Personal digital key differentiation for secure transactions

US 7,904,718 B2
Filed: 05/05/2007
Issued: 03/08/2011
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone of an external device, comprising:

using a computer to execute method steps, the steps comprising;

obtaining a first differentiation metric associated with the first PDK after it enters the proximity zone, wherein the first differentiation metric is based on a distance metric that measures a distance greater than zero from the PDK to the external device or a detection duration metric that measures a time duration greater than zero once the PDK enters the proximity zone;

obtaining a second differentiation metric associated with the second PDK after it enters the proximity zone while the first PDK is present in the proximity zone, wherein the second differentiation metric is based on the distance metric or the detection duration metric;

comparing the first differentiation metric to the second differentiation metric;

determining that the first PDK is associated with a transaction based on the comparison of the first differentiation metric and the second differentiation metric;

responsive to determining that the first PDK is associated with the transaction, executing an authentication test for the first PDK; and

authorizing the transaction responsive to the first PDK satisfying the authentication test.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A Personal Digital Key is a portable device carried by an individual that stores one or more profiles (e.g., a biometric profile) in a tamper-proof memory. When multiple PDKs are present at the point of the transaction, the system automatically determines which PDK to associate with the authentication and transaction processes. The differentiation decision is based on one or more differentiation metrics including distance information, location information, and detection duration information associated with each of the PDKs within range. Profile samples comprising subsets of the profile information are received to provide a quick correlation between a PDK an input sample (e.g., a subset of a biometric input). After determining which PDK should be associated with the transaction, a full authentication process is executed.

Citations

32 Claims

1. A method for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone of an external device, comprising:
- using a computer to execute method steps, the steps comprising;
  
  obtaining a first differentiation metric associated with the first PDK after it enters the proximity zone, wherein the first differentiation metric is based on a distance metric that measures a distance greater than zero from the PDK to the external device or a detection duration metric that measures a time duration greater than zero once the PDK enters the proximity zone;
  
  obtaining a second differentiation metric associated with the second PDK after it enters the proximity zone while the first PDK is present in the proximity zone, wherein the second differentiation metric is based on the distance metric or the detection duration metric;
  
  comparing the first differentiation metric to the second differentiation metric;
  
  determining that the first PDK is associated with a transaction based on the comparison of the first differentiation metric and the second differentiation metric;
  
  responsive to determining that the first PDK is associated with the transaction, executing an authentication test for the first PDK; and
  
  authorizing the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 31, 32)
- - 2. The method of claim 1, further comprising receiving an input to initiate an authentication of an individual.
  - 3. The method of claim 2, further comprising:
    - receiving a first profile sample from the first PDK, wherein the profile sample comprises a subset of information from a first profile in the first PDK computed according to a first function;
      
      computing an input sample from the received input according to the first function; and
      
      responsive to the first profile sample not matching the input sample, indicating that the first PDK does not satisfy the authentication test.
  - 4. The method of claim 3, further comprising:
    - receiving a second profile sample from the first PDK;
      
      comparing the second profile sample to the input sample; and
      
      determining if the second profile sample matches the input sample.
  - 5. The method of claim 3, wherein the first profile sample is received at a predetermined period of time after the first PDK enters the proximity zone.
  - 6. The method of claim 2, wherein the input is a biometric input and wherein executing the authentication test further comprises:
    - wirelessly receiving a biometric profile from the first PDK;
      
      comparing the received biometric profile to the biometric input; and
      
      responsive to the biometric profile matching the biometric input, indicating that the authentication test is satisfied.
  - 7. The method of claim 2, wherein the input is a personal identification number (PIN) and wherein executing the authentication test further comprises:
    - wirelessly receiving a PIN profile from the first PDK;
      
      comparing the received PIN profile to the PIN input; and
      
      responsive to the PIN profile matching the PIN input, indicating that the authentication test is satisfied.
  - 8. The method of claim 2, wherein executing the authentication test further comprises:
    - wirelessly receiving a picture profile from the first PDK;
      
