
`Typically such identification may comprise the air marshal or FBI agent showing
`
`identification indicia to appropriate personnel. However, there are inherent flaws in
`
`this process that allow for security to be compromised, including falsification of
`identification information or the airport security or personnel not recognizing the
`situation. Of course this process could be automated, for example, by equipping
`
`airport personnel or security with access to a database and requiring the FBI agent or
`air marshal to appropriately identify themselves to the database, for example, by again
`providing identification which airport personnel can then enter into the database to
`
`verify the identity of the person seeking access to a secure area. However, this
`process also has the inherent flaws in it as described above. In addition, there may be
`times when airport security or personnel may not be able to communication with the
`database to check the identity of the person seeking access, for example, when they
`are not near a computer terminal with access to a database or are carrying a hand-held
`
`device that does not have an appropriate wireless signal to access the database. In
`
`addition, there is a need to ensure that if such a hand-held device ends up the wrong
`
`hands, that security is not compromised.
`Systems capable of effectively performing all or some of these functions do
`not currently exist.
`
`787047.1
`
`USR Exhibit 2009, Page 2
`
`
`
`- 3 -
`
`SUMMARY OF INVENTION
`There is thus a need for an identification system that will enable a person to be
`accurately identified ("identification" sometimes being used hereinafter to mean either
`identified or verified) and/or authenticated without compromising security, to gain
`access to secure systems and/or areas. Likewise, there is a need for an identification
`system that will enable a person to be identified universally without requiring the
`person to carry multiple forms of identification.
`
`Accordingly, this invention relates, in one embodiment, to an information
`system that may be used as a universal identification system and/or used to selectively
`provide information about a person to authorized users. Transactions to and from a
`secure database may take place using a public key/private key security system to
`enable users of the system and the system itself to encrypt transaction information
`during the transactions. Additionally, the private key/public key security system may
`be used to allow users to validate their identity. For example, in one embodiment, a
`smart card such as the Secure IDTM card from RSI Security, Inc. may be provided
`with the user's private key and the USR system's public key to enable the card to
`encrypt messages being sent to the USR system and to decrypt messages from the
`USR system 10.
`The system or database of the invention may be used to identify the person in
`many situations, and thus may take the place of multiple conventional forms of
`identification. Additionally, the system may enable the user's identity to be
`confirmed or verified without providing any identifying information about the person
`to the entity requiring identification. This can be advantageous where the person
`suspects that providing identifying information may subject the identifying
`information to usurpation.
`Access to the system may be by smart card, such as a Secure IDTM card, or any
`other secure access device. The technology enabling the user to present their identity
`information may be physically embodied as a separate identification device such as a
`smart ID card, or may be incorporated into another electronic device, such as a cell
`phone, pager, wrist watch, computer, personal digital assistant such as a Palm PilotTM,
`key fob, or other commonly available electronic device. The identity of the user
`
`787047.1
`
`USR Exhibit 2009, Page 3
`
`
`
`4
`
`possessing the identifying device may be verified at the point of use via any
`combination of a memorized PIN number or code, biometric identification such as a
`fingerprint, voice print, signature, iris or facial scan, or DNA analysis, or any other
`method of identifying the person possessing the device. If desired, the identifying
`device may also be provided with a picture of the person authorized to use the device
`to enhance security.
`
`According to one embodiment of the invention, a method of controlling access
`to a plurality of secure computer networks using a secure registry system located
`remotely from the secure computer networks is disclosed. The secure registry system
`includes a database containing selected data of a plurality of users each authorized to
`access at least one of the plurality of secure computer networks. The method
`comprises acts of receiving authentication information from an entity at a secure
`computer network, communicating the authentication information to the secure
`registry system, and validating the authentication information at the secure registry
`system. The method also includes receiving from the secure registry system an
`indication of whether the entity is authorized to access the secure computer network,
`granting the entity access to the secure computer network when the authentication
`information of the entity corresponds to one of the plurality of users, and denying the
`entity access to the secure computer network when the authentication information of
`the user does not correspond to one of the plurality of users.
