`
`
`
`
`20
`I
`
`22
`
`1 RAM
`
`ROM j;
`
`m
`
`_J ,
`
` User
`Interface
`
`1
`
`USR sofiware
`
`CPU
`
`
`
`Wide
`
`Comm. Port _—-— » Area
`Network
`
`T \
`
`elrixx
`
`////
`‘
`Umversal Secure
`
`‘ V
`
`//////
`
`/'/
`
`\_\\\
`
`Registry
`\\\\\.—~»‘///
`
`
`
`
`(
`
`Person No‘ 1
`
`
`
`
`( Person No. 2 V
`
`
`
`
`
`
`
`
`® ® @
`
`
`
`
`
`Person No‘ n
`
`
`
`
`USR Exhibit 2009, Page 1
`
`USR Exhibit 2009, Page 1
`
`
`
`
`
`
`CompuIer
`1
`Co‘mpulef
`CBmpuIer
`ModuIe
`J
`Module
`Module
`
`
`USR System
`
`
`( (D
`
`Compuler
`CompuIer
`Computer
`ModuIe
`ModuIe
`ModuIe
`
`
`
`\
`
`WIDE AREA NETWORK
`
`
`Interface
`
`Center
`
`2?
`
`Interface
`
`CenIer
`
`
`
`
` Interface
`
`
`
`Inlerface
`CenIer
`
`
`
`Center
`
`F\QUK€ 2
`
`13‘
`
`x
`
`Iflterface
`
`Lhfij 2?
`
`
`Inlerface w 2?
`
`CenICr
`
`
`
`USR Exhibit 2009, Page 2
`
`USR Exhibit 2009, Page 2
`
`
`
`\D b
`
`Validation
`Information
`
`Access
`iniormation
`
`Pubiicgiiy
`avarla re
`information
`
`Address
`information .
`
`
`
`
`ifigure 3 >3<é> /
`LONmowed
`
`
` i 7% it %
`
`Credit card
`and other
`f
`.
`‘
`marrmra
`lntormatton
`
`'
`
`7
`
`Medicat
`f
`t
`in CUTIE ion
`»
`
`(i0
`
`JOb
`appiication
`mmrmauon
`
`Tax
`(r
`r
`r
`an orma (On
`
`
`
`USR Exhibit 2009; Page 3
`
`USR Exhibit 2009, Page 3
`
`
`
`
`
`Public
`.
`Medical
`Financial
`Information
`Informatton
`Information
`Computer
`Computer
`Computer
`Modufe
`’
`Moduie
`Module
`
`
`USR System
`
`
`Address
`Job
`Tax
`Information
`Apptication
`tnfonnaIion
`Computer.
`Computor
`Computer
`Modufe
`Module
`Moduie
`
`
`
`
`/ //"_”fi \‘\
`
`Information
`Interface
`Centers
`
`Pubtic
`
`
`Information
`WIDE AREA NETWORK
`Interface
`Centers
`
`
`
`
`Medicai
`
`
`
`Information
`Interface
`
`Centers
`
`Job Application
`Information
`Interface
`Centers
`
`
`Finandal
`
`
`
`f mat‘ion
`Address
`t
`
`Information
`[tnoterface
`
`
`Interface
`
`Centers
`
`
`‘
`
`FIQUQECI
`
`USR Exhibit 2009, Page_4
`
`USR Exhibit 2009, Page 4
`
`
`
`500
`
`Train the Database
`
` Validate
`Person's
`Identification
`
`
`
`
`Does
`
`
`
`person have
`
`rights to enter
`
`data?
`
`
`Enable person / 5“
`toeafierbasm
`
`personaldata
`
`
`
`right to enter
`additional
`
`Yes
`
`Enable person
`to enter
`advanced
`
`
`personal data '
`
`Enable person
`to specify
`access to
`
`advanced
`
`personal data
`
`
`
`
`
`
`
`
`
`
`FlGUQE g
`
`foa
`
`5(0
`
`5/2.
`
`USR Exhibit 2009, Page 5
`
`USR Exhibit 2009, Page 5
`
`
`
`Enable access
`to basic
` boo
`personal data
`
`
`
`
`F {C U Q6 Q:
`
`(002
`
`
`No
`,_
`
`s addltlona
`
`information
`
`requested?
`
`Yes
`
`
`
`
`
`
`
`
`
`
`
`
`Enable person
`to change
`
`access rights
`to data
`
`
`requestor have
`rights to access
`be of requeste
`
`No“
`
`ls person
`participating in
`transaction?
`
`
`
`
`
`Validate
`
`person‘s
`identity
`
`
`
`
`
`
`
`requestor have
`rights to access
`pe of requeste
`
`Enable access
`
`to type of
`requested data
`
`Return
`
`
`
`‘m‘
`
`‘
`
`..
