USOO8886954B1
`
`(12) United States Patent
`Giobbi
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,886,954 B1
`*Nov. 11, 2014
`
`(54) BIOMETRIC PERSONAL DATA KEY (PDK)
`AUTHENTICATION
`(71) Applicant: Proxense, LLC, Bend, OR (US)
`(72) Inventor: John J. Giobbi, Bend, OR (US)
`(73) Assignee: Proxense, LLC, Bend, OR (US)
`(*) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`This patent is Subject to a terminal dis
`claimer.
`
`(21) Appl. No.: 13/710,109
`
`(22) Filed:
`
`Dec. 10, 2012
`
`Related U.S. Application Data
`(63) Continuation of application No. 1 1/314,199, filed on
`Dec. 20, 2005, now Pat. No. 8,352,730.
`(60) Provisional application No. 60/652,765, filed on Feb.
`14, 2005, provisional application No. 60/637,538,
`filed on Dec. 20, 2004.
`51) Int. C
`(51)
`ouL 29/06
`2006.O1
`G05B I/00
`6. 3.
`(
`.01)
`(52) U.S. Cl.
`CPC ........................................ G05B I/00 (2013-0)
`USPC - - - - - - - - - - - grrrrr. 713/186; 713/153
`(58) Field of Classification Search
`CPC combination set(s) only.
`See application file for complete search history.
`Ref
`Cited
`eerees e
`
`(56)
`
`U.S. PATENT DOCUMENTS
`
`4,759,060 A
`4,993,068 A
`
`7/1988 Hayashi et al.
`2f1991 Piosenka et al.
`
`2f1993 Blair et al.
`5,187,352 A
`3, 1994 Stelzel
`5,296,641 A
`2/1995 Hammersley et al.
`5,392.433 A
`5,416,780 A t N.
`Continue
`
`FOREIGN PATENT DOCUMENTS
`
`WO
`WO
`
`10, 2000
`WOOOf 62.505
`3, 2001
`WOO1/22724
`(Continued)
`OTHER PUBLICATIONS
`
`"Alliance Activities: Publications: Identity—Smart Card Alliance.”
`Smart Card Alliance, 1997-2007, Retrieved on Jan. 7, 2007 from
`<URL:http://www.smartcardalliance.org/pages/publications-iden
`tity), 3 pgs.
`
`(Continued)
`Y -
`Primary Examiner — Eleni Shiferaw
`Assistant Examiner — Phy Ahn Vu
`(74) Attorney, Agent, or Firm — Patent Law Works LLP
`
`ABSTRACT
`(57)
`Systems and methods verifying a user during authentication
`of an integrated device. In one embodiment, the system
`9.
`y
`includes an integrated device and an authentication unit. The
`integrated device stores biometric data of a user and a plural
`ity of codes and other data values comprising a device ID code
`uniquely identifying the integrated device and a secret
`decryption value in a tamper proof format, and when scan
`data is verified by comparing the scan data to the biometric
`data, wirelessly sends one or more codes and other data values
`including the device ID code. The authentication unit receives
`and sends the one or more codes and the other data values to
`an agent for authentication, and receives an access message
`from the agent indicating that the agent successfully authen
`ticated the one or more codes and other data values and allows
`the user to access an application.
`29 Claims, 6 Drawing Sheets
`
`
`
`Biometric Key 100
`
`Biometric Portion
`220
`Enrollment
`Module
`222
`
`Walidation
`Module
`224
`
`Control
`Module
`210
`
`Persistent
`Storage
`226
`
`RF Communication
`Module
`230
`
`Page 1 of 15
`
`GOOGLE EXHIBIT 1001
`
`

`

`US 8,886,954 B1
`Page 2
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`6, 1995 Bucholtz et al.
`5,422,632 A
`9, 1995 Ostrover et al.
`5,450,489 A
`4, 1997 Kuroiwa et al.
`5,619,251 A
`5, 1997 Stefket al.
`5,629,980 A
`7/1997 Thompson et al.
`5,644,354 A
`9/1997 Handelman et al.
`5,666.412 A
`7/1998 Akiyama et al.
`5,784,464 A
`5,825,876 A 10/1998 Peterson, Jr.
`5,857,020 A
`1/1999 Peterson, Jr.
`5,892,825 A
`4/1999 Mages et al.
`5,894,551 A
`4, 1999 Huggins et al.
`5,898,880 A
`4/1999 Ryu
`5,917,913 A
`6/1999 Wang
`5,928,327 A
`7/1999 Wang et al.
`5.991,399 A 1 1/1999 Graunke et al.
