(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2016/0155121 A1
`
` Weiss (43) Pub. Date: Jun. 2, 2016
`
`
`US 20160155121A1
`
`(54) METHOD AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION
`
`(71) Applicant: UNIVERSAL SECURE REGISTRY,
`LLC, Newton, MA (US)
`
`(72)
`
`Inventor: Kenneth P. Weiss, Newton, MA (US)
`
`(60) Provisional application No. 60/859,235, filed on Nov.
`15, 2006, provisional application No. 60/812,279,
`filed on Jun. 9, 2006, provisional application No.
`60/775,046, filed on Feb. 21, 2006.
`
`Publication Classification
`
`(21) Appl. No.: 14/814,740
`
`.
`.
`Ffled‘
`
`(22)
`
`Jul' 31’ 2015
`
`Related US. Application Data
`
`(51)
`
`Int. Cl.
`G06Q 20/40
`H04L 29/06
`(52) US. Cl.
`CPC ............ G06Q 20/40 (2013.01), H04L 63/0861
`(201301)
`
`(200601)
`(2006.01)
`
`(63) Continuation of application No. 14/027,860, filed on
`Sep. 16, 2013, now Pat. No. 9,100,826, which is a
`continuation of application No. 13/621,609, filed on
`Sep. 17, 2012, now Pat. No. 8,538,881, which is a
`continuation of application No. 13/ 168,556, filed 011
`Jun. 24, 2011, now Pat. No. 8,271,397, which is a
`continuation of application No. 11/677,490, filed on
`Feb. 21, 2007, now Pat. No. 8,001,055.
`
`ABSTRACT
`(57)
`According to one aspect, the invention provides a system for
`authenticating identities of a plurality of users. In one
`embodiment, the system includes a first handheld device
`including a wireless transceiver which is configured to trans-
`mit authentication information, a second device including a
`wireless receiver, where the second device is configured to
`receive the authentication information.
`
`
`
`
`Public
`Medical
`
`
`
`Financial
`Information
`Information Information
`Computer
`Computer Computer
`
`
`
`Module
`Module
`Module
`
`
`
`
`
`USR System
`
`Job
`Address
`Information Application
`Computer Computer
`Module
`Module
`
`Tax .
`Information
`
`Computer
`
`
`
`
`
`Module
`Centers
`
`Public
`Tax _
`Information
`Information
`Wide Area Network
`
`
`Interface
`Interface
`Centers
`Centers
`
`Medical
`Information .
`In terface
`Centers
`
`_
`
`Job Application
`Information
`Interface
`Centers
`
`Financial
`Information
`Interface
`
`Address
`Information
`Interface
`Centers
`
`Apple 1 104
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 1 of 28
`
`US 2016/0155121 A1
`
`12
`
`/70
`
`20
`
`22
`
`26
`
`RAM
`
`18
`
`User
`Interface
`
`USR
`Software
`
`Wide
`Area
`Network
`
`.
`
`Universal Secure
`
`Registry
`
`Person No. n
`
`FIG.
`
`7
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 2 of 28
`
`US 2016/0155121 A1
`
`Computer Computer Computer
`Module
`Module
`Module
`
`USR System
`
`Computer Computer Computer
`Module
`Module
`
`Module
`
`
`10
`
`27
`
`Interface
`Center
`
`Interface
`Center
`
`_
`
`27
`
`Interface
`Center
`
`Interface .
`Center
`
`27
`
`Wide Area Network
`
`Interface
`Center
`
`Interface
`Center
`
`27
`
`27
`
`27
`
`FIG. 2
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 3 of 28
`
`US 2016/0155121 A1
`
`on
`
`comboa
`
`F.02
`
`8222
`
`cozoctec.
`
`xo._.
`
`8:05.85
`
`3233
`
`03265
`
`cozoELSE
`
`no:
`
`cozoozaa<
`
`5305.85
`
`$82
`
`53258:.
`
`c232;
`
`832585
`
`.0282
`
`5:05.25
`
`28:85
`
`.650EB
`
`.222:
`
`cozoE‘éE
`
`hGE
`
`w»
`
`NV
`
`9v
`
`
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 4 of 28
`
`US 2016/0155121 A1
`
`Public
`Information
`Computer
`Module
`
`Medical
`Information
`Computer
`Module
`
`Financial
`Inform ation
`Computer
`Module
`
`USR System
`
`Job
`Address
`Information Application
`Computer
`Computer
`Module
`Module
`
`Tax
`Information
`
`Computer
`Module
`
`Wide Area Network
`
`Public
`Information
`Interface
`Centers
`
`Medical
`Information
`Interface
`Centers
`
`Tax _
`Information
`Interface
`Centers
`
`Job Application
`Inform ation
`Interface
`Centers
`
`
`
`Financial
`Information
`Interface
`Centers
`
`Address
`Information
`Interface
`Centers
`
`FIG. 4
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 5 0f 28
`
`US 2016/0155121 A1
`
`Train the Database
`
`500
`
`Identification
`
`Validate Person’s
`
`502
`
`
`
`Does
`N0
`Person Have Rights to
`
`Enter Data
`?
`
`
`
`Enable Person to Enter
`Basic Personal Data
`
`
`Person Have Right to
`Enter Additional Data
`9
`
`
`
`Yes
`
`508
`
`Enable Person to Enter
`
`Advanced Personal Data
`
`510
`
`Enable Person to Specify Access
`
`to Advanced Personal Data
