as) United States
`a2) Patent Application Publication 10) Pub. No.: US 2007/0245157 Al
`(43) Pub. Date: Oct. 18, 2007
`
`Giobbiet al.
`
`US 20070245157A1
`
`(54)
`
`(76)
`
`TWO-LEVEL AUTHENTICATION FOR
`SECURE TRANSACTIONS
`
`Inventors: John J. Giobbi, Bend, OR (US); David
`L. Brown, Jupiter, FL (US); Fred S.
`Hirt, Brookfield, IL (US)
`
`Correspondence Address:
`FENWICK & WEST LLP
`SILICON VALLEY CENTER
`801 CALIFORNIA STREET
`MOUNTAIN VIEW, CA 94041 (US)
`
`(21)
`
`Appl. No.:
`
`—-11/744,831
`
`(22)
`
`Filed:
`
`May5, 2007
`
`Related U.S. Application Data
`
`(63)
`
`(60)
`
`Continuation-in-part of application No. 11/292,330,
`filed on Nov. 30, 2005.
`
`Provisional application No. 60/798,172, filed on May
`5, 2006. Provisional application No. 60/798,843, filed
`on May8, 2006. Provisional application No. 60/838,
`788, filed on Aug. 17, 2006. Provisional application
`
`No. 60/824,758, filed on Sep. 6, 2006. Provisional
`application No. 60/894,608, filed on Mar. 13, 2007.
`
`Publication Classification
`
`(51)
`
`Int. CL
`(2006.01)
`HOAL 900
`(52) U.S. CMe
`eccccssscssssesssssstensssesseeestenssinsesvesee 713/186
`
`(57)
`
`ABSTRACT
`
`A system and method provide efficient, secure, and highly
`reliable authentication for transaction processing and/or
`access control applications. A Personal Digital Key stores
`one or moreprofiles (e.g., a biometric profile) in a tamper-
`proof memory that is acquired in a secure trusted process.
`Biometric profiles comprise a representation of physical or
`behavioral characteristics that are uniquely associated with
`an individual that owns and carries the PDK. The PDK
`
`wirelessly transmits the biometric profile over a secure
`wireless transaction to a Reader for use in a biometric
`
`authentication process. The Reader compares the received
`biometric profile to a biometric input acquiredat the point of
`transaction in order to determineif the transaction should be
`authorized.
`
`
`
`STABLISH COMMUNICATION
`BETWEEN RDC AND PDK
`WITHIN RANGE
`
`402
`
`PERFORM DEVICE
`AUTHENTICATION
`
`YES
`
`PERFORM PROFILE
`AUTHENTICATION
`
`TRANSACTION
`NOT AUTHORIZED
`
`PROFILE(s) VALID?
`
`
`YES
`
`
`
`
`COMPLETE TRANSACTION
`
`Page 1 of 21
`
`GOOGLE EXHIBIT 1005
`
`Page 1 of 21
`
`GOOGLE EXHIBIT 1005
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 1 of 8
`
`US 2007/0245157 Al
`
`ALVAIYd
`
`b#AYLSIDAY
`
`AYLSIDSY
`
`91}
`
`bl
`
`WaLN39 |Old
`
`NOILVOIIWA
`
`oh
`
`dsvavlvd001
`
`Ywaqvay
`
`—keINN
`
`
`
`801JIMLAWOIE
`
`pOl
`
`ZOlTTag901
`
`Page 2 of 21
`
`Page 2 of 21
`
`

`

`ANOWSW
`YAAIFOSNVYLO/lYAWWVeDOdd
`
`092Ove
`
`C&SveebQ1alddlYaWWVeOOud
`
`SeSedials
`
`CLG9ee¢Q1al4diNLV
`
`dlALIS
`
`Bee
`
`
`
`
`
`Patent Application Publication Oct. 18,2007 Sheet 2 of 8
`
`US 2007/0245157 Al
`
`
`
`
`
`
`
`(0&2)VLVd31140ud(222)AMOLSIH3140ud
`
`bFdOuUd
`
`Orc)
`
`(s)31140Nd
`
`0ce
`
`Page 3 of 21
`
`Page 3 of 21
`
`

`

`ve
`
`
`
`TWNIWYSLO/lIWNIWASL
`
`JOYLNOODche
`
`—
`
`OLE
`
`
`
`ISNLVLS10dO/|
`
`US 2007/0245157 Al
`
`€Sls
`
`Oller
`
`—
`
`
`
`AYLSIDSe/FOVAYALNICOE
`
`
`
`Guv9LIGSYoGYWOLIG3Yd,cor
`
`
`
`
`
`Patent Application Publication Oct. 18,2007 Sheet 3 of 8
`
`
`
`
`
`sasvavlvdYYOMLIN(s)ysavayvol
`
`
`
`SLAWOlEo1dLaNOle
`
`Ysdqvay
`
`Page 4 of 21
`
`Page 4 of 21
`
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 4 of 8
`
`US 2007/0245157 Al
`
` ESTABLISH COMMUNICATION
`
`
`
`BETWEEN RDC AND PDK
`WITHIN RANGE
`
`PERFORM DEVICE
`AUTHENTICATION
`
`404
`
`NO ESAD~A
`
`YES
`
`BUFFER PDK INFORMATION
`IN RDC
`
`|
`
`408
`
`
`
` NO PROFILE
`
`AUTHENTICATION
`
`REQUIRED?
