`US 9,100,826 B2
`(10) Patent N0.:
`
` Weiss (45) Date of Patent: *Aug. 4, 2015
`
`
`US009100826B2
`
`(54) METHOD AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION
`
`(71) Applicant: UNIVERSAL SECURE REGISTRY,
`LLC’ Newm’ MA (Us)
`.
`,
`IIIVCIIIOI. Kenneth P. WelSS, Newton, MA (US)
`(72)
`(73) Assignee: Universal Secure Registry, LLC,
`Newton, MA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`This patent is subject to a terminal dis-
`claimer.
`
`21/6245 (2013.01); G06Q 20/3676 (2013.01);
`G06Q 20/385 (2013.01); G06Q 20/3821
`(2013.01); G06Q 20/40 (2013.01); G06Q
`“(fig/0%; 88381; $223 2%; 88381;
`G07C 9/00007 (2013.01), G07C 9/00103’
`(2013.01); H04L 9/0891 (2013.01); H04L
`9/3231 (201301); H04L 9/3247 (201301);
`H04L 9/3271 2013.01 ;H04L 63/0853
`(2013.01), G0(6F 2222/2115 (2013.01),
`(Continued)
`
`(58) Field Of Classification Search
`ee a
`ica ion
`e or com e e searc
`None
`.
`.
`S
`PP1
`t
`fil f
`P1 t
`References Clted
`U.S. PATENT DOCUMENTS
`
`(56)
`
`is o
`.
`h h t W
`
`.
`
`(21) Appl. No.: 14/027,860
`
`(22)
`
`Filed:
`
`Sep. 16, 2013
`
`4,720,860 A
`4,856,062 A
`
`1/1988 Weiss
`8/1989 Weiss
`
`(Continued)
`
`(65)
`
`Prior Publication Data
`
`FOREIGN PATENT DOCUMENTS
`
`Apr.3,2014
`US 2014/0096216A1
`Related US. Application Data
`(63) Continuation of application No. 13/621,609, filed on
`.
`.
`.
`.
`Sep. 17, 2012, now Pat. No. 8,538,881, which is a
`continuation Of application NO‘ 13/168,556, .filed. on
`ilouiiti1213211123111 bflagglifgiioiquog311/637%7419V01hi§11;dlsofi
`-
`s
`s
`Feb. 21, 2007, now Pat. No. 8,001,055.
`(60) Provisional application No. 60/775,046, filed on Feb.
`21, 2006, provisional application No. 60/812,279,
`filed on Jun. 9, 2006, provisional application No.
`60/859,235, filed on Nov. 15, 2006.
`
`(51)
`
`Int. Cl“
`G06F 2”00
`H04W12/06
`
`(201301)
`(200901)
`(Continued)
`
`(52) U S Cl
`CPC '
`
`H04W 12/06 (2013 01). G06F 2162
`(2013.01), G06F 21/35 (2013.01), G06F
`
`EP
`EP
`
`3/2000
`0986209 A2
`3/2001
`1081632 A1
`OTHEIECPOIIJIEIEIIIeCflTIONS
`a rai, U. Biometrics for PC-User Authentication. A Primer Feb.
`-
`-
`-
`P b .
`,,
`-
`.
`-
`n
`1, 2001, Access Controls & Security Systems. All pages. <http://
`Evlwvv.securitysglutilons1.com/mag/securityibiometricsipcuseriau-
`entication in ex.
`tin >.
`(Continued)
`.
`.
`.
`.
`Primary Exammer i Calvin Cheung
`(74) Attorney, Agent, or F1rm iLando &AnastaSi, LLP
`(57)
`ABSTRACT
`According to one aspect, the invention provides a system for
`authenticating identities of a plurality of users.
`in one
`embodiment, the system includes a first handheld device
`including a wireless transceiver which is configured to trans-
`mit authentication information, a second device including a
`wireless receiver, where the second device is configured to
`receive the authentication information.
`35 Claims, 28 Drawing Sheets
`
`Md:
`
`
`Unr
`Interface
`
`
`
`
`
`
`
`
`I
`TCW“
`USR
`mu
`Pod
`
`
`
`
`
`VISA — EXHIBIT 1001
`
`VISA - EXHIBIT 1001
`
`
`
`US 9,100,826 B2
`
`Page2
`
`(51)
`
`(56)
`
`Int. Cl.
`G06F21/32
`G06F 21/35
`G06F 21/62
`WWW/36
`G06Q 20/38
`G06Q 20/40
`G06Q 30/06
`G06Q 40/02
`G06Q 50/22
`G07C 9/00
`H04L 29/06
`1104””
`H04L 9/32
`(52) U-S-Cl-
`CPC .. G07C 2009/00095 (2013.01); H04L 2209/56
`(2013.01);HO4L 2209/805 (2013.01)
`.
`References C‘ted
`
`(2013.01)
`2013 01
`E20301;
`.
`8012-09
`(201201)
`(201201)
`(2012.01)
`(2012.01)
`(201201)
`(200601)
`(2006.01)
`(200601)
`(200601)
`
`{IS-PATENT DOCUMENTS
`.
`””989 We!“
`“991 we!“
`“991 We!“
`100991 We!“
`31992 we!“
`”/1992 We!“
`8/1993 WeESS
`15133:: $21: etaL
`“995 BorgeltetaL
`100995 Dr‘?X1eretal~
`121995 we!“
`$33? $21:
`9/1997 “111150“ etaL
`
`4,885,778 A
`4,998,279 A
`5,023,908 A
`5,058,161 A
`5,097,505 A
`5,168,520 A
`5337514 A
`2,3352% 2
`,
`,
`5398385 A
`5,4575747 A
`5,479,512 A
`2:23:51; 1:
`,
`,
`55645109 A
`
`“999 Pare, J1.“ 31'
`5,870,723 A
`“999 Bernstein
`5,915,023 A
`““999 H5130
`5971372 A
`$3888 0338:1883
`2888128 2
`.
