Live user authentication apparatus, system and method

文档序号：1047873 发布日期：2020-10-09 浏览：3次中文

阅读说明：本技术 活的用户认证设备、系统和方法 (Live user authentication apparatus, system and method ) 是由 S·翁 A·D·霍林格 G·西梅奥诺夫 A·兰詹于 2019-01-18 设计创作，主要内容包括：描述了数字用户认证设备的多个实施方案,该设备包括：用户认证接口,其可操作以接收执行数字用户认证过程所需的唯一用户识别数据作为输入；不同的生理传感器,其可操作以与该用户相互作用来从该用户获取生理信号,以在所述认证过程期间自动确认活的用户存在；以及数字数据处理器和计算机可读存储器,所述数字数据处理器和计算机可读存储器可操作以执行计算机可读指令,以在基于所述生理信号确认所述活的用户存在时基于所述唯一用户识别数据调用所述用户认证过程,使得仅在所述认证过程期间确认所述活的用户存在后,才断定成功的用户认证。还描述了各种认证、访问授权和撤销系统和过程。(Various embodiments of a digital user authentication device are described, the device comprising: a user authentication interface operable to receive as input unique user identification data required to perform a digital user authentication process; a different physiological sensor operable to interact with the user to acquire a physiological signal from the user to automatically confirm the presence of a living user during the authentication process; and a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal, such that successful user authentication is concluded only after confirmation of the presence of the living user during the authentication process. Various authentication, access authorization and revocation systems and processes are also described.)

1. A digital user authentication device for authenticating an authorized user, the device comprising:

a wearable user authentication interface to be worn by the authorized user and operable to receive as input, via authorized user digit contact, unique user identification data required to perform a digital user authentication process, wherein the wearable user authentication interface is operable to capture, via the authorized user digit contact, a user digit image representative of the unique user identification data as input;

different physiological sensors operable to interact with the authorized user via the same user finger contact and different physiological interfaces formed at different wearable user contact locations to simultaneously acquire physiological signals from the authorized user via the same user finger contact and the different physiological interfaces to automatically confirm live user presence during the authentication process after the device is worn by the authorized user;

a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirmation of the presence of the living user during the authentication process, wherein the digital data processor and computer readable memory are further operable to invoke a comparison of the physiological signal to a generic physiological signal profile to confirm the presence of the living user.

2. The digital authentication device of claim 1, wherein the different wearable user contact location comprises a user wrist contact location.

3. The digital user authentication device of claim 1 or 2, wherein the physiological sensor is a heart-related sensor operable to acquire a heart-related signal between the user digit contact and the different wearable user contact location only after the user digit contact and the different wearable user contact location correspond to the same user.

4. The digital authentication device of claim 3, wherein the different physiological sensor comprises an ECG sensor.

5. The digital user authentication device of any one of claims 1 to 4, wherein the wearable user authentication interface comprises a fingerprint sensor or a finger vein sensor.

6. The digital user authentication device of any one of claims 1 to 5, wherein the different physiological sensors comprise physiological sensor probes arranged on, forming part of, or comprising a bezel or ring that at least partially surrounds the wearable user authentication interface.

7. A digital user authentication device according to any of claims 1 to 6, further comprising a wireless communication interface operable to communicate with a wireless access point to wirelessly grant user authenticated access to a resource operatively associated with the wireless access point upon successful authentication.

8. The digital user authentication device of claim 7, wherein the authentication process comprises an onboard authentication process to remotely pre-authorize user authentication access, wherein the authentication access is authorized after the device wirelessly communicates an authenticated user signal to the access point.

9. The digital user authentication device of any one of claims 1 to 8, wherein the different or additional physiological sensor is operable upon authentication to automatically interact with the user to acquire a post-authentication physiological signal at or near the different wearable user contact location, and wherein the instructions are further executable to revoke the successful user authentication upon identifying a specified failure in the post-authentication physiological signal upon authentication.

10. The digital user authentication device of any one of claims 1 to 9, further comprising a device removal sensor operable to cause revocation of the successful user authentication upon identifying removal of the wearable user authentication interface from the user.

11. The digital user authentication device of any one of claims 1 to 10, wherein the different physiological sensor comprises a plurality of physiological sensors, and wherein the different physiological interfaces comprise different wearable user contact locations such that different physiological signals are acquired via the same user digit contact of an authorized user providing the authorized user digit contact.

12. The digital user authentication device of any one of claims 1 to 11, wherein the generic physiological signal profile comprises a synthetic profile or a representative profile.

13. The digital user authentication device of any one of claims 1 to 12, wherein the comparison automatically determines whether the physiological signal is attenuated or corrupted.