`
`
`
`512
`
`FIG. 5
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 6 0f 28
`
`US 2016/0155121 A1
`
`
`
`Enable Access to
`
`
`Basic Personal Data
`
`
`
`600
`
` Is
`No
`
`Additional Information
`
`Requested
`?
`
`
`
`
`
`
`Is Person
`
`Does Requestor
`
`Participating in
`Have Rights to Access
`
`
`Transaction
`
`Type of Requested
`Data ‘?
`
`
`
`
`
`
`Validate Person’s
`Identity
`
`Enable Person to
`Change Access
`Rights to Data
`
`
`
`505
`
` Does Requestor
`Have Rights to Access
`
`Type of Requested
`Data ?
`
`Cause USR to Enable
`Access to Type of
`Requested Data
`
`
`610
`
`FIG. 6
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 7 0f 28
`
`US 2016/0155121 A1
`
`700
`
`702
`
`704
`
`706
`
`708
`
`710
`
`712
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to Credit
`
`Card Company
`
`(3) Amount of Purchase
`
`(1) Code from Secure ID
`(2) Store Number
`
`Credit Card Company
`Sends Code to USR
`
`USR Determines if Code is Valid, and if
`Valid Accesses User's Credit Card
`Information and Tronsmits Credit Card
`
`Number to Credit Card Company
`
`Credit Card Company Checks
`Credit Worthiness and Declines
`
`Transfers $ to Merchant’s Account
`
`Card or Debits User's Account and
`
`CCC Notifies Merchant of
`Result of Transaction
`
`FIG. 7
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 8 0f 28
`
`US 2016/0155121 A1
`
`800
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`
` 802
`
`
`
`
`
`
`Merchant Transmits to USR
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`
`
`
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to CCC
`
`(1) Credit Card Number
`(2) Store Number
`(3) Amount of Purchase
`
`
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User’s Account
`
`and Transfers $ to Merchant’s Account
`
`CCC Notifies USR of
`Result of Transaction
`
`USR Notifies Merchant of
`Result of Transaction
`
`FIG. 8
`
`804-
`
`806
`
`808
`
`810
`
`812
`
`814
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 9 0f 28
`
`US 2016/0155121 A1
`
`
`
`User Initiates Purchase and
`Writes Check to Merchant
`
`User Enters Secret Code
`in Secure ID
`
`
`
`900
`
` 902
` 904
`
`
`
`Merchant Transmits to USR
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Bank
`Information and Transmits to Bank
`
`
`
`(1) Bank Account Number
`(2) Store Number
`(3) Amount of Purchase
`
`Bank Checks Account Balance
`
`
`
`to Verify Availability of Funds
`
`Bank Notifies USR of
`Result of Verification
`
`USR Notifies Merchant of
`Result of Verification
`
`FIG. 9
`
`906
`
`908
`
`910
`
`912
`
`914
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 10 0f 28
`
`US 2016/0155121 A1
`
`User Initiates Anonymous Purchase
`by Entering Secret Code in Secure
`ID and Transmitting Result
`to
`On—Line Merchant
`
`(3) Amount of Purchase
`
`Merchant Transmits to USR
`
`(1) Code from Secure ID
`(2) Store Number
`
`USR Determines if Code is Valid
`
`USR Accesses User's Credit Card
`Information and Transmits to CCC:
`
`(1) Credit Card Number
`E2; Store Number
`
`5 Amount of Purchase
`
`and Transfers $ to Merchant's Account
`
`CCC Checks Credit Worthiness and
`Declines Card or Debits User's Account
`
`CCC Notifies USR
`of Result of Transaction
`
`1000
`
`1002
`
`1004
`
`1 006
`
`1 008
`
`1010
`
`1014
`
`If Credit Declined,
`USR Notifies Merchant
`
`1012
`
`1016
`
`If Credit Accepted, USR
`Accesses Address Code
`and Provides Merchant
`
`with Address Code
`
`Merchant Labels Package
`with Address Code and Ships
`
`FIG. 10
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 11 of 28
`
`US 2016/0155121 A1
`
`User Provides Address
`Code on Public Area
`
`User Provides Address Information
`in Address Area of USR
`
`Person Places Public Code
`on Parcel
`to be Mailed
`
`Post Office Accesses USR
`to Retrieve Address Information
`
`1100
`
`1102
`
`1104
`
`1106
`
`1108
`
`1110
`
`to
`Post Office Delivers Parcel
`Address in Address Area of USR
`
`Post Office Prints Bar Code
`on Parcel
`to Automate
`Delivery of Parcel
`to Address
`in Address Area of USR
`
`
`
`FIG.
`
`11
`
`User Provides Telephone
`Code on Public Area
`
`1200
`
`1202
`
`1204
`
`1206
`
`
`
`User Provides Telephone Information
`in Telephone Area of USR
`
`Person Dials USR Phone Number and
`
`Enters Telephone Code for User
`
`USR Connects Person to Telephone
`Number Without Providing User
`Person with Telephone Number
`
`FIG. 12
`
`