`~
`,
`,
`8398?; h 12083? Wham
`,
`,
`.
`~
`232368; 31
`$881 giggfiy et 31
`,
`,
`6,260,039 Bl
`7/2001 SChHecketaL
`
`~
`
`10/2001 Blaz?ye”1'
`6,309,342 Bl
`”002 Pagh.“
`6,393,421 Bl
`12/2002 Ham‘detaL
`6,4983“ Bl
`#003 G111}?
`31
`6516315 Bl
`42003 Ber eyet
`6,546,005 Bl
`6/2003 Barre“ etaL
`6581959 Bl
`2282688 B 120333 83:11:81
`,
`,
`6,819,219 Bl
`“/2004 Bone etf11~
`6,845a448 Bl
`V2005 Chagantletal~
`6,941,271 Bl
`”005 Soong .
`.
`33323551; 31
`$3882 glizgécéglfi
`,
`,
`.
`~
`73375117 32
`#007 Welssd.
`1
`73495112 32
`7/2007 Ber“ leta~
`32235232 3%
`“$88;
`gICCi’OWB-n
`7’489’781 B2
`”009 Kfaysseen eta1
`7’502’459 B1
`”009 Mose1e
`7’548’981 B1
`6/2009 Taylorgtal.
`7,552,333 B2
`6/2009 Whee1ereta1.
`-
`7,552,467 B2
`6/2009 Lindsay ............................ 726/5
`7,571,139 B1
`8/2009 Giordano et 31.
`7,657,639 132
`2/2010 Hinton
`7,705,732 B2
`4/2010 Bishop et a1.
`7,766,223 B1
`8/2010 Me11o eta1.
`
`~
`
`~
`
`'
`
`4
`
`9/2010 Weiss
`7,805,372 B2
`10/2010 Weiss
`7,809,651 B2
`8/2011 Weiss
`8,001,055 B2
`12/2011 Zhang eta1.
`8,079,079 B2
`7/2012 Weiss
`8,234,220 B2
`2031: WWW-
`8:022;
`i.
`eVOV1tz .........................
`,
`,
`4/2013 Lano
`. 705/44
`8,423,466 B2*
`
`9/2013 Weiss
`8,538,881 B2
`11/2013 Weiss
`8,577,813 B2
`4—
`@155
`5
`a
`3323;: 3* 12081; VAfizietaL ~~~~~~~~~~~~~~~~~~~~ 455/411
`8,856,539 B2
`10/2014 Weiss
`2001/0032100 A1
`10/2001 Mahmud eta1.
`2001/0044900 A1
`11/2001 Uchida
`38888838888 2‘1
`88883 8%“th
`i.
`ujlwara et
`2002/0176610 A1
`11/2002 Okazaki et a1.
`2002/0178364 A1
`11/2002 Weiss
`2002/0184538 A1
`12/2002 Sugimura et al.
`2002/0194499 A1* 12/2002 Audebertetal.
`2003/0014372 A1
`1/2003 Whee1ereta1.
`2003/0028481 A1
`2/2003 Flitcroftetal.
`2003/0037233 A1*
`2/2003 Pearson ........................ 713/156
`2003/0046540 A1
`3/2003 Nakarnura et a1.
`2003/0084332 A1
`5/2003 Krasinski et a1.
`2003/0085808 A1
`5/2003 Goldberg
`2003/0115490 A1
`6/2003 Russo eta1.
`2003/0123713 A1
`7/2003 Geng
`2003/0129965 A1
`7/2003 Siegel
`2003/0163710 A1
`8/2003 Ortiz eta1.
`2003/0226041 A1
`12/2003 Palmer et a1.
`2003/0229637 A1
`12/2003 Baxter et al.
`2004/0014423 A1*
`1/2004 Croome eta1.
`2004/0017934 A1
`1/2004 Kocher
`2004/0034771 A1
`2/2004 Edgett et a1.
`2004/0059923 A1
`3/2004 SharnRao
`2004/0088369 A1*
`5/2004 Yeager et a1.
`2004/0111625 A1
`6/2004 Duffy eta1.
`2004/0117215 A1
`6/2004 Marchosky
`2004/0117302 A1
`6/2004 Weichert et a1.
`2004/0133787 A1
`7/2004 Doughty eta1.
`
`.
`
`............. 713/201
`
`.............. 455/41.2
`
`................. 709/217
`
`2004/0188519 A1
`2004/0236699 A1
`2005/0001711 A1
`2005/0039027 A1
`2005/0097362 A1*
`A1
`2005/0187843 A1
`2005/0187873 A1
`2005/0210270 A1
`2005/0235148 A1
`
`9/2004 Cassone
`11/2004 Beenau eta1.
`1/2005 Doughtyet al.
`2/2005 Shapiro
`5/2005 Winget eta1.
`
`................. 713/201
`
`8/2005 Laps1eyeta1.
`8/2005 Labrou eta1.
`9/2005 Rohatgi et a1.
`10/2005 Scheidt eta1.
`
`10/2005 Sim
`1/2006 Fernandes eta1.
`1/2006 Blocket al.
`4/2006 Gustave eta1.
`5/2006 Le Saint eta1.
`6/2006 Cohen eta1.