`5.991,749 A 11/1999 Morrill, Jr.
`6,016,476 A
`1/2000 Maes et al.
`6,018,739 A
`1/2000 McCoy et al.
`6,035,038 A
`3/2000 Campinos et al.
`6,035,329 A
`3/2000 Mages et al.
`6,038,334 A
`3, 2000 Hamid
`6,041,410 A
`3/2000 Hsu et al. ...................... T13, 186
`6,042,006 A
`3/2000 Van Tilburg et al.
`6,055.314 A
`4/2000 Spies et al.
`6,070,796 A
`6, 2000 Sirbu
`6,088,730 A
`7/2000 Kato et al.
`6,104,334 A
`8/2000 Allport
`6,121,544. A
`9/2000 Petsinger
`6,148,142 A 11/2000 Anderson
`6,161,179 A 12/2000 Seidel
`6,185.316 B1
`2/2001 Buffam.
`6,209,089 B1
`3, 2001 Selitrennikoff et al.
`6.219,109 B1
`4/2001 Raynesford et al.
`6.219,439 B1
`4/2001 Burger
`6,247,130 B1
`6/2001 Fritsch
`6.256,737 B1
`7/2001 Bianco et al.
`365 R 658: Strast al.
`4-1 -
`OSIn et al.
`6,336,121 B1
`1/2002 Lyson et al.
`3.
`R $383 Real
`- W -
`S32 R 33.93 WSR
`6,385,596 Bi
`52002 Wiseretal,
`6,392.664 B1
`5/2002 Whitectal
`- - 4
`R R
`398: St.
`6,411,307 B1
`6, 2002 Rosin et al.
`6.424,715 B1
`7, 2002 Saito
`6.425,084 B1
`7/2002 Rallis et al.
`6,434,535 B1
`8/2002 Kupka et al.
`6,446,130 B1
`9/2002 Grapes
`6.463,534 B1
`10/2002 Geiger et al.
`6,480,188 B1
`1 1/2002 Horsley
`6,490.443 B1
`12/2002 Freeny, Jr.
`6,510,350 B1
`1/2003 Steen, III et al.
`6,523,113 B1
`2/2003 Wehrenberg
`6,529,949 B1
`3/2003 Getsin et al.
`S.
`3.39. She
`al.
`6563,805 B
`5/2003 NE al
`6564.380 B
`5/2003 Murphy
`6.628.303 B2
`92003 Whitect al.
`6.632,992 B2 10/2003 Hasegawa
`6,647.417 B1
`11/2003 Hunter et al.
`6,667,684 B1
`12/2003 Waggamon et al.
`6,683,954 B1
`1/2004 Searle
`6,697.944 B1
`2/2004 Jones et al.
`6,709,333 B1
`3/2004 Bradford et al.
`6,711,464 B1
`3/2004 Yap et al.
`6,775,655 B1
`8/2004 Peinado et al.
`6,804.825 B1
`10/2004 White et al.
`6,806,887 B2 10/2004 Chernocket al.
`6,850,147 B2
`2/2005 Prokoski et al.
`6,873,975 B1
`3/2005 Hatakeyama et al.
`
`9, 2005 Lee et al.
`6,950,941 B1
`6,963,971 B1 * 1 1/2005 Bush et al. .................... T13,153
`6,973,576 B2 12/2005 Giobbi
`6,975,202 B1
`12/2005 Rodriguez et al.
`6,983,882 B2
`1/2006 Cassone
`7,012,503 B2
`3/2006 Nielsen
`7,090,126 B2
`82006 Kelly et al.
`7,112,138 B2
`9, 2006 Hedricket al.
`7,137,012 B1
`11/2006 Kamibayashi et al.
`7, 191466 B1
`3/2007 Hamid et al.
`7,218,944 B2
`5/2007 Cromer et al.
`7,249,177 B1
`7/2007 Miller
`7,305,560 B2 122007 Giobbi
`7,529,944 B2
`5 2009 Hamid
`7,574,734 B2
`8, 2009 Fedronic et al.
`7.587,611 B2
`9, 2009 Johnson et al.
`7,617,523 B2 * 1 1/2009 Das et al. .......................... 726/5
`7,644,443 B2
`1/2010 Matsuyama et al.
`7,715,593 B1
`5/2010 Adams et al.
`7,883,417 B2
`2, 2011 Bruzzese et al.
`7,904,718 B2
`3/2011 Giobbi et al.
`2001/0044337 A1 11, 2001 Rowe et al.
`2002fOOO7456 A1
`1, 2002 Peinado et al.