`

`memP
`
`“IF
`
`n
`
`cm
`
`m
`
`J
`
`6
`
`nm
`
`2
`
`US 2016/0155121 A1
`
`P8:A82
`:oEoo__0n_mm:BmtEmcoc.533.5ovoommm:3mtEmcoc.m8:.82Jo.338E2“.230a.830mEot
`
`
`
`
`5m:o>2n_2mEEBE.52...m888:8B5:025:02Loyou=o>35585202mo>2n_3mEEmfi<
`
`
`
`
`
`
`
`853530:;mxom:8333.mm:53520;;m_._om:3332mm:
`way26>m_260x355.33mm:26>m_300:355.33mm:
`
`
`.mQ833c_300#9639.38..Em:988cmc_300yohomm23cmLow:
`
`
`
`Mno:menu
`
`mwe:/82
`
`V0:3.2
` 3:53Foconcoct;—coEoo__on_3mtEwcoc.BEAV33:02hocozuocto>CV
`
`
`
`cozoELoE28mmmo__on_ucocozoELou—ELBOEE>3mtEmcoc.“Eucozoctes
`
`ISEn.“GE
`
`
`
`mEucBmazomoLoam.mEoowmmo__on_“3
`
`
`
`boEIBEES9668.3.83:88;
`
`.620:9230mm*0230E“NV
`
`.6201n__Esoom*o8305ANV
`
`

`

`mP
`
`A
`
`bHP
`
`.m
`
`2
`
`6m
`
`Bm
`
`002
`
`US 2016/0155121 A1
`
`
`.macoEtua<.5”:35£2,035¢2cozooEEoB
`
`1%.8>33.38:395m:332.".38.:meEm:
`n.300cornea“?96n:2:03260ban.26a.888E0:mEot380mm:3mtEmcofi$3360mm:3£829...38a
`am28>m_2503m:t35.533mm:26>m_300:mogctflmomm:
`
`.mo.8385$00“whom83cm53n:2335£50wohomm23cm5m:
`.mwas/82
`
`2,.092mom.“
`
`Mmam“No.2
`m8289
`nv0232
` 850232
`
`ham:05*0:23coco_yoo__an_<co38a.38:05.25o_no__o><
`28%:£520:258:05.2523282ban.228:22
`
`$33800Lo.6335:09:85mtEmco¢ncoouoo3.6.”.
`
`
`
`
`
`mxom:mommwoo<mm:852585mxwm:8382mm:
`
`2Gt.0N6?.
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 14 of 28
`
`US 2016/0155121 A1
`
`10
`
`
`
`USR System
`
`Lop Top
`Computer
`
`
`
`Electronic
`
`Device
`
`Automobile
`
`FIG. 17
`
`