`
`............... 370/328
`
`2005/0238208 A1
`2006/0000900 A1
`2006/0016884 A1
`2006/0087999 A1*
`2006/0104486 A1
`2006/0122939 A1
`A1
`9/2006 Schaufele et a1.
`2006/0206724 A1
`11/2006 Brainardet a1.
`2006/0256961 A1
`2006/0276226 A1* 12/2006 Jiang ............................. 455/558
`2007/0005988 A1*
`1/2007 Zhang eta1.
`.................. 713/186
`2007/0040017 A1
`2/2007 Kozlay
`2007/0079136 A1
`4/2007 Vishiketal.
`2007/0118758 A1*
`5/2007 Takahashi eta1.
`2007/0124597 A1
`5/2007 Bedingfield
`2007/0124697 A1
`5/2007 Dongelrnans
`2007/0140145 A1*
`6/2007 Kunraretal.
`2007/0186105 A1
`8/2007 Bailey et a1.
`2007/0186115 A1
`8/2007 Gao et a1.
`2007/0198436 A1
`8/3007 Weiss
`2007/0245152 A1
`10/2007 Pizarro et a1.
`
`............ 713/186
`
`................. 370/254
`
`11/2007 Shatzkamer et 31.
`2007/0256120 A1
`2007/0265984 A1* 11/2007 Santhana ........................ 705/65
`2008/0005576 A1
`1/2008 Weiss
`2008/0021997 A1
`1/2008 Hinton
`
`
`
`US 9,100,826 B2
`
`Page 3
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`2/2008 Uzo
`2008/0040274 A1
`5/2008 Yasakiet al.
`2008/0127311 A1
`2008/0212848 A1
`9/2008 Doyle
`11/2008 Rifai
`2008/0275819 A1
`3/2009 Scholnicket al.
`2009/0083544 A1
`4/2009 Orsinietal.
`.................. 380/279
`2009/0097661 A1*
`6/2009 Sacco
`2009/0144814 A1
`7/2009 Schaffner
`2009/0175507 A1
`8/2009 Clark ............................ 455/411
`2009/0203355 A1*
`11/2009 Weiss
`2009/0292641 A1
`2/2010 Jiaet al.
`2010/0046443 A1
`10/2011 Weiss
`2011/0258120 A1
`2011/0283337 A1* 11/2011 Schatzmayr ...................... 726/3
`2012/0130904 A1
`5/2012 Weiss
`2012/0150750 A1*
`6/2012 Lawetal.
`....................... 705/76
`2012/0230555 A1*
`9/2012 Miuraetal.
`.................. 382/124
`2012/0240195 A1
`9/2012 Weiss
`2013/0024374 A1
`1/2013 Weiss
`........................ 340/5.82
`2013/0307670 A1* 11/2013 Ramaci
`2013/0318581 A1* 11/2013 Counterman
`2014/0101049 A1*
`4/2014 Fernandes et al.
`2014/0149295 A1
`5/2014 Weiss
`2014/0196118 A1
`7/2014 Weiss
`2015/0046340 A1*
`2/2015 Dimmick ........................ 705/72
`
`
`.............. 705/44
`
`FOREIGN PATENT DOCUMENTS
`
`GB
`WO
`WO
`WO
`WO
`WO
`
`2382006 A
`9207436 A1
`9636934 A1
`0214985 A2
`2010000455 A1
`2012/037479 A9
`
`5/2003
`4/1992
`11/1996
`2/2002
`1/2010
`7/2012
`
`OTHER PUBLICATIONS
`
`“Information Security: Challenges in Using Biometrics” Sep. 9,
`2003. All pages. <http://www.gao.gov/new.items/d031137t.pdf>.
`Huntington, G. “101 Things to Know About Single Sign on.” 2006.
`Authentication World. All pages. <http://www.authenticationworld.
`com/Single-Sign-On-Authentication/
`101ThingsToKnowAboutSingleSignOn.pdf>.
`“Single Sign on Authentication” Mar. 13, 2007. Authentication
`World. All pages. Retrieved Jul. 9, 2010 via Wayback Machine.
`<http://web.archive.org/web/20070313200434/http://www.
`authenticationworld.com/Single-Sign-On-Authentication/>.
`
`from corresponding PCT/US2007/
`
`Kessler, G. “An Overview of Cryptography.” Aug. 22, 2002. All
`pages. Retrived via Wayback Machine on Jan. 19, 2010. http://www.
`garykessler.net/library/crypto.htrnl.
`Treasury Board of Canada Secretariat, PKI for Beginners Glossary,
`http://www.tbs-sct.gc.ca/pki-icp/beginners/glossary-eng.asp.
`“FIPS PUB 46-3.” Oct. 25, 1999. National Institute of Science and
`Technology (NIST). All pages.
`International Search Report from PCT/US2007/004646 mailed Nov.
`27, 2007.
`International Search Report
`070701 mailed Mar. 11, 2008.
`International Search Report from PCT/US2009/035282 mailed Jul.
`10, 2009.
`“Bluetooth Technology FAQ”, Mobileinfo.com, Jan. 21, 2001, all
`pages, http://www.web.archive.org/web/20010121 155 1/http://www.
`mobileinfo.com/Bluetooth/FAthm.
`“Biometrics: Who’sWatchingYou?”, Electronic Frontier Foundation
`(EFF), Sep. 2003, all pages, http://www.eff.org/wp/biometrics-
`whos-watching-you.
`“FIPS PUB 46-3”, National Institute of Science and Technology
`(NIST), Oct. 25, 1999, all pages.