      comparing the received picture profile to the individual; and
      
      responsive to the picture profile matching the appearance of the individual, indicating that the authentication test is satisfied.
  - 9. The method of claim 1, further comprising:
    - responsive to the authentication test not being satisfied, determining that the second PDK is associated with the transaction based on the comparison of the first differentiation metric and the second differentiation metric;
      
      executing the authentication test for the second PDK; and
      
      authorizing the transaction responsive to the second PDK satisfying the authentication test.
  - 10. The method of claim 1, wherein the distance metric is determined based on at least one of bit error rate, packet error rate and signal strength.
  - 31. The method of claim 1, wherein the comparison of the first and second differentiation metrics is based on a first differentiation result and a second differentiation result, wherein the first differentiation result is calculated from weighted values representing the first differentiation metric, and the second differentiation result is calculated from weighted values representing the second differentiation metric.
  - 32. The method of claim 31, wherein the first differentiation result is calculated using a linear combination of the weighted values representing the first differentiation metric.

11. An apparatus for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone, comprising:
- a receiver/decoder circuit adapted to obtain a first differentiation metric associated with the first PDK when the first PDK enters the proximity zone and to obtain a second differentiation metric associated with the second PDK when the second PDK enters the proximity zone while the first PDK is present in the proximity zone, wherein the first differentiation metric and the second differentiation metric are based on a distance metric that measures a distance greater than zero from the PDK to the external device or a detection duration metric that measures a time duration greater than zero once the PDK enters the proximity zone; and
  
  a processor coupled to the receiver decoder circuit, the processor for comparing the first differentiation metric to the second differentiation metric, determining that the first PDK is associated with a transaction based on the comparison of the first differentiation metric and the second differentiation metric, executing an authentication test for the first PDK responsive to determining that the first PDK is associated with the transaction, and authorizing the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The apparatus of claim 11, further comprising a memory coupled to the receiver/decoder circuit, the memory adapted to buffer the first and second differentiation metrics.
  - 13. The apparatus of claim 11, further comprising an input device adapted to receive an input from an individual to initiate the transaction.
  - 14. The apparatus of claim 13, wherein the input device comprises at least one of a keypad, a touch screen, a biometric reader and a pointing device.
  - 15. The apparatus of claim 14, wherein the biometric reader is further adapted to obtain a representation of physical or behavioral characteristics derived from the individual.
  - 16. The apparatus of claim 14, wherein the biometric reader comprises at least one of a fingerprint scanner, a retinal scanner, an iris scanner, a face scanner, a palm scanner, a DNA analyzer, a signature analyzer and a voice analyzer.
  - 17. The apparatus of claim 13 wherein the receiver/decoder circuit is further adapted to wirelessly receive a profile sample from the first PDK, wherein the profile sample comprises a subset of information computed by applying a first function to a profile of the first PDK.
  - 18. The apparatus of claim 17, wherein the processor is further configured to compute an input sample by applying the first function to the received input, and determine if the input sample matches the buffered profile sample associated with the first PDK.
  - 19. The apparatus of claim 17, wherein the receiver/decoder circuit automatically receives the profile sample at a fixed period of time after the first PDK enters the proximity zone.
  - 20. The apparatus of claim 11, wherein the processor is further adapted to determine that the second PDK is associated with the transaction based on the comparison of the first differentiation metric and the second differentiation metric responsive to the authentication test not being satisfied, execute the authentication test for the second PDK, and authorize the transaction responsive to the second PDK satisfying the authentication test.
  - 21. The apparatus of claim 11, further comprising a screen coupled to the receiver/decoder circuit, the screen adapted to display an image received from the PDK.