`
`
`
`'
`
`USR Exhibit 2009, Page 6
`
`USR Exhibit 2009, Page 6
`
`
`
`
`User initiates
`
`purchase V W10
`
`
`
`
`
`
`User enters
`secret code in
`Secure 1D
`
`Merchant transmits to
`
`
`
`
`
`Credit card company
`(1) code from Secure 10 fi/ 20%
`(2) store number
`(3) amount of purchase
`
`/?O{s
`
`Credit card
`
`company
`
`
`sends code to
`
`USR
`
`
`
`
`USR determins ifcode is valid) and if
`valid accesses user’s credit card
`information and transmits credit card
`number to credit card company
`
`7015
`
`
`
`Credit card company checks credit
`‘ worthiness and dectines card or debits
`user‘s account and transfers $ to
`merchant‘s account
`
`W0
`
`CCC notifies
`merchant of
`result at
`
`. transaction
`
`'
`
`purchase
`
`
`User initiates
`
`
`
`
`
`User enters
`secret code in
`
`
`Secure iD
`
`
`
`
`USR
`(1) code from Secure 1D
`(2) store number
`(3) amount of purchase
`
` Merchant transmits to
`
`3'07
`
`
`
`
`determines if
`code is vatid
`
`sag
`
`
`
`
`
`
`USR accesses user's credittcard
`information and transmits to C00:
`(1) credit card number
`
`3‘ (2)storenumber
`
`3)amount of purchase
`
`
`f0?
`
`CCC checks credit worthiness and
`dectines card or debits user’s account
`and transfers $ to merchant‘s account
`
`
`(8/0
`
`of transaction
`
` USR of result.
`
` USR notifies
`
`merchant of
`result of
`
`transaction
`
`
`USR Exhibit 2009, Page 7
`
`USR Exhibit 2009, Page 7
`
`
`
`User initiates
`
`purchase and
`writes check to
`merchant
`
`Secure iD
`
`User enters
`secret code in
`
`Merchant transmits to
`USR
`
`(1) code from Secure lD quLi
`(2) store number
`(3) amount otpurchase
`
`
`
`determines if
`code is valid
`
`
`
`USR accesses user's bank information
`and transmits to bank:
`(1) bank account number
`(2) store number
`(3) amount of purchase
`l
`
`6‘0?
`
`Bank checks account balance to verify
`availability of funds
`
`
`Ci to
`
`Bank notifies
`USR of result
`
`of verification
`
`verification
`
`USR notifies
`merchant of
`result of
`
`.
`
`'
`
`USR Exhibit 2009, Page 8
`
`USR Exhibit 2009, Page 8
`
`
`
`
`
`User initiates anonymous purchase
`by entering secret codein Secure
`lD and transmitting result to on—line
`merchant
`
`.
`'
`I 000
`
`"
`
`Merchant transmits to
`USR
`
`
`
`
`
`(1) code from Secure lD
`(2) store number
`.
`
`(3) amount of purchase
`
`
`1002
`
`“.I
`
`USR
`determines ll
`cod e is valid
`
`
`
`
`USR accesses user‘s credit card
`information and transmits to CCC:
`(1) credit card number
`(2) store number
`(3) amount of purchase
`
`1
`
`'( 009
`
`itC S ‘0 f,
`7*- Ui’\ t.
`
`\_
`\
`\C)
`
`CCC Checks credit worthiness and
`declines card or debits user‘s account
`and transfers $ to merchant‘s account
`
`(00’6"
`
`
`USR of result
`
`of transaction
`
`
`
` CCC notifies
`
`
`
`
`if credit accepted, USR
`if credit
`r
`accesses address code
`declined. USR
`and provides merchant with
`notifies
`.
`
`Amerchant address code
`
`
`
`
`
`
`
` Merchant
`labels package
`with address
`
`code and ships
`
`( 0 I b/
`-
`
`USR Exhibit‘2009, Page 9
`
`USR Exhibit 2009, Page 9
`
`
`
`£520 over;
`
`\\
`
` User prov
`ides
`address code
`
`on public area
`
`
`
`{loo
`
`
` address
`
`User provices
`information
`in address
`area of U
`SR
`
`
`
`
`
`
`
`
`Person pic
`ces public
`code on parcel to be
`ma led
`
`llOLl
`
`
`
`
`
`
`
`
` Mlloo
` /ua>0
`
`post office accesses
`‘ USR to retrieve
`address information
`
`
`
`VlCtUi’dQ
`
`\l
`
`
`
`l 2 O O
`
`
`
`telephone code
`on public area
`
`
` User provides
`
`
`
` User provides
`
`telephone information
`
`in telephone area ol
`USR
`
`(202
`
`
`
`
`
`
`
`
`
`Person dials USR
`phone number and
`enters telephone code
`for user
`
`
`
` USR connects person to
`
`telephone number without
`
`. providing user person with
`
`
`telephone number
`
`
`
`20%
`
`Post office prints bar code on
`Post office delivers
`parcel to automate delivery of
`parcel to address in
`parcel to address in address
`address area of USR
`area of USR
`
`USR Exhibit 2009, Page 10
`
`USR Exhibit 2009, Page 10
`
`
`
`{it Cit/sea V?)