`“Information Security: Challenges in using biometrics”, Sep. 9,
`2003, all pages, <http://www.gao.gov/news.items/d031137t.pdf>.
`“PGP: An introduction to cryptography”, 2000, all pages.
`“Single Sign on Authentication”, Authentication World, Mar. 13,
`2007, all pages, retrieved Jul. 9, 2010 via Wayback Machine, <http://
`web.archive.org/web/20070313200434/http://www.
`authenticationworld.com/Single-Sign-On-Authentication/>.
`Hungtington, “101 Things to know about single sign on”, Authenti-
`cation World, 2006, all pages, <http://www.authenticationworld.
`com/Single-Sign-On-Authentication/
`101ThingsToKnowAboutSingleSignOn.pdf>.
`International Search Report
`from PCT Application No. PCT/
`US2007/004646 mailed Nov. 27, 2007.
`International Search Report
`from PCT Application No. PCT/
`US2007/070701 mailed Mar. 11, 2008.
`International Search Report
`from PCT Application No. PCT/
`US2009/035282 mailed Jul. 10, 2009.
`Kessler, “An overview of cryptography”, Aug. 22, 2002, all pages,
`retrieved via Wayback Machine on Jan. 19, 2010, http://www.
`garykessler.net/library/crypto.htrnl.
`Pabrai, “Biometrics for PC-user authentication: a primer”, Access
`Controls & Security Systems, Feb. 1, 2001, all pages, <http://www.
`securitysolutions.com/mag/securitibiometricsipcuseriauthenti-
`cation/index.html>.
`International Search Report and Written Opinion for International
`Application No. PCT/US2011/051966, 49 pages.
`
`* cited by examiner
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 1 of 28
`
`US 9,100,826 B2
`
`12
`
`/70
`
`20
`
`22
`
`26
`
`RAM
`
`18
`
`USR
`Software
`
`User
`Interface
`
`Comm.
`Port
`
`Mde
`Area
`Network
`
`.
`
`16
`
`I4
`
`24
`
`Universal Secure
`
`Registry
`
`_.
`
`_.
`
`Person No. n
`
`FIG.
`
`7
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 2 of 28
`
`US 9,100,826 B2
`
`Computer
`Module
`
`Computer
`Module
`
`Computer
`Module
`
`USR System
`
`Computer
`Module
`
`Computer
`Module
`
`Computer
`Module
`
`10
`
`27
`
`Interface
`Center
`
`Interface
`Center
`
`27
`
`-
`
`
`Wide Area Network
`
`27
`
`Interface
`Center
`
`Interface
`Cen ter
`
`27
`
`Interface
`Center
`
`|nterface
`Center
`
`27
`
`27
`
`FIG. 2
`
`
`
`US. Patent
`
`m.
`
`m.m3m
`
`US 9,100,826 B2
`
`on
`
`my$062o_no__u><A2233
`
`
`
`
`
`4,cozoctec.cozoEgoE
`
`mmooo<
`
`55258:.
`
`c232;
`
`832585
`
`ucowgoa
`
`am8:05.85cozoELoE
`
`F.02n2,
`XE8:532
`
`.0282
`
`5:05.25
`
`ES:85
`
`L2625
`
`.282:
`
`comthomc.
`
`.33‘
`
`NV
`
`0v
`
`m.SE
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 4 of 28
`
`US 9,100,826 B2
`
`Financial
`Medical
`Public
`Information Informatlon Information
`
`Computer Computer Computer
`Module
`Module
`Module
`
`USR System
`
`Tax
`Job
`Address
`Information Application Information
`Computer Computer Computer
`Module
`Module
`Module
`
`Wide Area Network
`
`Public
`Information
`Interface
`Centers
`
`Medical
`Information .
`Interface
`Centers
`
`Tax _
`Information
`Interface
`Cen ters
`
`Job Application
`Information
`Interface
`Centers
`
`
`
`Financial
`Information
`Interface
`Centers
`
`Address
`Inform ation
`Interface
`Centers
`
`FIG. 4
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 5 of 28
`
`US 9,100,826 B2
`
`Train the Database
`
`500
`
`Validate Person's
`
`Identification
`
`
`
`Does
`
`Person Have Rights to
`Enter Data
`9
`
`Enable Person to Enter
`Basic Personal Data
`
`Person Have Right to
`Enter Additional Data
`9
`
`
`
`Enable Person to Enter
`Advanced Personal Data
`
`Enable Person to Specify Access
`to Advanced Personal Data
`
`
`
`Return
`
`512
`
`FIG. 5
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 6 of 28
`
`US 9,100,826 B2
`
`
`
`Enable Access to
`Basic Personal Data
`
`600
`
`602
`
`
`
`Is
`Additional Information
`
`
`Requested
`
`
`?
`
`Yes
`
`No
`
`
`
`604
`
`608
`
`
`
`
`
`No
`
`Does Requestor
`Have Rights to Access
`
`Type of Requested
`Data ‘?
`
`
`
`Yes
`
`
`
`606
`
`
`
` No
`
`Is Person
`Participating in
`Transaction
`
`
`
`
`
`Validate Person's
`Identity
`
`Enable Person to
`
`Change Access
`Rights to Data
`
`
`
`
`
`
`Does Requester
`Have Rights to Access
`
`Type of Requested
`Data ?