`2002fOO 13772 A1
`1, 2002 Peinado
`2002fOO 14954 A1
`2, 2002 Fitzgibbon et al.
`2002/00 15494 A1
`2/2002 Nagai et al.
`2002fOO23032 A1
`2, 2002 Pearson et al.
`2002fOO26424 A1
`2, 2002 Akashi
`2002fOO71559 A1
`6/2002 Christensen et al.
`2002fOO73042 A1
`6/2002 Maritzen et al.
`2002/0098888 A1
`7/2002 Rowe et al.
`2002/0103027 A1
`8, 2002 Rowe et al.
`2002/0104.006 A1
`8, 2002 Boate et al.
`2002/0108049 A1
`8, 2002 Xu et al.
`2002/0109580 A1
`8, 2002 Shreve et al.
`2002/0129262 A1
`9/2002 Kutaragi et al. .............. T13, 193
`2002/0138767 A1
`9, 2002 Hamid et al.
`2002fO140542 A1 10, 2002 Prokoski et al.
`2002/01441 17 A1 10/2002 Faigle
`2002fO150282 A1 10, 2002 Kinsella
`2002fO152391 A1 10, 2002 Willins et al.
`2002fO158750 A1 10, 2002 Almalik
`2002/0174348 A1* 1 1/2002 Ting .............................. T13, 186
`2002/0178063 A1 11/2002 Gravelle et al.
`2002/019 1816 A1 12/2002 Maritzen et al.
`2003/003.6425 A1
`2/2003 Kaminkow et al.
`2003/0046552 A1
`3, 2003 Hamid
`2003/0054868 A1
`3/2003 Paulsen et al.
`2003/0054881 A1
`3/2003 Hedricket al.
`2003/0055689 A1
`3/2003 Blocket al.
`2003/OO79.133 A1
`4/2003 Breiter et al.
`2003.01.15474 A1
`6/2003 Khan et al. .................... T13, 186
`2003/0127511 A1
`7/2003 Kelly et al.
`2003/0139190 A1
`7/2003 Steelberg et al.
`2003/0.149744 A1* 8, 2003 Bierre et al. .................. 709/217
`2003/0172037 A1
`9/2003 Jung et al.
`2003/0176218 A1
`9/2003 LeMay et al.
`2003/0186739 A1 10, 2003 Paulsen et al.
`2004/O127277 A1
`7, 2004 Walker et al.
`2004/O128162 A1* 7/2004 Schlotterbeck et al. .......... 705/2
`2004/0129.787 A1* 7/2004 Saito et al. .................... 235/492
`2004/0209690 A1 10, 2004 Bruzzese et al.
`2004/02096.92 A1 10, 2004 Schober et al.
`2004/0215615 A1 10, 2004 Larsson et al.
`2004/0230488 A1 11/2004 Beenau et al.
`2005/0074126 A1* 4/2005 Stanko .......................... 380,279
`2005/0081040 A1
`4, 2005 Johnson et al.
`2005, 0109836 A1
`5/2005 Ben-Aissa .................... 235,380
`2005/0229.007 A1 10, 2005 Bole et al.
`2005/025 1688 A1 11/2005 Nanawati et al.
`2005/0253683 A1 11/2005 Lowe
`2006/0022046 A1
`2/2006 Iwamura
`2006/01 13381 A1
`6/2006 Hochstein et al.
`2006, O156027 A1
`7, 2006 Blake
`2007/0220272 A1
`9/2007 Campisi et al.
`2008, OO19578 A1
`1/2008 Saito et al.
`2008/0188308 A1
`8/2008 Shepherd et al.
`
`Page 2 of 15
`
`

`

`US 8,886,954 B1
`Page 3
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`2009/0328.182 A1
`2010.0117794 A1
`2011/O126188 A1
`
`12/2009 Malakapalliet al.
`5/2010 Adams et al.
`5/2011 Bernstein et al.
`
`FOREIGN PATENT DOCUMENTS
`
`WOO 1/75876
`WO
`WOO 1/77790
`WO
`WO WO 2005/050450
`WO WO 2005/0868O2
`
`10, 2001
`10, 2001
`6, 2005
`9, 2005
`
`OTHER PUBLICATIONS
`
`"Applying Biometrics to Door Access.” Security Magazine, Sep. 26.
`2002, Retrieved on Jan. 7, 2007, from <URL:http://www.
`Securitymagazine.com/CDA/Articles/technologies/
`3ae610eaa34d8010VgnVCM100000ft)32a8cO >, 5 pgs.