`

`.r——-4 r4
`E Device E
`E Device E
`
`| Access |
`
`| Access |
`
`|
`
`|
`
`|
`
`I
`
`
`
`7800
`
`/
`
`1801
`
`Patent Application Publication
`
`Jun. 2, 2016 Sheet 15 of 28
`
`US 2016/0155121 A1
`
`1802
`
`1802
`
`1802
`
`'---7(---'
`L-- ---'
`L __________ L __________
`
`10
`
` USR System
`
`1804
`
`1804
`
`1804
`
`1804
`
`rm?
`g 023?: g
`
`I A
`
`I
`
`1802
`
`1802
`
`
`
`/ ”3’0
`
`|
`|_
`
`|
`_l
`
`1804
`
`
`
`USR System
`
`
`
`FIG. 183
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 16 of 28
`
`US 2016/0155121 A1
`
`1900\ 1902
`
`
`
`Entity Initiates Access Request
`
`
`
`Entity Supplies
`1) Authentication Info
`2) Computer Network ID
`
`USR Receives Access
`
`Request Including
`
`1) Authentication Info
`2) Computer Network ID
`
`7914
`
`Provide Indication that
`
`Entity is Denied Access
`
`
`
`Is
`
`
`
`
`Auth.
`Info Valid
`
`for a User
`
`9
`
`
`
`
`
`ls Entity Authorized
`
`to Access the Computer Network
`
`Identified by the ID
`
`1912
`
`
`
`
`Allow Communications Between
`
`the Entity and Secure System
`
`FIG. 79
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 17 of 28
`
`US 2016/0155121 A1
`
`2000\
`
`Entity Initiates Access Request
`
`Entity Supplies
`Authentication Information
`
`Secure System Receives
`Authentication Information
`
`Secure System Communicates
`Authentication Information to USR
`
`USR Validates
`Authentication Information
`
`Secure System Receives
`Indication from USR
`
`Secure System Grants or
`Denies Access Based
`
`on the Indication
`
`FIG. 20
`
`2002
`
`2004
`
`2006
`
`2008
`
`2010
`
`2014
`
`2016
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 18 of 28
`
`US 2016/0155121 A1
`
`Challenger /
`Responder
`
`
` 275243112333;.
`
`
`2730“ Biometric
`I Sensor
`
`
`2100
`
`2118
`
`Secure
`Database
`
`2140
`
`
`T R
`/
`2146
`21.3:
`
`
`
`
`2144
`2142— 2154
`
`\_|_—____4____|
`\_________|
`
`
`: Addititionol
`:
`
`|_ __________ _l
`I Wireless T/R I
`
`
`
`
`
`:
`FifitEFfiEeil Addititional
`
`|_ __________ _l
`I_ ______ _II Wireless T/R I
`
`
`FIG. 21
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 19 of 28
`
`US 2016/0155121 A1
`
`202
`
`208
`
`L
`
`r—————T_T__£ F
`
`I NOI
`Periodically
`No I
`|Communicate withi—i
`L§999r9_ 9919b999J
`
`
`
`270
`
`216
`
`214
`
`272
`
`_ __________/ __.[____
`Delete
`Periodically _—i NDIr
`No Ir
`1
`Shutdown
`'Communicote withH Data
`Device #2
`
`L§999r_e_ 9919b999J
`L _________ J
`
`FIG. 22A
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 20 of 28
`
`US 2016/0155121 A1
`
`218
`
`Initiate Valid
`Communication Protocol
`
`Yes
`
`220
`
`Transmit First Wireless Signal
`Containing Encrytped Authentication
`
`
`
`
`222
`
`226
`
`r____________________________/’
`
`I
`Transmit Second Wireless Signal
`I
`: Containing Encrytped Authentication :
`____________________________ J
`|
`Information to Device #1
`|
`
`l—______________l______________'I
`
`|
`I
`Authenticate Identity of User #2
`I
`____________________________ _l
`
`o I
`———-I
`I
`
`22.3—«/L
`
`1 Yes
`
`I— ____________________________ 'I
`
`Contact Secure Database
`for Information
`
`230 —~/
`
`
`
`1
`
`Take Appropriate Action
`
`224
`
`
`
`FIG. 223
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 21 of 28
`
`US 2016/0155121 A1
`
`
`
`
`
`V>oxmmomEzlmco33308in//OR.
`
`/8n
`
` .300oEBIocov//men.
`
`938%6:99/8n
`
`QUE/EV
`
`Von
`
`Levowzv
`
`//Nom.
`
`A3%e350v
`
`3%oEoEoEcoygbco>3.mun
`
`\In.
`
`\NR.
`
`MN6?.
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 22 of 28
`
`US 2016/0155121 A1
`
`400
`
`\
`
`Sense Header #1
`
`Verify Protocol
`
`l Verify/Decrypt Respondent #1
`:
`Digital Signature
`
`i
`:
`
`Authenticate User #1
`
`406
`
`FIG. 24
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 23 of 28
`
`US 2016/0155121 A1
`
`520\
`
`522
`
`Receive Public ID #1 PKI Encrypted DES
`Key, Encrypted Portion of Biodata
`
`524 Look Up from ID #1, Public Key #1
`
`526
`
`528
`
`Look Up Remainder of
`Biodata Information #1
`
`
`
`:
`:
`
`Combine Biodata Information to
`Recreate Biodata Information
`
`i
`:
`
`
`
`536
`
` Process Biodata information
`
`FIG. 25
`
`

