WO2003003333A2 - Personal identification badge that resets on the removal of the badge from the wearer - Google Patents
Personal identification badge that resets on the removal of the badge from the wearer Download PDFInfo
- Publication number
- WO2003003333A2 WO2003003333A2 PCT/US2002/020798 US0220798W WO03003333A2 WO 2003003333 A2 WO2003003333 A2 WO 2003003333A2 US 0220798 W US0220798 W US 0220798W WO 03003333 A2 WO03003333 A2 WO 03003333A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- badge
- person
- sensor
- volatile memory
- security
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/07749—Constructional details, e.g. mounting of circuits in the carrier the record carrier being capable of non-contact communication, e.g. constructional details of the antenna of a non-contact smart card
- G06K19/07798—Constructional details, e.g. mounting of circuits in the carrier the record carrier being capable of non-contact communication, e.g. constructional details of the antenna of a non-contact smart card part of the antenna or the integrated circuit being adapted for rupturing or breaking, e.g. record carriers functioning as sealing devices for detecting not-authenticated opening of containers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/07749—Constructional details, e.g. mounting of circuits in the carrier the record carrier being capable of non-contact communication, e.g. constructional details of the antenna of a non-contact smart card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/28—Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/14—Mechanical actuation by lifting or attempted removal of hand-portable articles
- G08B13/1445—Mechanical actuation by lifting or attempted removal of hand-portable articles with detection of interference with a cable tethering an article, e.g. alarm activated by detecting detachment of article, breaking or stretching of cable
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/14—Mechanical actuation by lifting or attempted removal of hand-portable articles
- G08B13/1472—Mechanical actuation by lifting or attempted removal of hand-portable articles with force or weight detection
Definitions
- the present invention relates to security systems that regulate access to secure areas, and more particularly, to a security badge that is attached to the authorized person and resets itself when removed from that individual.
- Computer systems having access to a network typically utilize some form of access control to assure that unauthorized individuals do not gain access to confidential information or do damage to the network and/or computers connected thereto.
- the secure access protocols often require a user to memorize multiple passwords and protocols. For example, the user may need a first password to log onto a terminal in the network, a set of different passwords corresponding to the various servers in the networks or secure directories within a server, and yet another set of passwords relating to various software programs and related files.
- the card has been used to automate the logon and access control processes. Such systems sense a personal identification presented by the user.
- the card can be in the form of a radio frequency identification (RFID) card which is sensed remotely by the computer terminal or a card that is passed through a reader by the user.
- RFID radio frequency identification
- the computer terminal can be equipped with hardware that also allows it to authenticate the person presenting the card. In fact, if the person can be identified directly, then an identification card is not needed. Identification systems based on retinal scans, voiceprints, and fingerprints are well known in the art. This hardware would need to be present at each of the terminals. The cost of providing such hardware at each terminal is often prohibitive.
- the system must still deal with interruptions that occur when the user leaves the terminal for a brief period of time.
- the terminal must have some method for determining that the authorized user remains present at the terminal after the logon. For example, an RFID card worn by the user can be queried periodically to determine that the user is still at the terminal.
- the terminal needs to disable itself.
- the logon process must be repeated.
- a logon process that verifies the identity of the user through fingerprints, retinal scans, etc. requires a relatively long procedure. Hence, such systems are frustrating to use, since a user who turns away from the computer or crosses the room to get a document can be forced to repeat the entire logon protocol.
- the present invention is a security badge to be worn by a person seeking access to a secure system.
- the badge includes a data processor having a non- volatile and a volatile memory, a transceiver, and an attachment sensor.
- the volatile memory stores information related to a security clearance associated with the person. This information is loaded after the badge is attached to the person.
- the transceiver sends signals generated by the processor and receives signals specifying operations to be carried out by the badge. These signals include signals that provide the person wearing the badge access to the secure system.
- the attachment sensor Upon detecting the removal of the badge from the wearer, causes irrformation stored in the volatile memory to be altered such that the person no longer has access to the secure system.
- the transceiver can utilize optical, electromagnetic or acoustic signals for communicating with the secure system.
- the badge includes a tamper sensor for detecting an alteration in the badge that could allow the contents of the volatile memory to be read and rendering information stored in the volatile memory unreadable when the tamper sensor detects such an alteration.
- the badge includes a random number generator for generating random numbers for use in coded transmission between the badge and the secure system. The random number generator may utilize a sensor for sensing an environmental variable that determines the random number sequence generated by the random number generator.
- the badge has low and high power modes, the processor being capable of performing at least one computation in the high power mode that cannot be performed in the low power mode.
- the attachment sensor includes an attachment mechanism and a position sensor.
- the attachment mechanism has an open position and a closed position.
- the attachment mechanism secures the badge to the person in the closed position.
- the position sensor monitors the state of the attachment mechanism.
- Figure 1 is a schematic drawing of a system for securing access to a computer system having a number of terminals.
- FIG. 2 is a block diagram of one embodiment of a badge 21 according to the present invention.
- FIG. 1 is a schematic drawing of a system for securing access to a computer system having terminals shown at 11 and 12.
- a badge 21 that is worn by a user 20 who wishes to gain access.
- Badge 21 is affixed to the user in a manner in which the removal of badge 21 after it has been affixed can be detected by the badge.
- badge 21 can be placed around the neck of user 20 via a cord 22 that includes a clasp 23.
- Cord 22 is short enough to guarantee that the badge cannot be removed from the neck of the wearer without undoing clasp 23 or breaking cord 22.
- Badge 21 has a sensor that detects the opening of clasp 23 or the breakage of cord 22.
- cord 22 may include a conducting fiber whose continuity is sensed by badge 21. When clasp 23 is opened, this conductive path is broken.
- Terminal 11 includes a user identification system 14 that is utilized to verify the identity of user 20.
- Identification system 14 may include physical sensors such as those needed to make a voice print, retinal scan, or fingerprint scan.
- the identification system may also include a database having information known only to user 20, which may be utilized in generating queries that only user 20 would know how to answer.
- terminal 11 loads information into badge 21 that is utilized by badge 21 in subsequent communications with the other terminals in the system.
- information is loaded using an encryption system that assures that an eavesdropper cannot gain access to the stored information in a manner that would allow the eavesdropper to communicate with the various terminals in the system.
- a "day secret” is also loaded in badge 21.
- the day secret is a code that changes each day and is known to all of the workstations. Since the code changes from day to day, the permissions granted to user 21, in effect, expire each day.
- badge 21 has been loaded with the various security clearances assigned to user 20, user 20 can approach the terminals that are authorized to serve user 20 such as terminal 12 and gain access thereto.
- Each terminal includes a transceiver that queries the identification badges. When a terminal detects a valid badge that has permission to use that terminal, the terminal allows the user to log onto the terminal and communicates the user's. various clearances to the servers within the system.