`Van Winkle, William, “Bluetooth, the King of Connectivity.” Laptop
`Buyer's Guide and Handbook, Jan. 2000, pp. 148-153.
`Yoshida, Junko, "Content Protection Plan Targets Wireless Home
`Networks,” www.eetinnes.com, Jan. 11, 2002, 2 pgs.
`Debow, Yvette, “Credit/Debit Debuts in Midwest Smart Card Test.”
`Computers in Banking, v6, n11, Nov. 1989, 4pgs.
`Dennis, Sylvia, "Digital Passports Need Not Infringe Civil Liber
`ties.” Newsbytes, Dec. 2, 1999, 2 pgs.
`Blum, Jonathan, “Digital Rights Management May Solver the
`Napster “Problem’.” Technology Investor Industrysector, Oct. 2000,
`pp. 24-27.
`Lake, Matt, “Downloading for Dollars.” Sound & Vision, Nov. 2000,
`pp. 137-138.
`Sapsford, Jathon, "E-Business: Sound Waves Could Help Ease Web
`Fraud Woes.” Wall Street Journal, Aug. 14, 2000, 2 pgs.
`“Firecrest Shows How Truly Commercially-Minded Companies Will
`Exploit the Internet.” Computergram International, Jan. 18, 1996, 2
`pg.S.
`“Frequently Asked Questions (FAQs) About BioPay,” BioPay, LLC,
`2007, Retrieved on Jan. 7, 2007, from <URL: http://www.biopay.
`com/facs-lowes.asp), 5 pgs.
`McIver, R. et al., “Identification and Verification Working Together.”
`Bioscrypt, Aug. 27, 2004. Retrieved on Jan. 7, 2007, from
`<URL:http://www.ibia.org/membersadmin/whitepapers/pdf 15/
`Identification%20and%20%20Verification%20Working%20
`Together.pdf>. 5 pgs.
`Weber, Thomas E., “In the Age of Napster, Protecting Copyright is a
`Digital Arms Race.” Wall Street Journal, Jul. 24, 2000, 3 pgs.
`PCT International Search Report, PCT/US04/38124, Apr. 7, 2005, 10
`pg.S.
`PCT International Search Report, PCT/US05/43447, Feb. 22, 2007,
`7 pgs.
`PCT International Search Report, PCT/US05/46843, Mar. 1, 2007,
`10 pgs.
`PCT International Search Report, PCT/US07/11102, Oct. 3, 2008, 11
`pg.S.
`
`PCT International Search Report, PCT/US07/11103, Apr. 23, 2008, 9
`pg.S.
`PCT International Search Report, PCT/US07/11104, Jun. 26, 2008, 9
`pg.S.
`PCT International Search Report, PCT/US07/11105, Oct. 20, 2008,
`10 pgs.
`Nilsson, J. et al., “Match-On-Card for Java Cards.” Precise
`Biometrics, White Paper, Apr. 2004, Retrieved on Jan. 7, 2007, from
`<URL:http://www.ibia.org/membersadmin/whitepapers/pdf 17/
`Precise%20Match-on-Card%20for%20Java%20Cards.pdf>. 5 pgs.
`Nordin, B., “Match-On-Card Technology.” Precise Biometrics,
`White Paper, Apr. 2004, Retrieved on Jan. 7, 2007, from <URL:http://
`www.ibia.org/membersadmin/whitepapers/pdf 17/
`Precis%20Match-on-Card%20technology.pdf>. 7 pgs.
`“Micronas and Thomson Multimedia Showcase a New Copy Protec
`tion System that Will Drive the Future of Digital Television.” www.
`micronas.com, Jan. 8, 2002, 3 pgs.
`Pope, "Oasis Digital Signature Services: Digital Signing without the
`Headaches.” Internet Computing IEEE, vol. 10, Oct. 2006, pp.
`81-84.
`“SAFModuleTM: A Look Into Strong Authentication.” saflink Cor
`poration, Retrieved on Jan. 7, 2007, from <URL: http://www.ibia.
`org/membersadmin/whitepapers/pdf/6/SAFmod WP.pdf>. 8 pgs.
`“Say Hello to Bluetooth.” Bluetooth Web site, Jun. 2000, 4pgs.
`“Smart Cards and Biometrics White Paper.” Smart Card Alliance,
`May 2002, Retrieved on Jan. 7, 2007, from <URL: http://www.
`Securitymanagementcom.library/smartcard facqtech0802.pdf>,
`7
`pg.S.
`Lewis, Peter H. "Sony and Visa in On-Line Entertainment Venture.”
