(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2003/0046552 A1
`(43) Pub. Date:
`Mar. 6, 2003
`Hamid
`
`US 200300.46552A1
`
`(54) METHOD AND SYSTEM FOR PROVIDING
`ACCESS TO SECURE ENTITY OR SERVICE
`BY A SUBSET OF N PERSONS OF M
`DESIGNATED PERSONS
`(76) Inventor: Larry Hamid, Ottawa (CA)
`Correspondence Address:
`FREEDMAN & ASSOCATES
`117 CENTREPOINTE DRIVE
`SUTE 350
`NEPEAN, ONTARIO K2G 5X3 (CA)
`(21) Appl. No.:
`09/940,795
`(22) Filed:
`Aug. 29, 2001
`
`Publication Classification
`
`(51) Int. Cl." ....................................................... H04L 9/00
`(52) U.S. Cl. .............................................................. 713/186
`(57)
`ABSTRACT
`A Security System for Securing an entity or a Service from
`indiscriminate access and a method for operating the same
`is disclosed. Each designated perSon of M designated per
`
`sons is provided with a portable biometric device. Biometric
`data in dependence upon a biometric characteristic of each
`of the M designated perSons is Stored in memory of the
`respective portable biometric device. Biometric information
`representative of a biometric characteristic of each of a
`Subset of 1<N<M perSons is captured in response to each of
`the N perSons presenting Said information to the respective
`portable biometric device. The biometric information is
`encoded and biometric data in dependence thereupon is
`provided to the processor of each respective portable bio
`metric device. Using the processor of each respective por
`table biometric device the captured biometric data is then
`compared with the Stored biometric data to produce a
`comparison result. If the comparison result is indicative of
`a match an authorization Signal is transmitted from each of
`the respective portable biometric devices to a receiving port
`of the Security System. Upon receipt of the authorization
`Signal a processor of the locking mechanism determines
`access privileges to the Secure entity or Service in depen
`dence upon the authorization Signals it received from the
`respective portable biometric devices of the Subset of N
`perSons. If an authorization signal of the Subset of N perSons
`is missing, the Security System denies access to the Secure
`entity or Service.
`
`/11 100
`
`
`
`102
`
`110
`
`108
`
`12
`
`106
`
`processor for determining
`access privileges to the secured
`entity or service in dependence
`upon the authorization signals
`of a subset of N persons of M
`designated persons with N < M
`
`IPR2022-00602
`Apple EX1022 Page 1
`
`

`

`Patent Application Publication
`
`Mar. 6, 2003 Sheet 1 of 3
`
`US 2003/0046552 A1
`
`11 100
`
`
`
`102
`
`110
`
`108
`
`112
`
`106
`
`
`
`processor for determining
`access privileges to the secured
`entity or service in dependence
`upon the authorization signals
`of a subset of N persons of M
`designated persons with N < M
`
`Fig. 1
`
`IPR2022-00602
`Apple EX1022 Page 2
`
`

`

`Patent Application Publication
`
`Mar. 6, 2003 Sheet 2 of 3
`
`US 2003/0046552 A1
`
`providing each designated person of the M designated persons with a portable
`biometric device operable to capture biometric information presented thereto
`
`assigning a biometric characteristic of each of the M designated persons to a
`respective portable biometric device and storing biometric data in the respective
`portable biometric device in dependence upon the biometric characteristic
`
`capturing biometric information representative of a biometric characteristic of
`each of N persons in response to each of the N persons presenting said
`information to the respective portable biometric device and providing biometric
`data in dependence thereupon, with N < M being a subset of the M designated
`persons
`
`
`
`
`
`comparing the captured biometric data with biometric data stored in each of the
`respective portable biometric devices to produce a comparison result
`
`if the comparison result is indicative of a match performing the steps of:
`
`transmitting an authorization signal from each of the respective portable
`biometric devices to a receiving port of the secure entity or service
`
`determining access privileges to the secure entity or service in
`dependence upon the authorization signals received from the respective
`portable biometric devices of the subset of N persons
`
`Fig. 2
`
`IPR2022-00602
`Apple EX1022 Page 3
`
`

