Multi-media identity management system

US 8,826,389 B2
Filed: 05/09/2012
Issued: 09/02/2014
Est. Priority Date: 05/09/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method for utilizing multi-media identities for access control to a secure area or item comprising:

providing of a multi-media identity to an entity by a multi-media identity management system for use with an access control system, wherein the multi-media identity is a digital identifier whose multi-media data elements define multi-media authentication data expected to be used by the entity and security privileges of the access control system assigned to the entity, wherein the multi-media identity is stored upon a portable identification device;

receiving the provided multi-media identity and multi-media authentication data in an access request for one of a secure area and a secure item, wherein the multi-media authentication data comprises at least a digital image of the entity, wherein the multi-media authentication data is captured by at least one multi-media capture device in one of real-time and near real-time;

verifying the multi-media authentication data against the multi-media data elements of the multi-media identity, wherein each multi-media authentication data item is compared to a multi-media data element of the multi-media identity of a corresponding multi-media type;

validating the security privileges of the multi-media identity to those defined for the one of the secure area and the secure item;

when the multi-media authentication data, multi-media identity, and security privileges are valid for the one of the secure area and the secure item, granting the entity access to the one of the secure area and the secure item; and

when at least one of the multi-media authentication data, multi-media identity, and security privileges is invalid, denying the entity access to the one of the secure area and the secure item.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for utilizing multi-media identities for access control to a secure area or item can begin with a multi-media identity management system providing a multi-media identity to an entity for use with an access control system. The multi-media identity can be a digital identifier defining multi-media authentication data and security privileges for the entity. The provided multi-media identity and multi-media authentication data can be received in an access request for a secure area or item. The multi-media authentication data can be verified against the multi-media data elements of the multi-media identity. The security privileges of the multi-media identity can be validated for the secure area or item. When the multi-media authentication data, multi-media identity, and security privileges are valid, the entity can be granted access and denied access when at least one item is invalid.

Citations

20 Claims

1. A method for utilizing multi-media identities for access control to a secure area or item comprising:
- providing of a multi-media identity to an entity by a multi-media identity management system for use with an access control system, wherein the multi-media identity is a digital identifier whose multi-media data elements define multi-media authentication data expected to be used by the entity and security privileges of the access control system assigned to the entity, wherein the multi-media identity is stored upon a portable identification device;
  
  receiving the provided multi-media identity and multi-media authentication data in an access request for one of a secure area and a secure item, wherein the multi-media authentication data comprises at least a digital image of the entity, wherein the multi-media authentication data is captured by at least one multi-media capture device in one of real-time and near real-time;
  
  verifying the multi-media authentication data against the multi-media data elements of the multi-media identity, wherein each multi-media authentication data item is compared to a multi-media data element of the multi-media identity of a corresponding multi-media type;
  
  validating the security privileges of the multi-media identity to those defined for the one of the secure area and the secure item;
  
  when the multi-media authentication data, multi-media identity, and security privileges are valid for the one of the secure area and the secure item, granting the entity access to the one of the secure area and the secure item; and
  
  when at least one of the multi-media authentication data, multi-media identity, and security privileges is invalid, denying the entity access to the one of the secure area and the secure item.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein providing of the multi-media identity further comprises:
    - receiving a plurality of multi-media identity data that uniquely describes the entity;
      
      processing the plurality of multi-media identity data into metadata and at least one multi-media fingerprint of a multi-media type corresponding to the multi-media type of an originating multi-media identity data item, wherein a multi-media fingerprint is a baseline representation for a multi-media identity data item;
      
      producing the multi-media identity for the entity using the metadata and at least one multi-media fingerprint processed from the plurality of multi-media identity data;
      
      storing the multi-media identity in a multi-media identity library, wherein the multi-media identity library stores multi-media identities currently being used by the multi-media identity management system; and
      
      transferring a copy of the generated multi-media identity to a memory location of the portable identification device.
  - 3. The method of claim 2, wherein, when creating a new multi-media identity, producing the multi-media identity further comprises:
    - creating a new multi-media identity for the entity;
      
      populating the new multi-media identity with the metadata and at least one multi-media fingerprint; and
      
      associating at least one set of security privileges defined within the access control system to the new multi-media identity.
  - 4. The method of claim 3, wherein, when at least one external security condition is included with the plurality of multi-media identity data, populating the new multi-media identity further comprises:
    - identifying at least one external security condition submitted for the entity, wherein an external security condition defines a circumstance outside a purview of the access control system whose satisfaction is required to validate the new multi-media identity; and
      