`New York Times, v 145, Nov. 16, 1995, 1 pg.
`Fasca, Chad, “The Circuit.” Electronic News, vol. 45 Iss. 45, Nov. 8,
`1999, 2 pgs.
`Wallace, Bob, "The Internet Unplugged.” InformationWeek.com,
`Dec. 13, 1999, pp. 22-24.
`Paget, Paul, “The Security Behind Secure Extranets.” Enterprise
`Systems Journal, Dec. 1999, 4pgs.
`Kontzer, Tony, “Thomson Bets on Smart Cards for Video Encryp
`tion.” www.informationweek.com, Jun. 7, 2001, p. 1.
`Press Release, “Thomson Multimedia Unveils Copy Protection Pro
`posal Designed to Provide Additional Layer of Digital Content Secu
`rity,” www.thompson-multimedia.com, May 30, 2001, 2 pgs.
`Wade, Will. “Using Fingerprints to Make Payments at POS Slowly
`Gaining Popularity.” Credit Union Journal, International Biometric
`Group, Apr. 21, 2003, Retrieved on Jan. 7, 2007, from <URL:http://
`www.biometricgroup.com/in the news/04.21.03.html>, 3 pgs.
`Antonoff, Michael, “Visiting Video Valley.” Sound & Vision, Nov.
`2001, pp. 116, 118-119.
`“What is a File?” Apr. 30, 1998, URL: http://unixhelp.ed.ac.uk/
`editors whatisafile.html, accessed Mar. 11, 2010 via http://
`waybackmachine.org/1998061500000* /http://unixhelp.ed.ac.uk/
`editors whatisafile.html, 1 pg.
`Farouk, "Authentication Mechanisms in Grid Computing Environ
`ment; Comparative Study', 2012, IEEE, p. 1-6.
`
`* cited by examiner
`
`Page 3 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 1 of 6
`
`US 8,886,954 B1
`
`FIG. 1
`
`
`
`Biometric Key 100
`
`Biometric Portion
`220
`Enrollment
`Validation
`Module
`Module
`222
`224
`
`Control
`Module
`210
`
`Persistent
`Storage
`226
`
`FIG. 2
`
`RF Communication
`Module
`230
`
`Page 4 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 2 of 6
`
`US 8,886,954 B1
`
`
`
`Biometric Key
`100
`
`Application
`330
`
`Authentication
`Module
`310
`
`Trusted Key
`Authority
`320
`
`FIG. 3
`
`Page 5 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 3 of 6
`
`US 8,886,954 B1
`
`Biometric
`Key
`100
`
`Authentication
`Module
`310
`
`Trusted Key
`Authority
`320
`
`Register User And
`Biometric Key
`410
`
`Receive Biometric
`Data
`Of The USer
`420
`
`
`
`Biometrically Verify
`User
`440
`
`Authentication
`Needed For An
`Application?
`430
`YES
`
`Request
`Authentication
`450
`
`AllOW ACCeSS TO
`The Application
`470
`
`FIG. 4
`
`Authenticate The
`Biometric Key
`460
`
`Page 6 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 4 of 6
`
`US 8,886,954 B1
`
`
`
`Check identification and Establish Profile
`510
`
`Persistently Store Biometric Data
`From The USer
`520
`
`Obtain Code
`530
`
`ASSOCiate Profile
`With COde
`540
`
`FIG. 5
`
`Page 7 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 5 of 6
`
`US 8,886,954 B1
`
`START
`605
`
`Request User Scan
`610
`
`Receive Scan Data From A Subject
`620
`
`SCan Data Match Biometric Data?
`630
`
`
`
`YES
`
`The Subject is Verified
`As The Registered User
`640
`
`Verification
`Failed
`650
`
`Wirelessly Send Code Indicating
`Successful Verification of User
`650
`
`FIG. 6
`
`Page 8 of 15
`
`

`

`U.S. Patent
`
`Nov. 11, 2014
`
`Sheet 6 of 6
`
`US 8,886,954 B1
`
`
`
`Wirelessly Receive The Code
`710
`
`Request Authentication
`Of The Code
`720
`
`Code Authenticated?
`730
`
`Send Access Message To The Application
`740
`
`Authentication
`Failed
`750
`
`FIG. 7
`
`Page 9 of 15
`
`

`

`1.
`BIOMETRIC PERSONAL DATA KEY (PDK)
`AUTHENTICATION
`
`US 8,886,954 B1
`
`2
`comparison against the biometric data, and if the scan data
`matches the biometric data, wirelessly sending a code for
`authentication.