`
`
`
`Yes
`
`Cause USR to Enable
`Access to Type of
`
`Requested Data
`
`610
`
`FIG. 6
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 7 of 28
`
`US 9,100,826 B2
`
`700
`
`702
`
`704
`
`706
`
`708
`
`710
`
`712
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to Credit
`Card Company
`
`(3) Amount of Purchase
`
`(1) Code from Secure ID
`(2) Store Number
`
`Credit Card Company
`Sends Code to USR
`
`USR Determines if Code is Valid, and if
`Valid Accesses User's Credit Card
`Information and Transmits Credit Card
`
`Number to Credit Card Company
`
`Credit Card Company Checks
`Credit Worthiness and Declines
`
`Transfers $ to Merchant’s Account
`
`Card or Debits User's Account and
`
`CCC Notifies Merchant of
`Result of Transaction
`
`FIG. 7
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 8 of 28
`
`US 9,100,826 B2
`
`800
`
`User Initiates Purchase
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User's Credit Card
`
`Information and Transmits to CCC
`
`(1) Credit Card Number
`(2) Store Number
`(3) Amount of Purchase
`
`and Transfers $ to Merchant’s Account
`
`CCC Checks Credit Worthiness and
`
`Declines Card or Debits User's Account
`
`CCC Notifies USR of
`Result of Transaction
`
`USR Notifies Merchant of
`Result of Transaction
`
`FIG. 8
`
`802
`
`804
`
`806'
`
`808
`
`810
`
`812
`
`814
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 9 of 28
`
`US 9,100,826 B2
`
`900
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`User Initiates Purchase and
`
`Writes Check to Merchant
`
`User Enters Secret Code
`in Secure ID
`
`Merchant Transmits to USR
`
`
`
`(1) Code from Secure ID
`(2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Bank
`Information and Transmits to Bank
`
`
`
`(1) Bank Account Number
`(2) Store Number
`(3) Amount of Purchase
`
`Bank Checks Account Balance
`
`
`
`to Verify Availability of Funds
`
`Bank Notifies USR of
`Result of Verification
`
`USR Notifies Merchant of
`Result of Verification
`
`FIG. 9
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 10 of 28
`
`US 9,100,826 B2
`
`1000
`
`User Initiates Anonymous Purchase
`by Entering Secret Code in Secure
`ID and Transmitting Result
`to
`On—Line Merchant
`
`Merchant Transmits to USR
`
`
`
`E1) Code from Secure ID
`2) Store Number
`(3) Amount of Purchase
`
`USR Determines if Code is Valid
`
`USR Accesses User’s Credit Card
`Information and Transmits to C00:
`
`(1) Credit Card Number
`2 Store Number
`3 Amount of Purchase
`
`
`
`000 Checks Credit Worthiness and
`Declines Card or Debits User's Account
`and Transfers $ to Merchant’s Account
`
`1002
`
`1004
`
`1 006
`
`1 008
`
`1010
`
`1014
`
`CCC Notifies USR
`of Result of Transaction
`
`
`
`If Credit Declined,
`
`USR Notifies Merchant If Credit Accepted, USR
`with Address Code
`
`Accesses Address Code
`and Provides Merchant
`
`1016
`
`Merchant Labels Package
`with Address Code and Ships
`
`FIG. 10
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 11 of 28
`
`US 9,100,826 B2
`
`User Provides Address
`Code on Public Area
`
`User Provides Address Information
`in Address Area of USR
`
`Person Places Public Code
`on Parcel
`to be Mailed
`
`Post Office Accesses USR
`to Retrieve Address Information
`
`1 100
`
`1102
`
`1104
`
`1106
`
`1108
`
`1110
`
`to
`Post Office Delivers Parcel
`Address in Address Area of USR
`
`Post Office Prints Bar Code
`on Parcel
`to Automate
`Delivery of Parcel
`to Address
`in Address Area of USR
`
`
`
`FIG.
`
`11
`
`
`User Provides Telephone
`Code on Public Area
`
`
`
`1200
`
`
` 1204
`
`User Provides Telephone Information
`in Telephone Area of USR
`
`1202
`
`Person Dials USR Phone Number and
`Enters Telephone Code for User
`
`1206
`
`
`
`
`USR Connects Person to Telephone
`Number Without Providing User
`Person with Telephone Number
`
`
`
`FIG. 12
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 12 0f 28
`
`US 9,100,826 B2
`
`as:
`
`We:
`
`we:
`
`8:
`
`m6:
`
`
`
`o>8n_BflaEw3<Low:
`
`:ano__on_8cozooEEmE
`
`
`
`9BaconE300Ebom9.35..am:
`
`
`
`mm:3mtEchFcoEoo=om
`
`a.SnowmE9;muoo
`
`
`
`
`
`96$2EQEBEhon:
`
`362:;2858222
`
`
`
`a.23$c_280ambmmwhopcmme:
`
`
`
`mm:3mU~_Emc_u._._...Bov=o>
`
`n:EzuwmEat230
`
`2_o>2$8:$2.538mm:
`
`26>2$8282558mm:
`
`oohN
`
`N92
`
`#92
`
`.092
`
`New.“
`
`
`
`
`
`210520;;mxom:mommoou<mm:
`
`
`
`
`
`:030Egou—EEooomvo__0n_uco:oEuELouE.
`
`
`
`mEucBflzomoscam6308”.8:0;A3
`
`
`
`ESE..._oc_E_._oucu$82283:25;
`
`3:5238:822,EcoEoo__0n_3E_Ech._.uco
`
`._m_u_o_._9238mB9305A3
`
`
`
`
`
`caugooubzamxumsmummooo<mm:
`
`
`
`.2252t5:822;SLouou__u>3mtEwEE...tau5:05.35
`
`.020:90.53m.6832.”.Am“.
`
`3GE
`
`m.5GR
`
`
`
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 13 of 28
`
`US 9,100,826 B2
`
`can“
`
`N03
`
`V02
`
`82
`
`News
`
`._o:3552,0L839?38:30Low:
`2.2,238Low::85.528mm:
`988mmE250$68838..Low:
`
`Law:2:B:33coc2523“?ca
`e_no__o><memth.265:09:35
`
`
`E0:350mm:BmtEman.am:
`
`$8388.65m:28508.62.
`
`8:023“?mama:mmmmooo<mm:
`
`
`2805533?.“Eu9230mm
`
`EoEtoa<
`9£30mc_250fitomm28cmLow:
`
`96?.
`
`m.N.0:
`
`
`
`530.5853me93803.mm:
`
`
`
`mqumcE...ucoonoo3.6a3@5283.3.6m323.5%
`
`
`
`atom3costhot:23:94
`
`330.53mgmwoEm:
`
`3.8.2838E202
`
`230mm:3£820:ban.
`
`once36.”.ES9SaoomE0...
`
`23>m_$8:85,538mm:
`
`
`/
`mom.‘
`
`Now“
`
`van.
`
`can“
`
`mom.“
`
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 14 of 28
`
`US 9,100,826 B2
`
`70
`
`
`
`USR System
`
`Lap Top
`Computer
`
`
`
`Electronic
`
`Device
`
`Automobiie
`
`FIG. 17
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 15 of 28
`
`US 9,100,826 B2
`
`
`
`1802
`
`‘I
`| Access |
`
`E Device !
`
`I
`
`|
`
`F'" '1
`| Access |
`
`! Device !
`
`|
`
`|
`
`
`
`
`1801
`
`1800
`
`/
`
`10
`
` F
`
`'-—— ———'
`'——— ———'
`7R:_ __________f __________
`
`USR System
`
`1804
`
`1804
`
`1804
`
`1804
`
`FIG. 18A
`
`__—_/1802
`
`1802
`
`1804
`
`->|
`———————————
`
`| |
`
`| |
`
`|—_______| U (D S.O(DL_______|
`
`
`
`
`USR System
`
`
`
`FIG. 183
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 16 of 28
`
`US 9,100,826 B2
`
`1900\ 1902
`
`Entity Initiates Access Request
`
`
`
`7974
`
`Provide Indication that
`
`Entity is Denied Access
`
`Entity Supplies
`1) Authentication Info
`2) Computer Network ID
`
`USR Receives Access
`
`Request Including
`
`1) Authentication Info
`2) Computer Network ID
`
`ls
`
`
`
`
`
`Auth.
`Info Valid
`
`for a User
`
`9
`
`
`
`
`ls Entity Authorized
`
`
`to Access the Computer Network
`
`Identified by the ID
`
`
`1.912
`
`
`
`
`Allow Communications Between
`
`the Entity and Secure System
`
`FIG. 19
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 17 of 28
`
`US 9,100,826 B2
`
`2000\
`
`2002
`
`Entity Initiates Access Request
`
`Entity Supplies
`Authentication Information
`
`2004
`
`
`
`2006
`
`Secure System Receives
`Authentication Information
`
`2016
`
`2008
`
`2010
`
`2014
`
`Secure System Communicates
`Authentication Information to USR
`
`USR Validates
`Authentication Information
`
`Secure System Receives
`Indication from USR
`
`Secure System Grants or
`Denies Access Based
`on the Indication
`
`FIG. 20
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 18 of 28
`
`US 9,100,826 B2
`
`Responder
`
`Challenger /
`
`
`2100
`
`2’52 ‘l TthEFfEEE|
`
`Wireless
`
`T/R
`
`2118
`
`—mory
`
`Secure
`
`2140
`
`|_ __________ _l
`
`2742— 2154
`\ ________
`| Addititionol
`: Wireless T/R :
`|_ __________ _l
`
`\ '____
`‘‘‘‘‘ ‘I I Addititionol
`LittfrfEEEJ: Wireless T/R :
`
`FIG. 27
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 19 of 28
`
`US 9,100,826 B2
`
`202
`
`208
`
`_/
`No F___P_e_riBEE:Efiy_"l Nol—
`'Communicate withl—i
`3922199199343
`
`L
`
`L _________ J
`
`210
`
`216
`214
`_ __________/ __[____
`Periodically 7 N0!—
`Delete
`No i—
`.Communicate Withfi
`Data
`L§§22199£9b9§sj
`
`1
`I
`
`212
`
`Shutdown
`Device #2
`
`FIG. 22A
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 20 of 28
`
`US 9,100,826 B2
`
`218
`
`Initiate Valid
`Communication Protocol
`
`Yes
`
`220
`
`Transmit First Wireless Signal
`Containing Encrytped Authentication
`Information to Device -
`
`
`
`
`
`
`222
`
`226
`
`Authenticate Identity of User #1
`
`r____________________________/’
`
`Yes
`
`I
`Transmit Second Wireless Signal
`I
`: Containing Encrytped Authentication :
`I_
`_l
`|
`Information to Device #1
`I
`
`I—
`o I
`————I
`I
`
`_l
`I
`I
`Authenticate Identity of User #2
`I
`____________________________ _l
`
`22(3—I/L
`
`1 Yes
`
`I— ____________________________ -I
`
`:
`Contact Secure Database
`:
`for Information
`230/—————————————————————————————
`
`:
`:_l
`
`224
`
`Take Appropriate Action
`
`End
`
`FIG. 223
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 21 0f 28
`
`US 9,100,826 B2
`
`
`
`
`
`v5mug022-0530520in.//OR.
`
`/8n
`
` .280oESIocov//men
`
`838%6:29/8n
`
`QoE/qiv
`
`van.