      adding the identified at least one external security condition to the new multi-media identity, wherein said at least one external security condition is written in a standardized format interpretable by the multi-media identity management system.
  - 5. The method of claim 2, wherein, when updating an existing multi-media identity, producing the multi-media identity further comprises:
    - querying the multi-media identity library for the at least one existing multi-media identity associated with an identifier of the entity;
      
      ascertaining an ID type of each existing multi-media identity returned by the query, wherein the ID type comprises one of a individual ID type and a group ID type, wherein the entity associated with the individual ID type is a singular person and the entity associated with the group ID type is comprised of multiple people;
      
      filtering results of the query to exclude existing multi-media identities having the group ID type, wherein only those existing multi-media identities having the individual ID type remain in a results set of the query; and
      
      updating at least one of the metadata and the at least one multi-media fingerprint of the existing multi-media identities in the results set with at least one of the metadata and the at least one multi-media fingerprint processed from the received plurality of multi-media identity data.
  - 6. The method of claim 1, wherein verification of the multi-media authentication data further comprises:
    - processing the multi-media authentication data into metadata and at least one multi-media fingerprint;
      
      comparing the processed metadata and at least one multi-media fingerprint with the metadata and at least one multi-media fingerprint contained in the provided multi-media identity;
      
      when comparison of the metadata and at least one multi-media fingerprint indicates a match, recognizing the provided multi-media identity as valid; and
      
      when comparison of the metadata and at least one multi-media fingerprint indicates a discrepancy, recognizing the provided multi-media identity as invalid.
  - 7. The method of claim 6, wherein, when the multi-media identity includes at least one external security condition, said method further comprises:
    - determining auxiliary data required to evaluate the at least one external security condition of the multi-media identity, wherein an external security condition defines a circumstance outside a purview of the access control system whose satisfaction is required to validate the multi-media identity;
      
      obtaining the determined auxiliary data;
      
      evaluating the at least one external security condition; and
      
      when the evaluation of one of the at least one external security condition is unsatisfied, changing the recognition of the multi-media identity from valid to invalid.

8. A system for utilizing multi-media identities for access control to a secure area or item comprising:
- a multi-media identity that is a digital data container associated with an entity having at least one multi-media data element that defines at least one multi-media aspect of the entity, said multi-media identity further comprises;
  
  a plurality of metadata for representing textual multi-media data elements as field-value pairs;
  
  at least one multi-media fingerprint representing non-textual multi-media data elements in a distilled format, wherein a multi-media fingerprint is a baseline representation of the at least one multi-media aspect of the entity;
  
  at least one item of entity-submitted multi-media authentication data as identification of the entity, wherein a quantity of multi-media authentication data items submitted matches a quantity and multi-media types of multi-media data elements contained in the entity'"'"'s multi-media identity; and
  
  a multi-media identity management system configured to manage multi-media identities and validate the multi-media identity based upon a comparison with the at least one item of entity-submitted multi-media authentication data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, further comprising:
    - a portable identification device having a memory store configured to receive and store a copy of the entity'"'"'s multi-media identity in said memory store.
  - 10. The system of claim 9, wherein the portable identification device comprises at least one of a smart phone, a cell phone, a laptop computer, a portable multi-media electronic device, a portable game console, a non-electronic device having a magnetic strip storage medium, and a non-electronic device having a radio frequency identification (RFID) storage medium.
  - 11. The system of claim 8, wherein the multi-media identity management system further comprises:
    - a multi-media fingerprint system configured to generate the at least one multi-media fingerprint for the multi-media identity and generate multi-media fingerprints for non-textual multi-media authentication data, wherein the multi-media identity management system compares both multi-media fingerprints to determine validity of the multi-media authentication data;
      
      a multi-media identity library for storing multi-media identities that are currently in use by entities; and
      
      a user interface configured to act as an interaction mechanism to support functionality for creating multi-media identities and maintaining the multi-media identity library.
  - 12. The system of claim 8, further comprising:
    - an access control system having a plurality of multi-media capture devices configured to regulate access to at least one of a secure area and a secure item based upon a plurality of security parameters, wherein the access control system is capable of communicating and exchanging data with the multi-media identity management system, wherein the at least one item of multi-media authentication data is submitted using the plurality of multi-media capture devices, wherein the access control system performs its evaluation of security parameters when the multi-media identity management system determines the multi-media identity to be valid.
  - 13. The system of claim 12, wherein the access control system is an integrated component of the multi-media identity management system.
  - 14. The system of claim 8, wherein the multi-media identity further comprises:
    - at least one external security condition that defines an additional requirement to validate the multi-media identity, wherein the at least one external security condition is unrelated to the at least one multi-media aspect of the entity.
  - 15. The system of claim 8, wherein at least one of a one-to-one relationship, a many-to-one relationship, and a one-to-many relationship is supported by the multi-media identity management system between entities and the multi-media identities.