- the terminal in question periodically queries badge 21 to assure that the user is still at the terminal. If the terminal loses contact with the badge, the terminal covers any material on the display with a "screen saver" display and enters a first locked mode. During this mode, the terminal periodically sends out query signals. If the badge returns, the terminal utilizes an abbreviated logon dialog to verify the user and returns the display to the condition at the time communication was originally lost. If the user is absent for more than a first predetermined time period, the terminal enters a second locked mode which requires a more extensive logon protocol to return control to the user.
- FIG. 2 is a block diagram of one embodiment of a badge 21 according to the present invention.
- Badge 21 includes a processor 31 that utilizes a non-volatile memory 32 to store the operating system utilized by the processor.
- Badge 21 also includes a user certificate volatile memory 33 that is used to store the "permissions" granted to the user and other information needed to gain and maintain access to a terminal.
- Badge 21 is also assumed to hold an identification number that is stored in the non-volatile memory of the badge.
- Transceiver 34 may utilize any form of communication link to communicate with the computer terminals in the system.
- transceiver 34 utilizes an infra-red link; however, communication links based on radio frequency signals or ultra-sound may also be utilized. Infra-red or RF links are preferred because they impose the lowest power requirements on badge 21 which is typically powered by a battery. Infra-red links have the added advantage of assuring that the badge will only respond if it is near a terminal and properly oriented with respect thereto. In contrast, RF links tend to be omnidirectional, and RF signals can pass through many types of walls. Hence, a terminal cannot be assured that the badge wearer is nearby without some other form of badge localization.
- badge 21 has a sensor 35 that detects a break in the continuity of cord 22. Whenever sensor 35 detects a break in cord 22, processor 31 erases the contents of memory 33. Similarly, if power is lost, the contents of memory 33 are lost.
- Badge 21 can also be equipped with other forms of "tamper" sensors, such as sensor 38, that cause the contents of memory 33 to be lost if someone attempts to open the badge or otherwise gain access to the contents of memory 33. Hence, badge 21 is automatically reset whenever it is removed, loses power, or subjected to tampering.
- badge 21 preferably includes a random number generator 39 that provides the random numbers utilized in the various secure communications protocols.
- Pseudo-random number generators based on computer computations that start from a "seed" are known to the art and may be utilized when the highest degree of security is not needed.
- random number generator 39 utilizes one or more environmental sensors to generate the random numbers provided by generator 39 in a manner that cannot be predicted even by observing the previously generated random numbers provided by generator 39.
- Unpredictable random number sources can be based on temperature sensors or noise signals generated by resistors or other circuit components.
- the affixation of the badge to the user prior to the badge being loaded by terminal 11 can be verified by security personnel stationed at a point that all users must pass before reaching terminal 11. Such verification prevents a user from closing clasp 23 when the badge is not affixed to the user and then presenting himself and the badge to terminal 11 for loading.
- terminal 11 and each badge have a protocol that allows terminal 11 and each badge to generate a "secret", denoted by "k" that is known only to terminal 11 and the particular badge in question.
- k is determined by protocols that depend on the random numbers generated by generator 39. For example, the elliptic curve version of the Diffie-Hellman protocol may be utilized to generate such a secret.
- the badge is activated by the action of physically attaching the badge to a clinician and running an authentication protocol between the badge and an administrative computer such as terminal 11 discussed above.
- the administrative computer will verify the clinician's identity by scanning the clinician's retina.
- the badge will be loaded with Cred and thereby activated.
- the badge While being active (i.e., remaining worn by the clinician), the badge will be able to establish secure sessions of communications with one or more of the clinician's computers (denoted C) whenever the clinician faces the computer and is within the range of an infra-red communication link constructed from ports on C and the badge. These secure sessions of communications between the badge and C are part of a second protocol, referred to as the records protocol.
- the badge power supply is very limited; hence, the system is preferably setup in a manner that minimizes the demands on the badge power supply.
- the badge In addition to performing the various communication protocols, the badge must be able to detect the presence of the administrative computer and C computers. In addition, the badge must be capable of signaling its continued presence to these computers during interactions with them.
- the badge has a "dormant" state in which the badge listens for signals on the communication link and “wakes up” when a signal that needs a response is detected.
- the other power consuming functions of the badge are turned off in the dormant state.
- the badge enters the dormant state after it is attached to the user.
- the administrative computer is programmed such that its transceiver sends out a periodic login signal indicating that it is ready to activate a badge.
- This login signal is one of the signals that the badge is programmed to detect in the dormant state.
- her badge detects this login signal and wakes up for the activation protocol in which the badge is loaded with Cred and activated such that the wearer can log onto a C computer. Once the activation protocol is completed, the badge again returns to the dormant state.
- Each of the C computers likewise sends out a periodic login signal when that computer is free and ready to login a new user.
- This second login signal is also one of the signals detected by the badge in the dormant state.
- the badge wearer approaches the C computer, the badge detects the login signal and switches from the dormant state to engage in the login protocol discussed below.
- the C computer transceiver is programmed to send a third signal that is recognized by the badge in the dormant state. This signal is used to verify that the user is still at the terminal.
- the badge is programmed to respond to this signal by sending a specific acknowledgment signal in return. This communication can be part of the dormant state operations or part of a second low power state. If a badge does not acknowledge the verification signal described above, the C computer initiates a re-login procedure by sending a fourth signal that is recognized by the badge in the dormant or low power state. This signal is repeated until the badge responds accordingly or a predetermined period of time elapses. If the badge responds according to that protocol, the C computer resumes the verification signal. If the badge does not respond appropriately, the user is logged off of the terminal, and the C computer enters the mode in which it sends the C computer login signal.
- the badge is capable of performing the less computationally intensive public-key encryption operations such as elliptic-curve point multiplication and generating the hash function SHA-1 utilized in the Secure Hash Standard as published in the Federal Register.
- the level of security needed in the interchange between the administrative computer and the badge wearer depends on the level of security surrounding the administrative computer and the degree of honesty of the badge wearer. For example, if the badge wearer can be assumed to be honest, then the system does not need to guard against the wearer recording the exchange. This leaves only the possibility that a third party will eavesdrop on the exchange between the badge and the terminal. If the administrative computer is in a location that is secured with respect to such eavesdropping, the exchange need not be encrypted at all.
- the badge wearer cannot be trusted, then an encryption protocol that is immune from eavesdropping must be utilized.
- any suitable public or private key encryption system may be used by the computers and the badges to develop a key for later use in encrypting messages. If a private key system is utilized, the system must be arranged in a manner that guarantees that the key cannot be extracted from the badge.
- the badge can include tamper sensors that erase the key information if tampering is detected. ⁇
- the level of security needed in the exchanges between the C computers and the badge depend on the value of the information and the trustworthiness of the wearer.
- the badge and the C computer must authenticate each other, since it is assumed that the C computers are not secure. If, however, the C computers are secure, then only the badge needs to be authenticated by the C computer.