`

`Look Up Public Key #1 626
`
`
`
`Transmit Public ID #2 Information
`to Secure Database
`
`
`
`Patent Application Publication
`
`Jun. 2, 2016 Sheet 24 of 28
`
`US 2016/0155121 A1
`
`620
`
`622
`
`\ Receive Public Key ID #1, PKI
`Encrypted DES Key (Optional)
`
`624
`
`628
`
`
`
`
`
`
`
`
`
`
`
`Generate Non-predictable Code
`
`From ID1
`Information (Time—varying)
`
`Transmit Public ID #1 from Device #2
`to Secure Database
`
`
`
`Access with Secure Database at Least
`
`Portion of Bio Information of Entity #1
`
`Transmit Bio Information of
`
`Entity #1 to Device #2
`
`Display Bio Information
`
`Process Biodata Information
`
`FIG. 26
`
`630
`
` 632
` 6.34
` 6J6
` 6.38
`
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 25 of 28
`
`US 2016/0155121 A1
`
`720
`
`\
`
`722
`
`724
`
`726
`
`728
`
`Private Key of #2
`
`Public Keys of
`Plural 1st Entities
`
`Biodoto of #2
`
`Portion of Biodata
`Files of Other Users
`
`FIG. 27
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 26 of 28
`
`US 2016/0155121 A1
`
`NK
`K
`
`v
`R
`.
`
`DON.
`
`3$338
`
`8N.
`
`
`
`mEflmxm.0£0
`
`as\
`
`
`
`m9oEoEoE_229:200Ha.
`
`Lomcom
`
`Eoymxw
`
`300?.anNE\N2m2
`
`$233003m:
`
`mN“
`
`NNK
`
`mNhIn_«8.95,
`
`
`VNNr.6389LwEEmcoc.ANN
`
`
`
`r_82820:._«63v“322%“/v9
`
`o:1IIIIIIWm?
`
`
`
`5:9;:00
`
`Lommmooiuo
`Eflmzmozmcmoz
`go,Lo
`._5.8mm___|_
`
`\02
`
`E“I.H
`a$29.3,‘L‘
`
`L.ozooom
`
`am:
`
`m:
`
`mN6t
`
`venom526.".
`
`
`
`
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 27 of 28
`
`US 2016/0155121 A1
`
`262
`
`260\
`
`
`
`
`
`
`
`
`
`
`264
`
`266
`
`268
`
`
`
`Simulate Data
`
`Authenticate User
`
`
`
`Receive User
`'
`Information
`I
`|_ __________________ _l
`
`270
`
`

`

`Patent Application Publication
`
`Jun. 2, 2016 Sheet 28 of 28
`
`US 2016/0155121 A1
`
`Gem.GE
`
`09m.6?.
`
`«Gm.GE
`
`/won
`
`Nhn
`
`EH.
`
`0mm.
`
`/Nam.
`
`X6
`
`
`
`
`