`In one embodiment, a method for Verifying a user during
`authentication of an integrated device, includes persistently
`storing biometric data for the user in a tamper-resistant for
`mat; responsive to receiving a request for biometric verifica
`tion of the user, receiving scan data from a biometric scan;
`comparing the scan data to the biometric data to determine
`whether the data match; and responsive to a determination
`that the scan data matches the biometric data, wirelessly
`sending a code for authentication.
`Other embodiments include corresponding systems, appa
`ratus, and computer programming products, configured to
`perform the actions of the methods, encoded on computer
`storage devices. These and other embodiments may each
`optionally include one or more of the following features. For
`instance the operations further include registering an age
`verification for the user in association with the code. For
`instance the operations further include establishing a secure
`communication channel prior to sending the code for authen
`tication. For instance the operations further include receiving
`a request for the code without a request for biometric verifi
`cation, and responsive to receiving the request for the code
`without a request for biometric verification, sending the code
`without requesting the scan data. For instance, the features
`include: the code is registered with a trusted authority, and the
`code can be authenticated to a third party by the trusted
`authority; the code uniquely identifies the integrated device;
`the code indicates that the biometric verification was success
`ful; persistently storing biometric data includes permanently
`storing biometric data; the biometric data and the scan data
`are both based on a fingerprint scan by the user, an LED to be
`activated for requesting the biometric scan.
`In one embodiment, a method for authenticating a verified
`user, includes receiving a code associated with a biometri
`cally verified user, requesting authentication of the code:
`receiving an authentication result; and in response to the
`authentication result being positive, providing access to an
`application.
`In one embodiment, a system includes an integrated device
`(e.g. a biometric key) to store biometric data for a user in a
`tamper resistant format, and if scan data can be verified as
`being from the user by comparing the scan data to the bio
`metric data, wirelessly sending a code; and an authentication
`module to receive the code and send the code to a trusted
`authority for authentication, and responsive to the code being
`authenticated, allowing the user to access an application.
`Other embodiments include corresponding systems, appa
`ratus, and computer programming products, configured to
`perform the actions of the methods, encoded on computer
`storage devices. These and other embodiments may each
`optionally include one or more of the following features. For
`instance, the operations further include registering the code
`with a trusted authority, wherein requesting authentication of
`the code includes providing the code to the trusted authority
`and wherein receiving an authentication result comprises
`receiving the authentication result from the trusted authority.
`For instance the operations further include registering a date
`of birth or age with the trusted authority. For instance the
`operations further include establishing a secure communica
`tions channel with an integrated device, wherein the code
`associated with the biometrically verified user is received
`from the integrated device. For instance the features include:
`the integrated device receives an authentication request from
`the authentication module, and in response, requests a bio
`metric scan from the user to generate the scan data; when the
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`The present application claims priority, under 35 U.S.C.
`S120, to U.S. patent application Ser. No. 1 1/314,199, filed
`Dec. 20, 2005 and entitled “Biometric Personal Data Key
`(PDK) Authentication.” which claims the benefit of U.S. Pro
`visional Application No. 60/637,538, filed on Dec. 20, 2004,
`and of U.S. Provisional Application No. 60/652,765, filed on
`Feb. 14, 2005, the entire contents of which are hereby incor
`porated by reference.
`
`10
`
`15
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to computerized
`authentication, and more specifically, to an authentication
`responsive to biometric verification of a user being authenti
`cated.
`
`BACKGROUND
`
`25
`
`Conventional user authentication techniques are designed
`to prevent access by unauthorized users. One technique is to
`require a user being authenticated to provide secret creden
`tials, such as a password, before allowing access. Similarly, a
`PIN number can be required by an ATM machine before
`30
`allowing a person to perform automated bank transactions. A
`difficulty with this technique is that it requires the user to
`memorize or otherwise keep track of the credentials. A uses
`often has multiple sets of credentials (e.g., passwords and
`PINs) and it can be quite difficult to keep track of them all.
`35
`Another technique that does not require the user to memo
`rize credentials is to provide the user with an access object
`Such as a key (e.g., an electronic key) that the user can present
`to obtain access. For example, a user can be provided with a
`Small electronic key fob that allows access to a building or
`other secured location. A difficulty with using access objects
`is that authentication merely proves that the access object
`itself is valid; it does not verify that the legitimate user is using
`the access object. That is, illegitimate user can use a stolen
`access object to enter a secured location because the user's
`identity is never checked.