- the level of security needed to assure privacy with respect to the communications between the badge and the C computer again depends on the ease with which these communications can be monitored. If there is a possibility of eavesdropping, then a suitable public or private key encryption system must be utilized in the authentication exchange.
- the secondary protocol utilized at the C computers to reestablish a lost link with a badge can be replaced by any suitably secure protocol that is less computationally intensive that the login protocol used to commence the session between a badge wearer and C.
- the system can utilize any type of transceiver to generate the communication link between the badge and the relevant computer terminals.
- Infra-red sensors are preferred, however, because such sensors require relatively low power and provide increased security over other types of communication links such as RF links.
- An eavesdropper can monitor an RF signal from a location outside of the cubical or room in which the badge and terminal are operating.
- light-based systems require the eavesdropper to have a clear line of sight to both the terminal and badge transceivers.
- the above-described embodiments of the present invention utilized a sensor in an attachment cord to detect the removal of the badge from the person's body.
- other mechanisms for sensing the removal of the badge from the wearer can be utilized for this function.
- Any form of sensor that provides a signal when the badge is removed from the user can be utilized.
- the badge can be attached to the wearer's clothing via a clip that can detect the opening thereof. When the clip is opened, the badge resets itself to the inactive state.
- the badge can be incorporated into a wrist band that has an expandable band that provides a signal to the badge when the band expands sufficiently to allow it to be removed from the wearer's wrist.
- embodiments in which the badge utilizes some form of biometric measurement to assure that the badge is still on the authorized individual's body can be constructed. Sensor's that detect body heat or pulse can be utilized for this function. Such sensors may be included in wristwatch-like embodiments of the invention in which the sensor is pressed against the wrist of the user when the badge is worn by the user. If the badge is removed, the temperature will decrease or the pulse signal will be lost. If the badge is carried in the person's wallet, a light sensor can be used to detect the removal of the badge from the wallet. Accordingly, break sensor 35 can be replaced by any sensor that detects the removal of the badge from the wearer. Similarly, cord 22 and clasp 23 can be replaced by any attachment mechanism that provides a signal indicating that the badge has been removed from the wearer.
- the badge may include an identification sensor 41 such as a fingerprint scanner.
- memory 32 would also store a file of authorized fingerprints.
- the fingerprint scanner would be enabled when the controller in the badge detects the attachment of the badge to the wearer.
- the badge may include a microphone that is used to record the voiceprint of the user after the badge is attached to the user. The detected voiceprint would then be compared to a library of voiceprints to verify the identity of the user.
- the recognition work can also be split between the badge and the computer terminals.
- the biometric identification hardware such as the fingerprint scanner, microphone, pulse detector, or temperature detector can be part of the badge.
- the measurements made by these elements would then be communicated to the computer terminal.
- the computer terminal would then compare the received measurements with data identifying the various authorized users.
- an attachment sensor constructed from a combination of sensors that detect both the temperature and pulse of the wearer can provide increased security.
- a combination of measurements can be utilized to increase the confidence level of the user identification process. For example, both a fingerprint and a series of questions posed to the wearer can be utilized.
- the badges of the present invention are not permanently associated with particular individuals, and hence, an employee does not need to take his or her badge home.
- the badges can be picked up from a big basket near station A when needed and thrown back to the basket at the end of the day. Hence, the costs and inconvenience associated with losing or damaging a badge are significantly reduced.
Abstract
A security badge to be worn by a person seeking access to a secure system. The badge includes a data processor having a non-volitile and a volitile memory, a transceiver, and an attachment sensor. The volitile memory stores information related to the wearer's security clearance. This information is loaded after the badge is attached to the person and the person's identity is verified. This information is deleated from the volitile memory if the badge is removed from the wearer or subjected to tampering. The data processing system has sufficient computing power to allow the badge to execute encrypted communications with the security system.
Description
Personal Identification Badge that Resets on the Removal of the Badge from the Wearer
Field of the Invention
The present invention relates to security systems that regulate access to secure areas, and more particularly, to a security badge that is attached to the authorized person and resets itself when removed from that individual.
Background of the Invention
To simplify the following discussion, the present invention will be explained in terms of security systems for use in accessing computers and the like; however, it will be apparent from the following discussion that the present invention may be utilized in other security systems.
Computer systems having access to a network typically utilize some form of access control to assure that unauthorized individuals do not gain access to confidential information or do damage to the network and/or computers connected thereto. The secure access protocols often require a user to memorize multiple passwords and protocols. For example, the user may need a first password to log onto a terminal in the network, a set of different passwords corresponding to the various servers in the networks or secure directories within a server, and yet another set of passwords relating to various software programs and related files.
Electronic identification cards have been used to automate the logon and access control processes. Such systems sense a personal identification presented by the user. The card can be in the form of a radio frequency identification (RFID) card which is sensed remotely by the computer terminal or a card that is passed through a reader by the user.
While such cards can be used to automate the logon process, they do not provide sufficient security to satisfy the needs of many systems. The authenticity of the card can, in principle, be verified by the system that queries the card; however, the system cannot
necessarily identify the person presenting the card. An unauthorized person who has gained control of such a card can still access the system.
In principle, the computer terminal can be equipped with hardware that also allows it to authenticate the person presenting the card. In fact, if the person can be identified directly, then an identification card is not needed. Identification systems based on retinal scans, voiceprints, and fingerprints are well known in the art. This hardware would need to be present at each of the terminals. The cost of providing such hardware at each terminal is often prohibitive.
Even in those situations in which identification hardware is provided at each terminal, the system must still deal with interruptions that occur when the user leaves the terminal for a brief period of time. Consider the case of a user who has logged onto a terminal using some form of personal identification system. If the user leaves the terminal without logging off, an unauthorized user can gain access to the system through the open terminal. Hence, the terminal must have some method for determining that the authorized user remains present at the terminal after the logon. For example, an RFID card worn by the user can be queried periodically to determine that the user is still at the terminal.
If the authorized user breaks contact with the terminal, either because the user left the terminal for a short period of time or because the monitoring system failed to detect the person on one of the periodic queries, the terminal needs to disable itself. When the user again makes contact with the terminal, the logon process must be repeated. A logon process that verifies the identity of the user through fingerprints, retinal scans, etc. requires a relatively long procedure. Hence, such systems are frustrating to use, since a user who turns away from the computer or crosses the room to get a document can be forced to repeat the entire logon protocol.
Systems based on personal identification cards also present logistical problems for the users and system operators. In such systems, each user is provided with an identification card that must be presented to the system to gain authorization. The card is assigned to the particular user. To guard against an unauthorized person gaining control of the card, the
assigned person usually takes the card home at night. If the user leaves the badge at home or loses the badge, the user must go through an often lengthy process of obtaining a new badge or some form of temporary badge in the case in which the user has left his or her badge at home. In addition, the system must provide one badge for each user who is authorized to use the system, whether or not that person will use the system on any particular day. Hence, the number of security badges that must be maintained can be quite large. Since these badges are typically powered by batteries, the costs of providing and maintaining the badges is significant.
