IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0867897
(2004-06-15)
|
등록번호 |
US-7715593
(2010-06-03)
|
발명자
/ 주소 |
- Adams, William Mark
- Coyne, John Robert
- Coyne, Christopher Andrew
- Wallace, Raymond Munson
|
출원인 / 주소 |
- Uru Technology Incorporated
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
44 인용 특허 :
23 |
초록
▼
A method and system used to integrate and control multiple secure credentialing approaches including magnetic stripes, bar codes, contact and contactless SmartCard chips, Short Message Systems (SMS), Global Positioning Systems (GPS), vicinity type Radio Frequency Identification Devices (RFID), and p
A method and system used to integrate and control multiple secure credentialing approaches including magnetic stripes, bar codes, contact and contactless SmartCard chips, Short Message Systems (SMS), Global Positioning Systems (GPS), vicinity type Radio Frequency Identification Devices (RFID), and proximity type RFID, into compact, self-powered, biometrically-protected devices.
대표청구항
▼
The invention claimed is: 1. A portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising: (a) a biometric sensor; (b) control circuitry; (c) a microprocessor; (d) a memory storing securit
The invention claimed is: 1. A portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising: (a) a biometric sensor; (b) control circuitry; (c) a microprocessor; (d) a memory storing security policies, personnel data, biometric data, a credentialing application, operational software and a plurality of credentials, each of the plurality of credentials being associated with a security policy and personnel data; (e) a power source; (f) a plurality of distinct interfaces interacting with external credential-receiving systems; (g) the operational software executing on the microprocessor, implementing the security policies, and associating the biometric data with the credentialing application and the plurality of credentials; (h) the credentialing application executing on the microprocessor, requesting a credential from the memory based on input from the biometric sensor, selecting one of the plurality of distinct interfaces for credential distribution and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces; and (i) wherein the biometric sensor, the control circuitry, the microprocessor, the memory, the power source, the plurality of distinct interfaces interacting with external credential-receiving systems, and the operational software, and the credentialing application are integrated on the device. 2. The device of claim 1, further comprising a means for interacting with a user, the means for interacting with a user being integrated on the device. 3. The device of claim 2, wherein the means for interacting with a user further comprises an alphanumeric display, a tone generator, an LED, and a visual display. 4. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises a visual display area. 5. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises a magnetic stripe emulator. 6. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises a smart card contact pad. 7. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises an antenna. 8. The device of claim 7, wherein the antenna further comprises an RFID antenna and chips supporting operating frequencies from 800 MHz to 2.45 GHz. 9. The device of claim 8, wherein the device remains in a semi-active mode until activated by the biometric sensor. 10. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises an alphanumeric display emulating a bar code. 11. The device of claim 1, wherein the power source further comprises an on-board battery. 12. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises a USB connector. 13. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises SMS messaging. 14. The device of claim 1, wherein one of the plurality of distinct interfaces for interacting with external credential-receiving systems further comprises GPS circuitry. 15. The device of claim 1, wherein a form factor of the device conforms with the physical requirements of standard magnetic strip cards and smart cards as specified by ISO 7811 and ISO 7816. 16. The device of claim 1, wherein a form factor of the device conforms generally to a key fob. 17. The device of claim 1, wherein a form factor of the device conforms generally to a pager. 18. The device of claim 1, wherein the operational software prevents use of the device until an authorized user is identified by the biometric sensor. 19. A data processing system for integrating and controlling multiple secure credentialing applications using a compact, self-powered, biometrically protected device, the system comprising: (a) a portable, hand-held, programmable device having a biometric sensor, control circuitry, a microprocessor, a memory storing security policies, personnel data, biometric data, a plurality of credentialing applications, a plurality of credentials, a power source, a plurality of distinct interfaces to external credential-receiving systems, and operational software, all of the above being integrated on a single device; and (b) an enrollment system interacting with a security authority, a device holder and with the programmable device to implement the security policies, enable identification and verification of the device holder through the biometric sensor, and associating the biometric data with a credentialing application, a security policy, and with a credential; (c) the operational software executing on the microprocessor, implementing the security policies, and preventing the use of the device until an authorized user is identified by the biometric sensor; (d) the credentialing application executing on the microprocessor, requesting a credential from the memory, selecting one of the plurality of distinct interfaces for credential distribution and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces. 20. The data processing system of claim 19, wherein the enrollment system further comprises: (a) an enrollment station interacting with the programmable device to create and manage access to the programmable device; (b) security control equipment operating over a defined control area to track the location of authorized personnel throughout the control area and to monitor an alert status of the device and to track the location of unauthorized entries in the control area; and (c) a communications process managing communications with security personnel, controlling access to a communications network, and updating, adding, and removing credential information in the programmable device. 21. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of: (a) establishing, on an enrollment station, a policy database determining access control rules and credential authority; (b) inserting a blank biometrically-protected device into the enrollment station; (c) loading security policies and a plurality of credential-emulating applications from the enrollment station into the biometrically-protected device; (d) loading personnel data from a personnel database and credentials from the enrollment station into the biometrically-protected device; (e) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (f) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the personnel data, a security policy, and credentials; (g) removing the device from the enrollment station; (h) at a future time, the user using the fingerprint sensor as a selector to choose one of the plurality of credential-emulating applications and activating the chosen one of the plurality of credential-emulating applications executing on the biometrically-protected device only if at least one of the user's fingerprints matches the stored fingerprint data; and (i) transferring an activated emulated credential from the credential-emulating application to an external credential-receiving system expecting the credential. 22. The data processing method of claim 21, wherein the step of using the fingerprint sensor as a selector to choose one of the plurality of credential-emulating applications and activating the chosen one of the plurality of credential-emulating application executing on the biometrically-protected device further comprises the steps of: (a) the user placing at least one finger on the fingerprint sensor on the biometrically-protected device; (b) comparing the user's fingerprint to the stored fingerprint data on the biometrically-protected device; and (c) activating the chosen credentialing application on the biometrically-protected device if the user's fingerprint data matches the stored fingerprint data. 23. The data processing method of claim 22, further comprising the step of requesting voice print data from the user and comparing the user's voice print to voice print data stored on the biometrically-protected device before step 24(c). 24. The data processing method of claim 22, further comprising the step of transforming the fingerprint sensor into an application selector whereby the user can select a credential-emulating application before step 24(c). 25. The data processing method of claim 21, further comprising the step of detecting the presence of the biometrically-protected device and comparing a device ID number on the biometrically-protected device to a list of approved device ID's. 26. The data processing method of claim 25, further comprising the step of matching the user's fingerprint data with fingerprint data stored on the biometrically-protected device. 27. The data processing method of claim 25, further comprising the step of disabling the biometrically-protected device if the device ID number does not match the list of approved device ID's. 28. A self-contained identity management apparatus integrated on a single portable, hand-held, programmable device, comprising: (a) a biometric sensor; (b) a microprocessor; (c) a memory containing security policies, personnel data, biometric data, operational software, a plurality of credentials, and executable software implementing a plurality of credentialing applications executable by the microprocessor; (d) a self-contained power source; and (e) a plurality of distinct interfaces to external credential-receiving systems; (f) the operational software executing on the microprocessor, implementing the security policies, associating the biometric data with a credentialing application, a security policy, and with the plurality of credentials, and enabling identification and verification of a device holder through the biometric sensor; and the credentialing application executing on the microprocessor, requesting a credential from the memory, selecting one of the plurality of distinct interfaces to external credential-receiving systems for credential distribution, and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces. 29. The apparatus of claim 28, wherein the biometric sensor is a fingerprint sensor and wherein the fingerprint sensor also acts as a selector for selecting one of the plurality of credentialing applications. 30. The apparatus of claim 28, wherein the plurality of distinct interfaces to the external credential-receiving systems is are selected from the group consisting of an alphanumeric display emulating a bar code, a tone generator, an LED, a visual display emulating a magnetic stripe, and a smart card contact pad. 31. The data processing method of claim 21, further comprising at least one repetition of steps h and i. 32. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of: (a) establishing, on an enrollment station, a policy database determining access control rules and credential authority; (b) inserting a blank biometrically-protected device into a the enrollment station; (c) loading security policies from the policy database and a plurality of credential-emulating applications from the enrollment station into the biometrically-protected device; (d) loading personnel data from a personnel database and credentials from the enrollment station into the biometrically-protected device; (e) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (f) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the personnel data, a security policy, and credentials; (g) removing the device from the enrollment station; (h) at a future time, the user using the fingerprint sensor as a select/scroll touch sensitive control pad to choose one of the plurality of credential-emulating applications and activating the chosen one of the plurality of credential-emulating applications executing on the biometrically-protected device only if at least one of the user's fingerprints matches the stored fingerprint data; (i) activating one of a plurality of distinct interfaces to external systems based on the selected credential-emulating application; (j) application over the activated interface to an external system expecting the credential; (k) wherein the fingerprint sensor acts as a finger platen or mouse to scroll and select a credential from the plurality of credentials stored in the memory. 33. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of: (a) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (b) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the user; (c) the user using the fingerprint sensor as a select/scroll touch sensitive control pad to choose one of a plurality of credential-emulating applications executing on the biometrically-protected device and activating the chosen one of the plurality of credential-emulating applications only if at least one of the user's fingerprints matches the stored fingerprint data; (d) transferring the activated emulated credential from the credential-emulating application to an external system expecting the credential; (e) receiving information form the external system; (f) the user using the fingerprint sensor as a select/scroll touch sensitive control pad to choose another one of the plurality of credential-emulating applications and activating the other one of the plurality of credential-emulating applications executing on the biometrically-protected device; (g) transferring the activated emulated credential from the other credential-emulating application to a second external system expecting the credential; and (h) transferring the information received in step (e) to the second external system. 34. An enrollment system for a portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising: (a) a policy database containing security policies, the security policies determining access control rules and credential authority; (b) a personnel database containing personnel data and credentials for a user of the portable, hand-held, programmable device; (c) a microprocessor executing technology processes and accessing the policy database to implement technology levels required to implement the security policies; and (d) a read/write device receiving a blank, portable, hand-held device for integrating and controlling multiple secure credentialing applications and for interacting with external credential-receiving systems, the read/write device loading secure credentialing applications, the personnel data, and the credentials into a memory on the portable, hand-held device; requesting biometric data from a user; associating the biometric data with the personnel data, a security policy, and the credentials, and storing the biometric data in the memory of the portable, hand-held device. 35. The enrollment system of claim 34, wherein the technology levels are selected from the group consisting of: timers, power management, encryption, applications to be run, order of processes, communication channels, communication frequencies, update policies, command center controls, transaction logging, panic modes, and display data. 36. The enrollment system of claim 34, wherein the enrollment system tests the portable, hand-held device by powering up the device and rejecting the device if the device fails the test. 37. The data processing method of claim 21, further comprising the step of the enrollment station executing technology processes accessing the policy database to implement technology levels required to implement the security policies. 38. The data processing method of claim 37, wherein the technology levels are selected from the group consisting of: timers, power management, encryption, applications to be run, order of processes, communication channels, communication frequencies, update policies, command center controls, transaction logging, panic modes, and display data. 39. The data processing method of claim 38, wherein the enrollment station tests the portable, hand-held device by powering up the device and rejecting the device if the device fails the test. 40. The data processing method of claim 32, further comprising the step of the enrollment station executing technology processes accessing the policy database to implement technology levels required to implement the security policies. 41. The data processing method of claim 40, wherein the technology levels are selected from the group consisting of: timers, power management, encryption, applications to be run, order of processes, communication channels, communication frequencies, update policies, command center controls, transaction logging, panic modes, and display data. 42. The data processing method of claim 41, wherein the enrollment station tests the portable, hand-held device by powering up the device and rejecting the device if the device fails the test. 43. The device of claim 1, further comprising an application updating one of the plurality of credentials. 44. The device of claim 43, wherein the security policies stored in the memory control the ability of the credential-updating application to update one of the plurality of credentials. 45. The device of claim 21, further comprising the step before step (i) of the credential-emulating application activating one of a plurality of distinct interfaces with external credential-receiving systems. 46. The apparatus of claim 28, further comprising an application updating one of the plurality of credentials. 47. The apparatus of claim 46, wherein the security policies stored in the memory control the ability of the credential-updating application to update one of the plurality of credentials.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.