`Some hybrid authentication techniques require the user to
`provide both an access object and credentials. The user is
`authenticated only upon providing both items. Of course, this
`Solution does not resolve the problem of making the user
`memorize credentials.
`Therefore, there is a need for systems and methods for
`Verifying a user that is being authenticated that does not suffer
`from the limitations described above. Moreover, the solution
`should ease authentications by wirelessly providing an iden
`tification of the user.
`
`40
`
`45
`
`50
`
`55
`
`SUMMARY
`
`The present invention addresses the above needs by pro
`viding systems and methods for authentication responsive to
`biometric verification of a user being authenticated. In one
`embodiment, an integrated device includes a persistent Stor
`age to persistently stores a code such as a device identifier
`(ID) and biometric data for a userina tamper-resistant format,
`and a verification module, in communication with the persis
`tent storage, to receive scan data from a biometric scan for
`
`60
`
`65
`
`Page 10 of 15
`
`

`

`3
`integrated device cannot verify the scan data as being from the
`user, it does not send the code.
`Advantageously, user authentication is bolstered with
`highly reliable biometric verification of the user in an inte
`grated device. Furthermore, a keyless environment relieves
`authorized users from having to memorize credentials, and of
`having to physically enter credentials or keys. In addition, the
`integrated device can be authenticated for an application that
`is open to the public (i.e., in an open loop system).
`The features and advantages described in the specification
`are not all inclusive and, in particular, many additional fea
`tures and advantages will be apparent to one of ordinary skill
`in the art in view of the drawings, specifications, and claims.
`Moreover, it should be noted that the language used in the
`specification has been principally selected for readability and
`instructional purposes and may not have been selected to
`delineate or circumscribe the inventive matter.
`
`5
`
`10
`
`15
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The teachings of the present invention can be readily
`understood by considering the following detailed description
`in conjunction with the accompanying drawings.
`FIG. 1 is a schematic diagram illustrating a biometric key
`for providing authentication information for a biometrically
`Verified user according to one embodiment of the present
`invention.
`FIG. 2 is a block diagram illustrating functional modules
`within the biometric key according to one embodiment of the
`present invention.
`FIG. 3 is a block diagram illustrating a system for provid
`ing authentication information for a biometrically verified
`USC.
`FIG. 4 is a flow chart illustrating a method for providing
`authentication information for a biometrically verified user.
`FIG. 5 is a flow chart illustrating a method for enrolling
`biometric data of the user with the biometric key.
`FIG. 6 is a flow chart illustrating a method for verifying a
`Subject presenting the biometric key according to one
`embodiment of the present invention.
`FIG. 7 is a flow chart illustrating a method for authenticat
`ing a verified user of the biometric key according to one
`embodiment of the present invention.
`
`DETAILED DESCRIPTION
`
`Systems and methods for authentication responsive to bio
`metric verification of a user being authenticated are
`described. Generally, biometric verification uses biometric
`data to ensure that the user of, for example, a biometrickey, is
`the person registered as an owner. Biometric data is a digital
`or analog representation of characteristics unique to the
`user's body. For example, a fingerprint of a subject can be
`compared against previously-recorded biometric data for
`verification that the subject is the registered owner of the
`biometric key. Then, the biometric key itself can be authen
`ticated.
`Although the embodiments below are described using the
`example of biometric verification using a fingerprint, other
`embodiments within the spirit of the present invention can
`perform biometric verification using other types of biometric
`data. For example, the biometric data can include a palm
`print, a retinal scan, an iris Scan, hand geometry recognition,
`facial recognition, signature recognition, or voice recogni
`tion.
`FIG. 1 is a schematic diagram illustrating an example of a
`biometric key 100 for providing authentication information
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 8,886,954 B1
`
`4
`for a biometrically verified user according to one embodi
`ment of the present invention. In one embodiment, the bio
`metrickey 100 comprises a frame 110, a scan pad 120, and an
`LED 130. In one embodiment, biometric key 100 has a small
`form factor (e.g., the size of an automobile remote control)
`such that it can be unobtrusively carried by a user. In one
`embodiment, the biometric key 100 is integrated into another
`object or device. A device having an integrated biometrickey
`100 is occasionally referred to herein as an “integrated
`device.” For example, in one embodiment, the biometric key
`100 is integrated into a mobile phone (e.g. a cellular phone or
`Smartphone), tablet, laptop, mp3 player, mobile gaming
`device, watch, key fob or other mobile device, thereby mak
`ing the biometric key 100 unobtrusive to carry.