Broadly, it is the object of the present invention to provide an improved security badge system.
It is a further object of the present invention to provide a security system that can authenticate a user without requiring expensive personal identification hardware at each work station.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings.
Summary of the Invention
The present invention is a security badge to be worn by a person seeking access to a secure system. The badge includes a data processor having a non- volatile and a volatile memory, a transceiver, and an attachment sensor. The volatile memory stores information related to a security clearance associated with the person. This information is loaded after the badge is attached to the person. The transceiver sends signals generated by the processor and receives signals specifying operations to be carried out by the badge. These signals include signals that provide the person wearing the badge access to the secure system. Upon detecting the removal of the badge from the wearer, the attachment sensor causes irrformation stored in the volatile memory to be altered such that the person no longer has access to the secure system. The transceiver can utilize optical, electromagnetic or acoustic signals for
communicating with the secure system. In one embodiment of the invention, the badge includes a tamper sensor for detecting an alteration in the badge that could allow the contents of the volatile memory to be read and rendering information stored in the volatile memory unreadable when the tamper sensor detects such an alteration. In another embodiment, the badge includes a random number generator for generating random numbers for use in coded transmission between the badge and the secure system. The random number generator may utilize a sensor for sensing an environmental variable that determines the random number sequence generated by the random number generator. In another embodiment of the invention, the badge has low and high power modes, the processor being capable of performing at least one computation in the high power mode that cannot be performed in the low power mode. The processor switches from low power mode to high power mode in response to the transceiver detecting a predetermined signal while in the low power mode. In another embodiment of the invention, the attachment sensor includes an attachment mechanism and a position sensor. The attachment mechanism has an open position and a closed position. The attachment mechanism secures the badge to the person in the closed position. The position sensor monitors the state of the attachment mechanism.
Brief Description of the Drawings
Figure 1 is a schematic drawing of a system for securing access to a computer system having a number of terminals.
Figure 2 is a block diagram of one embodiment of a badge 21 according to the present invention.
Detailed Description of the Invention
The manner in which the present invention provides its advantages may be more easily understood with reference to Figure 1, which is a schematic drawing of a system for securing access to a computer system having terminals shown at 11 and 12. Access to the
, system is provided by a badge 21 that is worn by a user 20 who wishes to gain access. Badge 21 is affixed to the user in a manner in which the removal of badge 21 after it has been affixed can be detected by the badge. For example, badge 21 can be placed around the neck of user 20 via a cord 22 that includes a clasp 23. Cord 22 is short enough to guarantee that the badge cannot be removed from the neck of the wearer without undoing clasp 23 or breaking cord 22. Badge 21 has a sensor that detects the opening of clasp 23 or the breakage of cord 22. For example, cord 22 may include a conducting fiber whose continuity is sensed by badge 21. When clasp 23 is opened, this conductive path is broken.
To gain access to the computer system, user 20 puts on badge 21 and approaches terminal 11, which loads the information into badge 21 needed for the user to access one or more of the other workstations in the network. Terminal 11 includes a user identification system 14 that is utilized to verify the identity of user 20. Identification system 14 may include physical sensors such as those needed to make a voice print, retinal scan, or fingerprint scan. The identification system may also include a database having information known only to user 20, which may be utilized in generating queries that only user 20 would know how to answer.
Once the identity of user 20 has been established by terminal 11, terminal 11 loads information into badge 21 that is utilized by badge 21 in subsequent communications with the other terminals in the system. To simplify the following discussion, it will be assumed that the various terminals communicate with badge 21 via infra-red signals that are sent and received by the transceivers shown at 15-16. As will be explained in more detail below, this information is loaded using an encryption system that assures that an eavesdropper cannot gain access to the stored information in a manner that would allow the eavesdropper to communicate with the various terminals in the system.
In addition to loading the various clearances associated with user 20, a "day secret" is also loaded in badge 21. The day secret is a code that changes each day and is known to all of the workstations. Since the code changes from day to day, the permissions granted to user 21, in effect, expire each day.
Once badge 21 has been loaded with the various security clearances assigned to user 20, user 20 can approach the terminals that are authorized to serve user 20 such as terminal 12 and gain access thereto. Each terminal includes a transceiver that queries the identification badges. When a terminal detects a valid badge that has permission to use that terminal, the terminal allows the user to log onto the terminal and communicates the user's. various clearances to the servers within the system.
The terminal in question periodically queries badge 21 to assure that the user is still at the terminal. If the terminal loses contact with the badge, the terminal covers any material on the display with a "screen saver" display and enters a first locked mode. During this mode, the terminal periodically sends out query signals. If the badge returns, the terminal utilizes an abbreviated logon dialog to verify the user and returns the display to the condition at the time communication was originally lost. If the user is absent for more than a first predetermined time period, the terminal enters a second locked mode which requires a more extensive logon protocol to return control to the user.
Having provided the above outline of the operation of a security system according to the present invention, a more detailed description of the operation of the badges and the communication protocols will now be given. Refer now to Figure 2, which is a block diagram of one embodiment of a badge 21 according to the present invention. Badge 21 includes a processor 31 that utilizes a non-volatile memory 32 to store the operating system utilized by the processor. Badge 21 also includes a user certificate volatile memory 33 that is used to store the "permissions" granted to the user and other information needed to gain and maintain access to a terminal. Badge 21 is also assumed to hold an identification number that is stored in the non-volatile memory of the badge.
Badge 21 utilizes a transceiver 34 to communicate with the various computer terminals. Transceiver 34 may utilize any form of communication link to communicate with the computer terminals in the system. In the preferred embodiment of the present invention, transceiver 34 utilizes an infra-red link; however, communication links based on radio frequency signals or ultra-sound may also be utilized. Infra-red or RF links are preferred because they impose the lowest power requirements on badge 21 which is typically powered
by a battery. Infra-red links have the added advantage of assuring that the badge will only respond if it is near a terminal and properly oriented with respect thereto. In contrast, RF links tend to be omnidirectional, and RF signals can pass through many types of walls. Hence, a terminal cannot be assured that the badge wearer is nearby without some other form of badge localization.
In addition, badge 21 has a sensor 35 that detects a break in the continuity of cord 22. Whenever sensor 35 detects a break in cord 22, processor 31 erases the contents of memory 33. Similarly, if power is lost, the contents of memory 33 are lost. Badge 21 can also be equipped with other forms of "tamper" sensors, such as sensor 38, that cause the contents of memory 33 to be lost if someone attempts to open the badge or otherwise gain access to the contents of memory 33. Hence, badge 21 is automatically reset whenever it is removed, loses power, or subjected to tampering.