`

`Patent Application Publication
`
`Mar. 6, 2003 Sheet 3 of 3
`
`US 2003/0046552 A1
`
`storing biometric data in dependence upon a biometric characteristic of a
`plurality of persons of the M designated persons in at least a portable biometric
`device
`
`capturing biometric information representative of a biometric characteristic of
`each of N persons in response to each of the N persons presenting said
`information to one of the at least a portable biometric device and providing
`biometric data in dependence thereupon, with N < M being a subset of the M
`designated persons
`
`
`
`
`
`comparing the captured biometric data of each of the N persons with the stored
`biometric data to produce N comparison results
`
`if a comparison result of the N comparison results is indicative of a match
`performing the steps of:
`
`transmitting an authorization signal from the at least a portable biometric
`device to a receiving port of the secure entity or service
`
`determining access privileges to the secure entity or service in
`dependence upon the authorization signals of the subset of N persons
`received from the at least a portable biometric device
`
`Fig. 3
`
`IPR2022-00602
`Apple EX1022 Page 4
`
`

`

`US 2003/0046552 A1
`
`Mar. 6, 2003
`
`METHOD AND SYSTEM FOR PROVIDING
`ACCESS TO SECURE ENTITY OR SERVICE BY A
`SUBSET OF N PERSONS OF M DESIGNATED
`PERSONS
`
`FIELD OF THE INVENTION
`0001. This invention relates generally to automated Secu
`rity for permitting access to a Service or a predefined area by
`designated perSons and more particularly relates to a bio
`metric Security System for providing limited access to a
`secure entity or service by a Subset of N persons of M
`designated perSons.
`BACKGROUND OF THE INVENTION
`0002. Access to most any secure entity or service is
`commonly limited by use of a Security System. The use of
`Security Systems is generally well known. Their use is
`increasing with greater availability of digital electronic
`components at a relatively low cost. Such Systems are
`known for Securing buildings, banks, automobiles, comput
`erS and many other devices.
`0003) For example, U.S. Pat. No. 4,951,249 discloses a
`computer Security System, which protects computer Software
`from unauthorized acceSS by requiring the user to Supply a
`name and a password during the operating System loading
`procedure (“boot-up”) of a personal computer (PC). This PC
`Security System, utilizing password protection, is typical of
`many Systems that are currently available. Password pro
`tection requires a user's name and a password associated
`with that user's name. Only once an associated password is
`detected for a valid user's name does the PC complete the
`boot-up routine. Though passwords may be useful in Some
`instances, they are inadequate in many respects. For
`example, an unauthorized skilled user with a correct pass
`word in hand, can gain entry to Such a processor based
`System. Yet another undesirable feature of the foregoing
`System is that passwords on occasion are forgotten; and
`furthermore, and more importantly, passwords have been
`known to be decrypted.
`0004. As of late one of the most ubiquitous electronic
`components is the digital processor. Multi-purpose and
`dedicated processors of various types control devices rang
`ing from bank machines, to cash registers and automobiles.
`With ever-increasing use of these processor-based devices,
`there is greater concern that unauthorized use will become
`more prevalent. Thus, the Verification and/or authentication
`of authorized users of processor based Systems is a burgeon
`ing industry.
`0005 Alarms and security systems to warn of unautho
`rized use of automobiles and other processor controlled
`Systems are available, however, these Security Systems have
`been known to be circumvented. Unfortunately, many com
`mercially available Solutions aimed at preventing theft or
`unauthorized use of automobiles have also been circum