`

`US 2016/0155121A1
`
`Jun. 2, 2016
`
`METHOD AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] This application is a is a continuation of and also
`claims priority under 35 U.S.C. §l20 to co-pending US.
`patent application Ser. No. 14/027,860, filed Sep. 16, 2013,
`entitled METHOD AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION, which
`application is a continuation of and also claims priority under
`35 U.S.C. §120 to US. patent application Ser. No. 13/621,
`609, filed Sep. 17, 2012, entitled METHOD AND APPARA-
`TUS FOR SECURE ACCESS PAYMENT AND IDENTIFI-
`CATION,
`issued at US. Pat. No. 8,538,881, which
`application is a continuation of and also claims priority under
`35 U.S.C. §120 to US. patent application Ser. No. 13/168,
`556, filed Jun. 24, 201 1, entitled METHOD, SYSTEM AND
`APPARATUS FOR SECURE ACCESS PAYMENT AND
`IDENTIFICATION, issued at US. Pat. No. 8,271,397, which
`application is a continuation of and also claims priority under
`35 U.S.C. §120 to US. patent application Ser. No. 11/677,
`490, filed Feb. 21, 2007, entitled METHOD, SYSTEM AND
`APPARATUS FOR SECURE ACCESS PAYMENT AND
`IDENTIFICATION, issued at US. Pat. No. 8,001,055, which
`claims priority under 35 U.S.C. §119(e) to each of the fol-
`lowing U.S. provisional patent applications: Ser. No. 60/775,
`046 entitled “METHOD AND APPARATUS FOR EMU-
`LATING A MAGNETIC STRIPE READABLE CARD,”
`filed Feb. 21, 2006; Ser. No. 60/812,279 entitled “UNIVER-
`SAL SECURE REGISTRY,” filed Jun. 9, 2006; and Ser. No.
`60/859,235 entitled “UNIVERSAL SECURE REGISTR ,”
`filed Nov. 15, 2006 each of which applications is hereby
`incorporated herein by reference in their entirety.
`
`BACKGROUND OF INVENTION
`
`[0002]
`
`1. Field of Invention
`
`[0003] Embodiments of the invention generally relate to
`systems, methods, and apparatus for authenticating identity
`or verifying the identity ofindividuals and other entities seek-
`ing access to certain privileges and for selectively granting
`privileges and providing other services in response to such
`identifications/verifications. In addition, embodiments of the
`invention relate generally to systems and methods for obtain-
`ing information from and/or transmitting information to a
`user device and, in particular, to systems, methods, and appa-
`ratus that provide for contactless information transmission.
`[0004]
`2. Discussion of RelatedArt
`
`[0005] Control of access to secure systems presents a prob-
`lem related to the identification of a person. An individual
`may be provided access to the secure system after their iden-
`tity is authorized. Generally, access control to secure com-
`puter networks is presently provided by an authentication
`scheme implemented, at least partly, in software located on a
`device being employed to access the secure computer net-
`work and on a server within the secure computer network. For
`example, if a corporation chooses to provide access control
`for their computer network, they may purchase authentication
`software that includes server-side software installed on a
`server in their computer system and corresponding client-side
`software that is installed on the devices that are used by
`
`employees to access the system. The devices may include
`desktop computers, laptop computers, and handheld comput-
`ers (e.g., PDAs and the like).
`[0006]
`In practice, the preceding approach has a number of
`disadvantages including both the difficulty and cost of main-
`taining the authentication system and the difficulty and cost of
`maintaining the security of the authentication system. More
`specifically, the software resides in the corporation’ s comput-
`ers where it may be subject to tampering/unauthorized use by
`company employees. That is, the information technology
`team that manages the authentication system has access to the
`private keys associated with each of the authorized users. As
`a result, these individuals have an opportunity to compromise
`the security of the system. Further, any modification and/or
`upgrade to the authentication system software is likely to
`require an update to at least the server-side software and may
`also require an update of the software located on each user/
`client device. In addition, where the company’s computer
`systems are geographically distributed, software upgrades/
`updatcs may be required on a plurality of geographically
`distributed servers.
`
`[0007] There is also a need, especially in this post Septem-
`ber 11 environment, for secure and valid identification of an
`individual before allowing the individual access to highly
`secure areas. For example, an FBI agent or an air marshal may
`need to identify themselves to airport security or a gate agent,
`without compromising security. Typically such identification
`may comprise the air marshal or FBI agent showing identifi-
`cation indicia to appropriate personnel. However, there are
`inherent flaws in this process that allow for security to be
`compromised, including falsification of identification infor-
`mation and failure ofthe airport security or other personnel to
`recognize the situation. Of course this process could be auto-
`mated, for example, by equipping airport personnel or secu-
`rity with access to a database and requiring the FBI agent or
`air marshal to appropriately identify themselves to the data-
`base, for example, by again providing identification which
`airport personnel can then enter into the database to verify the
`identity of the person seeking access to a secure area. How-
`ever, this process also has the inherent flaws in it as described
`above. In addition, there may be times when airport security
`or personnel may not be able to communicate with the data-
`base to check the identity of the person seeking access, for
`example, when they are not near a computer terminal with
`access to a database or are carrying a hand-held device that
`does not have an appropriate wireless signal to access the
`database. In addition, there is a need to ensure that if such a
`hand-held device ends up the wrong hands, that security is not
`compromised.
`[0008]
`Further, both commercial (e.g., banking networks)
`and non-commercial (e.g., security systems) information sys-
`tems often rely on magnetic card readers to collect informa-
`tion specific to a user (e.g., a security code, a credit card
`number, etc.) from a user device (e.g., a transaction card).
`Credit card purchases made in person provide an example of
`the most common transaction-type that relies on a user
`device, the credit or debit card, which is read by a magnetic
`card reader. User devices that rely on magnetic-stripe based
`technology magnetically store information (e.g., binary
`information) in the magnetic stripe. The magnetic stripe
`reader provides an interface to a larger computerized network
`that
`receives the user’s information to determine,
`for
`example, whether to authorize a transaction, to allow the user
`access to a secure area, etc.
`
`