`Another embodiment of the invention comprises a method of controlling
`access to a secure computer network using a secure registry system. The secure
`registry system includes a database containing selected data of a plurality of users
`authorized to access the secure computer network and selected data identifying the
`secure computer network. The method comprises receiving an access request
`including authentication information and a computer network ID from an entity,
`determining whether the authentication information is valid for any of the plurality of
`users, accessing data when the authentication information of the entity is valid for one
`of the plurality of users to determine whether the entity is authorized to access the
`computer network identified by the computer network ID, and allowing the entity to
`access the secure computer network when the authentication information of the entity
`
`787047.1
`
`USR Exhibit 2009, Page 4
`
`
`
`- 5 -
`
`is valid for one of the plurality of users authorized to access the computer network
`identified by the computer network ID.
`Another embodiment of the invention comprises a method of authenticating an
`identity of a first entity. The method comprises the acts of wirelessly transmitting
`from a first device, first encrypted authentication information of the first entity,
`receiving with a second device the wirelessly transmitted first encrypted
`authentication information, decrypting with the second device, the first wirelessly
`encrypted authentication information to provide the first authentication information of
`the first entity to the second device; and authenticating the identity of the first entity
`based upon the first authentication information; and acting based on the assessed
`identity of the first entity.
`Another embodiment of the invention comprises a system for authenticating
`an identity of a first entity, comprising a first wireless device comprising a first
`wireless transmitter and receiver configured to transmit a first wireless signal
`including first encrypted authentication information, a first processor configured to
`compare stored biometric data with detected biometric data of the first entity and
`configured to enable or disable use of the first device based on a result of the
`comparison, and configured to encrypt first authentication information with a first
`private key of the first entity into the first encrypted authentication information, a first
`biometric detector for detecting biometric data of the first entity, and a first memory
`for storing biometric data of the first entity, a private key of the first entity authorized
`to use the first device, and the first authentication information.
`According to some embodiments, the system further comprises a second
`wireless device comprising a second wireless transmitter and receiver configured to
`receive the first wireless signal and to process the first wireless signal, a second
`processor configured to compare detected biometric data of a second entity with
`stored biometric data and configured to enable or disable use of the second device
`based upon a result of the comparison, and configured to decrypt the first
`authentication information received in the first wireless signal, a biometric detector
`for detecting biometric data of a second entity, and a second memory storing
`
`787047.1
`
`USR Exhibit 2009, Page 5
`
`
`
`- 6 -
`
`biometric data of the second entity and a plurality of public keys of a plurality of first
`
`entities.
`
`BRIEF DESCRIPTION OF DRAWINGS
`This invention is pointed out with particularity in the appended claims. The
`above and further advantages of this invention may be better understood by referring
`to the following description when taken in conjunction with the accompanying
`drawings. The accompanying drawings are not intended to be drawn to scale. In the
`drawings, each identical or nearly identical component that is illustrated in various
`figures is represented by a like numeral. For purposes of clarity, not every component
`may be labeled in every thawing. In the drawings:
`FIG. 1 is a functional block diagram of a computer system configured to
`implement the universal secure registry ("USR"), including a USR database,
`according to one embodiment of the invention;
`FIG. 2 is a functional block diagram of a first embodiment of a networked
`environment including the computer system of FIG. 1;
`FIG. 3 is a functional block diagram of an entry of a database forming the
`USR database of FIG. 1;
`
`FIG. 4 is a functional block diagram of a second embodiment of a networked