`vented. AS of late, initiatives have been underway in the
`Security industry, to provide biometric identification Systems
`to validate users of electronic and other Systems that are to
`have restricted access. A biometric identification System
`accepts unique biometric information from a user and iden
`tifies the user by matching the information against informa
`tion belonging to registered users of the System. One Such
`biometric identification System is a fingerprint recognition
`System.
`
`0006. In a fingerprint input transducer or sensor, the
`finger under investigation is usually pressed against a flat
`Surface, Such as a Side of a glass plate; the ridge and Valley
`pattern of the finger tip is Sensed by a Sensing means Such
`as an interrogating light beam.
`0007 Various optical devices are known which employ
`prisms upon which a finger whose print is to be identified is
`placed. The prism has a first Surface upon which a finger is
`placed, a Second Surface disposed at an acute angle to the
`first Surface through which the fingerprint is viewed and a
`third illumination surface through which light is directed
`into the prism. In Some cases, the illumination Surface is at
`an acute angle to the first Surface, as Seen for example, in
`U.S. Pat. Nos. 5,187,482 and 5,187,748. In other cases, the
`illumination Surface is parallel to the first Surface, as Seen for
`example, in U.S. Pat. Nos. 5,109,427 and 5,233,404. Fin
`gerprint identification devices of this nature are generally
`used to control the building-acceSS or information-access of
`individuals to buildings, rooms, and devices Such as com
`puter terminals.
`0008 U.S. Pat. No. 4,353,056 in the name of Tsikos
`issued Oct. 5, 1982, discloses an alternative kind of finger
`print Sensor that uses a capacitive Sensing approach. The
`described Sensor has a two dimensional, row and column,
`array of capacitors, each comprising a pair of Spaced elec
`trodes, carried in a Sensing member and covered by an
`insulating film. The Sensors rely upon deformation to the
`Sensing member caused by a finger being placed thereon So
`as to vary locally the Spacing between capacitor electrodes,
`according to the ridge/trough pattern of the fingerprint, and
`hence, the capacitance of the capacitors. In one arrangement,
`the capacitors of each column are connected in Series with
`the columns of capacitors connected in parallel and a Voltage
`is applied acroSS the columns. In another arrangement, a
`Voltage is applied to each individual capacitor in the array.
`Sensing in the respective two arrangements is accomplished
`by detecting the change of Voltage distribution in the Series
`connected capacitors or by measuring the Voltage values of
`the individual capacitances resulting from local deforma
`tion. To achieve this, an individual connection is required
`from the detection circuit to each capacitor.
`0009. Before the advent of computers and imaging
`devices, research was conducted into fingerprint characteri
`sation and identification. Today, much of the research focus
`in biometricS has been directed toward improving the input
`transducer and the quality of the biometric input data.
`Fingerprint characterization is well known and can involve
`many aspects of fingerprint analysis. The analysis of finger
`prints is discussed in the following references which are
`hereby incorporated by reference:
`0010 Xiao Qinghan and Bian Zhaoqi. An approach
`to Fingerprint Identification. By Using the Attributes
`of Feature Lines of Fingerprint," IEEE Pattern Rec
`ognition, pp 663, 1986;
`0011 C. B. Shelman, “Fingerprint Classification
`Theory and Application,” Proc. 76 Carnahan Con
`ference on Electronic Crime Countermeasures,
`1976;
`0012 Feri Pernus, Stanko Kovacic, and Ludvik
`Gyergyek, "Minutalie Based Fingerprint Registra
`tion.” IEEE Pattern Recognition, pp 1380, 1980;
`
`IPR2022-00602
`Apple EX1022 Page 5
`
`

