Method and apparatus for a token

US 9,208,305 B2
Filed: 08/13/2012
Issued: 12/08/2015
Est. Priority Date: 02/22/2006
Status: Active Grant

First Claim

Patent Images

1. A token comprising:

a low power receiver to receive an indication indicating a presence of a nearby short-range terminal, the indication including information that expires;

a wake-up logic to wake up the token in response to receiving the ping;

a transceiver to return a connection request to the short-range terminal, the connection request including the information that expires, to prove that the ping is recent; and

an identity verifier to perform a biometric authentication of a user, based on biometric data received from the terminal, by comparing the biometric data received from the terminal with the user'"'"'s biometric pattern data securely stored on the token, without requiring user interaction with the token, thereby creating a two-factor authentication based on the token the user has and the biometric the user is, and without releasing the biometric pattern data to the terminal.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of using a token comprises receiving an indication of a presence of a nearby short-range terminal and waking up the token in response to receiving the indication. The method further comprises performing authentication between the token and the terminal, without requiring a user to directly interact with the token.

11 Citations

View as Search Results

20 Claims

1. A token comprising:
- a low power receiver to receive an indication indicating a presence of a nearby short-range terminal, the indication including information that expires;
  
  a wake-up logic to wake up the token in response to receiving the ping;
  
  a transceiver to return a connection request to the short-range terminal, the connection request including the information that expires, to prove that the ping is recent; and
  
  an identity verifier to perform a biometric authentication of a user, based on biometric data received from the terminal, by comparing the biometric data received from the terminal with the user'"'"'s biometric pattern data securely stored on the token, without requiring user interaction with the token, thereby creating a two-factor authentication based on the token the user has and the biometric the user is, and without releasing the biometric pattern data to the terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The token of claim 1 implemented as a key fob.
  - 3. The token of claim 1, further comprising:
    - a secure session creator to set up a secure communications channel between the wireless token and the short-range terminal.
  - 4. The token of claim 1, further comprising:
    - a transceiver to send a pseudonym and a certified public key to the terminal; and
      
      a secure session creator to establish a secure communications channel between the wireless token and the terminal using the certified public key.
  - 5. The token of claim 1, further comprising:
    - a transceiver to receive a biometric template from the terminal, through a secure communications channel; and
      
      the identity verifier to determine if the biometric template matches a biometric template of the owner of the wireless token.
  - 6. The token of claim 5, wherein the biometric template of the owner of the wireless token is stored in secure memory on the wireless token.
  - 7. The token of claim 5, further comprising:
    - the transceiver further to send authentication results to the terminal, to permit the user access, as provided by the terminal.
  - 8. The token of claim 1, further comprising:
    - the transceiver to receive periodic maintenance pings after authentication; and
      
      the transceiver further to respond to the periodic pings verifying the continued proximity of the wireless token to the terminal.
  - 9. The token of claim 1, further comprising:
    - insecure pseudonyms released to a terminal in response to a request, when a secure session has been established; and
      
      secure pseudonyms released to the terminal in response to a request only after biometric authentication of the user.
  - 10. The token of claim 1, further comprising:
    - public pseudonyms released to any terminal in response to a request, when a secure session has been established; and
      
      private pseudonyms released only to the terminal that initially established the private pseudonyms.
  - 11. The token of claim 1, further comprising a timer to put the wireless token back to sleep after an authentication process has been completed.
  - 12. The token of claim 11, further comprising:
    - an always-on portion of the wireless token, which remains awake after the wireless token has been put to sleep, to continue monitoring for pings, the always-on portion of the wireless token including the low power receiver.
  - 13. The token of claim 1, wherein the token communicates with the terminal using wireless frequencies.
  - 14. The token of claim 1, wherein the token communicates with the terminal using human skin conductance.

15. A terminal to permit use of a wireless token for authentication, the terminal comprising:
- a ping generator to generate periodic pings, a ping including information that expires;
  
  a transceiver to receive a connection request from a wireless token, the wireless token sending the connection request in response to receiving the ping, the connection request including the information from the ping, wherein the ping is received when the wireless token is within a radius associated with the terminal, the radius associated with the terminal based on a type of the terminal;
  
  a biometric sensor to receive a biometric from the user;
  
  the transceiver to send the biometric to the wireless token, and to receive an authentication from the wireless token confirming an identity of the user, without releasing a biometric template to the terminal;
  
  a secure session logic to establish a secure session with the wireless token when the information within the connection request is not expired and the wireless token is authorized; and
  
  access control logic to provide access to a limited access system, in response to receiving authentication information from the wireless token, the authentication information based on the biometric sent by the terminal to the wireless token.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The terminal of claim 15, further comprising:
    - a biometric sensor to receive biometric data from a user, for authentication;
      
      a minutia extraction logic to extract a biometric template from the biometric data; and
      
      the transceiver to send the biometric template via the secure session to the wireless token for authentication of the user by the wireless token.
  - 17. The terminal of claim 15, further comprising:
    - a pseudonym verifier to verify that a pseudonym, included as part of the authentication information, and received from the user is in an access database.
  - 18. The terminal of claim 17, further comprising:
    - additional data requested by the access control logic, if additional data is needed to provide access.
  - 19. The terminal of claim 15, further comprising:
    - a continued access verifier to periodically send out a maintenance ping after a user has been provided access to a limited access system, to verify that the user remains in proximity to the limited access system.
  - 20. The terminal of claim 15, further comprising:
    - a random number generator used to generate random numbers for an initial connection between the terminal and the wireless token, such that only a current ping is available for response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HID Global Corporation (Assa Abloy AB)
Original Assignee
Digitalpersona Corporation (Assa Abloy AB)
Inventors
Bjorn, Vance C.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US13/584,716
Publication Number

US 20120317632A1
Time in Patent Office

1,212 Days
Field of Search

713/159, 713/172, 713/185, 713/186, 726/9, 726/20
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G07C 2009/00365   in combination with a wake-...

G07C 2009/00388   code verification carried o...

G07C 2009/00412   the transmitted data signal...

G07C 9/00309   operated with bidirectional...

G07C 9/00563   using personal physical dat...

G07C 9/28   the pass enabling tracking ...

Method and apparatus for a token

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a token

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links