`environment including the computer system of FIG. 1;
`FIG. 5 is a flow chart illustrating steps in a process of inputting data into the
`USR database;
`
`FIG. 6 is a flow chart illustrating steps in a process of retrieving data from the
`USR database;
`
`FIG. 7 is a flow chart illustrating a first protocol for purchasing goods from a
`merchant via the USR database without transmitting credit card information to the
`merchant;
`
`FIG. 8 is a flow chart illustrating a second protocol for purchasing goods from
`a merchant via the USR database without transmitting credit card information to the
`merchant;
`
`787047.1
`
`USR Exhibit 2009, Page 6
`
`
`
`- 7 -
`
`FIG. 9 is a flow chart illustrating a protocol for purchasing goods from a
`
`merchant via the USR database by validating the user's check;
`
`FIG. 10 is a flow chart illustrating a protocol for purchasing goods from an on-
`line merchant via the USR database without transmitting credit card information to
`the on-line merchant, and enabling the on-line merchant to ship the goods to a virtual
`address;
`
`FIG. 11 is a flow chart illustrating a protocol for shipping goods to a virtual
`
`address via the USR database;
`
`FIG. 12 is a flow chart illustrating a protocol for telephoning a virtual phone
`number via the USR database;
`FIG. 13 is a flow chart illustrating a protocol for identifying a person via the
`USR database;
`
`FIG. 14 is a flow chart illustrating a protocol for identifying a person to a
`policeman via the USR database;
`FIG. 15 is a flow chart illustrating a protocol for providing information to an
`authorized recipient of the information via the USR database;
`
`FIG. 16 is a flow chart illustrating a protocol for providing application
`information to an authorized recipient of the information via the USR database;
`FIG. 17 is a functional block diagram of an embodiment configured to use
`information in the USR system to activate or keep active property secured through the
`USR system; and
`
`FIG. 18A is a functional block diagram of an embodiment configured to use
`the USR system to control access to a secure computer network;
`FIG. 18B is a functional block diagram of another embodiment configured to
`use the USR system to control access to a secure computer network;
`FIG. 19 is a flow diagram of a process for controlling access to a secure
`computer network with the USR system in accordance with an embodiment of the
`invention;
`
`FIG. 20 is a flow diagram of a process for controlling access to a secure
`computer network with the USR system in accordance with another embodiment of
`the invention;
`
`787047.1
`
`USR Exhibit 2009, Page 7
`
`
`
`- 8 -
`
`FIG. 21 illustrates an embodiment of a system for validating the identity of an
`individual;
`
`FIGS. 22A and 22B illustrate one embodiment of a process for validating the
`identity of an individual;
`FIG. 23 illustrates one embodiment of various fields included within a first
`wireless signal and a second wireless signal as transmitted by the system of FIG. 21;
`
`FIG. 24 illustrates one embodiment of a process for verifying or authenticating
`the identity of a first user of a first wireless transmission device;
`FIG. 25 illustrates another embodiment of a process for authenticating the
`identity of a first user of a wireless transmission device;
`FIG. 26 illustrates still another embodiment of a process for authenticating the
`identity of a first user of a wireless transmission device; and
`FIG. 27 illustrates one embodiment of a data structure that can be used by any
`wireless device of the system of FIG. 21.
`
`DETAILED DESCRIPTION
`
`This invention is not limited in its application to the details of construction and
`the arrangement of components set forth in the following description or illustrated in
`the drawings. The invention is capable of other embodiments and of being practiced
`or of being carried out in various ways. Also, the phraseology and terminology used
`herein is for the purpose of description and should not be regarded as limiting. The
`use of "including," "comprising," or "having," "containing", "involving", and
`variations thereof herein, is meant to encompass the items listed thereafter and
`equivalents thereof as well as additional items.
`In one embodiment, an information system is formed as a computer program
`running on a computer or group of computers configured to provide a universal secure
`registry (USR) system. The computer, in this instance, may be configured to run
`autonomously (without the intervention of a human operator), or may require
`intervention or approval for all, a selected subset, or particular classes of transactions.