`

`US 2016/0155121A1
`
`Jun. 2, 2016
`
`[0009] Recently, such devices have seen technological
`advances that increase their capabilities and improve their
`security. For example, such devices may now include embed-
`ded processors, integral biometric sensors that sense one or
`more biometric feature (e.g., a fingerprint) of the user, and
`magnetic stripe emulators. As one result, such devices may
`provide greater security by dynamically generating the nec-
`essary information, for example, generating the credit card
`number at the time of a transaction. Improved security can
`also be provided by such devices because more sophisticated
`authentication schemes can be implemented with the devices.
`
`In addition, user devices such as transaction cards
`[0010]
`may now also provide for one or more modes of information
`transmission other than transmission via a magnetic stripe/
`card reader combination. For example, user devices that may
`transmit information optically or via radio frequency (“RF”)
`signal transmission to a compatible system interface are now
`available. Further,
`the architecture of a user device that
`includes a processor is generally compatible with both the
`improved security features described above and the contact-
`less transmission modes such as optical and RF signal trans-
`mission. As a result of the improved security and greater
`functionality of some current user devices, there is a desire to
`replace magnetic-stripe based user devices with devices that
`include forms of information transmission other than the
`
`reading of a magnetic-stripe.
`
`[0011] There is, however, a substantial installed base of
`interfaces (for example, at points of sale, at automatic teller
`machines (“ATM”), and the like) that include magnetic card
`readers which are not equipped to receive information from a
`user device in any other format other than from a magnetic
`stripe. As a result of the cost to replace or retrofit the installed
`base, efforts to more-widely introduce user devices that do
`not employ magnetic stripe devices have not been developed.
`Because of the potential to substantially reduce fraud, how-
`ever, the fur‘ther implementation of such devices is of great
`interest to financial institutions among others. RF devices that
`transmit information wirelessly are expected to become much
`more prevalent and at some point, the predominant form of
`information transmission for user authentication based on a
`
`hand-held device, for example, credit card, debit card, drivers
`license, passport, social security card, personal identification,
`etc. Thus, new and improved methods for transitioning from
`a purely magnetic based form of communication to a wireless
`form of communication are desired.
`
`[0012] One current approach that is intended to “trans-
`form” a smart card for use with a magnetic stripe card reader
`employs a “bridge” device. The bridge device requires that
`the smart card be inserted within it. The bridge device
`includes a slot for receiving the smart card, a key pad whereby
`the user may enter information (e.g., a PIN number), and a
`credit card sized extension member. Operation of the bridge
`device requires that the smart card be inserted within it and
`that an electrical contact surface of the smart card engage a
`similar surface within the bridge device before the bridge
`device (i.e., the extension member) can be used with a mag-
`netic card reader. Thus,
`the contactless nature of more
`advanced information transmission systems is lost with the
`bridge device because it does not support wireless signal
`transmission.
`
`there is a desire for one or more
`[0013] Accordingly,
`devices, systems and methods for accomplishing any of the
`herein mentioned objectives.
`
`SUMMARY OF INVENTION
`
`[0014] There is thus a need for an identification system that
`will enable a person to be accurately identified (“identifica-
`tion” sometimes being used hereinafter to mean either iden-
`tified or verified) and/or authenticated without compromising
`security, to gain access to secure systems and/or areas. Like-
`wise, there is a need for an identification system that will
`enable a person to be identified universally without requiring
`the person to carry multiple forms of identification.
`[0015] Accordingly, this invention relates, in one embodi-
`ment, to an information system that may be used as a univer-
`sal identification system and/or used to selectively provide
`information about a person to authorized users. Transactions
`to and from a secure database may take place using a public
`key/private key security system to enable users of the system
`and the system itself to encrypt transaction information dur-
`ing the transactions. Additionally, the private key/public key
`security system may be used to allow users to validate their
`identity. For example, in one embodiment, a smart card such
`as the SecurIDTM card from RSA Security, Inc. may be pro-
`vided with the user’ s private key and the USR system’ s public
`key to enable the card to encrypt messages being sent to the
`USR system and to decrypt messages from the USR system
`10.
`
`[0016] The system or database ofthe invention may be used
`to identify the person in many situations, and thus may take
`the place of multiple conventional forms of identification.
`Additionally, the system may enable the user’s identity to be
`confirmed or verified without providing any identifying infor-
`mation about the person to the entity requiring identification.
`This can be advantageous where the person suspects that
`providing identifying information may subject the identify—
`ing information to usurpation.
`[0017] Access to the system may be by smart card, such as
`a SecurIDTM card, or any other secure access device. The
`technology enabling the user to present their identity infor-
`mation may be physically embodied as a separate identifica-
`tion device such as a smart ID card, or may be incorporated
`into another electronic device, such as a cell phone, pager,
`wrist watch, computer, personal digital assistant such as a
`Palm PilotTM, key fob, or other commonly available elec-
`tronic device. The identity of the user possessing the identi-
`fying device may be verified at the point of use via any
`combination of a memorized PIN number or code, biometric
`identification such as a fingerprint, voice print, signature, iris
`or facial scan, or DNA analysis, or any other method of
`identifying the person possessing the device. If desired, the
`identifying device may also be provided with a picture of the
`person authorized to use the device to enhance security.
`[0018] According to one embodiment of the invention, a
`method ofcontrolling access to a plurality of secure computer
`networks using a secure registry system located remotely
`from the secure computer networks is disclosed. The secure
`registry system includes a database containing selected data
`of a plurality of users each authorized to access at least one of
`the plurality of secure computer networks. The method com-
`prises acts of receiving authentication information from an
`entity at a secure computer network, communicating the
`authentication information to the secure registry system, and
`validating the authentication information at the secure regis-
`try system. The method also includes receiving from the
`secure registry system an indication of whether the entity is
`authorized to access the secure computer network, granting
`the entity access to the secure computer network when the
`
`

