Method and system for creating and operating biometrically enabled multi-purpose credential management devices
First Claim
Patent Images
1. A portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising:
- (a) a biometric sensor;
(b) control circuitry;
(c) a microprocessor;
(d) a memory storing personnel data, biometric data, a credentialing application, operational software and a plurality of credentials, each of the plurality of credentials being associated with personnel data;
(e) a power source;
(f) a plurality of distinct interfaces interacting with external credential-receiving systems;
(g) the operational software executing on the microprocessor, and associating the biometric data with the credentialing application and the plurality of credentials;
(h) the credentialing application executing on the microprocessor, requesting a credential from the memory based on input from the biometric sensor, selecting one of the plurality of distinct interfaces for credential distribution and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces; and
(i) wherein the biometric sensor, the control circuitry, the microprocessor, the memory, the power source, the plurality of distinct interfaces interacting with external credential-receiving systems, the operational software, and the credentialing application are integrated on the device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system used to integrate and control multiple secure credentialing approaches including magnetic stripes, bar codes, contact and contactless SmartCard chips, Short Message Systems (SMS), Global Positioning Systems (GPS), vicinity type Radio Frequency Identification Devices (RFID), and proximity type RFID, into compact, self-powered, biometrically-protected devices.
-
Citations
47 Claims
-
1. A portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising:
-
(a) a biometric sensor; (b) control circuitry; (c) a microprocessor; (d) a memory storing personnel data, biometric data, a credentialing application, operational software and a plurality of credentials, each of the plurality of credentials being associated with personnel data; (e) a power source; (f) a plurality of distinct interfaces interacting with external credential-receiving systems; (g) the operational software executing on the microprocessor, and associating the biometric data with the credentialing application and the plurality of credentials; (h) the credentialing application executing on the microprocessor, requesting a credential from the memory based on input from the biometric sensor, selecting one of the plurality of distinct interfaces for credential distribution and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces; and (i) wherein the biometric sensor, the control circuitry, the microprocessor, the memory, the power source, the plurality of distinct interfaces interacting with external credential-receiving systems, the operational software, and the credentialing application are integrated on the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 43, 44)
-
-
19. A data processing system for integrating and controlling multiple secure credentialing applications using a compact, self-powered, biometrically protected device, the system comprising:
-
(a) a portable, hand-held, programmable device having a biometric sensor, control circuitry, a microprocessor, a memory storing personnel data, biometric data, a plurality of credentialing applications, a plurality of credentials, a power source, a plurality of distinct interfaces to external credential-receiving systems, and operational software, all of the above being integrated on a single device; and (b) an enrollment system interacting with a device holder and with the programmable device to enable identification and verification of the device holder through the biometric sensor, and associating the biometric data with a credentialing application and with a credential; (c) the operational software executing on the microprocessor and preventing the use of the device until an authorized user is identified by the biometric sensor; (d) the credentialing application executing on the microprocessor, requesting a credential from the memory, selecting one of the plurality of distinct interfaces for credential distribution and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces. - View Dependent Claims (20)
-
-
21. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of:
-
(a) establishing, on an enrollment station, a policy database determining access control rules and credential authority; (b) inserting a blank biometrically-protected device into the enrollment station; (c) loading a plurality of credential-emulating applications from the enrollment station into the biometrically-protected device; (d) loading personnel data from a personnel database and credentials from the enrollment station into the biometrically-protected device; (e) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (f) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the personnel data and credentials; (g) removing the device from the enrollment station; (h) at a future time, the user choosing one of the plurality of credential-emulating applications and activating the chosen one of the plurality of credential-emulating applications executing on the biometrically-protected device only if at least one of the user'"'"'s fingerprints matches the stored fingerprint data; and (i) transferring an activated emulated credential from the credential-emulating application to a selected one of a plurality of external credential-receiving systems expecting the credential. - View Dependent Claims (22, 23, 24, 25, 26, 27, 31, 37, 38, 39, 45)
-
-
28. A self-contained identity management apparatus integrated on a single portable, hand-held, programmable device, comprising:
-
(a) a biometric sensor; (b) a microprocessor; (c) a memory containing personnel data, biometric data, operational software, a plurality of credentials, and executable software implementing a plurality of credentialing applications executable by the microprocessor; (d) a self-contained power source; and (e) a plurality of distinct interfaces to external credential-receiving systems; (f) the operational software executing on the microprocessor, associating the biometric data with a credentialing application, and with the plurality of credentials, and enabling identification and verification of a device holder through the biometric sensor; and
the credentialing application executing on the microprocessor, requesting a credential from the memory, selecting one of the plurality of distinct interfaces to external credential-receiving systems for credential distribution, and presenting the credential to an external credential-receiving system through the selected one of the plurality of distinct interfaces. - View Dependent Claims (29, 30, 46, 47)
-
-
32. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of:
-
(a) establishing, on an enrollment station, a policy database determining access control rules and credential authority; (b) inserting a blank biometrically-protected device into the enrollment station; (c) loading a plurality of credential-emulating applications from the enrollment station into the biometrically-protected device; (d) loading personnel data from a personnel database and credentials from the enrollment station into the biometrically-protected device; (e) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (f) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the personnel data and credentials; (g) removing the device from the enrollment station; (h) at a future time, the user choosing one of the plurality of credential-emulating applications and activating the chosen one of the plurality of credential-emulating applications executing on the biometrically-protected device only if at least one of the user'"'"'s fingerprints matches the stored fingerprint data; and (i) activating one of a plurality of distinct interfaces to external systems based on the selected credential-emulating application over the activated interface to an external system expecting the credential.
-
-
33. A data processing method for integrating and controlling multiple secure credential-emulating applications executing on a compact, self-powered, biometrically-protected device, comprising the steps of:
-
(a) a user placing at least one finger on a fingerprint sensor on the biometrically-protected device; (b) storing fingerprint data on the biometrically-protected device and associating the stored fingerprint data with the user; (c) the user using the fingerprint sensor to choose one of a plurality of credential-emulating applications executing on the biometrically-protected device and activating the chosen one of the plurality of credential-emulating applications only if at least one of the user'"'"'s fingerprints matches the stored fingerprint data; (d) transferring the activated emulated credential from the credential-emulating application to an external system expecting the credential; (e) receiving information from the external system; (f) the user using the fingerprint sensor to choose another one of the plurality of credential-emulating applications and activating the other one of the plurality of credential-emulating applications executing on the biometrically-protected device; (g) transferring the activated emulated credential from the other credential-emulating application to a second external system expecting the credential; and (h) transferring the information received in step (e) to the second external system.
-
-
34. An enrollment system for a portable, hand-held, programmable device for integrating and controlling multiple secure credentialing applications and for interacting with external systems, comprising:
-
(a) a policy database containing security policies, the security policies determining access control rules and credential authority; (b) a personnel database containing personnel data and credentials for a user of the portable, hand-held, programmable device; (c) a microprocessor executing technology processes and accessing the policy database to implement the security policies; and (d) a read/write device receiving a blank, portable, hand-held device for integrating and controlling multiple secure credentialing applications and for interacting with external credential-receiving systems, the read/write device loading secure credentialing applications, the personnel data, and the credentials into a memory on the portable, hand-held device;
requesting biometric data from a user;
associating the biometric data with the personnel data, a security policy, and the credentials, and storing the biometric data in the memory of the portable, hand-held device. - View Dependent Claims (35, 36, 40, 41, 42)
-
Specification