PERSONAL DIGITAL KEY DIFFERENTIATION FOR SECURE TRANSACTIONS

US 20070260883A1
Filed: 05/05/2007
Published: 11/08/2007
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone of an external device, comprising:

obtaining a first differentiation metric associated with the first PDK after it enters the proximity zone;

obtaining a second differentiation metric associated with the second PDK after it enters the proximity zone;

determining whether the first PDK is most likely to be associated with a transaction based on the first and second differentiation metrics;

responsive to the first PDK being most likely associated with the transaction, executing an authentication test for the first PDK; and

authorizing the transaction responsive to the first PDK satisfying the authentication test.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key is a portable device carried by an individual that stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory. When multiple PDKs are present at the point of the transaction, the system automatically determines which PDK to associate with the authentication and transaction processes. The differentiation decision is based on one or more differentiation metrics including distance information, location information, and detection duration information associated with each of the PDKs within range. Profile samples comprising subsets of the profile information are received to provide a quick correlation between a PDK an input sample (e.g., a subset of a biometric input). After determining which PDK should be associated with the transaction, a full authentication process is executed.

Citations

31 Claims

1. A method for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone of an external device, comprising:
- obtaining a first differentiation metric associated with the first PDK after it enters the proximity zone;
  
  obtaining a second differentiation metric associated with the second PDK after it enters the proximity zone;
  
  determining whether the first PDK is most likely to be associated with a transaction based on the first and second differentiation metrics;
  
  responsive to the first PDK being most likely associated with the transaction, executing an authentication test for the first PDK; and
  
  authorizing the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising receiving an input to initiate an authentication of an individual.
  - 3. The method of claim 2, further comprising:
    - receiving a first profile sample from the first PDK, wherein the profile sample comprises a subset of information from a first profile in the first PDK computed according to a first function;
      
      computing an input sample from the received input according to the first function; and
      
      responsive to the first profile sample not matching the input sample, indicating that the first PDK does not satisfy the authentication test.
  - 4. The method of claim 3, further comprising:
    - receiving a second profile sample from the first PDK;
      
      comparing the second profile sample to the input sample; and
      
      determining if the second profile sample matches the input sample.
  - 5. The method of claim 3, wherein the first profile sample is received at a predetermined period of time after the first PDK enters the proximity zone.
  - 6. The method of claim 2, wherein the input is a biometric input and wherein executing the authentication test further comprises:
    - wirelessly receiving a biometric profile from the first PDK;
      
      comparing the received biometric profile to the biometric input; and
      
      responsive to the biometric profile matching the biometric input, indicating that the authentication test is satisfied.
  - 7. The method of claim 2, wherein the input is a personal identification number (PIN) and wherein executing the authentication test further comprises:
    - wirelessly receiving a PIN profile from the first PDK;
      
      comparing the received PIN profile to the PIN input; and
      
      responsive to the PIN profile matching the PIN input, indicating that the authentication test is satisfied.
  - 8. The method of claim 2, wherein executing the authentication test further comprises:
    - wirelessly receiving a picture profile from the first PDK;
      
      comparing the received picture profile to the individual; and
      
      responsive to the picture profile matching the appearance of the individual, indicating that the authentication test is satisfied.
  - 9. The method of claim 1, further comprising:
    - responsive to the authentication test not being satisfied, determining whether the second PDK is next most likely to be associated with the individual based on the differentiation metrics;
      
      executing the authentication test for the second PDK; and
      
      authorizing the transaction responsive to the second PDK satisfying the authentication test.
  - 10. The method of claim 1, wherein the first differentiation metric is based on at least one of a distance metric, a detection duration metric, and a location metric.
  - 11. The method of claim 10, wherein the distance metric is determined based on at least one of bit error rate, packet error rate, signal strength.
  - 12. The method of claim 10, wherein the detection duration metric includes a length of time the first PDK is within the proximity zone of the external device.
  - 13. The method of claim 10, wherein the location metric is determined using coordinate triangulation.