`

`US 2003/0046552 A1
`
`Mar. 6, 2003
`
`0013 J. A. Ratkovic, F. W. Blackwell, and H. H.
`Bailey, “Concepts for a Next Generation Automated
`Fingerprint System.” Proc. 78 Carnahan Conference
`on Electronic Crime Countermeasures, 1978;
`0014 K. Millard, “An approach to the Automatic
`Retrieval of Latent Fingerprints.” Proc. 75 Carnahan
`Conference on Electronic Crime Countermeasures,
`1975;
`0015 Moayer and K. S. Fu, “A Syntactic Approach
`to Fingerprint Pattern Recognition,” Memo Np.
`73-18, Purdue University, School of Electrical Engi
`neering, 1973;
`0016 Wegstein, An Automated Fingerprint Identifi
`cation System, NBS special publication, U.S.
`Department of Commerce/National Bureau of Stan
`dards, ISSN 0083-1883; no. 500-89, 1982;
`0017 Moenssens, Andre A., Fingerprint Tech
`niques, Chilton Book Co., 1971; and, Wegstein and
`J. F. Rafferty, The LX39 Latent Fingerprint Matcher,
`NBS special publication, U.S. Department of Com
`merce/National Bureau of Standards; no. 500-36,
`1978.
`0.018. In the field of digital and analog communications,
`wireleSS devices are becoming more commonplace. IneX
`pensive computer Systems are currently commercially avail
`able wherein printers communicate with computers, which
`in turn communicate with other computers via infrared
`transmitters and receivers. Other devices, using other optical
`communication Systems, Such as data transmitting/receiving
`wrist watches are now available in department Stores at
`Substantially affordable prices, these wrist watches include
`processors and Software for communication with a computer
`and for downloading and uploading Small amounts of data as
`required.
`0.019
`Biometric security identification systems, such as
`fingerprint Scanning and input devices are becoming more
`commonplace as the need to validate authorized users of
`computers, databases, and Secure Spaces grows. AS comput
`erS become more miniaturized, So too are other communi
`cation and Security devices decreasing in size. One of the
`more important reasons, however, to miniaturize electronic
`devices is to lessen the burden of porting them.
`0020. One biometric security identification system pro
`vides each user with a hand-held portable fingerprint rec
`ognition and transmission device, for example, as disclosed
`in U.S. Pat. No. 6,111,977 to Scott et al. Their device
`includes a fingeprint Scanner that encodes a fingerprint and
`Sends the encoded fingerprint, via an infrared or a radio
`frequency transmitter, to a receiver in the Secure item,
`facility or area. It is nonetheless necessary to have a central
`computer that analyzes the encoded fingerprint to allow
`recognition and authorization of an individual.
`0021 Generally, present electronic security systems are
`very inflexible in their functionality providing either full
`access to an authorized user or denying access if user
`authorization fails. It would be advantageous to have a
`handheld biometric identification device allowing only
`access to a secure entity or service if a subset of 1<N<M
`perSons of M designated perSons is present. For example, 10
`bank employees are allowed to access the bank vault, but
`
`only in groups of 3 employees for Security reasons. Other
`examples would be the operation of a vehicle, access to
`hazardous areas or materials, computer Systems and data
`bases.
`0022. It is an object of the invention to use the progress
`in miniaturization of processors and biometric Sensors for
`providing a biometric Security System allowing only acceSS
`to a secure entity or service if a subset of 1<N<M persons
`of M designated perSons is present.
`0023. It is a further object of the invention to provide a
`method of expanding the flexibility of biometric identifica
`tion Systems.
`
`SUMMARY OF THE INVENTION
`In accordance with the present invention there is
`0024.
`provided a method for providing access to a Secure entity or
`Service by M designated perSons having only limited access
`privileges comprising the Steps of:
`0025 storing biometric data in dependence upon a
`biometric characteristic of each of the M designated
`perSons,
`0026 capturing biometric information representa
`tive of a biometric characteristic of each of N per
`Sons and providing biometric data in dependence
`thereupon, with 1.<N<M being a subset of the M
`designated perSons,
`0027 comparing the captured biometric data of each
`of the N persons with the stored biometric data to
`produce N comparison results, and,
`0028 if the N comparison results are indicative of
`the N perSons each being one of the M designated
`perSons and thereby forming a Subset, determining
`access privileges to the Secure entity or Service in
`dependence upon the Subset.
`0029. In accordance with the present invention there is
`further provided a method for providing access to a Secure
`entity or Service by M designated perSons having only
`limited access privileges comprising the Steps of:
`0030 providing each designated person of the M
`designated perSons with a portable biometric device
`operable to capture biometric information presented
`thereto;
`0031 assigning a biometric characteristic of each of
`the M designated perSons to a respective portable
`biometric device and Storing biometric data in the
`respective portable biometric device in dependence
`upon the biometric characteristic,
`0032 capturing biometric information representa
`tive of a biometric characteristic of each of N per
`Sons in response to each of the N perSons presenting
`Said information to the respective portable biometric
`device and providing biometric data in dependence
`thereupon, with 1.<N<M being a subset of the M
`designated perSons,
`0033 comparing the captured biometric data with
`biometric data Stored in each of the respective por
`table biometric devices to produce a comparison
`result,
`
`IPR2022-00602
`Apple EX1022 Page 6
`
`