22. A computer readable storage medium for differentiating between a plurality of personal digital keys (PDKs) within a proximity zone of an external device, structured to store instructions executable by a processing system, the instructions when executed cause the processing system to:
- obtain a first differentiation metric associated with the first PDK after it enters the proximity zone, wherein the first differentiation metric is based on a distance metric that measures a distance greater than zero from the PDK to the external device or a detection duration metric that measures a time duration greater than zero once the PDK enters the proximity zone;
  
  obtain a second differentiation metric associated with the second PDK after it enters the proximity zone while the first PDK is present in the proximity zone, wherein the second differentiation metric is based on the distance metric or the detection duration metric;
  
  compare the first differentiation metric to the second differentiation metric;
  
  determine that the first PDK is associated with a transaction based on the comparison of the first differentiation metric and the second differentiation metric;
  
  responsive to the first PDK being associated with the transaction, execute an authentication test for the first PDK; and
  
  authorize the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The computer readable storage medium of claim 22, the instruction when executed further causing the processing system to receive an input to initiate an authentication of an individual.
  - 24. The computer readable storage medium of claim 23, the instructions when executed further causing the processing system to:
    - receive a profile sample from the first PDK, wherein the profile sample comprises a subset of information from a first profile in the first PDK computed according to a first function;
      
      compute an input sample from the received input according to the first function; and
      
      responsive to the profile sample not matching the input sample, indicate that the first PDK does not satisfy the authentication test.
  - 25. The computer readable storage medium of claim 23, wherein the input is a biometric input and wherein the instructions when executed further cause the processing system to:
    - wirelessly receive a biometric profile from the first PDK;
      
      compare the received biometric profile to the biometric input; and
      
      responsive to the biometric profile matching the biometric input, indicate that the authentication test is satisfied.
  - 26. The computer readable storage medium of claim 22, the instructions when executed further causing the processing system to:
    - responsive to the authentication test not being satisfied, determine that the second PDK is associated with the transaction based on the comparison of the first differentiation metric and the second differentiation metric;
      
      execute the authentication test for the second PDK; and
      
      authorize the transaction responsive to the second PDK satisfying the authentication test.

27. A computer implemented method for differentiating between a first personal digital key (PDK) and a second PDK within a proximity zone of an external device, comprising:
- obtaining a first differentiation metric associated with the first PDK after it enters the proximity zone, wherein the first differentiation metric is based on a first location metric that tracks a motion of the PDK towards the external device and the first location metric is determined using coordinate triangulation;
  
  obtaining a second differentiation metric associated with the second PDK after it enters the proximity zone while the first PDK is present in the proximity zone, wherein the second differentiation metric is based on a second location metric and the second location metric is determined using coordinate triangulation;
  
  computing a differentiation decision based on the first differentiation metric and the second differentiation metric;
  
  determining that the first PDK is associated with a transaction within the proximity zone based on the differentiation decision;
  
  responsive to the first PDK being associated with the transaction, executing an authentication test for the first PDK; and
  
  authorizing the transaction responsive to the first PDK satisfying the authentication test.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27, wherein a PDK that moves towards and then away from the external device is considered least likely to have initiated the transaction.
  - 29. The method of claim 27, wherein a PDK that stops within a vicinity of the external device is considered most likely to have initiated the transaction.
  - 30. The method of claim 27, wherein differentiation decision indicates that the PDK within the proximity zone moving towards the external device is most likely to be associated to the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proxense, LLC
Original Assignee
Proxense, LLC
Inventors
Giobbi, John J., Brown, David L., Hirt, Fred S.
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US11/744,833
Publication Number

US 20070260883A1
Time in Patent Office

1,403 Days
Field of Search

713/168, 713/170, 713/172, 340/5.6, 340/5.63
US Class Current

713/172
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/2115   Third party

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07C 2209/12   Comprising means for protec...

G07C 9/257   electronically G07C9/26 tak...

G07C 9/26   using a biometric sensor in...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/0861   using biometrical features,...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

Personal digital key differentiation for secure transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Personal digital key differentiation for secure transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links