`
`_
`
`Fae-(3.6::
`
`iétu
`
`' User attempts
`
`to prove?“ (300
`
`.
`
`5
`
`‘.
`
`identification to
`Validator
`
`
`
`secret code in
`
` User enters
`Secure 1D
`
`
`Validator transmits to
`USR
`
`
`code from Secure 10
`
`
`
`
`(30%
`
`User attempts
`
`to prove n ”00
`
`
`
`identification to
`Policeman
`
`
`
`
`
`
`
`
`Userenters _l/t/{L{b1
`secret code in
`Secure lD
`
`
`
`
`
`
`
`
`
`
`Policeman transmits
`to USR
`
`code from Secure lD
`
`Mod
`
`
`
`determines it
`
`l 3 Q is
`
`lLl o (o
`
`USR
`
`
` determines if
`
`
`
`
`code is valid
`
`1
`”(Q03
`USR accesses user‘s photograph
`USR accesses user‘s photograph
`information and transmits to validator
`information and police record
`I
`(1) verification of identity
`information and transmits to policeman
`(2) picture of Secure lD holder (1) verification of identity
`
`(2) picture of Secure lD holder
`(3) police records, such as outstanding
`warrants for arrest and criminal history
`
`code is valid
`
`l 3-08
`
`‘
`
`USR Exhibit 2009, Page 11
`
`USR Exhibit 2009, Page 11
`
`
`
`CiCtua’Ze’: lg
`
`
`
`User desires
`to apply for a
`
`
`
`job. credit or
`apartment
`
`
`User enters
`
`secret code‘in
`
`
`Secure lD
`
`
`
`($02
`
`User transmits to
`USR
`
`code from Secure it)
`
`and application code
`
`
`
`
`a“ {60%
`
`
`
` USR
`determines it
`
`User code is
`vaiid
`
`
`
`
`(60¢
`
` 1M3
`/
`USR accesses user‘s application
`infonnation and transmits available
`information to user or completes an
`application on behalf of'user
`
`USR Exhibit 2009, Page 12
`
`ElQorfig \3
`
`User desires
`
`to provide
`information to
`
`
`
`
`Party
`
` (lg/OZ
`
`User enters
`
`secret code in
`
`
`Secure lD
`
`
`
`
`Party transmits to
`USR
`code from Secure lD
`
`
`
`and Party code
`
`
`
`(5/09
`
`LU
`
`SR
`
`determines it
`
`
`
`User code is
`valid
` 50%“
`
`fit
`USR accesses user's information
`available to Party according to Party
`code and transmits available
`information to Party
`
`USR Exhibit 2009, Page 12
`
`
`
`
`
`
`
`
` Electronic Device Automobile
`
`Lap Top Computer
`
`USR Exhibit 2009, Page 13
`
`USR Exhibit 2009, Page 13
`
`
`
`
`
`
`
`
`
`
`
`
`Seam/e, Sydem
`
`No‘ h
`
`
`
`USR Exhibit 2009, Page 14
`
`USR Exhibit 2009, Page 14
`
`
`
`
`
`E»**ys
`
`\
`«£3
`
`
`
`/
`
`//Q@67
`
`3
`
`Q‘T
`
`N‘fl‘fi-
`
`up,
`
`
`
`
`
`2) Camyuémr maxim k 39
`
`
`
`+3“\lé{Xe:Mgé«‘moq
`
`
`
`3:65;}; c 5
`D 3R receweg (Rad‘s
`$€w<aék
`\mc\u«<iw\
`VQCKAueJ’SR‘”
`Ocmxeqfiame‘Q1 m
`
`2)CO\’«sp\/\Hw neévvqavm :D
`
`
`
`:\\/~/?08
`
`AKW
`
`
`
`ge‘wwéem +ML€¢¢L
`c‘hk gamma: $y_5§‘cw.
