Identification Systems

US 20080224823A1
Filed: 02/27/2006
Published: 09/18/2008
Est. Priority Date: 02/25/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of generating an identity object electronically, comprisingcompiling a first identification data set comprising identification information of a first type and accessible by a first user;

compiling a second identification data set comprising identification information of a second type and accessible by a second user;

encrypting the first and second identification data sets; and

generating the identity object electronically in a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identification system where providing'"'"' identification data sets that contain different types of information accessible by different parties, removes the need for all potential readers of the object to be able to access all information, and to contact a third party during the verification process is disclosed. The identification data sets are encrypted and printed in a portable physical form as an identity object. Graphical symbols, such as a data matrix, or RFID tags or secure chips may be used to store encrypted data. These may be incorporated into a passport or other identification document. Additional identity objects may be printed for use in identifying objects connected with a user or source that contain a subset of the information in the original data matrix.

148 Citations

View as Search Results

79 Claims

1. A method of generating an identity object electronically, comprisingcompiling a first identification data set comprising identification information of a first type and accessible by a first user;
- compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object electronically in a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 78, 79)
- - 2. The method of claim 1, comprising transferring the identity object to a portable medium.
  - 3. The method of claim 2, wherein the portable medium is a printed graphical symbol.
  - 4. The method of claim 3, wherein the graphical symbol is a data matrix.
  - 5. The method of claim 2, wherein the portable medium is a cell phone, an RFID tag or a secure chip.
  - 7. The method of claim 1 or claim 6, wherein the first and second identification data sets are encrypted using different algorithms.
  - 8. The method of claim 1 or claim 6, wherein the first identification data set further comprises identification information of the second type.
  - 9. The method of claim 1 or claim 6, wherein the first user has permission to access both the first identification data set and the second identification data set.
  - 10. The method of claim 1 or claim 6, wherein the first and second identification data sets comprise a unique identifier for the respective identification data set.
  - 11. The method of claim 1 or claim 6, comprising, at the first user:
    - scanning the identity object to read the first identification data set; and
      
      verifying the identity object by comparing the first identification data set with stored data.
  - 12. The method of claim 11, wherein the step of verifying comprises:
    - decrypting the first identification data set to retrieve a unique identifier;
      
      comparing the unique identifier with a stored record; and
      
      verifying the identity object if the unique identifier matches the stored record.
  - 13. The method of claim 11, wherein when the first user has permission to access the first identification data set and the second information set, the step of scanning the printed identity object includes the step of reading the second identification data set.
  - 14. The method of claim 13, comprising:
    - decrypting the second identification data set to retrieve a unique identifier;
      
      comparing the unique identifier with a stored record; and
      
      verifying the identity object if the unique identifier matches the stored record.
  - 15. The method of claim 11, wherein the step of verification is performed at a location remote from the location of the step of scanning the item.
  - 16. The method of claim 11, wherein the step of verification is performed by a trusted authority.
  - 17. The method of claim 16, wherein the trusted authority is a secure server or database.
  - 18. The method of claim 11, comprising:
    - requesting a secure identifier as additional verification of at least one data item in the first identification data set from a holder of the identity object.
  - 19. The method of claim 18, wherein the secure identifier is a PIN number or a password stored separately from the identity object.
  - 20. The method of claim 11, comprising generating a second identity object containing a further identification set and at least some of the same information as the first identity object.
  - 21. The method of claim 20, wherein the second identity object contains secure information that is hidden from the first user.
  - 22. The method of claim 1 or claim 6 wherein the first identification data set comprises data relating to a number of uses of the identity object.
  - 23. The method of claim 1 or claim 6, wherein the data object comprises a further data set encrypted thereon or a reference to a further data set stored at a remote location.
  - 24. The method of claim 23, wherein the further data set comprises data relating to a number of uses of the identity object.
  - 25. The method of claim 1 or claim 6, wherein the identity object cannot be altered once generated.
  - 26. The method of claim 1 or claim 6, wherein the identity object is a passport or an identity card.
  - 27. The method of claim 26, wherein, when the first user prints a second identity object, the second identity object is one of a visa or a baggage label.
  - 28. The method of claim 1 or claim 6, wherein the identity object is applied to an article.
  - 29. The method of claim 28, wherein the identity object comprises information relating to the manufacturer of the article.
  - 30. The method of claim 1, wherein the identity object is compiled from a database of identification data sets and user-provided identification data sets.
  - 31. The method of claim 30, wherein the user provides the first identification data set.
  - 32. The method of claim 1, wherein at least one of the first and second identification data sets is hashed prior to encryption.
  - 33. The method of claim 32, wherein the hash key includes nonce.
  - 34. A method according to claim 1 or claim 6, wherein the data included in the token comprises a reference to the first encrypted data set at a remote location, and wherein that reference to the first data set is encrypted.
  - 35. A method according to claim 1 or claim 6, wherein the data included in the token comprises a reference to the second encrypted data set at a remote location, and wherein that reference to the second data set is encrypted.
  - 78. The method of claim 26, wherein the identity object is compiled from a database of identification data sets and user-provided identification data sets.
  - 79. The method of claim 26, wherein at least one of the first and second identification data sets is hashed prior to encryption.