`The invention is not limited to the disclosed embodiments, and may take on many
`different forms depending on the particular requirements of the information system,
`
`787047.1
`
`USR Exhibit 2009, Page 8
`
`
`
`- 9 -
`
`the type of information being exchanged, and the type of computer equipment
`employed. An information system according to this invention, may optionally, but
`need not necessarily, perform functions additional to those described herein, and the
`invention is not limited to a computer system performing solely the described
`functions.
`
`In the embodiment shown in FIG. 1, a computer system 10 for implementing a
`USR system according to the invention includes at least one main unit 12 connected
`to a wide area network, such as the Internet, via a communications port 14. The main
`unit 12 may include one or more processors (CPU 16) running USR software 18
`configured to implement the USR system functionality discussed in greater detail
`below. The CPU 16 may be connected to a memory system including one or more
`memory devices, such as a random access memory system RAM 20, a read only
`memory system ROM 22, and one or more databases 24. In the illustrated
`embodiment, the database 24 contains a universal secure registry database. The
`invention is not limited to this particular manner of storing the USR database. Rather,
`the USR database may be included in any aspect of the memory system, such as in
`RAM 20, ROM 22 or disc, and may also be separately stored on one or more
`dedicated data servers.
`The computer system may be a general purpose computer system which is
`programmable using a computer programming language, such as C, CA*, Java, or
`other language, such as a scripting language or even assembly language. The
`computer system may also be specially programmed, special purpose hardware, an
`application specific integrated circuit (ASIC) or a hybrid system including both
`special purpose components and programmed general purpose components.
`In a general purpose computer system, the processor is typically a
`commercially available microprocessor, such as Pentium series processor available
`from Intel, or other similar commercially available device. Such a microprocessor
`executes a program called an operating system, such as UNIX, Linux, Windows NT,
`Windows 95, 98, or 2000, or any other commercially available operating system,
`which controls the execution of other computer programs and provides scheduling,
`debugging, input/output control, accounting, compilation, storage assignment, data
`
`787047.1
`
`USR Exhibit 2009, Page 9
`
`
`
`- 10 -
`
`management, memory management, communication control and related services, and
`many other functions. The processor and operating system defines a computer
`platform for which application programs in high-level programming languages are
`written.
`
`The database 24 may be any kind of database, including a relational database,
`object-oriented database, unstructured database, or other database. Example relational
`databases include Oracle 81 from Oracle Corporation of Redwood City, California;
`Informix Dynamic Server from Informix Software, Inc. of Menlo Park, California;
`DB2 from International Business Machines of Armonk, New York; and Access from
`Microsoft Corporation of Redmond, Washington. An example object-oriented
`database is ObjectStore from Object Design of Burlington, Massachusetts. An
`example of an unstructured database is Notes from. the Lotus Corporation, of
`Cambridge, Massachusetts. A database also may be constructed using a flat file
`system, for example by using files with character-delimited fields, such as in early
`versions of dBASE, now known as Visual dBASE from Inprise Corp. of Scotts
`Valley, California, formerly Borland International Corp.
`The main unit 12 may optionally include or be connected to an user interface
`26 containing, for example, one or more input and output devices to enable an
`operator to interface with the USR system 10. Illustrative input devices include a
`keyboard, keypad, track ball, mouse, pen and tablet, communication device, and data
`input devices such as voice and other audio and video capture devices. Illustrative
`output devices include cathode ray tube (CRT) displays, liquid crystal displays (LCD)
`and other video output devices, printers, communication devices such as modems,
`storage devices such as a disk or tape, and audio or video output devices. Optionally,
`the user interface 26 may be omitted, in which case the operator may communicate
`with the USR system 10 in a networked fashion via the communication port 14. It
`should be understood that the invention is not limited to any particular manner of
`interfacing an operator with the USR system.