As will be explained in more detail below, badge 21 preferably includes a random number generator 39 that provides the random numbers utilized in the various secure communications protocols. Pseudo-random number generators based on computer computations that start from a "seed" are known to the art and may be utilized when the highest degree of security is not needed. However, in the preferred embodiment of the present invention, random number generator 39 utilizes one or more environmental sensors to generate the random numbers provided by generator 39 in a manner that cannot be predicted even by observing the previously generated random numbers provided by generator 39. Unpredictable random number sources can be based on temperature sensors or noise signals generated by resistors or other circuit components.
The affixation of the badge to the user prior to the badge being loaded by terminal 11 can be verified by security personnel stationed at a point that all users must pass before reaching terminal 11. Such verification prevents a user from closing clasp 23 when the badge is not affixed to the user and then presenting himself and the badge to terminal 11 for loading.
As noted above, the communications between the various terminals and badge 21 must be secure from eavesdropping. Data encryption protocols for securing such
communications are well known to those skilled in the art, and hence, will not be discussed in detail here. For the purposes of this discussion, it will be assumed that terminal 11 and each badge have a protocol that allows terminal 11 and each badge to generate a "secret", denoted by "k" that is known only to terminal 11 and the particular badge in question. The value of k is determined by protocols that depend on the random numbers generated by generator 39. For example, the elliptic curve version of the Diffie-Hellman protocol may be utilized to generate such a secret. The reader is directed to Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone (CRC Press, 1997, and to Elliptic Curves in Cryptography by Blake, Seroussi, and Smart, Cambridge University Press, 2000) for a more detailed discussion of various communication algorithms.
Consider a hospital setting in which controlled access to confidential records such as patient treatment records is to be provided to the clinicians while protecting the confidentiality of those records. Each clinician wears a badge similar to those described above. The badge is filled with the clinician's identity information, denoted by Cred, in the following discussion. This information is stored in the volatile memory of the badge as discussed above. In particular, the badge will automatically erase Cred and become inactive as soon as the badge is detached from the clinician to which it is assigned.
The badge is activated by the action of physically attaching the badge to a clinician and running an authentication protocol between the badge and an administrative computer such as terminal 11 discussed above. During the activation protocol, the administrative computer will verify the clinician's identity by scanning the clinician's retina. At the end of the authentication protocol, the badge will be loaded with Cred and thereby activated.
While being active (i.e., remaining worn by the clinician), the badge will be able to establish secure sessions of communications with one or more of the clinician's computers (denoted C) whenever the clinician faces the computer and is within the range of an infra-red communication link constructed from ports on C and the badge. These secure sessions of communications between the badge and C are part of a second protocol, referred to as the records protocol.
In the preferred embodiment of the present invention, the badge power supply is very limited; hence, the system is preferably setup in a manner that minimizes the demands on the badge power supply. In addition to performing the various communication protocols, the badge must be able to detect the presence of the administrative computer and C computers. In addition, the badge must be capable of signaling its continued presence to these computers during interactions with them. In the preferred embodiment of the present invention, the badge has a "dormant" state in which the badge listens for signals on the communication link and "wakes up" when a signal that needs a response is detected. With the exception of this listening activity and other housekeeping functions such as providing power to the volatile memory and tamper detection circuitry, the other power consuming functions of the badge are turned off in the dormant state.
The badge enters the dormant state after it is attached to the user. The administrative computer is programmed such that its transceiver sends out a periodic login signal indicating that it is ready to activate a badge. This login signal is one of the signals that the badge is programmed to detect in the dormant state. When the wearer approaches the computer, her badge detects this login signal and wakes up for the activation protocol in which the badge is loaded with Cred and activated such that the wearer can log onto a C computer. Once the activation protocol is completed, the badge again returns to the dormant state.
Each of the C computers likewise sends out a periodic login signal when that computer is free and ready to login a new user. This second login signal is also one of the signals detected by the badge in the dormant state. When the badge wearer approaches the C computer, the badge detects the login signal and switches from the dormant state to engage in the login protocol discussed below.
At the end of the C computer login protocol, the C computer transceiver is programmed to send a third signal that is recognized by the badge in the dormant state. This signal is used to verify that the user is still at the terminal. The badge is programmed to respond to this signal by sending a specific acknowledgment signal in return. This communication can be part of the dormant state operations or part of a second low power state.
If a badge does not acknowledge the verification signal described above, the C computer initiates a re-login procedure by sending a fourth signal that is recognized by the badge in the dormant or low power state. This signal is repeated until the badge responds accordingly or a predetermined period of time elapses. If the badge responds according to that protocol, the C computer resumes the verification signal. If the badge does not respond appropriately, the user is logged off of the terminal, and the C computer enters the mode in which it sends the C computer login signal.
The badge is capable of performing the less computationally intensive public-key encryption operations such as elliptic-curve point multiplication and generating the hash function SHA-1 utilized in the Secure Hash Standard as published in the Federal Register.
The level of security needed in the interchange between the administrative computer and the badge wearer depends on the level of security surrounding the administrative computer and the degree of honesty of the badge wearer. For example, if the badge wearer can be assumed to be honest, then the system does not need to guard against the wearer recording the exchange. This leaves only the possibility that a third party will eavesdrop on the exchange between the badge and the terminal. If the administrative computer is in a location that is secured with respect to such eavesdropping, the exchange need not be encrypted at all.
If, on the other hand, the badge wearer cannot be trusted, then an encryption protocol that is immune from eavesdropping must be utilized. In this case, any suitable public or private key encryption system may be used by the computers and the badges to develop a key for later use in encrypting messages. If a private key system is utilized, the system must be arranged in a manner that guarantees that the key cannot be extracted from the badge. For example, the badge can include tamper sensors that erase the key information if tampering is detected. \
Similarly, the level of security needed in the exchanges between the C computers and the badge depend on the value of the information and the trustworthiness of the wearer. In
general, the badge and the C computer must authenticate each other, since it is assumed that the C computers are not secure. If, however, the C computers are secure, then only the badge needs to be authenticated by the C computer. The level of security needed to assure privacy with respect to the communications between the badge and the C computer again depends on the ease with which these communications can be monitored. If there is a possibility of eavesdropping, then a suitable public or private key encryption system must be utilized in the authentication exchange. Similarly, the secondary protocol utilized at the C computers to reestablish a lost link with a badge can be replaced by any suitably secure protocol that is less computationally intensive that the login protocol used to commence the session between a badge wearer and C.
As noted above, the system can utilize any type of transceiver to generate the communication link between the badge and the relevant computer terminals. Infra-red sensors are preferred, however, because such sensors require relatively low power and provide increased security over other types of communication links such as RF links. An eavesdropper can monitor an RF signal from a location outside of the cubical or room in which the badge and terminal are operating. In contrast, light-based systems require the eavesdropper to have a clear line of sight to both the terminal and badge transceivers.