6. A method of creating an identity object, comprisingcompiling a first identification data set comprising identification information of a first type and accessible by a first user;
- compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  encrypting the first and second identification sets; and
  
  creating the identity object by printing a graphical symbol having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

36. A method of creating a traceable identity object, comprisingcompiling a first identification data set comprising article identification data;
- compiling a second identification data set comprising article processing history data;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object by formatting a portable medium including a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.
- View Dependent Claims (37, 38, 39, 41, 42, 43, 44)
- - 37. The method of claim 36, wherein the portable medium is a printed graphical symbol.
  - 38. The method of claim 37, wherein the graphical symbol is a data matrix.
  - 39. The method of claim 36, wherein the portable medium is an RFID tag or a secure chip.
  - 41. The method of claim 36 or claim 40, wherein the first and second identification data sets are encrypted using different algorithms.
  - 42. The method of claim 37 wherein the graphical symbol including the first and second identification data sets is printed as a data matrix symbol.
  - 43. The method of claim 36 or 40, comprising generating a second identity object containing substantially the same information as the first identity object.
  - 44. The method of claim 43, wherein the second identity object contains a subset of the information in the first identity object.

40. A method of creating a traceable identity object, comprisingcompiling a first identification data set comprising article identification data;
- compiling a second identification data set comprising article processing history data;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object by formatting a portable medium by encoding thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

45. A system for generating an identity object electronically, comprisingmeans for compiling a first identification data set comprising identification information of a first type and accessible by a first user;
- means for compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  means for encrypting the first and second identification data sets; and
  
  means generating the identity object electronically in a secure format including means for creating a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.
- View Dependent Claims (46, 51, 52, 53, 54, 55, 59, 60)
- - 46. The system of claim 45, comprising means to transfer the identity object to a portable medium.
  - 51. The system of claim 45 or 47, wherein the portable medium is an RFID tag or a secure chip.
  - 52. The system of claim 45 or 47, comprising means to scan the portable medium and means to read data encoded thereon.
  - 53. The system of claim 52, wherein the means to scan is a scanner.
  - 54. The system of claim 52, comprising means to verify a data set by comparing with stored data.
  - 55. The system of claim 54, comprising means to transmit and receive secure verification data.
  - 59. A system according to claim 45 or 47 or 56 or 57 or 58, wherein the data included in the token comprises a reference to the first encrypted data set at a remote location, and wherein that reference to the first data set is encrypted.
  - 60. A system according to claim 45 or 47 or 56 or 57 or 58, wherein the data included in the token comprises a reference to the second encrypted data set at a remote location, and wherein that reference to the second data set is encrypted.

47. A system for generating an identity object, comprisingmeans for compiling a first identification data set comprising identification information of a first type and accessible by a first user;
- means for compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  means for encrypting the first and second identification data sets; and
  
  means for generating the identity object by formatting a portable medium including means for encoding on the portable medium a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.
- View Dependent Claims (48, 49, 50)
- - 48. The system of claim 47, wherein the portable medium is a printed graphical symbol.
  - 49. The system of claim 48, wherein the graphical symbol is a data matrix.
  - 50. The system of claim 49, wherein the means for generating the identity object by formatting a portable medium is a printer.

56. A system for creating an identity object, comprisingmeans for compiling a first identification data set comprising identification information of a first type and accessible by a first user;
- means for compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  means for encrypting the first and second identification sets; and
  
  means for creating the identity object by printing a graphical symbol having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

57. A system for creating a traceable identity object, comprisingmeans for compiling a first identification data set comprising article identification data;
- means for compiling a second identification data set comprising article processing history data;
  
  means for encrypting the first and second identification sets; and
  
  means for creating the identity object by printing a graphical symbol having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

58. A system for creating a traceable identity object, comprisingmeans for compiling a first identification data set comprising article identification data;
- means for compiling a second identification data set comprising article processing history data;
  
  means for encrypting the first and second identification sets; and
  
  means for creating the identity object by printing a graphical symbol including encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