`It also should be understood that the invention is not limited to a particular
`computer platform, particular processor, or particular high-level programming
`language. Additionally, the computer system may be a multiprocessor computer
`
`787047.1
`
`USR Exhibit 2009, Page 10
`
`
`
`system or may include multiple computers connected over a computer network. It
`further should be understood that each module or step shown in the accompanying
`figures and the substeps or subparts shown in the remaining figures may correspond
`to separate modules of a computer program, or may be separate computer programs.
`Such modules may be operable on separate computers. The data produced by these
`components may be stored in a memory system or transmitted between computer
`systems.
`
`Such a system may be implemented in software, hardware, or firmware, or any
`combination thereof. The various elements of the information system disclosed
`herein, either individually or in combination, may be implemented as a computer
`program product, such as USR software 18, tangibly embodied in a machine-readable
`storage device for execution by the computer processor 16. Various steps of the
`process may be performed by the computer processor 16 executing the program 18
`tangibly embodied on a computer-readable medium to perform functions by operating
`on input and generating output. Computer programming languages suitable for
`implementing such a system include procedural programming languages, object-
`oriented programming languages, and combinations of the two.
`As shown in FIG. 2, the computer system 10 may be connected to a plurality
`of interface centers 27 over a wide area network 28. The wide area network 28 may
`be formed from a plurality of dedicated connections between the interface centers 27
`and the computer system 10, or may take place, in whole or in part, over a public
`network such as the Internet. Communication between the interface centers 27 and
`the computer system 10 may take place according to any protocol, such as TCP/IP,
`ftp, OFX, or XML, and may include any desired level of interaction between the
`interface centers 27 and the computer system 10. To enhance security, especially
`where communication takes place over a publicly accessible network such as the
`Internet, communications facilitating or relating to transmission of data from/to the
`USR database 24 or the computer system 10 may be encrypted using an encryption
`algorithm, such as PGP, DES, or other conventional symmetric or asymmetric
`encryption algorithm.
`
`787047.1
`
`USR Exhibit 2009, Page 11
`
`
`
`- 12 -
`
`In one embodiment, the USR system 10 or USR database 24 may be able to
`authenticate its identity to a user or other entity accessing the system by providing an
`appropriate code which may be displayed on the user's smart card, for example a
`SecurIDTM card or its equivalent, or other code generator, for example a single use
`code generator, being employed by the user. A comparison by the user or the code
`generator between the provided number and an expected number can validate, to the
`user (or other entity) or the code generator, that communication is with the database
`and not an imposter.
`
`The database 24 shown in FIG. 1 has a USR database containing entries
`related to persons 1-n. The data in the USR database may also be segregated, as
`shown in FIG. 4, according to data type to enable individual computer modules to
`handle discrete applications on discrete data types. Segregating the data, as illustrated
`in FIG. 4, may make access to the database more robust by enabling portions of the
`data in the USR database 24 to be accessible even when it is necessary to perform
`maintenance on a portion of the database. However, storing the data in the USR
`database 24 according to the scheme illustrated in FIG. 1 may make it easier for a user
`of the database to make changes to multiple types of data simultaneously or in a
`single session. There are advantages and disadvantages to each data structure, and the
`invention is not limited to a particular manner of organizing the data within the
`database 24, data structures other than the two shown also being possible.
`As shown in FIG. 3, each entry 30 in the database 24 may contain multiple
`types of information. For example, in the embodiment shown in FIG. 3, the entry
`contains validation information 32, access information 34, publicly available
`information 36, address information 38, credit card and other financial information
`40, medical information 42, job application information 44, and tax information 46.
`The invention is not limited to a USR containing entries with all of this information or
`only this particular information, as any information on a person or other entity such as
`a company, institution, etc. may be stored in USR database 24.
`If the database information is split between multiple databases, each database
`will typically include at least the validation and access information to enable the USR
`software to correlate a validation attempt with a verified validation, and to enable the
`
`787047.1
`
`USR Exhibit 2009, Page 12
`
`
`
`- 13 -
`
`USR software to determine access privileges to the requested data. Alternatively,
`databases may be linked to permit information not in a main USR database to be
`retrieved, with validation/identification for all databases accessed being done at the
`USR system.