14. A digital user authentication system for authenticating an authorized user, the system comprising:

a wearable wireless digital user authentication device comprising:

a wireless communication interface operable to communicate an authenticated user signal to a wireless access point upon successful authentication; and

a wireless access point operable to wirelessly receive the authenticated user signal from the wireless digital user authentication device to authenticate the authorized user based on the successful authentication.

15. The system of claim 14, for providing authenticated access to a specified resource, wherein the wireless access point is operatively associated with the specified resource, and wherein access to the specified resource is granted via the access point upon receipt of the authenticated user signal at the wireless access point.

16. The system of claim 14 or 15, wherein the authentication process comprises an onboard authentication process to remotely pre-authorize user authenticated access to the resource, wherein the authenticated access is authorized after the device wirelessly communicates an authenticated user signal to the access point.

17. The system of any of claims 14 to 16, wherein the different or additional physiological sensor is operable upon authentication to automatically interact with the user to acquire a post-authentication physiological signal at or near the different user contact location, and wherein the instructions are further executable to revoke the successful user authentication upon identifying a specified failure in the post-authentication physiological signal upon authentication.

18. The system of any of claims 14 to 17, wherein the different wearable user contact location comprises a user wrist contact location.

19. The system according to any one of claims 14 to 18, wherein the different physiological sensors comprise physiological sensor probes arranged on, forming part of, or comprising a rim or ring that at least partially surrounds the wearable user authentication interface.

20. A digital user authentication system according to any of claims 14 to 19, wherein the wearable wireless digital user authentication device further comprises a device removal sensor operable to cause revocation of the successful user authentication upon identifying removal of the wearable user authentication interface from the user.

21. The system of any one of claims 14 to 20, wherein the different physiological sensor comprises a plurality of physiological sensors, and wherein the different physiological interfaces comprise different wearable user contact locations such that different physiological signals are acquired via the same user digit contact of an authorized user that provides the authorized user digit contact.

22. The system of any one of claims 14 to 21, wherein the physiological sensor is a heart-related sensor operable to acquire a heart-related signal between the user digit contact and the different wearable user contact location only after the user digit contact and the different wearable user contact location correspond to the same user.

23. The system of claim 22, wherein the different physiological sensor comprises an ECG sensor.

24. The system of any of claims 14 to 23, wherein the wearable user authentication interface comprises a fingerprint sensor or a finger vein sensor.

25. The system of any one of claims 14 to 24, wherein the generic physiological signal profile comprises a synthetic profile or a representative profile.

26. The system of any of claims 14 to 25, wherein the comparison automatically determines whether the physiological signal is attenuated or corrupted.

27. A computer-implemented digital user authentication process comprising:

receiving unique user identification data as input at a wearable user authentication device via an authorized user digit contact to invoke a digital user authentication process, the device to be worn by an authorized user, wherein the wearable user authentication interface is operable to capture a user digit image as input representative of the unique user identification data via the authorized user digit contact;

simultaneously receiving a physiological signal as a further input via the same user digit contact and a different physiological interface formed at a different wearable user contact location of the wearable user authentication device to automatically confirm a live user presence of the authorized user during the authentication process; and

invoking, using one or more digital data processors, the user authentication process based on the unique user identification data when confirming the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirming the presence of the living user during the authentication process, wherein the presence of the living user is confirmed after successfully comparing the physiological signal to a generic physiological signal profile within a specified confidence level.

28. The process of claim 27, wherein the physiological sensor is a heart-related sensor operable to acquire a heart-related signal between the user finger contact and the different wearable user contact location only after the user finger contact and the different wearable user contact location correspond to the same user.

29. The process of claim 28, wherein the different physiological sensor comprises an ECG sensor.

30. The process of any of claims 27 to 29, wherein the wearable user authentication interface comprises a fingerprint sensor or a finger vein sensor.

31. The process of any of claims 27 to 30, further comprising wirelessly communicating authentication data from the wearable user authentication device to a wireless access point or a remote authentication server associated therewith to wirelessly authorize user-authorized access to resources operatively associated with the wireless access point upon successful authentication.

32. The process of claim 31, wherein the authentication process is implemented by the wearable user authentication device to remotely pre-authorize user authentication access, wherein the authentication access is authorized upon wirelessly communicating an authentication user signal to the access point.

33. The process of claim 31, wherein said authentication process is implemented at least in part via a data exchange with said access point or a remote authentication server associated therewith.

34. The process of any of claims 27-33, wherein a post-authentication physiological signal is received as a post-authentication input, the process further comprising revoking the successful user authentication after identifying a specified expiration in the post-authentication physiological signal post-authentication.

35. The process of any of claims 27-34, further comprising detecting a proximity of the wearable user authentication device to a specified access point, and revoking the authorized user authentication access after the proximity exceeds a specified proximity threshold.