`
`
`
`USR Exhibit 2009, Page 15
`
`USR Exhibit 2009, Page 15
`
`
`
` E;$fi%7/%Qgp\eg
`
`Aflfin‘fifi63‘? 6 LA
`
`kn rm 42;er WW
`
`
`
`
`
`SQCQTQ gyg%<~xm
`Raine‘ \/ e? FMWQH < (3&0 \4
`
`inQo «W 2: w
`
`
`
`
`///2008
`
`7&4nm
`
`'/20/
`
`O
`
`l
`
`W“
`
`$61 ”(av gy S¥€M
`Comm U ml (”A 0;: ‘M’NnchM
`Evgwmgmfijq USR
`
`L‘
`
`m
`USR \ch\\a\cem;
`A Uv‘rMe v\“\;\< a‘\»3\0v\
`Xm-QJOY'M 03"} M
`
`
`*
`
`FWUZE 20
`
`
`
`
`
`[ gagwa'gfliffi'EA'EM gVfi-jfiaj
`;
`
`
`23% {Sen} (as? 2%sz ‘55;de
`- m,
`fifi'kxgxém s 52:34:42. a
`'
`«mmmkfi
`
`
`USR Exhibit 2009, Page 16
`
`USR Exhibit 2009, Page 16
`
`
`
`Responder
`
`Challenger
`
`2110
`
`[2112
`
`
`2148 2116
`
`
`
`
`{-21 44
`2154’\
`
`Additional
`interface
`wireless
`
`
`
`
`
`
`
`2120—12122
`W—reless _Processor
`«-T/R
`
`21 24
`
`
`
`A-/
`
`Secure Database
`
`
`
`
`2146
`
`_cessor W—reless
`U m —/R
`
`>>>>
`
`f 2114
`
`Additional b2142
`wireless T/R 1
`|______________
`
`FIG. 21
`
`USR Exhibit 2009, Page 17
`
`USR Exhibit 2009, Page 17
`
`
`
`
`
`£503:Em
`
`E@0303
`
`$6.0Em
`
`g,83%
`
`NFN
`
`vow
`
`E3@550_|.LEEBmoEsEEoo
`
`333%9508
`
`250625
`
`_
`
`_
`
`_
`
`"260625“;
`
`"389%938m"53>BmoEsEEoo
`
`
`
`E5w:Bmozcofis<
`
`NON
`
`
`
`mum6m:983553
`
`3N
`
`OQN
`
`<NN.07.
`
`USR Exhi
`
`it 2009, Page 18
`
`USR Exhibit 2009, Page 18
`
`
`
`
`
`
`
`
`
`Initiate valid communication
`protocol
`
`218
`
`information to device #2
`
`Transmit first wireless signal
`containing encrypted authentication
`
`220
`
`Authenticate identity of user #1
`
`222
`
`E
`Transmit second wireless signal
`226 E
`; containing encrypted authentication .
`;
`information to device #1
`;
`
`_____N- -5
`
`Authenticate identity of user #2
`
`228
`
`:
`
`E
`
`:
`
`fl
`
`Contact secure database for
`information
`
`
`
`.
`.
`Take appropriate action
`
`224
`
`
`
`End
`
`FIG. 228
`
`USR Exhibit 2009, Page 19
`
`USR Exhibit 2009, Page 19
`
`
`
` 16xmmo$82-20omaaocmEa/orm
`
`
`
`
` 68032-8993292299goisavWW/Momwowwow
`
`r
`
`mom
`
`gmnmoIv
`
`A
`
`
`
`«A3%n:5&0v3%oEoEoz83508>2mmo
`
`firm
`
`Nwm
`
`l
`
`mm.9“.
`
`USR Exhibit 2009, Page 20
`
`USR Exhibit 2009, Page 20
`
`
`
`400
`
`Sense header #1
`
`Verify protocol
`
`:
`E
`
`Verify/decrypt respondent #1
`digital signature
`
`E
`{F402
`
`
`
`Authenticate user #1
`
`
`406
`
`FIG. 24
`
`USR Exhibit 2009, Page 21
`
`USR Exhibit 2009, Page 21
`
`
`
`Receive public ID #1 PKI encrypted DES key,
`encrypted portion of bio biodata
`
`Look up from ID #1, public key #1
`
`Decrypt portion of biodata #1 with DES key
`
`Decrypt DES key with public key
`
`
`
`5
`;
`
`i
`:
`
`Combine biodata information to recreate
`biodata information
`
`1
`E
`
`532
`
`Display biodata information
`
`:'\
`5
`
`534
`
`
`
`Process biodata information
`
`536
`
`FIG. 25
`
`USR Exhibit 2009, Page 22
`
`USR Exhibit 2009, Page 22
`
`
`
`620
`
`Z
`
`622
`
` Receive public ID #1,
`PKI encrypted DES key (optional)
`
`
`
`
`624
`Look up public key #1
`
`
`Transmit public ID #2 information to secure
`database
`
`
`
`
`
`Determine whether ID #2 has right to
`access secure database
`
`E
`Generate non-predictable
`:
`:
`code from |D1 information
`:
`
`626
`
`628
`
`Transmit public ID #1 from device #2 to
`secure database
`
`630
`
`
`
`Access with secure database at least
`
`portion of bio information of entity #1
`
`Transmit bio information of entity #1 to
`device #2
`
`Display bio information
`
`Process biodata information
`
`632
`
`634
`
`636
`
`638
`
`FIG. 26
`
`USR Exhibit 2009, Page 23
`
`USR Exhibit 2009, Page 23
`
`
`
`720
`
`Private key of #2
`
`722
`
`Public keys of plural
`1St entities
`
`724
`
`Biodata of #2
`
`Portion of biodata
`files of other users
`
`726
`
`.