`

`US 2016/0155121A1
`
`Jun. 2, 2016
`
`authentication information ofthe entity corresponds to one of
`the plurality of users, and denying the entity access to the
`secure computer network when the authentication informa-
`tion of the user does not correspond to one of the plurality of
`users.
`
`[0019] Another embodiment of the invention comprises a
`method of controlling access to a secure computer network
`using a secure registry system. The secure registry system
`includes a database containing selected data of a plurality of
`users authorized to access the secure computer network and
`selected data identifying the secure computer network. The
`method comprises receiving an access request
`including
`authentication information and a computer network ID from
`an entity, determining whether the authentication information
`is valid for any of the plurality of users, accessing data when
`the authentication information of the entity is valid for one of
`the plurality ofusers to determine whether the entity is autho-
`rized to access the computer network identified by the com-
`puter network ID, and allowing the entity to access the secure
`computer network when the authentication information ofthe
`entity is valid for one of the plurality of users authorized to
`access the computer network identified by the computer net-
`work ID.
`
`[0020] Another embodiment of the invention comprises a
`method of authenticating an identity of a first entity. The
`method comprises the acts of wirelessly transmitting from a
`first device, first encrypted authentication information of the
`first entity, receiving with a second device the wirelessly
`transmitted first
`encrypted authentication information,
`decrypting with the second device,
`the first wirelessly
`encrypted authentication information to provide the first
`authentication information of the first entity to the second
`device; and authenticating the identity ofthe first entity based
`upon the first authentication information; and acting based on
`the assessed identity of the first entity.
`
`[0021] Another embodiment of the invention comprises a
`system for authenticating an identity of a first entity, compris-
`ing a first wireless device comprising a first wireless trans-
`mitter and receiver configured to transmit a first wireless
`signal including first encrypted authentication information, a
`first processor configured to compare stored biometric data
`with detected biometric data of the first entity and configured
`to enable or disable use of the first device based on a result of
`the comparison, and configured to encrypt first authentication
`information with a first private key of the first entity into the
`first encrypted authentication information, a first biometric
`detector for detecting biometric data of the first entity, and a
`first memory for storing biometric data of the first entity, a
`private key ofthe first entity authorized to use the first device,
`and the first authentication information.
`
`[0022] According to some embodiments, the system fur-
`ther comprises a second wireless device comprising a second
`wireless transmitter and receiver configured to receive the
`first wireless signal and to process the first wireless signal, a
`second processor configured to compare detected biometric
`data of a second entity with stored biometric data and config-
`ured to enable or disable use of the second device based upon
`a result of the comparison, and configured to decrypt the first
`authentication information received in the fi