The above-described embodiments of the present invention utilized a sensor in an attachment cord to detect the removal of the badge from the person's body. However, other mechanisms for sensing the removal of the badge from the wearer can be utilized for this function. Any form of sensor that provides a signal when the badge is removed from the user can be utilized. For example, the badge can be attached to the wearer's clothing via a clip that can detect the opening thereof. When the clip is opened, the badge resets itself to the inactive state. Similarly, the badge can be incorporated into a wrist band that has an expandable band that provides a signal to the badge when the band expands sufficiently to allow it to be removed from the wearer's wrist.
In addition, embodiments in which the badge utilizes some form of biometric measurement to assure that the badge is still on the authorized individual's body can be constructed. Sensor's that detect body heat or pulse can be utilized for this function. Such
sensors may be included in wristwatch-like embodiments of the invention in which the sensor is pressed against the wrist of the user when the badge is worn by the user. If the badge is removed, the temperature will decrease or the pulse signal will be lost. If the badge is carried in the person's wallet, a light sensor can be used to detect the removal of the badge from the wallet. Accordingly, break sensor 35 can be replaced by any sensor that detects the removal of the badge from the wearer. Similarly, cord 22 and clasp 23 can be replaced by any attachment mechanism that provides a signal indicating that the badge has been removed from the wearer.
The above-described embodiments of the present invention assume that the authentication of the wearer is performed by equipment attached to an administrative computer. However, embodiments in which authentication hardware is part of the badge itself can also be practiced. For example, the badge may include an identification sensor 41 such as a fingerprint scanner. In such an embodiment, memory 32 would also store a file of authorized fingerprints. In such an embodiment, the fingerprint scanner would be enabled when the controller in the badge detects the attachment of the badge to the wearer. Similarly, the badge may include a microphone that is used to record the voiceprint of the user after the badge is attached to the user. The detected voiceprint would then be compared to a library of voiceprints to verify the identity of the user.
The recognition work can also be split between the badge and the computer terminals. For example, the biometric identification hardware such as the fingerprint scanner, microphone, pulse detector, or temperature detector can be part of the badge. The measurements made by these elements would then be communicated to the computer terminal. The computer terminal would then compare the received measurements with data identifying the various authorized users.
While the above-described embodiments of the sensors for detecting the removal of the badge from the wearer have utilized a single attachment sensor, a combination of several sensors can also be utilized. For example, an attachment sensor constructed from a combination of sensors that detect both the temperature and pulse of the wearer can provide increased security.
Similarly, a combination of measurements can be utilized to increase the confidence level of the user identification process. For example, both a fingerprint and a series of questions posed to the wearer can be utilized.
It should be noted that the badges of the present invention are not permanently associated with particular individuals, and hence, an employee does not need to take his or her badge home. The badges can be picked up from a big basket near station A when needed and thrown back to the basket at the end of the day. Hence, the costs and inconvenience associated with losing or damaging a badge are significantly reduced.
Various modifications to the present invention will become apparent to those skilled in the art from the foregoing description and accompanying drawings. Accordingly, the present invention is to be limited solely by the scope of the following claims.
Claims
1. A security badge to be worn by a person, said badge comprising:
a data processor having a non- volatile memory and a volatile memory;
a transceiver for sending signals generated by said processor and receiving signals specifying operations to be carried out by said badge, said signals including signals that provide said person access to a secure system; and
an attachment sensor for detecting the removal of said badge from said person, said attachment sensor causing information stored in said volatile memory to be altered such that said person no longer has access to said secure system when said attachment sensor detects said removal, wherein said volatile memory stores information related to a security clearance associated with said person.
2. The security badge of Claim 1 wherein said volatile memory stores information enabling the wearer of said badge to gain access to a data processing system.
3. The security badge of Claim 1 wherein said badge stores a program enabling said badge to load information in said volatile memory.
4. The security badge of Claim 3 wherein said attachment sensor detects the attachment of said badge to said person and, in response thereto, enables said badge to load information in said volatile memory.
5. The badge of Claim 1 wherein said transceiver comprises a receiver and a transmitter for respectively receiving and transmitting optical signals.
6. The badge of Claim 1 further comprising a tamper sensor for detecting an alteration in said badge that could allow the contents of said volatile memory to be read, said tamper sensor causing information stored in said volatile memory to be rendered unreadable when said tamper sensor detects said alteration.
7. The badge of Claim 6 wherein said tamper sensor causes one piece of information stored in said non- volatile memory to be rendered unreadable when said tamper sensor detects said alteration.
8. The badge of Claim 1 further comprising a random number generator.
9. The badge of Claim 8 wherein said random number comprises a sensor for sensing an environmental variable that determines a random number generated by said random number generator.
10. The badge of Claim 1 wherein said badge has low and high power modes, said processor being capable of performing at least one computation in said high power mode that cannot be performed in said low power mode, said processor detecting a first signal from said transceiver while in said low power mode and causing said badge to enter said high power mode when said first signal is detected, wherein said badge consumes more power in said high power mode than in said low power mode.
11. The badge of Claim 10 wherein said processor detects a second signal from said transceiver in said low power mode and responds by sending a reply signal without leaving said low power mode.
12. The badge of Claim 1 wherein said processor executes a first program in response to receiving a first signal on said transceiver and a second program in response to receiving a second signal on said transceiver.
13. The badge of Claim 1 wherein said attachment sensor comprises an attachment mechanism having an open position and a closed position for securing said badge to said person in said closed position and a position sensor for detecting that said mechanism is in said open position.
14. The badge of Claim 13 wherein said attachment mechanism comprises a band for encircling part of said person's body.
15. The badge of Claim 14 wherein said position sensor detects that said band includes a break.
16. The badge of Claim 14 wherein said position sensor detects that said band has a length greater than a predetermined value.
17. The badge of Claim 13 wherein said attachment mechanism comprises a clip for securing said badge to an article of clothing worn by said person.