`

`US 2003/0046552 A1
`
`Mar. 6, 2003
`
`0034) if the comparison result is indicative of the N
`perSons each being one of the M designated perSons,
`transmitting an authorization Signal from each of the
`respective portable biometric devices to a receiving
`port of the Secure entity or Service, and,
`0035) determining access privileges to the secure
`entity or Service in dependence upon the authoriza
`tion Signals received from the respective portable
`biometric devices of the Subset of N persons.
`0036). In accordance with the present invention there is
`yet further provided a method for providing access to a
`Secure entity or Service by M designated perSons having
`only limited access privileges comprising the Steps of
`0037 storing biometric data in dependence upon a
`biometric characteristic of a plurality of perSons of
`the M designated perSons in at least a portable
`biometric device;
`0038 capturing biometric information representa
`tive of a biometric characteristic of each of N per
`Sons in response to each of the N perSons presenting
`Said information to one of the at least a portable
`biometric device and providing biometric data in
`dependence thereupon, with 1.<N<M being a subset
`of the M designated perSons,
`0039 comparing the captured biometric data of each
`of the N persons with the stored biometric data to
`produce N comparison results,
`0040 if a comparison result is indicative of one of
`the N perSons each being one of the M designated
`perSons, transmitting an authorization signal from
`the at least a portable biometric device to a receiving
`port of the Secure entity or Service, and,
`0041) determining access privileges to the Secure
`entity or Service in dependence upon the authoriza
`tion signals of the Subset of N persons received from
`the at least a portable biometric device.
`0042. In accordance with an aspect of the present inven
`tion there is provided a Security System for Securing an entity
`or a Service from indiscriminate acceSS and for providing
`access to a Subset of N perSons of M designated perSons
`comprising:
`0043 at least a portable biometric device, the device
`comprising:
`0044) a biometric sensor for capturing biometric
`information representative of a biometric charac
`teristic in response to a perSon presenting Said
`information to the biometric Sensor;
`0045 an encoder for digitally encoding the cap
`tured biometric information and providing bio
`metric data in dependence thereupon;
`0046 memory for storing biometric data of at
`least one of the M designated perSons,
`0047 a processor for comparing the captured
`biometric data with stored biometric data of a
`designated person to produce a comparison result,
`and if the comparison result is indicative of a
`match for providing an authorization Signal; and,
`
`a transmitter for transmitting the authoriza
`0.048
`tion Signal;
`0049 at least a port for receiving authorization
`signals of the subset of 1<N<M persons from the
`at least a portable biometric device; and,
`0050 a processor for determining access privileges
`to the Secured entity or Service in dependence upon
`the authorization signals of the Subset of 1.<N<M
`perSons.
`BRIEF DESCRIPTION OF FIGURES
`Exemplary embodiments of the invention will now
`0051
`be described in conjunction with the following drawings, in
`which:
`0052 FIG. 1 is a simplified block diagram illustrating a
`biometric Security System according to the invention;
`0053 FIG. 2 is a simplified flow diagram illustrating a
`method of operation according to the invention of the
`biometric security system shown in FIG. 1; and,
`0054 FIG. 3 is a simplified flow diagram illustrating
`another method of operation according to the invention of
`the biometric security system shown in FIG. 1.
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENTS
`0055 FIG. 1 illustrates the block diagram of a biometric
`security system 100 for securing an entity or service from
`indiscriminate acceSS according to the invention. The System
`100 comprises at least a portable biometric device 102 and
`at least a receiving module 104 connected over a transmis
`Sion channel. For Simplicity, only one portable biometric
`device 102 and one receiving module 104 is shown in FIG.
`1, but it is obvious that the invention is not limited thereto.
`Preferably, the system comprises a plurality of portable
`biometric devices 102, one for each person of M designated
`persons of the biometric security system 100. The portable
`biometric device 102 comprises a biometric sensor 106 for
`capturing biometric information representative of a biomet
`ric characteristic in response to a perSon presenting Said
`information. In a preferred embodiment the biometric Sensor
`106 comprises a capacitive fingerprint imager for its com
`pact design, but obviously the invention is not limited
`thereto. An encoder 108 digitizes or otherwise converts the
`analog signal into a signal format, which provides an
`encoded description of the biometric characteristic, Suitable
`for processing. A processor 110 compares the captured
`biometric data with biometric data of an authorized perSon
`Stored in memory 112 to produce a comparison result.
`Preferably, the memory 112 is a non-volatile memory. If the
`comparison result is indicative of a match an authorization
`Signal is provided to a transmitter 114 for transmitting the
`signal to a port 120 of the receiving module 104. A locking
`mechanism 122 comprising a processor 124 at the receiving
`module 104 then provides access to the secure entity or
`Service in dependence upon the received authorization Sig
`nals. The processor 124 determines acceSS privileges to the
`Secured entity or Service in dependence upon the authoriza
`tion signals received from a subset of N persons of the M
`designated persons, with 1.<N<M.
`0056. Optionally, the locking mechanism 122 comprises
`memory for Storing various predetermined levels of access
`privileges for different predetermined Subsets of perSons of
`the M designated perSons.
`
`IPR2022-00602
`Apple EX1022 Page 7
`
`