`
`In FIG. 3, the validation information is information about the user of the
`database to whom the data pertains and is to be used by the USR software 18 to
`validate that the person attempting to access the information is the person to whom
`the data pertains or is otherwise authorized to receive it. The validation information
`may be any type of information that will reliably authenticate the identity of the
`individual.
`
`In one embodiment, the user of the database will carry a SecurIDTM card
`available from RSA Security, formerly Security Dynamics Technologies, Inc., of
`Cambridge, MA. Use of this card enables secure access to the USR database without
`requiring the user to transmit any personal information. Specifically, to access the
`USR database, the card retrieves a secret user code and/or time varying value from
`memory and obtains from the user a secret personal identification code. The card
`mathematically combines these three numbers using a predetermined algorithm to
`generate a one-time nonpredictable code which is transmitted to the computer system
`10. The computer system, specifically USR software 18, utilizes the received one-
`time nonpredictable code to determine if the user is authorized access to the USR
`database and grants access to the USR database if the user is determined to be
`authorized. The verification information 32 in the database entry in the embodiment
`of the invention illustrated in FIG. 3 contains information to enable the USR software
`18 to validate the user using such a card in this manner.
`Alternative types of identification cards or tokens may likewise be used. For
`example, other smart cards may be used which generate non-predictable single use
`codes, which may or may not be time varying, or other access code generators may be
`used. An algorithm generating such non-predictable codes may also be programmed
`onto a processor on a smart card or other computing device, such as a cell phone,
`pager, ID badge, wrist watch, computer, personal digital assistant, key fob, or other
`commonly available electronic device. For convenience, the term "electronic ID
`
`787047.1
`
`USR Exhibit 2009, Page 13
`
`
`
`- 14 -
`
`device" will be used generically to refer to any type of electronic device that may be
`used to obtain access to the USR database.
`
`Likewise, various types of biometric information may be stored in the
`verification area of the database entry to enable the identity of the user possessing the
`identifying device to be verified at the point of use. Examples of the type of biometric
`information that may be used in this situation includes a personal identification
`number (PIN), fingerprint, voice print, signature, iris or facial scan, or DNA analysis.
`If desired, the verifying section of the database may contain a picture to be transmitted
`back to the person seeking to validate the device to ensure the person using the device
`is the correct person. Optionally, the identifying device itself may also be provided
`with a picture of the person authorized to use the card to provide a facial confirmation
`of the person's right to use the card.
`In FIG. 3, the Access information 34 is provided to enable different levels of
`security to attach to different types of information stored in the entry 30 in the USR
`database 14. For example, the person may desire that their address information be
`made available only to certain classes of people, for example colleagues, friends,
`family, Federal Express, U.P.S., and the U.S. mail service. The names or universal
`identifiers for those selected individuals, companies, organizations and/or agencies
`may be entered into appropriate fields in the Access information to specify to the USR
`software 18 those individuals to whom the address information may be released.
`Likewise, access fields may be specified for the other types of information. For
`example, the individual may specify that only particular individuals and/or companies
`have access to the credit card and other financial information 40, medical information
`42, job application information 44 and tax information 46. Additionally, the
`individual may specify that no one have access to that information unless the
`individual participates in the transaction (see FIG. 6).
`As shown in FIG. 1, the USR software 18 contains algorithms for execution
`by the CPU 16 that enables the CPU 16 to perform the methods and functions of the
`USR software described below in connection with Figs. 5-16. The USR software 18,
`in this embodiment, performs all functions associated with validating an electronic ID
`card. If desired, a separate validation software module may be provided to validate
`
`787047.1
`
`USR Exhibit 2009, Page 14
`
`
`
`- 15 -
`
`electronic ID devices outside of a firewall segregating the validation information from
`other user information.
`
`T