14. An apparatus for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone, comprising:
- a receiver/decoder circuit adapted to obtain a first differentiation metric associated with the first PDK when the first PDK enters the proximity zone and obtain a second differentiation metric associated with the second PDK when the second PDK enters the proximity zone; and
  
  a processor coupled to the receiver decoder circuit, the processor for determining whether the first PDK is most likely to be associated with a transaction based on the differentiation metrics, executing an authentication test for the first PDK responsive to determining that the first PDK is most likely associated with the transaction, and authorizing the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The apparatus of claim 14, further comprising a memory coupled to the receiver/decoder circuit, the memory adapted to buffer the first and second differentiation metrics.
  - 16. The apparatus of claim 14, further comprising an input device adapted to receive an input from an individual to initiate the transaction.
  - 17. The apparatus of claim 16, wherein the input device comprises at least one of a keypad, a touch screen, a biometric reader and a pointing device.
  - 18. The apparatus of claim 17, wherein the biometric reader is further adapted to obtain a representation of physical or behavioral characteristics derived from the individual.
  - 19. The apparatus of claim 17, wherein the biometric reader comprises at least one of a fingerprint scanner, a retinal scanner, an iris scanner, a face scanner, a palm scanner, a DNA analyzer, a signature analyzer and a voice analyzer.
  - 20. The apparatus of claim 16 wherein the receiver/decoder circuit is further adapted to wirelessly receive a profile sample from the first PDK, wherein the profile sample comprises a subset of information computed by applying a first function to a profile of the first PDK.
  - 21. The apparatus of claim 20, wherein the processor is further configured to compute an input sample by applying the first function to the received input, and determine if the input sample matches the buffered profile sample associated with the first PDK.
  - 22. The apparatus of claim 20, wherein the receiver/decoder circuit automatically receives the profile sample at a fixed period of time after the first PDK enters the proximity zone.
  - 23. The apparatus of claim 14, wherein the processor is further adapted to determine whether the second PDK is next most likely to be associated with the individual based on the differentiation metrics responsive to the authentication test not being satisfied, execute the authentication test for the second PDK, and authorize the transaction responsive to the second PDK satisfying the authentication test.
  - 24. The apparatus of claim 14, wherein the differentiation metric is based on at least one of a distance metric, a detection duration metric, and a location metric.
  - 25. The apparatus of claim 14, further comprising a screen coupled to the receiver/decoder circuit, the screen adapted to display an image received from the PDK.

26. A computer readable storage medium for differentiating between a plurality of personal digital keys (PDKs) within a proximity zone of an external device, structured to store instructions executable by a processing system, the instructions when executed cause the processing system to:
- obtain a first differentiation metric associated with the first PDK after it enters the proximity zone;
  
  obtain a second differentiation metric associated with the second PDK after it enters the proximity zone;
  
  determine whether the first PDK is most likely to be associated with a transaction based on the first and second differentiation metrics;
  
  responsive to the first PDK being most likely associated with the transaction, execute an authentication test for the first PDK; and
  
  authorize the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The computer readable storage medium of claim 26, the instruction when executed further causing the processing system to receive an input to initiate an authentication of an individual.
  - 28. The computer readable storage medium of claim 27, the instructions when executed further causing the processing system to:
    - receive a profile sample from the first PDK, wherein the profile sample comprises a subset of information from a first profile in the first PDK computed according to a first function;
      
      compute an input sample from the received input according to the first function; and
      
      responsive to the profile sample not matching the input sample, indicate that the first PDK does not satisfy the authentication test.
  - 29. The computer readable storage medium of claim 27, wherein the input is a biometric input and wherein the instructions when executed further cause the processing system to:
    - wirelessly receive a biometric profile from the first PDK;
      
      compare the received biometric profile to the biometric input; and
      
      responsive to the biometric profile matching the biometric input, indicate that the authentication test is satisfied.
  - 30. The computer readable storage medium of claim 26, the instructions when executed further causing the processing system to:
    - responsive to the authentication test not being satisfied, determine whether the second PDK is next most likely to be associated with the individual based on the differentiation metrics;
      
      execute the authentication test for the second PDK; and
      
      authorize the transaction responsive to the second PDK satisfying the authentication test.
  - 31. The computer readable storage medium of claim 26, wherein the first differentiation metric is based on at least one of a distance metric, a detection duration metric, and a location metric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proxense, LLC
Original Assignee
Proxense, LLC
Inventors
Brown, David, Hirt, Fred, Giobbi, John

Granted Patent

US 7,904,718 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07C 2209/12   Comprising means for protec...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/0861   using biometrical features,...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

PERSONAL DIGITAL KEY DIFFERENTIATION FOR SECURE TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

PERSONAL DIGITAL KEY DIFFERENTIATION FOR SECURE TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links