`

`US 2003/0046552 A1
`
`Mar. 6, 2003
`
`0057. In a preferred embodiment the processor 124 is a
`central processor of the Secure entity or Service connected to
`a plurality of ports and connected to a plurality of locking
`mechanisms. Therefore, Security is enhanced by having the
`Signal processing and, optionally, the Storage of access
`privileges located in one Secure location only accessible to
`authorized perSonnel Such as a network administrator.
`0058. The portable biometric device 102 can be manu
`factured as a Small handheld device Such as a remote control,
`a watch, or a pendant comprising a transmitter 114 for
`wireleSS transmission Such as infrared or radio frequency
`transmission. Alternatively, the portable biometric device
`102 comprises a smart card, wherein the transmitter 114 is
`to be interfaced with the port 120 of the receiving module
`104. In one embodiment a portable biometric device 102 for
`each of the M designated perSons is provided. In memory of
`each portable biometric device 102 biometric data represen
`tative of a biometric characteristic of one respective perSon
`of the M designated persons is stored. This allows use of the
`portable biometric device 102 by only one person. Alterna
`tively, the biometric information of a plurality of perSons is
`stored in one portable biometric device 102. For example,
`each person of a subset has a portable biometric device 102
`with the biometric data representative of a biometric char
`acteristic of all N persons of the subset stored in memory.
`This allows use of a portable biometric device 102 by more
`than one perSon, for example, if one perSon of the Subset has
`forgotten his portable biometric device 102.
`0059 Optionally, for each designated person or groups of
`designated perSons a different authorization signal is pro
`Vided. This is advantageous if the Security System has
`various levels of access privileges for different Subsets of
`perSons of the M designated perSons.
`0060) Further optionally, the authorization signals of the
`N persons of a subset is received at different ports 120. For
`example, a driver and an assistant driver of a plurality of
`drivers of an armored vehicle are enabled to access the
`vehicle only together, each authorization signal from a
`respective portable biometric device is received by a receiv
`ing module on either Side of the vehicle.
`0061 The flow diagram in FIG. 2 illustrates a method of
`operation according to the invention of the portable biomet
`ric devices 102 in conjunction with the receiving modules
`104. Each designated perSon of the M designated perSons is
`provided with a portable biometric device. Biometric data in
`dependence upon a biometric characteristic Such as a fin
`gerprint of each of the M designated perSons is Stored in
`memory of the respective portable biometric device. The
`portable biometric device is preauthorized for use with a
`particular Security System and personalized for use by a
`particular perSon. Prior to operation an administrator initial
`izes the portable biometric device with the assistance of
`either a central computer or a personal computer. Alterna
`tively, a first user of the portable biometric device providing
`biometric information to the sensor after fabrication is
`designated as authorized user and biometric data in depen
`dence upon the captured biometric characteristic are Stored
`in memory. A following function block Starts the proceSS in
`response, for example, to a touch of a person's digit to a
`fingerprint imager. Biometric information representative of
`a biometric characteristic of each of a Subset of 1.<N<M
`perSons is captured in response to each of the N perSons
`
`presenting Said information to the respective portable bio
`metric device. The biometric information is encoded and
`biometric data in dependence thereupon is provided to the
`processor of each respective portable biometric device.
`Using the processor of each respective portable biometric
`device the captured biometric data is then compared with the
`Stored biometric data to produce a comparison result. If the
`comparison result is indicative of a match an authorization
`Signal is transmitted from each of the respective portable
`biometric devices to a receiving port of the Security System.
`Upon receipt of the authorization Signal a processor of the