`Frame 110 can be formed by plastic, metal or another
`suitable material. Frame 110 is shaped to secure scan pad 120,
`and includes a perforation for attachment to, for example a
`key chain or clip. In one embodiment, frame 110 is formed
`from a unitary molding to protect biometric data. Accord
`ingly, frame 110 cannot be opened to expose the underlying
`components unless it is broken.
`Scan pad 120 can be, for example, an optical scanner using
`a charge coupled device, or a capacitive scanner. Scan pad
`120 can be sized to fit a thumb or other finger. Biometric key
`100 of the present embodiment includes LED 130 that lights
`up to request a fingerprint Scan from a user. In one embodi
`ment, LED 130 can also confirm that user verification and/or
`authentication has completed.
`Biometric key 100 can authenticate a user for various pur
`poses. For example, biometric key 100 can allow keyless
`entry into homes and autos. In another example, biometric
`key 100 can logauser onto a computer system or point of sale
`register without typing in credentials. In still another
`example, biometric key 100 can verify that an enrolled user is
`above a certain age (e.g., before allowing access to a slot
`machine in a casino). In some embodiments, biometric key
`100 operates without biometric verification, and request a
`fingerprint Scan from a user only when biometric verification
`is needed for the particular use.
`FIG. 2 is a block diagram illustrating biometric key 100
`according to one embodiment of the present invention. Bio
`metric key 100 comprises control module 210, biometric
`portion 220, RF communication module 230, persistent stor
`age 240, and battery 250. Biometric key 100 can be formed
`from a combination of hardware and Software components as
`described above. In one embodiment, biometrickey 100 com
`prises a modified key fob.
`Control module 210 coordinates between several functions
`of biometric key 100. In one embodiment, control module
`210 provides a verification code upon successful verification
`of the user. More specifically, once biometric portion 220
`indicates that a fingerprint scan matches biometric data that
`was collected during enrollment, control module 210 can
`trigger RF communication module 230 for sending a code
`indicating that the user was verified. In another embodiment,
`control module 210 can work in the opposite direction by
`detecting a request for verification from RF communication
`module 230, and then requesting verification of the user from
`biometric portion 210. Note that control module 210 of FIG.
`2 is merely a grouping of control functions in a central archi
`tecture, and in other embodiments, the control functions can
`be distributed between several modules around biometrickey
`1OO.
`Biometric portion 220 comprises enrollment module 222,
`validation module 224, and biometric database 226. In one
`embodiment, enrollment module 222 registers a user with
`biometrickey 100 by persistently storing biometric data asso
`
`Page 11 of 15
`
`

`

`5
`ciated with the user. Further, enrollment module 222 registers
`biometric key 100 with a trusted authority by providing the
`code (e.g., device ID) to the trusted authority. Or conversely,
`the trusted authority can provide the code to biometric key
`100 to be stored therein.
`Validation module 224 can comprise scan pad 120 (FIG. 1)
`to capture scan data from a user's fingerprint (e.g., a digital or
`analog representation of the fingerprint). Using the scan data,
`validation module 214 determines whether the user's finger
`print matches the stored biometric data from enrollment.
`Conventional techniques for comparing fingerprints can be
`used. For example, the unique pattern of ridges and Valleys of
`the fingerprints can be compared. A statistical model can be
`used to determine comparison results. Validation module 224
`can send comparison results to control module 210.
`In other embodiments, validation module 224 can be con
`figured to capture biometric data for other human character
`istics. For example, a digital image of a retina, iris, and/or
`handwriting sample can be captured. In another example, a
`microphone can capture a voice sample.
`Persistent storage 226 persistently stores biometric data
`from one or more users which can be provided according to
`specific implementations. In one embodiment, at least some
`of persistent storage 226 is a memory element that can be
`written to once but cannot subsequently be altered. Persistent
`storage 226 can include, for example, a ROM element, a flash
`memory element, or any other type of non-volatile storage
`element. Persistent storage 226 is itself, and stores data in, a
`tamper-proof format to prevent any changes to the stored
`data. Tamperproofing increases reliability of authentication
`because it does not allow any changes to biometric data (i.e.,
`allows reads of stored data, but not writes to store new data or
`modify existing data). Furthermore, data can be stored in an
`encrypted form.
`In one embodiment, persistent storage 226 also stores the
`code that is provided by the key 100 responsive to successful
`verification of the user. As described above, in one embodi
`ment the code is a device ID or other value that uniquely
`identifies biometric key 100. In one embodiment, the code is
`providing during the manufacturing process and the biomet
`ric data are provided during an enrollment of the user. In other
`embodiments, the code is provided during enrollment and/or
`the biometric data are provided during m