`
`$.5va
`
`/Nom.
`
`ASon9.650v
`
`BowoEoEoEnoflboco>9.mun.
`
`\in.
`
`\NR.
`
`MN6?.
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 22 of 28
`
`US 9,100,826 B2
`
`400
`
`\
`
`
`
`Verify Protocol
`
`Sense Header #1
`
`
`|
`|
`
`:
`
`Verify/Decrypt Respondent #1
`Digital Signature
`
`|
`|
`
`:
`
`Authenticate User #1
`
`406
`
`FIG. 24
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 23 of 28
`
`US 9,100,826 B2
`
`520\
`
`522
`
`Receive Public ID #1 PKI Encrypted DES
`Key, Encrypted Portion of Biodata
`
`528
`
`Look Up from ID #1, Public Key #1
`
`524
`
`526
`
`Look Up Remainder of
`Biodata Information #1
`
`
`
`Combine Biodata Information to
`Recreate Biodata Information
`
`
`
`
`
`Process Biodata information
`
`
`
` 5.36
`
`FIG. 25
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 24 of 28
`
`US 9,100,826 B2
`
`620
`
`\ Receive Public Key ID #1, PKI
`Encrypted DES Key (Optional)
`
`Look Up Public Key #1
`
`
`
`Transmit Public ID #2 Information
`to Secure Database
`
`Determine Whether ID #2 Has Right
`to Access Secure Database
`
`622
`
`624
`
`626
`
`628
`
`630
`
`632
`
`6.34
`
`636
`
`r ————————————————— ,— ———————————— ‘l
`|
`Generate Non-predictable Code
`I
`i
`From ID1
`Information (Time-varying)
`l
`L ______________________________ J
`
`
`
`
`
`Access with Secure Database at Least
`
`
`Portion of Bio Information of Entity #1
`
`
`
`638
`
`
`
`
`
`Transmit Public ID #1 from Device #2
`to Secure Database
`
`Transmit Bio Information of
`
`Entity #1 to Device #2
`
`Display Bio Information
`
`Process Biodata Information
`
`FIG. 26
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 25 of 28
`
`US 9,100,826 B2
`
`720
`
`\
`
`722
`
`724
`
`725
`
`728
`
`Private Key of #2
`
`Public Keys of
`Plural 1st Entities
`
`Biodata of #2
`
`Portion of Biodata
`Files of Other Users
`
`FIG. 27
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 26 of 28
`
`US 9,100,826 B2
`
`83
`
`N:
`
`V:
`
`DON»
`
`5\
`
`.550
`
`3338
`
`Efimxm
`
` $5wa
`Lemmmooiuoozocmoz
`\3"AIIIIIL5:828958m.bon
`
`
`‘_onommmors)
` Lomcomm2oEoEoE
`
`kmmwgfifig]
`
`_i|IIIIIIL../$9
`.03 +23300
`
`
`LOmmOUOLQ“Wm—Oh;._.
`
`EBmxm
`
`mmootB£
`
`fl:838JIIIIIIIII_
` ......mm?
`
`
`
`mm6R
`
`iLoEoz
`
`$0;30mL030n_
`
`93
`
`#3
`
`0.2
`
`NN.
`
`
`
`._w:thOL
`
`
`
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 27 of 28
`
`US 9,100,826 B2
`
`262
`
`266
`
`Simulate Data
`
`264
`
`268
`
`
`
`
`
`
`
`Authenticate User
`
`
`
`Receive User
`:
`Information
`I
`|_ __________________ _l
`
`270
`
`
`
`US. Patent
`
`Aug. 4, 2015
`
`Sheet 28 of 28
`
`US 9,100,826 B2
`
`Gem,6?.
`
`00M.6E
`
`‘-~:~:-~:-:I
`
`(on.6?.
`
`NR.
`
`Run.
`
`0mm.
`
`/«an
`
`/«on
`
`\F‘.‘"“‘u"u’l‘.‘.’4
`
`NR,
`
`
`
`
`
`
`
`US 9,100,826 B2
`
`1
`METHOD AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a continuation of and also claims prior-
`ity under 35 U.S.C. §120 to co-pending US. patent applica-
`tion Ser. No. 13/621,609,
`filed Sep. 17, 2012, entitled
`METHOD AND APPARATUS FOR SECURE ACCESS
`
`PAYMENT AND IDENTIFICATION which application is a
`continuation of and also claims priority under 35 U.S.C. §120
`to co-pending US. patent application Ser. No. 13/168,556,
`filed Jun. 24, 2011, entitled METHOD, SYSTEM AND
`APPARATUS FOR SECURE ACCESS PAYMENT AND
`
`IDENTIFICATION, which application is a continuation of
`and also claims priority under 35 U.S.C. §120 to US. patent
`application Ser. No. 11/677,490, filed Feb. 21, 2007, entitled
`METHOD, SYSTEM AND APPARATUS FOR SECURE
`ACCESS PAYMENT AND IDENTIFICATION, issued at
`US. Pat. No. 8,001,055, which claims priority under 35
`U.S.C. §119(e) to each of the following US. provisional
`patent applications: Ser. No. 60/775,046 entitled “METHOD
`AND APPARATUS FOR EMULATING A MAGNETIC
`STRIPE READABLE CARD,” filed Feb. 21, 2006; Ser. No.
`60/812,279 entitled “UNIVERSAL SECURE REGISTR ,”
`filed Jun. 9, 2006; and Ser. No. 60/859,235 entitled “UNI-
`VERSAL SECURE REGISTR ,” filed Nov. 15, 2006 each of
`which is hereby incorporated herein by reference in its
`entirety.