`locking mechanism determines access privileges to the
`Secure entity or Service in dependence upon the authoriza
`tion signals it received from the respective portable biomet
`ric devices of the Subset of N persons. If an authorization
`Signal of the Subset of N perSons is missing, the Security
`System denies access to the Secure entity or Service.
`0062) A subset comprises any set of an arbitrary but
`predetermined number of at least two perSons but less than
`the number of all designated perSons. Generally, a Subset
`will be one of a plurality of predetermined subsets, wherein
`each of the plurality of Subsets comprises a different com
`bination of the M designated persons. Furthermore, different
`Subsets comprise a different number of perSons combined in
`the Subset. Optionally, different Subsets of the plurality of
`Subsets have different access privileges to the Secure entity
`or Service.
`0063 Preferably, different authorization signals associ
`ated with different perSons are provided. This accommodates
`more flexibility in defining various access privileges for
`different Subsets of the M designated perSons. In dependence
`upon the received Nauthorization Signals the processor of
`the locking mechanism determines which of a plurality of
`predefined Subsets of perSons is requiring access to the
`Secure entity or Service and provides access according to
`preset access privileges associated with the determined
`Subset. Preset access privileges comprise, for example, a
`time limitation allowing access only at certain times, func
`tional limitations, a combination of both, or varying of the
`functional limitations with time of access.
`0064.
`For example, 10 employees of a branch of a bank
`are allowed to access the bank vault, but for Security reasons
`they are allowed to enter only in Subsets of at least 3 perSons.
`Here, each of the subset of 3 bank employees provides a
`fingerprint to a respective portable biometric device, which
`is like a remote control or, alternatively, Something as
`inconspicuous as a pendant. After comparing the captured
`biometric information with biometric data stored in the
`device an authorization signal is transmitted, for example
`via infrared transmission, to a receiving port of the Security
`System if the comparison result is indicative of a match.
`Upon receipt of the authorization signals from the 3 employ
`ees a processor of the locking mechanism of the Security
`System determines access privileges for the Subset 3 bank
`employees. After Successful determination of the access
`privileges the door to the vault is unlocked. Further flex
`ibility is added to the security system by defining different
`Subsets of different bank employees for accessing different
`areas of the vault. For example, after the main door to the
`vault there are Several door a for accessing different Sections
`of the vault Such as customerS Safety deposit boxes, different
`rooms for Storing money, gold, documents, etc. The Security
`System according to the invention ensured that only Subsets
`
`IPR2022-00602
`Apple EX1022 Page 8
`
`

`

`US 2003/0046552 A1
`
`Mar. 6, 2003
`
`of perSons assigned to the tasks in a predefined room are able
`to access the Same. Furthermore, the Security System is
`expanded to enable access by a Subset only at a predeter
`mined time. For instance, one Subset is enabled to acceSS
`only during the morning work hours while another Subset is
`enabled to access only during the afternoon work hours.
`0065 Referring to FIG. 3 a simplified flow diagram of
`another method of operation according to the invention of
`the security system 100 is shown. Biometric data in depen
`dence upon a biometric characteristic of a plurality of
`perSons of the M designated perSons is Stored in a portable
`biometric device. Preferably, biometric data of a Subset of N
`perSons is Stored in each portable biometric device provided
`to the persons of the Subset. This provides more flexibility,
`allowing use of another perSon's portable biometric device.
`Or even the whole Subset of N persons is able use one
`portable biometric device to get access to the Secure entity
`or Service. For example, if the portable biometric device is
`a Smart card one perSon of the Subset inserts his Smart card
`and all N persons of the Subset pro