16. A computer program product comprising a non-transitory computer readable storage medium having computer usable program code embodied therewith, the computer usable program code comprising:
- computer usable program code configured to provide a multi-media identity to an entity for use with an access control system, wherein the multi-media identity is a digital identifier whose multi-media data elements define multi-media authentication data expected to be used by the entity and security parameters of the access control system assigned to the entity, wherein the multi-media identity is stored upon a portable identification device;
  
  computer usable program code configured to receive the provided multi-media identity and multi-media authentication data in an access request for one of a secure area and a secure item, wherein the multi-media authentication data comprises at least a digital image of the entity, wherein the multi-media authentication data is captured by at least one multi-media capture device in one of real-time and near real-time;
  
  computer usable program code configured to verify the multi-media authentication data against the multi-media data elements of the multi-media identity, wherein each multi-media authentication data item is compared to a multi-media data element of the multi-media identity of a corresponding multi-media type;
  
  computer usable program code configured to, when the multi-media authentication data, multi-media identity, and security privileges are determined valid for the one of the secure area and the secure item, notify the access control system that the entity is allowed access, wherein said access control system performs additional validation actions, when necessary; and
  
  computer usable program code configured to, when at least one of the multi-media authentication data and multi-media identity is invalid, notify the access control system that the entity is denied access.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein providing the multi-media identity further comprises:
    - computer usable program code configured to receive a plurality of multi-media identity data that uniquely describes the entity;
      
      computer usable program code configured to process the plurality of multi-media identity data into metadata and at least one multi-media fingerprint of a multi-media type corresponding to the multi-media type of an originating multi-media identity data item, wherein a multi-media fingerprint is a baseline representation for a multi-media identity data item;
      
      computer usable program code configured to produce the multi-media identity for the entity using the metadata and at least one multi-media fingerprint processed from the plurality of multi-media identity data;
      
      computer usable program code configured to store the multi-media identity in a multi-media identity library, wherein the multi-media identity library stores multi-media identities currently in use; and
      
      computer usable program code configured to transfer a copy of the generated multi-media identity to a memory location of the portable identification device.
  - 18. The computer program product of claim 17, wherein, when creating a new multi-media identity, producing the multi-media identity further comprises:
    - computer usable program code configured to create a new multi-media identity for the entity;
      
      computer usable program code configured to populate the new multi-media identity with the metadata and at least one multi-media fingerprint; and
      
      computer usable program code configured to associate at least one set of security privileges defined within the access control system to the new multi-media identity.
  - 19. The computer program product of claim 17, wherein, when updating an existing multi-media identity, producing the multi-media identity further comprises:
    - computer usable program code configured to query the multi-media identity library for the at least one existing multi-media identity associated with an identifier of the entity;
      
      computer usable program code configured to ascertain an ID type of each existing multi-media identity returned by the query, wherein the ID type comprises one of a individual ID type and a group ID type, wherein the entity associated with the individual ID type is a singular person and the entity associated with the group ID type is comprised of multiple people;
      
      computer usable program code configured to filter results of the query to exclude existing multi-media identities having the group ID type, wherein only those existing multi-media identities having the individual ID type remain in a results set of the query; and
      
      computer usable program code configured to update at least one of the metadata and the at least one multi-media fingerprint of the existing multi-media identities in the results set with at least one of the metadata and the at least one multi-media fingerprint processed from the received plurality of multi-media identity data.
  - 20. The computer program product of claim 16, wherein verification of the multi-media authentication data further comprises:
    - computer usable program code configured to process the multi-media authentication data into metadata and at least one multi-media fingerprint;
      
      computer usable program code configured to compare the processed metadata and at least one multi-media fingerprint with the metadata and at least one multi-media fingerprint contained in the provided multi-media identity;
      
      computer usable program code configured to, when comparison of the metadata and at least one multi-media fingerprint indicates a match, recognize the provided multi-media identity as valid; and
      
      computer usable program code configured to, when comparison of the metadata and at least one multi-media fingerprint indicates a discrepancy, recognize the provided multi-media identity as invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Abraham, Subil M., Hariharan, Rajaraman, Kannan, Ramakrishnan, Thomas, Mathews, Wong, Julio
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US13/467,134
Publication Number

US 20130305315A1
Time in Patent Office

846 Days
Field of Search

726/4, 726/3
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G07C 9/20   involving the use of a pass

G07C 9/257   electronically G07C9/26 tak...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 9/3239   involving non-keyed hash fu...

Multi-media identity management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-media identity management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links