61. A computer program for generating an identity object electronically, which when run on a computer causes the computer to perform the steps of:
- compiling a first identification data set comprising identification information of a first type and accessible by a first user;
  
  compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object electronically in a secure format the identity object comprising a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

62. A computer program for generating an identity object, which when run on a computer causes the computer to perform the steps of:
- compiling a first identification data set comprising identification information of a first type and accessible by a first user;
  
  compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object by formatting a portable medium having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

63. A computer program for creating an identity object, which when run on a computer causes the computer to perform the steps of:
- compiling a first identification data set comprising identification information of a first type and accessible by a first user;
  
  compiling a second identification data set comprising identification information of a second type and accessible by a second user;
  
  encrypting the first and second identification sets; and
  
  creating the identity object by printing a graphical symbol having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

64. A computer program for generating a traceable identity object, which when run on a computer causes the computer to perform the steps of:
- compiling a first identification data set comprising article identification data;
  
  compiling a second identification data set comprising article processing history data;
  
  encrypting the first and second identification data sets; and
  
  generating the identity object by formatting a portable medium having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

65. A computer program for creating a traceable identity object, which when run on a computer causes the computer to perform the steps of:
- compiling a first identification data set comprising article identification data;
  
  compiling a second identification data set comprising article processing history data;
  
  encrypting the first and second identification sets; and
  
  creating the identity object by printing a graphical symbol having encoded thereon a value based token having a header, a payload and security portion, the token including data related to the first and second identification data sets and comprising the encrypted first data set or a reference to the first encrypted data set for retrieval of the first data set from a remote location, and the encrypted second data set or a reference to the second encrypted data set for retrieval of the second data set from a remote location.

66. A method of authenticating an identity, comprising generating a first identity object for the identity electronically in a value based token having a header, a payload and security portion, the token including data related to a first identification data set and comprising the first data set in encrypted form or a reference to the first encrypted data set for retrieval of the first data set from a remote location;
- andcreating a further identity object electronically in a value based token having a header, a payload and security portion, the token including data related to a second identification data set and comprising the second data set in encrypted form or a reference to the second encrypted data set for retrieval of the first data set from a remote location, the second identity object including data linking the second identity object to the first identity object, and an indication that the first identity object has been authenticated.
- View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
- - 68. A method according to claim 66 or 67, comprising the step of authenticating the first identity object and creating the further identity object after authentication of the first identity object, the second identity object including an indication that the first identity object has been authenticated.
  - 69. A method according to claim 66 or 67, wherein, after creation of the second identity object, the first and second identity objects both require authentication to authenticate the identity.
  - 70. A method according to claim 66 or 67, wherein after creation of the second identity object, the second identity only requires authentication to authenticate the identity.
  - 71. A method according to claim 66 or 67, comprising creating one or more further identity objects, each further object being created after authentication of the previous identity object and being linked to the previous identity object.
  - 72. A method according to claim 71, wherein each further identity object is linked to all previous identity objects.
  - 73. A method according to claim 66 or 67, comprising authenticating the second and any further identity objects.
  - 74. A method according to claim 73, wherein the first, the second and any further identity objects are authenticated by a common authentication authority.
  - 75. A method according to claim 73, wherein the authentication authority is a central authentication authority remote from the point of presentation of the first or second identity object for authentication.
  - 76. A method according to claim 66 or 67, wherein the first, second and any further identification objects comprise a common carrier passed between trusted authorities.
  - 77. A method according to claim 66 or 67, comprising receiving the first identity object at a cell phone and creating the second and any further identity objects at the cell phone.

67. A method of authenticating an identity over a series of related events involving the entity, comprising generating a first identity object for the identity electronically in a value based token having a header, a payload and security portion, the token including data related to a first identification data set and comprising the first data set in encrypted form or a reference to the first encrypted data set for retrieval of the first data set from a remote location;
- andcreating a further identity object electronically in a value based token having a header, a payload and security portion, the token including data related to a second identification data set and comprising the second data set in encrypted form or a reference to the second encrypted data set for retrieval of the first data set from a remote location, the second identity object including data linking the second identity object to the first identity object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Ondemand Limited
Original Assignee
First Ondemand Limited
Inventors
Fox, Francis Kirkman, Lawson, Marcus Maxwell

Application Number

US11/817,073
Publication Number

US 20080224823A1
Time in Patent Office

Days
Field of Search
US Class Current

340/5.8
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/6245   Protecting personal data, e...

G06F 21/78   to assure secure storage of...

G06F 2221/2113   Multi-level security, e.g. ...

Identification Systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

79 Claims

Specification

Solutions

Use Cases

Quick Links

Identification Systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

79 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links