`
`h 728
`
`FIG. 27
`
`USR Exhibit 2009, Page 24
`
`USR Exhibit 2009, Page 24
`
`
`
`MOmmmuowfi
`
`do
`
`EmjowEZOU
`
`_]‘III!.‘III.1
`dill!!!
`«owzww.U‘Nrrwr<0_fl
`
`
`
`
`USR Exhibit 2009, Page 25
`
`USR Exhibit 2009, Page 25
`
`
`
`
`
`
` J RECENE DATA»
`
`t
`
`
`
`$\m ULATE D RT9
`
`ILQUQ
`
`
`
`l WTREMfiCJ-VTE O$EQ
`
`
`
`L 16?)
`
`r.“““““‘”'* *‘“‘"“W
`
`I fI
`
`ugéa
`: QECENE
`L
`\ NCon Gfi 0Q
`
`i
`
`
`
`HQ. 29
`
`USR Exhibit 2009, Page 26
`
`USR Exhibit 2009, Page 26
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`USR Exhibit 2009; Page 27
`
`USR Exhibit 2009, Page 27
`
`
`
`Docket No.: W0537-700910
`
`Date Filed: February 21, 2007
`
`METHOD AND APPARATUS FOR SECURE ACCESS PAYMENT AND
`
`IDENTIFICATION
`
`CROSS REFERENCE TO RELATED APPLICATIONS
`
`This application claims priority under 35 U.S.C. §119(e) to each of the
`
`following co-pending US. provisional patent applications: serial no. 60/775,046
`
`entitled “METHOD AND APPARATUS FOR EMULATING A MAGNETIC
`
`STRIPE READABLE CARD,” filed February 21, 2006; serial no. 60/812,279 entitled
`
`“UNIVERSAL SECURE REGISTRY,” filed June 9, 2006; and serial no. 60/859,235
`
`entitled “UNIVERSAL SECURE REGISTRY,” filed November 15, 2006 each of
`
`which is hereby incorporated herein by reference in its entirety.
`
`BACKGROUND OF INVENTION
`
`1.
`
`Field of Invention
`
`Embodiments of the invention generally relate to systems, methods, and
`
`apparatus for authenticating identity or verifying the identity of individuals and other
`
`entities seeking access to certain privileges and for selectively granting privileges and
`
`providing other services in response to such identifications/verifications. In addition,
`
`embodiments of the invention relate generally to systems and methods for obtaining
`
`information from and/or transmitting information to a user device and, in particular, to
`
`systems, methods, and apparatus that provide for contactless information
`
`transmission.
`
`2.
`
`Discussion of Related Art
`
`Control of access to secure systems presents a problem related to the
`
`identification of a person. An individual may be provided access to the secure system
`
`after their identity is authorized. Generally, access control to secure computer
`
`networks is presently provided by an authentication scheme implemented, at least
`
`partly, in software located on a device being employed to access the secure computer
`
`network and on a server within the secure computer network. For example, if a
`
`USR Exhibit 2009, Page 28
`
`USR Exhibit 2009, Page 28
`
`
`
`corporation chooses to provide access control for their computer network, they may
`
`purchase authentication software that includes server-side software installed on a
`
`server in their computer system and corresponding client-side software that is
`
`installed on the devices that are used by employees to access the system. The devices
`
`may include desktop computers, laptop computers, and handheld computers (e. g.,
`
`PDAs and the like).
`
`In practice, the preceding approach has a number of disadvantages including
`
`both the difficulty and cost of maintaining the authentication system and the difficulty
`
`and cost of maintaining the security of the authentication system. More specifically,
`
`the software resides in the corporation’s computers where it may be subject to
`
`tampering/unauthorized use by company employees. That is, the information
`
`technology team that manages the authentication system has access to the private keys
`
`associated with each of the authorized users. As a result, these individuals have an
`
`opportunity to compromise the security of the system. Further, any modification
`
`and/or upgrade to the authentication system software is likely to require an update to
`
`at least the server-side software and may also require an update of the software
`
`located on each user/client device. In addition, where the company’s computer
`
`systems are geographically distributed, software upgrades/updates may be required on
`
`a plurality of geographically distributed servers.
`
`There is also a need, especially in this post September 11 environment, for
`
`secure and valid identification of an individual before allowing the individual access
`
`to highly secure areas. For example, an FBI agent or an air marshal may need to
`
`identify themselves to airport security or a gate agent, without compromising security.
`
`Typically such identification may comprise the air marshal or FBI agent showing
`
`identification indicia to appropriate personnel. However, there are inherent flaws in
`
`this process that allow for security to be compromised, including falsification of
`
`identification information and failure of the airport security or other personnel to not
`
`recognize the situation. Of course this process could be automated, for example, by
`
`equipping airport personnel or security with access to a database and requiring the
`
`FBI agent or air marshal to appropriately identify themselves to the database, for
`
`example, by again providing identification which airport personnel can then enter into
`
`the database to verify the identity of the person seeking access to a secure area.
`
`USR Exhibit 2009, Page 29
`
`USR Exhibit 2009, Page 29
`
`
`
`-3-
`
`However, this process also has the inherent flaws in it as described above. In
`
`addition, there may be times when airport security or personnel may not be able to
`
`communicate with the database to check the identity of the person seeking access, for
`
`example, when they are not near a computer terminal with access to a database or are
`
`carrying a hand-held device that does not have an appropriate wireless signal to access
`
`the database. In addition, there is a need to ensure that if such a hand-held device
`
`ends up the wrong hands, that security is not compromised.
`
`Systems capable of effectively performing all or some of these functions do
`
`not currently exist.
`
`Further, both commercial (e. g., banking networks) and non-commercial (e. g.,
`
`security systems) information systems often rely on magnetic card readers to collect
`
`information specific to a user (e. g., a security code, a credit card number, etc.) from a
`
`user device (e. g., a transaction card). Credit card purchases made in person provide
`
`an example of the most common transaction-type that relies on a user device, the
`
`credit or debit card, which is read by a magnetic card reader. User devices that rely
`
`on magnetic-stripe based technology magnetically store information (e. g., binary
`
`information) in the magnetic stripe. The magnetic stripe reader provides an interface
`
`to a larger computerized network that receives the user’ s information to determine, for
`
`example, whether to authorize a transaction, to allow the user access to a secure area,
`
`etc.
`
`Recently, such devices have seen technological advances that increase their
`
`capabilities and improve their security. For example, such devices may now include
`
`embedded processors, integral biometric sensors that sense one or more biometric
`
`feature (e. g., a fingerprint) of the user, and magnetic stripe emulators. As one result,
`
`today’s user devices may provide greater security by dynamically generating the
`
`necessary information, for example, generating the credit card number at the time of a
`
`transaction. Improved security can also be provided by such devices because more
`
`sophisticated authentication schemes can be implemented with the devices.
`
`In addition, user devices such as transaction cards may now also provide for
`
`one or more modes of information transmission other than transmission via a
`
`magnetic stripe/card reader combination. For example, user devices that may transmit
`
`information optically or via radio frequency (“RF”) signal transmission to a
`
`USR Exhibit 2009, Page 30
`
`USR Exhibit 2009, Page 30
`
`
`
`compatible system interface are now available. Further, the architecture of a user
`
`device that includes a processor is generally compatible with both the improved
`
`security features described above and the contactless transmission modes such as
`
`optical and RF signal transmission. As a result of the improved security and greater
`
`functionality of some current user devices, there is a desire to replace magnetic-stripe
`
`based user devices with devices that include forms of information transmission other
`
`than the reading of a magnetic-stripe.
`
`There is, however, a substantial installed base of interfaces (for example, at
`
`points of sale, at automatic teller machines (“ATM”), and the like) that include
`
`magnetic card readers which are not equipped to receive information from a user
`
`device in any other format other than from a magnetic stripe. As a result of the cost to
`
`replace or retrofit the installed base, efforts to more-widely introduce user devices that
`
`do not employ magnetic stripe devices have not been developed. Because of the
`
`potential to substantially reduce fraud, however, the further implementation of such
`
`devices is of great interest to financial institutions among others. RF devices that
`
`transmit information wirelessly are expected to become much more prevalent and at
`
`some point, the predominant form of information transmission for user authentication
`
`based on a hand-held device, for example, credit card, debit card, drivers license,
`
`passport, social security card, personal identification, etc. Thus, new and improved
`
`methods for transitioning from a purely magnetic based form of communication to a
`
`wireless form of communication are desired.