18. The badge of Claim 13 wherein said position sensor comprises a temperature sensor.
19. The badge of Claim 13 wherein said position sensor comprises a pulse sensor for detecting the pulse of said person.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003509424A JP2005527005A (en) | 2001-06-29 | 2002-06-27 | Security badge for human wear |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/896,569 | 2001-06-29 | ||
US09/896,569 US6778066B2 (en) | 2001-06-29 | 2001-06-29 | Personal identification badge that resets on the removal of the badge from the wearer |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003003333A2 true WO2003003333A2 (en) | 2003-01-09 |
WO2003003333A3 WO2003003333A3 (en) | 2003-11-13 |
Family
ID=25406426
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2002/020798 WO2003003333A2 (en) | 2001-06-29 | 2002-06-27 | Personal identification badge that resets on the removal of the badge from the wearer |
Country Status (3)
Country | Link |
---|---|
US (1) | US6778066B2 (en) |
JP (1) | JP2005527005A (en) |
WO (1) | WO2003003333A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006119810A (en) * | 2004-10-20 | 2006-05-11 | Seiko Epson Corp | Ic card |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6614392B2 (en) * | 2001-12-07 | 2003-09-02 | Delaware Capital Formation, Inc. | Combination RFID and GPS functionality on intelligent label |
US7069444B2 (en) * | 2002-01-25 | 2006-06-27 | Brent A. Lowensohn | Portable wireless access to computer-based systems |
TW543293B (en) * | 2002-09-24 | 2003-07-21 | High Tech Comp Corp | Reset apparatus of separable extension accessories |
US7205883B2 (en) * | 2002-10-07 | 2007-04-17 | Safenet, Inc. | Tamper detection and secure power failure recovery circuit |
US7892087B1 (en) * | 2002-12-02 | 2011-02-22 | Sca Promotions, Inc. | Authentication of game results |
US7267266B2 (en) * | 2003-07-10 | 2007-09-11 | Rouille David W | Security system |
US20050204144A1 (en) * | 2004-03-10 | 2005-09-15 | Kabushiki Kaisha Toshiba | Image processing apparatus and personal information management program |
US7188762B2 (en) * | 2004-05-07 | 2007-03-13 | Advanced Card Technologies Llc | Secure card package for transaction cards and method of activating the same |
JP2008502981A (en) * | 2004-06-15 | 2008-01-31 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Wireless identification with short distance check |
US20080109895A1 (en) * | 2004-08-10 | 2008-05-08 | Koninklijke Philips Electronics, N.V. | Method and System for Multi-Authentication Logon Control |
US8353705B2 (en) * | 2004-08-16 | 2013-01-15 | Incom Corporation | Attendance tracking system |
JP2006085499A (en) * | 2004-09-16 | 2006-03-30 | Fuji Xerox Co Ltd | Ic tag and sheet with ic tag |
US20060170530A1 (en) * | 2005-02-02 | 2006-08-03 | Enenia Biometrics, Inc. | Fingerprint-based authentication using radio frequency identification |
US20060214789A1 (en) * | 2005-03-24 | 2006-09-28 | Joshua Posamentier | Tamper detection with RFID tag |
EP1715436A3 (en) * | 2005-04-21 | 2007-03-28 | St Microelectronics S.A. | Protection of program execution performed by an integrated circuit or the data stored in this circuit |
EP1941466B1 (en) * | 2005-10-27 | 2015-12-02 | International Business Machines Corporation | System and method for dynamically managing badge access |
US7636029B1 (en) * | 2006-01-19 | 2009-12-22 | Sprint Spectrum L.P. | Method and system of display validation through varying visual appearance |
DE102006038438A1 (en) * | 2006-08-16 | 2008-02-21 | Keppler, Bernhard, Westport | Device, multifunctional system and method for determining medical and / or biometric data of a living being |
US7392944B2 (en) * | 2006-08-22 | 2008-07-01 | International Business Machines Corporation | Managing content at a portable, content adjustable personal identification device |
US7899610B2 (en) * | 2006-10-02 | 2011-03-01 | Inthinc Technology Solutions, Inc. | System and method for reconfiguring an electronic control unit of a motor vehicle to optimize fuel economy |
US7717326B2 (en) * | 2006-11-15 | 2010-05-18 | International Business Machines Corporation | Method and system for protecting data |
US7742995B2 (en) | 2007-03-23 | 2010-06-22 | Mastercard International, Inc. | Pre-authenticated identification token |
US20080285622A1 (en) * | 2007-05-18 | 2008-11-20 | Cooktek, Llc | Detachable Tag-Based Temperature Sensor For Use In Heating Of Food And Cookware |
JP5082737B2 (en) * | 2007-10-09 | 2012-11-28 | パナソニック株式会社 | Information processing apparatus and information theft prevention method |
US8253542B2 (en) * | 2008-09-04 | 2012-08-28 | Disney Enterprises, Inc. | Method and system for performing affinity transactions |
US20100052916A1 (en) * | 2008-09-04 | 2010-03-04 | Disney Enterprises, Inc | Identification band with secured association to wearer |
JP5304447B2 (en) * | 2009-05-29 | 2013-10-02 | ブラザー工業株式会社 | Plate incorporating RF tag and communication system |
US9384340B2 (en) * | 2011-02-28 | 2016-07-05 | Qualcomm Incorporated | Accessible region of a device |
US9294550B2 (en) * | 2012-06-11 | 2016-03-22 | Zerodesktop, Inc. | Efficient data transfer for cloud storage by centralized management of access tokens |
US10057400B1 (en) | 2012-11-02 | 2018-08-21 | Majen Tech, LLC | Lock screen interface for a mobile device apparatus |
US10051103B1 (en) | 2013-01-10 | 2018-08-14 | Majen Tech, LLC | Screen interface for a mobile device apparatus |
US11431834B1 (en) | 2013-01-10 | 2022-08-30 | Majen Tech, LLC | Screen interface for a mobile device apparatus |
US9606635B2 (en) * | 2013-02-15 | 2017-03-28 | Microsoft Technology Licensing, Llc | Interactive badge |
EP2956825B1 (en) * | 2013-03-15 | 2020-06-24 | Apple Inc. | Facilitating transactions with a user account using a wireless device |
TW201525875A (en) * | 2013-12-19 | 2015-07-01 | Smart Approach | Security label |
US11080777B2 (en) | 2014-03-31 | 2021-08-03 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US11282131B2 (en) | 2014-03-31 | 2022-03-22 | Monticello Enterprises LLC | User device enabling access to payment information in response to user input |
US10726472B2 (en) | 2014-03-31 | 2020-07-28 | Monticello Enterprises LLC | System and method for providing simplified in-store, product-based and rental payment processes |
US10511580B2 (en) | 2014-03-31 | 2019-12-17 | Monticello Enterprises LLC | System and method for providing a social media shopping experience |
US9400977B2 (en) | 2014-05-29 | 2016-07-26 | Apple Inc. | User device enabling access to payment information in response to mechanical input detection |
US9299072B2 (en) | 2014-05-29 | 2016-03-29 | Apple Inc. | Apparatuses and methods for operating a portable electronic device to conduct mobile payment transactions |
US11017384B2 (en) | 2014-05-29 | 2021-05-25 | Apple Inc. | Apparatuses and methods for using a primary user device to provision credentials onto a secondary user device |