`
`440
`
`YES
`
`PERFORM PROFILE
`AUTHENTICATION
`
`402
`
`
`
`
`NOT AUTHORIZED
`
`
`
`
`
`PROFILE(s) VALID?
`
`TRANSACTION
`
`COMPLETE TRANSACTION
`
`FIG. 4
`
`Page 5 of 21
`
`Page 5 of 21
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 5 of 8
`
`US 2007/0245157 Al
`
`
`
`ANALYZE PDK
`INFORMATION AT RDC
`
`
`
`ANALYZE RDC
`INFORMATION AT PDK
`
`PDK & RDC VALID?
`
`
`
`
`
`502
`
`503
`
`504
`
`506
`
`908
`
`DEVICES
`INVALID
`
`
`
`
`
`DEVICES VALID
`
`510
`
`FIG. 5
`
`Page 6 of 21
`
`Page 6 of 21
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 6 of 8
`
`US 2007/0245157 Al
`
` ESTABLISH SECURE
`
`COMMUNICATION CHANNELWITH
`PDK
`
`602
`
`RANSMIT PROFILE AUTHENTICATION
`REQUEST(s) TO PDK
`
`604
`
`TRIGGER REQUIRED?
`
`608
`
`YES
`
`MONITOR INPUTS
`
`
`
`
`610= 612
`
`
`
`614
`
`
`PERFORM PROFILE TEST(s)
`
`FIG. 6
`
`Page 7 of 21
`
`Page 7 of 21
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 7 of 8
`
`US 2007/0245157 Al
`
`endZpeysenbey
`ONWinyNid
`
`uoyeonuayyn
`
`972Jasn
`WOl4Nidauinboy
`
`gz)—~4ddwosaides|}Nidaaiacay|———,——J
`
`
`
`
`
`————~_seyoyewajdwes>ON<
`
`el—~
`Leaanduy
`
`Nid|i.eAlo0ey
`
`
`
`AddWosyB[YO.le]
`
`
`
`
`
`OUJaWOlg[NJarlaoay
`
`B[Old
`
`702
`
`oujawolgUeIg
`
`
`
`UoeOHUSYNYOLjeWwolg
`
`Epaysenbay
`
`
`80d|ajdwes-o1gavleoey|Taee
`eTJWdwos
`
`
`————<__seyojeyojdweg>ON
`OLmeweBURG
`
`
`
`Page 8 of 21
`
`Page 8 of 21
`
`
`
`
`
`

`

`Patent Application Publication Oct. 18,2007 Sheet 8 of 8
`
`US 2007/0245157 Al
`
`Aysibew
`
`UOHEORUELINY
`
`
`
`UMjauUeYDUORPOIUNWWOD
`
`
`
`aunoesysijqe}sy
`
`
`
`[OldDifAAIG0OY
`
`WdWoy
`
`O}OJU]WdUSUEL|
`
`9vZ
`
`uodqAejdsiq
`
`usa10S
`
`
`
`WOl-4SNESYdaAleooy
`
`Aysibay
`
`0}J9|DJAW
`
`Auag/uuyuo
`
`uep|
`
`OLLCLL
`oSvSZ
`
`pueAuy
`
`
`
`eyodJON
`
`aI
`
`pen
`
`ZPawWwuyuo
`
`Ayjuep|
`
`[Od
`
`PIIEA
`
`QZSls
`
`JLOld
`
`Page 9 of 21
`
`Page 9 of 21
`
`
`
`
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`TWO-LEVEL AUTHENTICATION FOR SECURE
`TRANSACTIONS
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] The present application claims priority under 35
`US.C. § 120 as a continuation-in-part of pending U'S.