`
`One current approach that is intended to “transform” a smart card for use with
`
`a magnetic stripe card reader employs a “bridge” device. The bridge device requires
`
`that the smart card be inserted within it. The bridge device includes a slot for
`
`receiving the smart card, a key pad whereby the user may enter information (e. g., a
`
`PIN number), and a credit card sized extension member. Operation of the bridge
`
`device requires that the smart card be inserted within it and that an electrical contact
`
`surface of the smart card engage a similar surface within the bridge device before the
`
`bridge device (i.e., the extension member) can be used with a magnetic card reader.
`
`Thus, the contactless nature of more advanced information transmission systems is
`
`lost with the bridge device because it does not support wireless signal transmission.
`
`USR Exhibit 2009, Page 31
`
`USR Exhibit 2009, Page 31
`
`
`
`SUMMARY OF INVENTION
`
`There is thus a need for an identification system that will enable a person to be
`
`accurately identified (“identification” sometimes being used hereinafter to mean either
`
`identified or verified) and/or authenticated without compromising security, to gain
`
`access to secure systems and/or areas. Likewise, there is a need for an identification
`
`system that will enable a person to be identified universally without requiring the
`
`person to carry multiple forms of identification.
`
`Accordingly, this invention relates, in one embodiment, to an information
`
`system that may be used as a universal identification system and/or used to selectively
`
`provide information about a person to authorized users. Transactions to and from a
`
`secure database may take place using a public key/private key security system to
`
`enable users of the system and the system itself to encrypt transaction information
`
`during the transactions. Additionally, the private key/public key security system may
`
`be used to allow users to validate their identity. For example, in one embodiment, a
`
`smart card such as the Secure IDTM card from RSI Security, Inc. may be provided
`
`with the user’s private key and the USR system’s public key to enable the card to
`
`encrypt messages being sent to the USR system and to decrypt messages from the
`
`USR system 10.
`
`The system or database of the invention may be used to identify the person in
`
`many situations, and thus may take the place of multiple conventional forms of
`
`identification. Additionally, the system may enable the user’s identity to be
`
`confirmed or verified without providing any identifying information about the person
`
`to the entity requiring identification. This can be advantageous where the person
`
`suspects that providing identifying information may subject the identifying
`
`information to usurpation.
`
`Access to the system may be by smart card, such as a Secure IDTM card, or any
`
`other secure access device. The technology enabling the user to present their identity
`
`information may be physically embodied as a separate identification device such as a
`
`smart ID card, or may be incorporated into another electronic device, such as a cell
`
`phone, pager, wrist watch, computer, personal digital assistant such as a Palm PilotTM,
`
`key fob, or other commonly available electronic device. The identity of the user
`
`USR Exhibit 2009, Page 32
`
`USR Exhibit 2009, Page 32
`
`
`
`-6-
`
`possessing the identifying device may be verified at the point of use via any
`
`combination of a memorized PIN number or code, biometric identification such as a
`
`fingerprint, voice print, signature, iris or facial scan, or DNA analysis, or any other
`
`method of identifying the person possessing the device. If desired, the identifying
`
`device may also be provided with a picture of the person authorized to use the device
`
`to enhance security.
`
`According to one embodiment of the invention, a method of controlling access
`
`to a plurality of secure computer networks using a secure registry system located
`
`remotely from the secure computer networks is disclosed. The secure registry system
`
`includes a database containing selected data of a plurality of users each authorized to
`
`access at least one of the plurality of secure computer networks. The method
`
`comprises acts of receiving authentication information from an entity at a secure
`
`computer network, communicating the authentication information to the secure
`
`registry system, and validating the authentication information at the secure registry
`
`system. The method also includes receiving from the secure registry system an
`
`indication of whether the entity is authorized to access the secure computer network,
`
`granting the entity access to the secure computer network when the authentication
`
`information of the entity corresponds to one of the plurality of users, and denying the
`
`entity access to the secure computer network when the authentication information of
`
`the user does not correspond to one of the plurality of users.
`
`Another embodiment of the invention comprises a method of controlling
`
`access to a secure computer network using a secure registry system. The secure
`
`registry system includes a database containing selected data of a plurality of users
`
`authorized to access the secure computer network and selected data identifying the
`
`secure computer network. The method comprises receiving an access request
`
`including authentication information and a computer network ID from an entity,
`
`determining whether the authentication information is valid for any of the plurality of
`
`users, accessing data when the authentication information of the entity is valid for one
`
`of the plurality of users to determine whether the entity is authorized to access the
`
`computer network identified by the computer network ID, and allowing the entity to
`
`access the secure computer network when the authentication information of the entity
`
`USR Exhibit 2009, Page 33
`
`USR Exhibit 2009, Page 33
`
`
`
`is valid for one of the plurality of users authorized to access the computer network
`
`identified by the computer network ID.
`
`Another embodiment of the invention comprises a method of authenticating an
`
`identity of a first entity. The method comprises the acts of wirelessly transmitting
`
`from a first device, first encrypted authentication information of the first entity,
`
`receiving with a second device the wirelessly transmitted first encrypted
`
`authentication information, decrypting with the second device, the first wirelessly
`
`encrypted authentication information to provide the first authentication information of
`
`the first entity to the second device; and authenticating the identity of the first entity
`
`based upon the first authentication information; and acting based on the assessed
`
`identity of the first entity.
`
`Another embodiment of the invention comprises a system for authenticating
`
`an identity of a first entity, comprising a first wireless device comprising a first
`
`wireless transmitter and receiver configured to transmit a first wireless signal
`
`including first encrypted authentication information, a first processor configured to
`
`compare stored biometric data with detected biometric data of the first entity and
`
`configured to enable or disable use of the first device based on a result of the
`
`comparison, and configured to encrypt first authentication information with a first
`
`private key of the first entity into the first encrypted authentication information, a first
`
`biometric detector for detecting biometric data of the first entity, and a first memory
`
`for storing biometric data of the first entity, a private key of the first entity authorized
`
`to use the first device, and the first authentication information.
`
`According to some embodiments, the system further comprises a second
`
`wireless device comprising a second wireless transmitter and receiver configured to
`
`receive the first wireless signal and to process the first wireless signal, a second
`
`processor configured to compare detected biometric data of a second entity with
`
`stored biometric data and configured to enable or disable use of the second device
`
`based upon a result of the comparison, and configured to decrypt the first
`
`authentication information received in the first wireless signal, a biometric detector
`
`for detecting biometric data of a second entity, and a second memory storing
`
`biometric data of the second entity and a plurality of public keys of a plurality of first
`
`entities.
`
`USR Exhibit 2009, Page 34
`
`USR Exhibit 2009, Page 34
`
`
`
`-8-
`
`Another embodiment of the invention provides a first wireless device
`
`comprising a processor configured to enable operation of the first wireless device if it
`
`receives an enablement signal validating first biometric information of a first entity
`
`and configured to generate a non-predictable signal from the biometric information, a
`
`first wireless transmitter and receiver configured to transmit a first wireless signal
`
`including first encrypted biometric information of the first entity and to receive the
`
`enablement signal, and a first biometric detector for detecting the first biometric
`
`information of the first entity.
`
`In one aspect of the invention, a device converts a wireless transaction device
`
`to a magnetic-stripe emulator device. In one embodiment, the device includes a
`
`wireless signal receiver that is configured to receive a wireless signal and provide
`
`information from the wireless signal. In addition, the device may include a magnetic-
`
`stripe emulator which is communicatively coupled to the wireless signal receiver and
`
`adapted to provide a time-varying signal which emulates data provided by a magnetic-
`
`stripe card to a magnetic card reader in response to receiving the information from the
`
`wireless signal. In one embodiment, the device includes a processor communicatively
`
`coupled to the wireless signal receiver and to the magnetic-stripe emulator. The
`
`device may also include an LED. In a version of this embodiment, the processor is
`
`configured to control the LED to indicate that the device is properly aligned with the
`
`magnetic card reader. In another embodiment, the device includes an output device
`
`that can provide information to a network or to a network device. In a version of this
`
`embodiment, the output device is a wireless transmitter device.
`
`Further embodiments of the invention may include additional features, for
`
`example, in one embodiment the output device is a data port to which the device can
`
`provide data to a network or to a network device. In a version of this embodiment, the
`
`data port is also configured to receive data from the network or the network’s device.
`
`In a further embodiment, the device is configured to communicate with the magnetic
`
`card reader via the data port.
`
`In a further embodiment, the wireless receiver and/or processors configure,
`
`decrypt and encrypt the wireless signal. In a further embodiment, the processor is
`
`configured to determine whether a user is authorized to provide the information
`
`contained within the wireless signal from data within the wireless signal. In a version
`
`USR Exhibit 2009, Page 35
`
`USR Exhibit 2009, Page 35
`
`
`
`-9-
`
`of this embodiment, the data contained within the wireless signal includes user ID
`
`information. In yet another embodiment, the data contained within the wireless signal
`
`includes biometric information of the user.
`
`According to another aspect, the invention provides a system for validating an
`
`identity of a user to enable or prevent a