`
`BACKGROUND OF INVENTION
`
`1. Field of Invention
`Embodiments of the invention generally relate to systems,
`methods, and apparatus for authenticating identity or verify-
`ing the identity of individuals and other entities seeking
`access to certain privileges and for selectively granting privi-
`leges and providing other services in response to such iden-
`tifications/verifications.
`In addition, embodiments of the
`invention relate generally to systems and methods for obtain—
`ing information from and/or transmitting information to a
`user device and, in particular, to systems, methods, and appa-
`ratus that provide for contactless information transmission.
`2. Discussion of RelatedArt
`
`Control of access to secure systems presents a problem
`related to the identification of a person. An individual may be
`provided access to the secure system after their identity is
`authorized. Generally, access control to secure computer net-
`works is presently provided by an authentication scheme
`implemented, at least partly, in software located on a device
`being employed to access the secure computer network and
`on a server within the secure computer network. For example,
`if a corporation chooses to provide access control for their
`computer network, they may purchase authentication soft-
`ware that includes server-side software installed on a server in
`
`their computer system and corresponding client-side soft-
`ware that is installed on the devices that are used by employ-
`ees to access the system. The devices may include desktop
`computers, laptop computers, and handheld computers (e.g.,
`PDAs and the like).
`In practice, the preceding approach has a number of disad-
`vantages including both the difficulty and cost of maintaining
`the authentication system and the difficulty and cost of main-
`taining the security of the authentication system. More spe-
`cifically, the software resides in the corporation’s computers
`where it may be subject to tampering/unauthorized use by
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`company employees. That is, the information technology
`team that manages the authentication system has access to the
`private keys associated with each of the authorized users. As
`a result, these individuals have an opportunity to compromise
`the security of the system. Further, any modification and/or
`upgrade to the authentication system software is likely to
`require an update to at least the server-side software and may
`also require an update of the software located on each user/
`client device. In addition, where the company’s computer
`systems are geographically distributed, software upgrades/
`updates may be required on a plurality of geographically
`distributed servers.
`
`There is also a need, especially in this post September 11
`environment, for secure and valid identification of an indi-
`vidual before allowing the individual access to highly secure
`areas. For example, an FBI agent or an air marshal may need
`to identify themselves to airport security or a gate agent,
`without compromising security. Typically such identification
`may comprise the air marshal or FBI agent showing identifi-
`cation indicia to appropriate personnel. However, there are
`inherent flaws in this process that allow for security to be
`compromised, including falsification of identification infor-
`mation and failure ofthe airport security or other personnel to
`recognize the situation. Of course this process could be auto-
`mated, for example, by equipping airport personnel or secu-
`rity with access to a database and requiring the FBI agent or
`air marshal to appropriately identify themselves to the data-
`base, for example, by again providing identification which
`airport personnel can then enter into the database to verify the
`identity of the person seeking access to a secure area. How-
`ever, this process also has the inherent flaws in it as described
`above. In addition, there may be times when airport security
`or personnel may not be able to communicate with the data-
`base to check the identity of the person seeking access, for
`example, when they are not near a computer terminal with
`access to a database or are carrying a hand-held device that
`does not have an appropriate wireless signal to access the
`database. In addition, there is a need to ensure that if such a
`hand-held device ends up the wrong hands, that security is not
`compromised.
`Further, both commercial (e.g., banking networks) and
`non-commercial (e.g., security systems) information systems
`often rely on magnetic card readers to collect information
`specific to a user (e. g., a security code, a credit card number,
`etc.) from a user device (e.g., a transaction card). Credit card
`purchases made in person provide an example of the most
`common transaction-type that relies on a user device, the
`credit or debit card, which is read by a magnetic card reader.
`User devices that rely on magnetic-stripe based technology
`magnetically store information (e.g., binary information) in
`the magnetic stripe. The magnetic stripe reader provides an
`interface to a larger computerized network that receives the
`user’s information to determine, for example, whether to
`authorize a transaction, to allow the user access to a secure
`area, etc.
`Recently, such devices have seen technological advances
`that increase their capabilities and improve their security. For
`example, such devices may now include embedded proces-
`sors, integral biometric sensors that sense one or more bio-
`metric feature (e. g., a fingerprint) of the user, and magnetic
`stripe emulators. As one result, such devices may provide
`greater security by dynamically generating the necessary
`information, for example, generating the credit card number
`at the time of a transaction. Improved security can also be
`provided by such devices because more sophisticated authen-
`tication schemes can be implemented with the devices.
`
`
`
`US 9,100,826 B2
`
`3
`In addition, user devices such as transaction cards may now
`also provide for one or more modes of information transmis-
`sion other than transmission Via a magnetic stripe/card reader
`combination. For example, user devices that may transmit
`information optically or Via radio frequency (“RF”) signal
`transmission to a compatible system interface are now avail-
`able. Further, the architecture of a user device that includes a
`processor is generally compatible with both the improved
`security features described above and the contactless trans-
`mission modes such as optical and RF signal transmission. As
`a result of the improved security and greater functionality of
`some current user devices, there is a desire to replace mag-
`netic-stripe based user devices with devices that include
`forms of information transmission other than the reading of a
`magnetic-stripe.
`There is, however, a substantial installed base of interfaces
`(for example, at points of sale, at automatic teller machines
`(“ATM”), and the like) that include magnetic card readers
`which are not equipped to receive information from a user
`device in any other format other than from a magnetic stripe.
`As a result of the cost to replace or retrofit the installed base,
`e