`patent application Ser. No. 11/292,330 entitled “Personal
`Digital Key And Receiver/Decoder Circuit System And
`Method,” filed on Nov. 30, 2005, the entire contents of
`which are hereby incorporated by reference.
`
`[0002] The present application claims the benefit of pri-
`ority under 35 U.S.C. § 119(e) of U.S. Provisional Appli-
`cation No. 60/798,172 entitled “Touch Pay”filed on May 5,
`2006; U.S. Provisional Application No. 60/798,843 entitled
`“Touch Pay”filed on May 8, 2006; U.S. Provisional Appli-
`cation No. 60/838,788 entitled “Personal Digital Key Acces-
`sible Storage Device and Processor”filed on Aug. 17, 2006;
`USS. Provisional Application No. 60/824,758 entitled “Tru-
`prox Touch Technology”filed on Sep. 6, 2006; and U.S.
`Provisional Application No. 60/894,608 entitled “TruProx
`Stored-Photo Extension” filed on Mar. 13, 2007, the entire
`contents of which are all herein incorporated by reference.
`
`BACKGROUND
`
`[0003]
`
`1. Field of Art
`
`to electronic
`[0004] The invention generally relates
`authentication, and more specifically, to secure authentica-
`tion using biometric verification.
`
`[0005]
`
`2. Description of the Related Art
`
`[0006] Optimizing sales transactions and providing secure
`access to physical and/or digital assets are challenges faced
`by many businesses and organizations. Ensuring these pro-
`cesses are safe, efficient and simple is important to mer-
`chants, providers, users and consumers alike. Convention-
`ally, technologies such as magnetic cards (e.g., credit cards,
`debit cards, ATM cards, and employee badges) have been
`used in attempt
`to address these needs. More recently,
`various contactless cards or tokens requiring placement near
`compatible readers have been used.
`
`[0007] Each of these technologies, however, has inherent
`problems in providing secure transaction processing and
`access control. In particular, the conventional technologies
`fail
`to sufficiently ensure that
`individuals attempting to
`perform a transaction are associated with the access device
`and are authorized to do so. Conventional attempts to
`address this issue include requiring users to provide Personal
`Identification Numbers (PINs) or passwords in conjunction
`with account numbers. While in some instances,
`these
`options have helped to combat fraudulent activity, these
`solutions add unwanted complexity and delay to transac-
`tions. With the growing need to memorize various PINs and
`passwords,
`individuals tend to repeatedly use the same,
`simple phrase to protect many items, or worse, keep the
`written phrases in their purse/wallet or next to their com-
`puter. Thus,
`the use of PINs and passwords are often
`defeated.
`
`[0008] A technology better suited to address the issue of
`authenticating users is biometrics. In biometric authentica-
`tion, physical and/or behavioral characteristics of an indi-
`Page 10 of 21
`
`vidual are analyzed to uniquely identify the individual. For
`example, biometric characteristics can include fingerprint,
`retinal, iris, face, palm, DNA, voice or signature character-
`istics that can each be uniquely associated with the indi-
`vidual. However, traditional biometric authentication solu-
`tions also suffer from significant problems. First, traditional
`biometric authentication techniques typically expose the
`participating parties to serious liabilities, risks and ineffi-
`ciencies. Conventional biometric authentication techniques
`nearly always require users to release personal, private and
`unchangeable data to a controlling-entity (e.g., a merchant or
`business authority) or to a third-party relied upon by the
`controlling-entity. This exposes an individual’s personal
`biometric information to the possibility of theft and fraudu-
`lent use. Further, controlling entities must either assume the
`risks andliabilities of storing this data, or trust the data to a
`third-party’s care.
`
`conventional biometric authentication
`Second,
`[0009]
`techniques generally require an individual to submit bio-
`metric information (e.g., a fingerprint, retinal scan, facial
`scan, or signature) for storage in a database that can then be
`later used for comparison with biometric data acquired at the
`point of transaction. This “enrollment” process is time-
`consuming, risky, error-prone and considered intrusive by
`many individuals. Further, the enrollment process must be
`repeated for each individual for every intended use. For
`example, a user may need to enroll for biometric authenti-
`cation with his/her company (e.g., for secure access to
`facilities or digital files), and separately enroll with various
`merchants using biometric authentication for transactions.
`Thus, the individual has to spend significant time complet-
`ing each separate enrollment, and additionally must trust
`each entity with his/her personal biometric information. For
`these reasons alone many individuals do not even consider
`these options.
`
`[0010] The above-defined issues represent serious road-
`blocks to the widespread deployment and acceptance of
`conventional biometric authentication options. Unless the
`identified deficiencies are addressed, the full potential of
`biometric solutions will never be realized. Therefore, a new
`technology is needed that provides highly reliable, safe and
`efficient secure authentication for transaction-processing
`and/or access control. Moreover, the new technology should
`allow for a simple and efficient enrollment process that does
`not put an individual’s highly personal informationat risk of
`identity theft or other fraudulent use.
`
`SUMMARY
`
`[0011] A system and methodprovide efficient, secure and
`highly reliable authentication for transaction processing
`and/or access control applications. A portable physical
`device, referred to herein as a Personal Digital Key or
`“PDK”, stores one or more profiles (e.g., a biometric profile)
`in a tamper-proof memory. The biometric profile is acquired
`in a secure trusted process and is uniquely associated with an
`individual that is authorized to use and is associated with the
`PDK. The PDK can wirelessly transmit the identification
`information including a unique PDK identification number
`and the biometric profile over a secure wireless channel for
`use in an authentication process. Additionally, the PDK can
`store other information such as credit/debit card informa-
`tion, bank information, or personal information in a memory
`for use in authorizing or completing a transaction.
`
`Page 10 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`[0012] Typically, a receiving device, referred to herein as
`a Reader, wirelessly receives the profile from the PDK in
`order to process a transaction or provide access to secure
`digital or physical assets. In one embodiment, the Reader
`acquires a biometric input from the individual carrying the
`PDKatthe point of transaction. The biometric input can be
`acquired by, for example, a fingerprint scan, iris scan, retinal
`scan, palm scan, face scan, DNA analysis, signature analy-
`sis, voice analysis or any other input mechanism that pro-
`vides physical or behavioral characteristics uniquely asso-
`ciated with the individual. The Reader compares the
`biometric profile received from the PDK to the biometric
`input obtained at the point of transaction to determineif a
`transaction should be authorized.
`
`In one embodiment, the Reader is further adapted
`[0013]
`to communicate with one or more remote registries to
`provide an additional layer of security in the authentication
`process.
`Information transmitted from the PDK can be
`compared to entries stored in the registries to ensure the
`PDK(and its owner) have not participated in any fraudulent
`use and that the PDK is not invalid, lost or stolen. In yet
`another embodiment, one or more biometric authentications,
`remote registry authentications or other types of authenti-
`cation are used in combination.
`
`[0014] The features and advantages described in the speci-
`fication are not all inclusive and in particular, many addi-
`tional features and advantages will be apparent to one of
`ordinary skill in the art in view of the drawings, specification
`and claims. Moreover, it should be noted that the language
`used in the specification has been principally selected for
`readability and instructional purposes, and may not have
`been selected to delineate or circumscribe the inventive
`
`subject matter.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`[0015] FIG. 1 is a high level block diagram illustrating a
`system for secure electronic authentication.
`
`[0016] FIG. 2 is a block diagram illustrating one embodi-
`ment of a Personal Digital Key (PDK).
`
`[0017] FIG. 3 is a block diagram illustrating one embodi-
`ment of a Reader.
`
`[0018] FIG. 4 is a flowchart illustrating one embodiment
`of a process for authorizing a transaction using secure
`authentication.
`
`[0025] The figures depict various embodiments of the
`present
`invention for purposes of illustration only. One
`skilled in the art will readily recognize from the following
`discussion that alternative embodiments of the structures
`
`and methods illustrated herein may be employed without
`departing from the principles of the invention described
`herein.
`
`DETAILED DESCRIPTION
`
`FIG. 1 is a high level block diagram illustrating a
`[0026]
`system for securely authenticating an individual for trans-
`action-processing and/or access control applications. The
`system 100 comprises a Personal Digital Key (PDK) 102, a
`Reader 108, a network 110 and one or more external
`databases including a validation database 112, a Central
`Registry 114 and one or moreprivate registries 116. The
`Reader 108 is coupled to the PDK 102 by a wireless link 106
`and coupled to a network 110 by either a wired or wireless
`link. The Reader 108 is also adapted to receive a biometric
`input 104 from a user andis capable of displaying status to
`a user. The network 110 couples the validation database 112,
`the Central Registry 114 and twoprivate registries 116 to the
`Reader 108. In alternative embodiments, different or addi-
`tional external registries or databases may be coupledto the
`network 110. In another embodiment, the Reader 108 oper-
`ates as a standalone device without a connection to the
`network 110.
`
`[0027] The system 100 addresses applications where it is
`important to ensure a specific individual is authorized to
`perform a giventransaction. A transaction as used herein can
`include executing a purchase or financial dealing, enabling
`access to physical and/or digital items, verifying identifica-
`tion or personal information or executing other tasks where
`it is important to authenticate an individual for use. Gener-
`ally, the Reader 108 wirelessly receives information stored
`in the PDK 102 that uniquely identifies the PDK 102 and the
`individual carrying the PDK 102. The Reader 108 can also
`receive a biometric input 104 from the individual. Based on
`the received information, the Reader 108 determines if the
`transaction should be authorized. Beneficially, the system
`100 provides comprehensive authentication without
`the
`need for PINs or passwords. Moreover, personal biometric
`information need notbe stored in any local or remote storage
`database and is only stored on the user’s own PDK. Fur-
`thermore, in one embodiment, purchase transactions can be
`efficiently completed without requiring the use of physical
`credit cards, tokensor other user action beyondinitiating the
`transaction.
`
`[0019] FIG. 5 is a flowchart illustrating one embodiment
`of a process for device authentication by a Reader.
`
`FIG.6 is a flowchart illustrating one embodiment
`[0020]
`of a process for profile authentication by a Reader.
`
`[0021] FIG. 7A isa flowchart illustrating one embodiment
`of a process for profile testing using a biometric input.
`
`[0028] The credibility of the system 100 is ensured by the
`use of a PDK 102 that stores trusted information. The PDK
`102 is a compact, portable uniquely identifiable wireless
`device typically carried by an individual. The PDK 102
`stores digital
`information in a tamper-proof format that
`uniquely associates the PDK 102 with an individual.
`Example embodiments of PDKsare described in more detail
`[0022] FIG. 7B isaflowchart illustrating one embodiment
`in U.S. patent application Ser. No. 11/292,330, entitled
`of a processfor profile testing using a personalidentification
`“Personal Digital Key And Receiver/Decoder Circuit Sys-
`number.
`tem And Method” filed on Nov. 30, 2005; U.S. patent
`application Ser. No. 11/620,581 entitled “Wireless Network
`Synchronization Of Cells And Client Devices On A Net-
`work”filed on Jan. 5, 2007; and U.S. patent application Ser.
`No. 11/620,577 entitled “Dynamic Real-Time Tiered Client
`Access”filed on Jan. 5, 2007, the entire contents of which
`are all incorporated herein by reference.
`
`[0023] FIG. 7C is a flowchart illustrating one embodiment
`of a process for profile testing using a picture profile.
`
`[0024] FIG. 7Dis a flowchart illustrating one embodiment
`of a process for profile testing using a private or central
`registry.
`Page 11 of 21
`
`Page 11 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`[0029] To establish thetrust, credibility and confidence of
`the authentication system, information stored in the PDK
`102 is acquired by a process that is trusted, audited and
`easily verified. The process is ensured by a trusted third-
`party system, referred to herein as a Notary, that administers
`the acquisition and storage of information in the PDK 102
`according to defined security protocols. In one embodiment,
`the Notary is a system and/or a trusted individual
`that
`witnesses the acquisition and storage either in person or
`remotely. In another embodiment,
`the Notary comprises
`trusted hardware that administers the initialization process
`by an automated system. Thus, onceinitialized by the trusted
`process, the PDK 102 can provethat the information it stores
`is that of the individual. Example embodiments of the
`initialization process are described in U.S. patent application
`Ser. No. __/
`(Attorney Docket No. 25000-12784) to
`John Giobbi, et al., entitled “Personal Digital Key Initial-
`ization and Registration For Secure Transaction” filed on
`, the entire contents of which are incorporated herein
`by reference.
`
`[0030] The Reader 108 wirelessly communicates with the
`PDK 102 when the PDK 102 is within a proximity zone of
`the Reader 108. The proximity zone can be, for example,
`several meters in radius and can be adjusted dynamically by
`the Reader 108. Thus, in contrast to many conventional RF
`ID devices, the Reader 108 can detect and communicate
`with the PDK 102 without requiring the owner to remove the
`PDK 102 from his/her pocket, wallet, purse, etc. Generally,
`the Reader 108 receives uniquely identifying information
`from the PDK 102 andinitiates an authentication process for
`the individual carrying the PDK 102. In one embodiment,
`the Reader 108 is adapted to receive a biometric input 104
`from the individual. The biometric input 104 comprises a
`representation of physical or behavioral characteristics
`unique to the individual. For example, the biometric input
`104 can include a fingerprint, a palm print, a retinal scan, an
`iris scan, a photograph, a signature, a voice sample or any
`other biometric information such as DNA, RNAortheir
`derivatives that can uniquely identify the individual. The
`Reader 108 compares the biometric input 104 to information
`received from the PDK 102 to determine if a transaction
`
`should be authorized. Alternatively, the biometric input 104
`can be obtained by a biometric reader on the PDK 102 and
`transmitted to the Reader 108 for authentication. In addi-
`tional alternative embodiment, some orall of the authenti-
`cation process can be performed by the PDK 102 instead of
`the Reader 108.
`
`further communicatively
`[0031] The Reader 108 is
`coupled to the network 110 in order to receive and/or
`transmit information to remote databases for remote authen-
`tication.
`In an alternative embodiment,
`the Reader 108
`includes a non-volatile data storage that can be synchronized
`with one or more remote databases 112 orregistries 114-116.
`Such an embodimentalleviates the need for a continuous
`connection to the network 110 and allows the Reader 108 to
`
`operate in a standalone mode andfor the local data storage
`to be updated when a connection is available. For example,
`a standalone Reader 108 can periodically download updated
`registry entries and perform authentication locally without
`any remote lookup.
`
`[0032] The network 110 provides communication between
`the Reader 108 and the validation database 112, Central
`Registry 114 and one or more private registries 116. In
`Page 12 of 21
`
`alternative embodiments, one or more of these connections
`may not be present or different or additional network con-
`nections may be present. In one embodiment, the network
`110 uses standard communications technologies and/or pro-
`tocols. Thus,
`the network 110 can include links using
`technologies such as Ethernet, 802.11, 802.16,
`integrated
`services digital network (ISDN), digital subscriber line
`(DSL), asynchronous transfer mode (ATM), etc. Similarly,
`the networking protocols used on the network 110 can
`include the transmission control protocol/Internet protocol
`(TCP/IP),
`the hypertext
`transport protocol
`(HTTP),
`the
`simple mail
`transfer protocol
`(SMTP),
`the file transfer
`protocol (FTP), etc. The data exchanged over the network
`110 can be represented using technologies and/or formats
`including the hypertext markup language (HTML),
`the
`extensible markup language (XML), etc. In addition, all or
`some of links can be encrypted using conventional encryp-
`tion technologies such as the secure sockets layer (SSL),
`Secure HTTP and/or virtual private networks (VPNs). In
`another embodiment,
`the entities can use custom and/or
`dedicated data communications technologies instead of, or
`in addition to, the ones described above.
`
`[0033] The validation database 112 stores additional infor-
`mation that may be used for authorizing a transaction to be
`processed at the Reader 108. For example,
`in purchase
`transactions, the validation database 112 is a credit card
`validation database that is separate from the merchant pro-
`viding the sale. Alternatively, a different database may be
`used to validate different types of purchasing means such as
`a debit card, ATM card, or bank account number.
`
`[0034] The registries 114-116 are securely-accessible
`databases coupled to the network 110 that store, among other
`items, PDK, Notary, and Reader
`information.
`In one
`embodiment, the registries 114-116 do not store biometric
`information. In an alternative embodiment, a registry stores
`biometric information in an encoded formatthat can only be
`recovered using an algorithm or encoding key stored in the
`PDK 102.
`Information stored in the registries can be
`accessed by the Reader 108 via the network 110 for use in
`the authentication process. There are two basic types of
`registries illustrated: private registries 116 and the Central
`Registry 114. Private registries 116 are generally established
`and administered by their controlling entities (e.g., a mer-
`chant, business authority, or other entity administering
`authentication). Private registries 116 can be custom con-
`figured to meet the specialized and independent needs of
`each controlling entity. The Central Registry 114 is a single
`highly-secured, centrally-located database administered by a
`trusted third-party organization. In one embodiment, all
`PDKs102 are registered with the Central Registry 114 and
`may be optionally registered with one or more selected
`private registries 116. In alternative embodiments, a differ-
`ent numberor different types of registries may be coupled to
`the network 110.
`
`[0035] Turning now to FIG. 2, an example embodiment of
`a PDK 102 is illustrated. The PDK 102 comprises a memory
`210, a programmer I/O 240, control
`logic 250, and a
`transceiver 260, coupled by a bus 270. The PDK 102 can be
`standaloneas a portable, physical device or can be integrated
`into commonlycarried items. For example, a PDK 102 can
`be integrated into a portable electronic device such as a cell
`phone, Personal Digital Assistant (PDA), or GPS unit, an
`employee identification tag, clothing, or jewelry items such
`
`Page 12 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`as watches, rings, necklaces or bracelets. In one embodi-
`ment, the PDK 102 can be, for example, aboutthe size of a
`Subscriber Identity Module (SIM)card and be as small as a
`square inch in areaorless. In another embodiment, the PDK
`102 can be easily contained in a pocket, on a keychain,or in
`a wallet.
`
`[0036] The memory 210 can be a read-only memory, a
`once-programmable memory, a read/write memory or any
`combination of memory types including physical access
`secured and tamperproof memories. The memory 210 typi-
`cally stores a unique PDK ID 212 and one or more profiles
`220. The PDK ID 212 comprises a public section and a
`private section of information, each of which can be used for
`identification and authentication. In one embodiment, the
`PDKID 212 is stored in a read-only format that cannot be
`changed subsequent to manufacture. The PDK ID 212 is
`used as an identifying feature of a PDK 102 and distin-
`guishes between PDKs 102 in private 116 or Central 114
`registry entries. In an alternative embodiment, the registries
`can identify a PDK 102 by a different ID than the PDK ID
`212 stored in the PDK 102, or may use both the PDK ID 212
`and the different ID in conjunction. The PDK ID 212 can
`also be used in basic PDK authentication to ensure that the
`PDK 102 is a valid device.
`
`[0037] The profile fields 220 can beinitially empty at the
`time of manufacture but can be written to by authorized
`individuals (e.g., a Notary) and/or hardware (e.g., a Pro-
`grammer). In one embodiment, each profile 220 comprises
`a profile history 222 and profile data 230. Many different
`types of profiles 220 are possible. A biometric profile, for
`example,
`includes profile data 230 representing physical
`and/or behavioral information that can uniquely identify the
`PDK owner. A PDK 102 can store multiple biometric
`profiles, each comprising a different type of biometric infor-
`mation. In one embodiment, the biometric profile 220 com-
`prises biometric information transformed by a mathematical
`operation, algorithm, or hash that represents the complete
`biometric information (e.g., a complete fingerprint scan). In
`one embodiment, a mathematical hash is a “one-way”opera-
`tion such that there is no practical way to re-compute or
`recover the complete biometric information from the bio-
`metric profile. This both reduces the amount of data to be
`stored and adds an additionallayer of protection to the user’s
`personal biometric information. In one embodiment,
`the
`biometric profile is further encoded using a encoding key
`and/or algorithm that is stored with the biometric profile
`data. Then, for authentication, both the biometric profile data
`and the encoding key and/or algorithm are passed to the
`Reader 108.