FR3032054B1 (en) * | 2015-01-22 | 2019-11-29 | Atos Se | CONTROL OF ACCESS TO THE EQUIPMENT OF A SECURE SITE BY BIOMETRIC AUTHENTICATION |
US10127747B2 (en) | 2016-12-22 | 2018-11-13 | Active8 Software, LLC | Systems and methods for electronic ticketing, monitoring, and indicating permissive use of facilities |
US11133935B2 (en) | 2019-09-30 | 2021-09-28 | Bank Of America Corporation | System for integrity validation of authorization data using cryptographic hashes |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0323041A2 (en) * | 1987-12-07 | 1989-07-05 | Barry M. Wolk | Infant security system |
WO1993004425A1 (en) * | 1991-08-13 | 1993-03-04 | Universal Photonix, Inc. | System for remotely validating the identity of indivuals and determining their locations |
US5455851A (en) * | 1993-07-02 | 1995-10-03 | Executone Information Systems, Inc. | System for identifying object locations |
US5627520A (en) * | 1995-07-10 | 1997-05-06 | Protell Systems International, Inc. | Tamper detect monitoring device |
US5832090A (en) * | 1995-08-10 | 1998-11-03 | Hid Corporation | Radio frequency transponder stored value system employing a secure encryption protocol |
WO2000016284A1 (en) * | 1998-09-11 | 2000-03-23 | Key-Trak, Inc. | Tamper detection and prevention for an object control and tracking system |
GB2355333A (en) * | 1999-07-07 | 2001-04-18 | Neil Welsh | A system for controlling access of individuals to and/or from a restricted area |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0220396A (en) * | 1988-07-07 | 1990-01-23 | Matsushita Electric Ind Co Ltd | Information processing carrier |
BR9205419A (en) * | 1991-10-31 | 1994-04-19 | Kwang Sil Lee | Electronic identification system with automatic remote response capability and automatic identification control process for the same |
US6346886B1 (en) * | 1996-12-20 | 2002-02-12 | Carlos De La Huerga | Electronic identification apparatus |
JPH10334202A (en) * | 1997-06-04 | 1998-12-18 | Sony Corp | Id card, producing equipment control unit, and producing equipment control system by id card and its method |
JPH11102459A (en) * | 1997-09-26 | 1999-04-13 | Oki Electric Ind Co Ltd | Security managing system for automatic transaction device |
DE19745953C2 (en) * | 1997-10-17 | 2002-12-05 | Anatoli Stobbe | Anti-theft system and method for automatic detection and identification of an anti-theft tag by a base station |
JP3651247B2 (en) * | 1998-03-30 | 2005-05-25 | セイコーエプソン株式会社 | Information device and input device for personal authentication system |
JPH11328323A (en) * | 1998-05-15 | 1999-11-30 | Hitachi Ltd | Power saving system |
JP3576387B2 (en) * | 1998-06-26 | 2004-10-13 | シャープ株式会社 | Semiconductor circuit and moving object identification device provided with the same |
AU2262199A (en) | 1998-07-14 | 2000-02-07 | Creaholic S.A. | Timepiece with mechanical regulation |
JP2000148860A (en) * | 1998-11-17 | 2000-05-30 | Seiko Instruments Inc | Authentication terminal for credit transaction system and watch type id device |
TW484101B (en) * | 1998-12-17 | 2002-04-21 | Hitachi Ltd | Semiconductor device and its manufacturing method |
JP4126385B2 (en) * | 1998-12-31 | 2008-07-30 | カシオ計算機株式会社 | Body wearing device and authentication system |
JP4205250B2 (en) * | 1999-04-28 | 2009-01-07 | 株式会社日立製作所 | Device operation right management system |
-
2001
- 2001-06-29 US US09/896,569 patent/US6778066B2/en not_active Expired - Lifetime
-
2002
- 2002-06-27 JP JP2003509424A patent/JP2005527005A/en active Pending
- 2002-06-27 WO PCT/US2002/020798 patent/WO2003003333A2/en active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0323041A2 (en) * | 1987-12-07 | 1989-07-05 | Barry M. Wolk | Infant security system |
WO1993004425A1 (en) * | 1991-08-13 | 1993-03-04 | Universal Photonix, Inc. | System for remotely validating the identity of indivuals and determining their locations |
US5455851A (en) * | 1993-07-02 | 1995-10-03 | Executone Information Systems, Inc. | System for identifying object locations |
US5627520A (en) * | 1995-07-10 | 1997-05-06 | Protell Systems International, Inc. | Tamper detect monitoring device |
US5832090A (en) * | 1995-08-10 | 1998-11-03 | Hid Corporation | Radio frequency transponder stored value system employing a secure encryption protocol |
WO2000016284A1 (en) * | 1998-09-11 | 2000-03-23 | Key-Trak, Inc. | Tamper detection and prevention for an object control and tracking system |
GB2355333A (en) * | 1999-07-07 | 2001-04-18 | Neil Welsh | A system for controlling access of individuals to and/or from a restricted area |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006119810A (en) * | 2004-10-20 | 2006-05-11 | Seiko Epson Corp | Ic card |
Also Published As
Publication number | Publication date |
---|---|
US20030001722A1 (en) | 2003-01-02 |
WO2003003333A3 (en) | 2003-11-13 |
JP2005527005A (en) | 2005-09-08 |
US6778066B2 (en) | 2004-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6778066B2 (en) | Personal identification badge that resets on the removal of the badge from the wearer | |
US6836843B2 (en) | Access control through secure channel using personal identification system | |
US10943000B2 (en) | System and method for supplying security information | |
US9923884B2 (en) | In-circuit security system and methods for controlling access to and use of sensitive data | |
US8515070B2 (en) | Access control for implanted medical devices | |
EP0924656B2 (en) | Personal identification FOB | |
US8511552B2 (en) | Card credential method and system | |
US9246903B2 (en) | Authentication method | |
EP0924657B2 (en) | Remote idendity verification technique using a personal identification device | |
ES2292737T3 (en) | METHOD AND SYSTEM TO ENSURE A PERSONAL IDENTIFICATION NETWORK AND DEVICE USED IN IT TO CONTROL ACCESS TO NETWORK COMPONENTS. | |
WO2017152815A1 (en) | Identity authentication method and system | |
US10574466B1 (en) | Authenticated external biometric reader and verification device | |
US20160092665A1 (en) | Liveness Detection for User Authentication | |
JP2000276445A (en) | Authentication method and device using biometrics discrimination, authentication execution device, and recording medium recorded with authentication program | |
US20010054147A1 (en) | Electronic identifier | |
JP2011002994A (en) | Usb type token | |
CN105939336A (en) | Identity authentication method and system | |
US9294921B2 (en) | Device for mobile communication | |
KR102160656B1 (en) | Login Method Using Palm Vein | |
US20190386988A1 (en) | Biometric user's authentication | |
EP2106644A1 (en) | Password generator | |
Rila et al. | Security protocols for biometrics-based cardholder authentication in smartcards | |
KR20030065774A (en) | An Apparatus and Method of the Biometric Information Protection from Replay Attack in the Network | |
Gong et al. | An Authentication Protocol Applied to RFID Security Systems | |
Malasri et al. | Securing Wireless Implantable Healthcare Devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003509424 Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |