1111111111111111 IIIIII IIIII 11111 1111111111 111111111111111 IIIII IIIII 111111111111111 11111111
`US 20070245157Al
`
`c19) United States
`c12) Patent Application Publication
`Giobbi et al.
`
`c10) Pub. No.: US 2007 /0245157 Al
`Oct. 18, 2007
`(43) Pub. Date:
`
`(54) TWO-LEVEL AUTHENTICATION FOR
`SECURE TRANSACTIONS
`
`No. 60/824,758, filed on Sep. 6, 2006. Provisional
`application No. 60/894,608, filed on Mar. 13, 2007.
`
`(76)
`
`Inventors: John J. Giobbi, Bend, OR (US); David
`L. Brown, Jupiter, FL (US); Fred S.
`Hirt, Brookfield, IL (US)
`
`Correspondence Address:
`FENWICK & WEST LLP
`SILICON VALLEY CENTER
`801 CALIFORNIA STREET
`MOUNTAIN VIEW, CA 94041 (US)
`
`(21) Appl. No.:
`
`11/744,831
`
`(22) Filed:
`
`May 5, 2007
`
`Related U.S. Application Data
`
`(63) Continuation-in-part of application No. 11/292,330,
`filed on Nov. 30, 2005.
`
`(60) Provisional application No. 60/798,172, filed on May
`5, 2006. Provisional application No. 60/798,843, filed
`on May 8, 2006. Provisional application No. 60/838,
`788, filed on Aug. 17, 2006. Provisional application
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`H04L 9/00
`(2006.01)
`(52) U.S. Cl. .............................................................. 713/186
`
`(57)
`
`ABSTRACT
`
`A system and method provide efficient, secure, and highly
`reliable authentication for transaction processing and/or
`access control applications. A Personal Digital Key stores
`one or more profiles ( e.g., a biometric profile) in a tamper(cid:173)
`proof memory that is acquired in a secure trusted process.
`Biometric profiles comprise a representation of physical or
`behavioral characteristics that are uniquely associated with
`an individual that owns and carries the PDK. The PDK
`wirelessly transmits the biometric profile over a secure
`wireless transaction to a Reader for use in a biometric
`authentication process. The Reader compares the received
`biometric profile to a biometric input acquired at the point of
`transaction in order to determine if the transaction should be
`authorized.
`
`STABLISH COMMUNICATION
`BETWEEN RDC AND POK
`WITHIN RANGE
`
`402
`
`PERFORM DEVICE
`AUTHENTICATION
`
`NO
`
`BUFFER POK INFORMATION
`IN RDC
`
`PERFORM PROFILE
`AUTHENTICATION
`
`404
`
`406
`
`408
`
`412
`
`414
`
`416
`
`TRANSACTION
`NOT AUTHORIZED
`
`418
`
`Page 1 of 21
`
`GOOGLE EXHIBIT 1006
`
`

`

`Patent Application Publication Oct. 18, 2007 Sheet 1 of 8
`
`US 2007/0245157 Al
`
`~
`UJ >-
`1- 0:::: ..cl
`~ I -~
`0:::: Cl) .......
`a.. (9
`UJ
`0::::
`
`.......
`:::i::t: w >-
`~ 0:::: ml
`> I -~
`0:::: Cl) .......
`a.. (9
`UJ
`0::::
`
`Zw
`Oen
`i= < NI
`< 00 .....
`g~ .....
`_J <
`~Cl
`
`~I
`
`~ -(!)
`LL
`
`0:::
`w 001 Clo
`<( ....... w
`0:::
`
`oi
`0::: I-
`I- ::::, -.::ti
`w a_ a
`~ z ....... o-
`
`CD
`
`(0 a .......
`
`~NI
`QC>
`a.. .......
`
`Page 2 of 21
`
`

`

`(') ... ....
`.... 0 =
`""O = O" -....
`.... 0 =
`t "e -....
`
`> ....
`-....J
`Ul
`....
`Ul
`.i;...
`N
`0
`~
`0
`0
`N
`rJJ
`c
`
`0 ....
`N
`.....
`rJJ =(cid:173)
`
`('D
`('D
`
`CIO
`
`-....J
`0
`0
`N
`~CIO
`
`0
`
`~ .....
`
`(')
`
`~ .....
`
`(')
`
`('D = .....
`~ .....
`""O
`
`260
`
`TRANSCEIVER
`I
`
`-
`
`♦
`
`♦
`
`♦
`
`I -
`
`FIG. 2
`
`250
`
`CONTROL LOGIC
`
`I
`
`232
`
`FIELD N
`
`I
`
`240
`
`PROGRAMMER 1/0
`
`I
`
`FIELD 2
`
`.
`. .
`
`232
`
`232
`
`FIELD 1
`
`228
`
`SITEID
`
`226
`
`ATN ID
`
`224
`
`PROGRAMMER ID
`
`212
`
`PDKID
`
`PROFILE DATA (n,Q)
`
`PROFILE HISTORY (m)
`
`PROFILE 1
`
`PROFILE 2
`
`PROFILE N
`
`MEMORY (21 O}
`
`220 ~
`
`PROFILE(s)
`
`L
`POK
`
`Page 3 of 21
`
`

`

`> ....
`....
`-....J --- 0
`
`-....J
`Ul
`Ul
`.i;...
`N
`
`0
`0
`N
`rJJ
`c
`
`FIG. 3
`
`r---108
`
`~
`
`('D
`
`0 ....
`.....
`rJJ =- ('D
`
`CIO
`
`....
`(') ...
`0
`=
`.... 0
`.....
`""O = O" -
`....
`.... 0 =
`"e -....
`> "e
`('D = .....
`~ .....
`""O
`
`~
`(')
`
`~ .....
`
`(')
`
`-....J
`0
`0
`N
`~CIO
`
`316
`
`CONTROL
`STATUS/
`
`314
`
`TERMINAL
`
`CREDIT CARD
`
`112:11§.
`
`/REGISTRY
`DATABASES
`
`....
`....
`
`....
`...
`
`..
`
`....
`
`~
`
`.....
`
`312
`
`1/0 PORT
`
`-
`
`I
`
`PROCESSOR ,___
`
`306
`
`------
`I
`
`310
`
`~
`
`~TERMINAL 1/0 ~
`
`lcREDIT CARD
`
`,___
`
`304
`RDC
`
`308
`
`-.:
`
`INTERFACE
`NETWORK
`
`-
`
`READER(s) .___
`BIOMETRIC
`
`302
`
`READER
`
`~
`
`-
`
`
`-~
`
`.....
`....
`
`102
`PDK
`
`104
`
`IC
`
`INPUT
`BIOMETR
`
`Page 4 of 21
`
`

`

`Patent Application Publication Oct. 18, 2007 Sheet 4 of 8
`
`US 2007/0245157 Al
`
`ESTABLISH COMMUNICATION
`BETWEEN RDC AND POK
`WITHIN RANGE
`
`402
`
`PERFORM DEVICE
`AUTHENTICATION
`
`NO
`
`BUFFER POK INFORMATION
`INRDC
`
`PERFORM PROFILE
`AUTHENTICATION
`
`404
`
`406
`
`408
`
`412
`
`414
`
`COMPLETE TRANSACTION ____ ___,
`416
`
`FIG. 4
`
`TRANSACTION
`NOT AUTHORIZED
`
`418
`
`Page 5 of 21
`
`

`

`Patent Application Publication Oct. 18, 2007 Sheet 5 of 8
`
`US 2007/0245157 Al
`
`NO
`
`512
`
`NO
`
`DEVICES
`INVALID
`
`ANALYZE POK
`INFORMATION AT RDC
`
`ANALYZE RDC
`INFORMATION AT POK
`
`502
`
`503
`
`504
`
`RECEIVE AUTHENTICATION
`TYPES
`
`506
`
`508
`
`YES
`
`DEVICES VALID
`
`510
`
`FIG. 5
`
`Page 6 of 21
`
`

`

`Patent Application Publication Oct. 18, 2007 Sheet 6 of 8
`
`US 2007/0245157 Al
`
`ESTABLISH SECURE
`COMMUNICATION CHANNEL WITH
`POK
`
`602
`
`RANSMIT PROFILE AUTHENTICATION
`REQUEST(s) TO POK
`
`604
`
`NO
`
`NO
`
`608
`
`MONITOR INPUTS
`
`610
`
`612
`
`YES
`
`PERFORM PROFILE TEST(s)
`
`614
`
`FIG. 6
`
`Page 7 of 21
`
`

`

`> ....
`-....J
`Ul
`....
`Ul
`.i;...
`N
`0
`~
`0
`0
`N
`rJJ
`c
`
`FIG. 78
`
`718
`
`FIG. ?A
`
`(') ... ....
`.... 0 =
`""O = O" -....
`.... 0 =
`t "e -....
`
`~ .....
`
`(')
`
`('D = .....
`~ .....
`""O
`
`0 ....
`-....J
`.....
`rJJ =(cid:173)
`
`('D
`('D
`
`CIO
`
`-....J
`0
`0
`N
`~CIO
`
`0
`
`~ .....
`
`(')
`
`1-I
`:
`
`732
`
`I
`I
`1
`--I
`
`Profile From POK
`Receive Full PIN
`
`YES
`
`NO
`
`_______ _,..,.,-;:.__ 730
`--------, Input? _,,.--------
`< Sample Matches·, __
`_,,.__.
`
`-----
`
`,.,.,.,., ...... .,." .......... , .......
`
`___ f __ J
`I Sample From PDK r--728
`I
`1 Receive PIN
`r------
`
`726
`
`User
`
`Acquire PIN From
`
`ES
`
`724
`
`1auested? /
`PIN Authentication
`
`I_J
`I
`712 I
`I
`I
`I
`I
`
`Profile
`
`Receive Full Biometric
`
`YES
`
`V
`
`---------Scan?
`<,,.-Sample Matches ----~-__ _
`
`,..-.,:.;,__ 71 0
`
`,,..------
`
`----,__
`
`,,,_,,,,,__.-· -------------, N 0
`
`1---708
`
`From PDK
`
`I
`I Receive Bio-Sample I
`--------,
`
`L __ l ___ ...,
`
`704
`
`Input
`
`Scan Biometric
`
`Page 8 of 21
`
`

`

`> ....
`-....J
`Ul
`....
`Ul
`.i;...
`N
`0
`~
`0
`0
`N
`rJJ
`c
`
`FIG. 7D
`
`FIG. 7C
`
`(') ... ....
`.... 0 =
`""O = O" -....
`.... 0 =
`t "e -....
`
`~ .....
`
`(')
`
`('D = .....
`~ .....
`""O
`
`0 ....
`CIO
`.....
`rJJ =(cid:173)
`
`('D
`('D
`
`CIO
`
`-....J
`0
`0
`N
`~CIO
`
`0
`
`~ .....
`
`(')
`
`1-766
`
`Registry
`
`Receive POK Status From
`
`764
`
`-
`
`Registry
`
`Transmit POK Info to
`
`762
`
`Reoist1
`
`Communication Channel with
`
`Establish Secure
`
`YES
`
`760
`
`NO
`
`Authentication
`
`748
`
`746
`
`ldenti
`
`Confirm/Deny
`Prompt Clerk to
`
`Screen
`
`Display Pie on
`
`744
`
`From POK
`
`Receive Pie Profile
`
`YES
`
`NO
`
`Page 9 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`1
`
`TWO-LEVEL AUTHENTICATION FOR SECURE
`TRANSACTIONS
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] The present application claims priority under 35
`U.S.C. § 120 as a continuation-in-part of pending U.S.
`patent application Ser. No. 11/292,330 entitled "Personal
`Digital Key And Receiver/Decoder Circuit System And
`Method," filed on Nov. 30, 2005, the entire contents of
`which are hereby incorporated by reference.
`
`[0002] The present application claims the benefit of pri(cid:173)
`ority under 35 U.S.C. § 119(e) of U.S. Provisional Appli(cid:173)
`cation No. 60/798,172 entitled "Touch Pay" filed on May 5,
`2006; U.S. Provisional Application No. 60/798,843 entitled
`"Touch Pay" filed on May 8, 2006; U.S. Provisional Appli(cid:173)
`cation No. 60/838,788 entitled "Personal Digital Key Acces(cid:173)
`sible Storage Device and Processor" filed on Aug. 17, 2006;
`U.S. Provisional Application No. 60/824,758 entitled "Tru(cid:173)
`prox Touch Technology" filed on Sep. 6, 2006; and U.S.
`Provisional Application No. 60/894,608 entitled "TruProx
`Stored-Photo Extension" filed on Mar. 13, 2007, the entire
`contents of which are all herein incorporated by reference.
`
`BACKGROUND
`
`[0003] 1. Field of Art
`
`[0004] The
`to electronic
`invention generally relates
`authentication, and more specifically, to secure authentica(cid:173)
`tion using biometric verification.
`
`[0005] 2. Description of the Related Art
`
`[0006] Optimizing sales transactions and providing secure
`access to physical and/or digital assets are challenges faced
`by many businesses and organizations. Ensuring these pro(cid:173)
`cesses are safe, efficient and simple is important to mer(cid:173)
`chants, providers, users and consumers alike. Convention(cid:173)
`ally, technologies such as magnetic cards ( e.g., credit cards,
`debit cards, ATM cards, and employee badges) have been
`used in attempt to address these needs. More recently,
`various contactless cards or tokens requiring placement near
`compatible readers have been used.
`
`[0007] Each of these technologies, however, has inherent
`problems in providing secure transaction processing and
`access control. In particular, the conventional technologies
`fail to sufficiently ensure that individuals attempting to
`perform a transaction are associated with the access device
`and are authorized to do so. Conventional attempts to
`address this issue include requiring users to provide Personal
`Identification Numbers (PINs) or passwords in conjunction
`with account numbers. While in some instances, these
`options have helped to combat fraudulent activity, these
`solutions add unwanted complexity and delay to transac(cid:173)
`tions. With the growing need to memorize various PINs and
`passwords, individuals tend to repeatedly use the same,
`simple phrase to protect many items, or worse, keep the
`written phrases in their purse/wallet or next to their com(cid:173)
`puter. Thus, the use of PINs and passwords are often
`defeated.
`
`[0008] A technology better suited to address the issue of
`authenticating users is biometrics. In biometric authentica(cid:173)
`tion, physical and/or behavioral characteristics of an indi-
`
`vidual are analyzed to uniquely identify the individual. For
`example, biometric characteristics can include fingerprint,
`retinal, iris, face, palm, DNA, voice or signature character(cid:173)
`istics that can each be uniquely associated with the indi(cid:173)
`vidual. However, traditional biometric authentication solu(cid:173)
`tions also suffer from significant problems. First, traditional
`biometric authentication techniques typically expose the
`participating parties to serious liabilities, risks and ineffi(cid:173)
`ciencies. Conventional biometric authentication techniques
`nearly always require users to release personal, private and
`unchangeable data to a controlling-entity ( e.g., a merchant or
`business authority) or to a third-party relied upon by the
`controlling-entity. This exposes an individual's personal
`biometric information to the possibility of theft and fraudu(cid:173)
`lent use. Further, controlling entities must either assume the
`risks and liabilities of storing this data, or trust the data to a
`third-party's care.
`
`[0009] Second, conventional biometric authentication
`techniques generally require an individual to submit bio(cid:173)
`metric information (e.g., a fingerprint, retinal scan, facial
`scan, or signature) for storage in a database that can then be
`later used for comparison with biometric data acquired at the
`point of transaction. This "enrollment" process is time(cid:173)
`consuming, risky, error-prone and considered intrusive by
`many individuals. Further, the enrollment process must be
`repeated for each individual for every intended use. For
`example, a user may need to enroll for biometric authenti(cid:173)
`cation with his/her company ( e.g., for secure access to
`facilities or digital files), and separately enroll with various
`merchants using biometric authentication for transactions.
`Thus, the individual has to spend significant time complet(cid:173)
`ing each separate enrollment, and additionally must trust
`each entity with his/her personal biometric information. For
`these reasons alone many individuals do not even consider
`these options.
`
`[0010] The above-defined issues represent serious road(cid:173)
`blocks to the widespread deployment and acceptance of
`conventional biometric authentication options. Unless the
`identified deficiencies are addressed, the full potential of
`biometric solutions will never be realized. Therefore, a new
`technology is needed that provides highly reliable, safe and
`efficient secure authentication for transaction-processing
`and/or access control. Moreover, the new technology should
`allow for a simple and efficient enrollment process that does
`not put an individual's highly personal information at risk of
`identity theft or other fraudulent use.
`
`SUMMARY
`
`[0011] A system and method provide efficient, secure and
`highly reliable authentication for transaction processing
`and/or access control applications. A portable physical
`device, referred to herein as a Personal Digital Key or
`"PDK", stores one or more profiles ( e.g., a biometric profile)
`in a tamper-proof memory. The biometric profile is acquired
`in a secure trusted process and is uniquely associated with an
`individual that is authorized to use and is associated with the
`PDK. The PDK can wirelessly transmit the identification
`information including a unique PDK identification number
`and the biometric profile over a secure wireless channel for
`use in an authentication process. Additionally, the PDK can
`store other information such as credit/debit card informa(cid:173)
`tion, bank information, or personal information in a memory
`for use in authorizing or completing a transaction.
`
`Page 10 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`2
`
`[0012] Typically, a receiving device, referred to herein as
`a Reader, wirelessly receives the profile from the PDK in
`order to process a transaction or provide access to secure
`digital or physical assets. In one embodiment, the Reader
`acquires a biometric input from the individual carrying the
`PDK at the point of transaction. The biometric input can be
`acquired by, for example, a fingerprint scan, iris scan, retinal
`scan, palm scan, face scan, DNA analysis, signature analy(cid:173)
`sis, voice analysis or any other input mechanism that pro(cid:173)
`vides physical or behavioral characteristics uniquely asso(cid:173)
`ciated with the individual. The Reader compares the
`biometric profile received from the PDK to the biometric
`input obtained at the point of transaction to determine if a
`transaction should be authorized.
`[0013]
`In one embodiment, the Reader is further adapted
`to communicate with one or more remote registries to
`provide an additional layer of security in the authentication
`process. Information transmitted from the PDK can be
`compared to entries stored in the registries to ensure the
`PDK (and its owner) have not participated in any fraudulent
`use and that the PDK is not invalid, lost or stolen. In yet
`another embodiment, one or more biometric authentications,
`remote registry authentications or other types of authenti(cid:173)
`cation are used in combination.
`[0014] The features and advantages described in the speci(cid:173)
`fication are not all inclusive and in particular, many addi(cid:173)
`tional features and advantages will be apparent to one of
`ordinary skill in the art in view of the drawings, specification
`and claims. Moreover, it should be noted that the language
`used in the specification has been principally selected for
`readability and instructional purposes, and may not have
`been selected to delineate or circumscribe the inventive
`subject matter.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`[0015] FIG. 1 is a high level block diagram illustrating a
`system for secure electronic authentication.
`[0016] FIG. 2 is a block diagram illustrating one embodi(cid:173)
`ment of a Personal Digital Key (PDK).
`[0017] FIG. 3 is a block diagram illustrating one embodi(cid:173)
`ment of a Reader.
`[0018] FIG. 4 is a flowchart illustrating one embodiment
`of a process for authorizing a transaction using secure
`authentication.
`
`[0019] FIG. 5 is a flowchart illustrating one embodiment
`of a process for device authentication by a Reader.
`
`[0020] FIG. 6 is a flowchart illustrating one embodiment
`of a process for profile authentication by a Reader.
`
`[0021] FIG. 7A is a flowchart illustrating one embodiment
`of a process for profile testing using a biometric input.
`
`[0022] FIG. 7B is a flowchart illustrating one embodiment
`of a process for profile testing using a personal identification
`number.
`
`[0023] FIG. 7C is a flowchart illustrating one embodiment
`of a process for profile testing using a picture profile.
`
`[0024] FIG. 7D is a flowchart illustrating one embodiment
`of a process for profile testing using a private or central
`registry.
`
`[0025] The figures depict various embodiments of the
`present invention for purposes of illustration only. One
`skilled in the art will readily recognize from the following
`discussion that alternative embodiments of the structures
`and methods illustrated herein may be employed without
`departing from the principles of the invention described
`herein.
`
`DETAILED DESCRIPTION
`[0026] FIG. 1 is a high level block diagram illustrating a
`system for securely authenticating an individual for trans(cid:173)
`action-processing and/or access control applications. The
`system 100 comprises a Personal Digital Key (PDK) 102, a
`Reader 108, a network 110 and one or more external
`databases including a validation database 112, a Central
`Registry 114 and one or more private registries 116. The
`Reader 108 is coupled to the PDK 102 by a wireless link 106
`and coupled to a network 110 by either a wired or wireless
`link. The Reader 108 is also adapted to receive a biometric
`input 104 from a user and is capable of displaying status to
`a user. The network 110 couples the validation database 112,
`the Central Registry 114 and two private registries 116 to the
`Reader 108. In alternative embodiments, different or addi(cid:173)
`tional external registries or databases may be coupled to the
`network 110. In another embodiment, the Reader 108 oper(cid:173)
`ates as a standalone device without a connection to the
`network 110.
`[0027] The system 100 addresses applications where it is
`important to ensure a specific individual is authorized to
`perform a given transaction. A transaction as used herein can
`include executing a purchase or financial dealing, enabling
`access to physical and/or digital items, verifying identifica(cid:173)
`tion or personal information or executing other tasks where
`it is important to authenticate an individual for use. Gener(cid:173)
`ally, the Reader 108 wirelessly receives information stored
`in the PDK 102 that uniquely identifies the PDK 102 and the
`individual carrying the PDK 102. The Reader 108 can also
`receive a biometric input 104 from the individual. Based on
`the received information, the Reader 108 determines if the
`transaction should be authorized. Beneficially, the system
`100 provides comprehensive authentication without the
`need for PINs or passwords. Moreover, personal biometric
`information need not be stored in any local or remote storage
`database and is only stored on the user's own PDK. Fur(cid:173)
`thermore, in one embodiment, purchase transactions can be
`efficiently completed without requiring the use of physical
`credit cards, tokens or other user action beyond initiating the
`transaction.
`[0028] The credibility of the system 100 is ensured by the
`use of a PDK 102 that stores trusted information. The PDK
`102 is a compact, portable uniquely identifiable wireless
`device typically carried by an individual. The PDK 102
`stores digital information in a tamper-proof format that
`uniquely associates the PDK 102 with an individual.
`Example embodiments of PD Ks are described in more detail
`in U.S. patent application Ser. No. 11/292,330, entitled
`"Personal Digital Key And Receiver/Decoder Circuit Sys(cid:173)
`tem And Method" filed on Nov. 30, 2005; U.S. patent
`application Ser. No. 11/620,581 entitled "Wireless Network
`Synchronization Of Cells And Client Devices On A Net(cid:173)
`work" filed on Jan. 5, 2007; and U.S. patent application Ser.
`No. 11/620,577 entitled "Dynamic Real-Time Tiered Client
`Access" filed on Jan. 5, 2007, the entire contents of which
`are all incorporated herein by reference.
`
`Page 11 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`3
`
`[0029] To establish the trust, credibility and confidence of
`the authentication system, information stored in the PDK
`102 is acquired by a process that is trusted, audited and
`easily verified. The process is ensured by a trusted third(cid:173)
`party system, referred to herein as a Notary, that administers
`the acquisition and storage of information in the PDK 102
`according to defined security protocols. In one embodiment,
`the Notary is a system and/or a trusted individual that
`witnesses the acquisition and storage either in person or
`remotely. In another embodiment, the Notary comprises
`trusted hardware that administers the initialization process
`by an automated system. Thus, once initialized by the trusted
`process, the PDK 102 can prove that the information it stores
`is that of the individual. Example embodiments of the
`initialization process are described in U.S. patent application
`Ser. No._/ ___ (Attorney Docket No. 25000-12784) to
`John Giobbi, et al., entitled "Personal Digital Key Initial(cid:173)
`ization and Registration For Secure Transaction" filed on
`___ , the entire contents of which are incorporated herein
`by reference.
`[0030] The Reader 108 wirelessly communicates with the
`PDK 102 when the PDK 102 is within a proximity zone of
`the Reader 108. The proximity zone can be, for example,
`several meters in radius and can be adjusted dynamically by
`the Reader 108. Thus, in contrast to many conventional RF
`ID devices, the Reader 108 can detect and communicate
`with the PDK 102 without requiring the owner to remove the
`PDK 102 from his/her pocket, wallet, purse, etc. Generally,
`the Reader 108 receives uniquely identifying information
`from the PDK 102 and initiates an authentication process for
`the individual carrying the PDK 102. In one embodiment,
`the Reader 108 is adapted to receive a biometric input 104
`from the individual. The biometric input 104 comprises a
`representation of physical or behavioral characteristics
`unique to the individual. For example, the biometric input
`104 can include a fingerprint, a palm print, a retinal scan, an
`iris scan, a photograph, a signature, a voice sample or any
`other biometric information such as DNA, RNA or their
`derivatives that can uniquely identify the individual. The
`Reader 108 compares the biometric input 104 to information
`received from the PDK 102 to determine if a transaction
`should be authorized. Alternatively, the biometric input 104
`can be obtained by a biometric reader on the PDK 102 and
`transmitted to the Reader 108 for authentication. In addi(cid:173)
`tional alternative embodiment, some or all of the authenti(cid:173)
`cation process can be performed by the PDK 102 instead of
`the Reader 108.
`
`[0031] The Reader 108
`further communicatively
`is
`coupled to the network 110 in order to receive and/or
`transmit information to remote databases for remote authen(cid:173)
`tication. In an alternative embodiment, the Reader 108
`includes a non-volatile data storage that can be synchronized
`with one or more remote databases 112 or registries 114-116.
`Such an embodiment alleviates the need for a continuous
`connection to the network 110 and allows the Reader 108 to
`operate in a standalone mode and for the local data storage
`to be updated when a connection is available. For example,
`a standalone Reader 108 can periodically download updated
`registry entries and perform authentication locally without
`any remote lookup.
`
`[0032] The network 110 provides communication between
`the Reader 108 and the validation database 112, Central
`Registry 114 and one or more private registries 116. In
`
`alternative embodiments, one or more of these connections
`may not be present or different or additional network con(cid:173)
`nections may be present. In one embodiment, the network
`110 uses standard communications technologies and/or pro(cid:173)
`tocols. Thus, the network 110 can include links using
`technologies such as Ethernet, 802.11, 802.16, integrated
`services digital network (ISDN), digital subscriber line
`(DSL), asynchronous transfer mode (ATM), etc. Similarly,
`the networking protocols used on the network 110 can
`include the transmission control protocol/Internet protocol
`(TCP/IP), the hypertext transport protocol (HTTP), the
`simple mail transfer protocol (SMTP), the file transfer
`protocol (FTP), etc. The data exchanged over the network
`110 can be represented using technologies and/or formats
`including the hypertext markup language (HTML), the
`extensible markup language (XML), etc. In addition, all or
`some of links can be encrypted using conventional encryp(cid:173)
`tion technologies such as the secure sockets layer (SSL),
`Secure HTTP and/or virtual private networks (VPNs). In
`another embodiment, the entities can use custom and/or
`dedicated data communications technologies instead of, or
`in addition to, the ones described above.
`[0033] The validation database 112 stores additional infor(cid:173)
`mation that may be used for authorizing a transaction to be
`processed at the Reader 108. For example, in purchase
`transactions, the validation database 112 is a credit card
`validation database that is separate from the merchant pro(cid:173)
`viding the sale. Alternatively, a different database may be
`used to validate different types of purchasing means such as
`a debit card, ATM card, or bank account number.
`
`[0034] The registries 114-116 are securely-accessible
`databases coupled to the network 110 that store, among other
`items, PDK, Notary, and Reader information. In one
`embodiment, the registries 114-116 do not store biometric
`information. In an alternative embodiment, a registry stores
`biometric information in an encoded format that can only be
`recovered using an algorithm or encoding key stored in the
`PDK 102. Information stored in the registries can be
`accessed by the Reader 108 via the network 110 for use in
`the authentication process. There are two basic types of
`registries illustrated: private registries 116 and the Central
`Registry 114. Private registries 116 are generally established
`and administered by their controlling entities (e.g., a mer(cid:173)
`chant, business authority, or other entity administering
`authentication). Private registries 116 can be custom con(cid:173)
`figured to meet the specialized and independent needs of
`each controlling entity. The Central Registry 114 is a single
`highly-secured, centrally-located database administered by a
`trusted third-party organization. In one embodiment, all
`PDKs 102 are registered with the Central Registry 114 and
`may be optionally registered with one or more selected
`private registries 116. In alternative embodiments, a differ(cid:173)
`ent number or different types of registries may be coupled to
`the network 110.
`
`[0035] Turning now to FIG. 2, an example embodiment of
`a PDK 102 is illustrated. The PDK 102 comprises a memory
`210, a programmer I/0 240, control logic 250, and a
`transceiver 260, coupled by a bus 270. The PDK 102 can be
`standalone as a portable, physical device or can be integrated
`into commonly carried items. For example, a PDK 102 can
`be integrated into a portable electronic device such as a cell
`phone, Personal Digital Assistant (PDA), or GPS unit, an
`employee identification tag, clothing, or jewelry items such
`
`Page 12 of 21
`
`

`

`US 2007/0245157 Al
`
`Oct. 18, 2007
`
`4
`
`as watches, rings, necklaces or bracelets. In one embodi(cid:173)
`ment, the PDK 102 can be, for example, about the size of a
`Subscriber Identity Module (SIM) card and be as small as a
`square inch in area or less. In another embodiment, the PDK
`102 can be easily contained in a pocket, on a keychain, or in
`a wallet.
`
`[0036] The memory 210 can be a read-only memory, a
`once-programmable memory, a read/write memory or any
`combination of memory types including physical access
`secured and tamperproof memories. The memory 210 typi(cid:173)
`cally stores a unique PDK ID 212 and one or more profiles
`220. The PDK ID 212 comprises a public section and a
`private section of information, each of which can be used for
`identification and authentication. In one embodiment, the
`PDK ID 212 is stored in a read-only format that cannot be
`changed subsequent to manufacture. The PDK ID 212 is
`used as an identifying feature of a PDK 102 and distin(cid:173)
`guishes between PDKs 102 in private 116 or Central 114
`registry entries. In an alternative embodiment, the registries
`can identify a PDK 102 by a different ID than the PDK ID
`212 stored in the PDK 102, or may use both the PDK ID 212
`and the different ID in conjunction. The PDK ID 212 can
`also be used in basic PDK authentication to ensure that the
`PDK 102 is a valid device.
`
`[0037] The profile fields 220 can be initially empty at the
`time of manufacture but can be written to by authorized
`individuals (e.g., a Notary) and/or hardware (e.g., a Pro(cid:173)
`grammer). In one embodiment, each profile 220 comprises
`a profile history 222 and profile data 230. Many different
`types of profiles 220 are possible. A biometric profile, for
`example, includes profile data 230 representing physical
`and/or behavioral information that can uniquely identify the
`PDK owner. A PDK 102 can store multiple biometric
`profiles, each comprising a different type of biometric infor(cid:173)
`mation. In one embodiment, the biometric profile 220 com(cid:173)
`prises biometric information transformed by a mathematical
`operation, algorithm, or hash that represents the complete
`biometric information (e.g., a complete fingerprint scan). In
`one embodiment, a mathematical hash is a "one-way" opera(cid:173)
`tion such that there is no practical way to re-compute or
`recover the complete biometric information from the bio(cid:173)
`metric profile. This both reduces the amount of data to be
`stored and adds an additional layer of protection to the user's
`personal biometric information. In one embodiment, the
`biometric profile is further encoded using a encoding key
`and/or algorithm that is stored with the biometric profile
`data. Then, for authentication, both the biometric profile data
`and the encoding key and/or algorithm are passed to the
`Reader 108.
`
`In one embodiment the PDK 102 also stores one or
`[0038]
`more biometric profile "samples" associated with each bio(cid:173)
`metric profile. The biometric profile sample is a subset of the
`complete profile that can be used for quick comparisons of
`biometric data. In one embodiment, the profile samples can
`be transmitted over a public communication channel or
`transmitted with reduced level of encryption while the full
`biometric profiles are only transmitted over secure channels.
`In the case of fingerprint authentication, for example, the
`biometric profile sample may represent only small portion
`area of the full fingerprint image. In another embodiment,
`the fingerprint profile sample is data that describes an arc of
`one or more lines of the fingerprint. In yet another embodi-
`
`ment, the fingerprint profile sample can be data representing
`color information of the fingerprint.
`
`In another embodiment, the stored profiles 220
`[0039]
`include a PIN profile that stores one or more PINs or
`passwords associated with the PDK owner. Here, the num(cid:173)
`ber or password stored in the PIN profile can be compared
`against an input provided by the user at the point of
`transaction to authenticate the user. In one embodiment, a
`PIN profile sample is also stored with the PIN profile that
`comprises a subset of the full PIN. For example, a PIN
`profile sample can be only the first two numbers of the PIN
`that can be used to quickly compare the stored PIN profile
`to a PIN obtained at the point of transaction.
`
`In yet another embodiment, the PDK 102 stores a
`[0040]
`picture profile that includes one or more pictures of the PDK
`owner. In a picture profile authentication, the picture stored
`in the PDK 102 is transmitted to a display at the point of
`transaction to allow an administrator ( e.g., a clerk or security
`guard) to confirm or reject the identity of the individual
`requesting the transaction. In another embodiment, an image
`is captured of the individual at the point of transaction a