`
`In one embodiment the PDK 102 also stores one or
`[0038]
`more biometric profile “samples” associated with each bio-
`metric profile. The biometric profile sample is a subset of the
`complete profile that can be used for quick comparisons of
`biometric data. In one embodiment, the profile samples can
`be transmitted over a public communication channel or
`transmitted with reduced level of encryption while the full
`biometric profiles are only transmitted over secure channels.
`In the case of fingerprint authentication, for example, the
`biometric profile sample may represent only small portion
`area of the full fingerprint image. In another embodiment,
`the fingerprint profile sample is data that describes an arc of
`one or more lines of the fingerprint. In yet another embodi-
`Page 13 of 21
`
`ment, the fingerprint profile sample can be data representing
`color information of the fingerprint.
`
`the stored profiles 220
`In another embodiment,
`[0039]
`include a PIN profile that stores one or more PINs or
`passwords associated with the PDK owner. Here, the num-
`ber or password stored in the PIN profile can be compared
`against an input provided by the user at
`the point of
`transaction to authenticate the user. In one embodiment, a
`PIN profile sample is also stored with the PIN profile that
`comprises a subset of the full PIN. For example, a PIN
`profile sample can be only the first two numbers of the PIN
`that can be used to quickly compare the stored PIN profile
`to a PIN obtained at the point of transaction.
`
`In yet another embodiment, the PDK 102 stores a
`[0040]
`picture profile that includes one or more pictures of the PDK
`owner. In a picture profile authentication, the picture stored
`in the PDK 102 is transmitted to a display at the point of
`transaction to allow an administrator(e.g., a clerk or security
`guard) to confirm or reject the identity of the individual
`requesting the transaction. In another embodiment, an image
`is captured of the individual at the point of transaction and
`compared to the picture profile by an automated image
`analysis means. Furthermore, picture profiles could be used,
`for example, in place of conventional passports or drivers
`licenses to authenticate the identity of an individual and
`allow for remote identification of individuals. For example,
`a police officer following a vehicle could obtain an image
`and identity of the driver while still maintaining a safe
`distance from the vehicle. In the hospitality industry, a host
`could greet a guest at the door of a hotel, casino or restaurant
`and easily recognize the guest by obtaining the guest’s
`picture profile as he/she enters.
`
`[0041] A registry or database profile typically stores infor-
`mation associating the user with a registry. The registry
`profile can be used to determineif the individual is associ-
`ated with the controlling entity for that registry and if
`different types of transactions are authorized for the indi-
`vidual. A registry profile can further include additional user
`information for use with the registry. For example, a private
`registry profile associated with a particular merchant may
`include a credit card numberthat the user has selected as a
`
`default for that merchant. In one embodiment, a profile can
`further include spending limits that limits the amount of
`purchases a user can make with a particular vendoror using
`a particular profile.
`
`[0042] A profile can further include personal identification
`information such as name, address, phone number,etc., bank
`information, credit/debit card information, or membership
`information. This information can be useful for certain types
`of transactions. For example, with purchases that require
`delivery, a PDK 102 can automatically transmit address
`information to the Reader 108 at the point of transaction. In
`one embodiment, a profile can store multiple addresses. At
`the point of transaction, the Reader 108 displays the address
`options and allows the user to select which address to use.
`
`[0043] Generally, some types of profile information (e.g.,
`a biometric profile) can only be acquired during a trusted
`initialization process that
`is administered by a trusted
`Notary. In one embodiment, other secure information such
`as credit card information are also stored to the PDK in the
`presence of a Notary. Alternatively, certain types of low-risk
`information can be added bythe user without a Notary, such
`
`Page 13 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`as, for example a changeof address. In another embodiment,
`onceaninitial profile has been stored to the PDK 102, a user
`can add information to the PDK 102 using a Programmer
`without a Notary through self-authentication. For example,
`in one embodiment, a PDK 102 that has a stored biometr