36. The process of any of claims 27-35, further comprising detecting removal of the wearable user authentication device and automatically revoking the authorized user authentication access.

37. The process of any one of claims 27 to 36, wherein the generic physiological signal profile comprises a synthetic profile or a representative profile.

38. The process of claim 37, wherein the comparison automatically determines whether the physiological signal is attenuated or corrupted.

39. A digital user authentication device for authenticating an authorized user, the device comprising:

a wearable biometric sensor to be worn by the authorized user and operable to receive, via authorized user finger contact, unique user identification data required to perform a digital user authentication process as input;

40. The digital user authentication device of claim 39, wherein the biometric sensor comprises a finger imaging based biometric sensor.

41. The digital user authentication device of claim 40, wherein the finger imaging based biometric sensor comprises a fingerprint sensor or a finger vein sensor.

42. The digital user authentication device of any one of claims 39 to 41, wherein the different wearable user contact location comprises a user wrist contact location.

43. The digital user authentication device of any one of claims 39 to 42, wherein the physiological sensor is a heart-related sensor operable to acquire a valid heart-related signal between the user digit contact and the different wearable user contact location only after the user digit contact and the different wearable user contact location correspond to the same user.

44. The digital authentication device of claim 43, wherein the different physiological sensor comprises an ECG sensor.

45. A digital user authentication system for authenticating an authorized user, the system comprising:

a wearable wireless digital user authentication device to be worn by the authorized user and comprising:

a wearable biometric sensor operable to receive as input, via authorized user digit contact, unique user identification data required to perform a digital user authentication process;

a wireless communication interface operable to communicate an authenticated user signal to a wireless access point upon successful authentication; and

46. The digital user authentication system of claim 45, wherein the biometric sensor comprises a finger imaging based biometric sensor.

47. The digital user authentication system of claim 46, wherein the finger imaging based biometric sensor comprises a fingerprint sensor or a finger vein sensor.

48. The digital user authentication system of any one of claims 45 to 47, wherein the different wearable user contact locations comprise user wrist contact locations.

49. The digital user authentication device of any one of claims 45 to 48, wherein the physiological sensor is a heart-related sensor operable to acquire a valid heart-related signal between the user digit contact and the different wearable user contact location only after the user digit contact and the different wearable user contact location correspond to the same user.

50. The digital authentication device of claim 49, wherein the different physiological sensor comprises an ECG sensor.

Technical Field

The present disclosure relates to user access authentication and authorization systems, and in particular to live user authentication devices, systems and methods.

Background

Digital identity authentication and access authorization are key capabilities linked to many aspects of daily life and are becoming even more critical with increasingly personalized technology products. Some methods for identity authentication may add different levels of friction to our daily lives. In some cases, the cumulative friction of the authentication mechanism causes significant difficulties and inconveniences in the user's daily life. In the case of physical items such as keys and cards, users may carry an ever increasing load in their pockets and bags, having to find the various items throughout the day. In the case of passwords (passcodes) and Personal Identification Numbers (PINs), they may be required by the user's online account and smart device, but remembering them while also making them sufficiently secure has been a difficult goal to achieve. In addition, these physical or digital items may be stolen or copied.

Modern biometric devices have foreshadowed the world of automatic and seamless recognition; however, practical facts lead to a trade-off between security/accuracy and convenience. Existing biometric devices may be compromised. Vulnerabilities such as using human photographs to fool face recognition or stealing and modeling fingerprints to fool the fingerprint scanner pose a significant threat necessitating an additional layer of security, thereby reducing the promise of biometric identification techniques.

On the other hand, references such as US patent application publication No. US 2014/0188770 a1 and US 8,994,498 disclose biometric identification devices and systems in which biometric identification data may be captured and stored in the form of an Electrocardiogram (ECG) of the user in order to perform subsequent user authentication on this basis. These techniques, while potentially robust in circumventing some of the challenges described above, may present some drawbacks in terms of computational complexity and accuracy required to perform full ECG-based biometric authentication, and/or may present slow market acceptance or adoption of such novel authentication mechanisms.

This background information is provided to reveal information believed by the applicant to be of possible relevance. It is not necessarily intended, nor should be construed, that any of the preceding information constitutes prior art or forms part of the common general knowledge in the relevant art.

Disclosure of Invention

The following presents a simplified summary of the general inventive concepts described herein in order to provide a basic understanding of some aspects of the disclosure. This summary is not an extensive overview of the disclosure. It is not intended to limit the main or critical elements of the embodiments of the present disclosure or to delineate their scope beyond that explicitly or implicitly described by the following description and claims.

There is a need for a user authentication device, system and method that overcomes some of the disadvantages of, or at least provides a useful alternative to, known techniques. Some aspects of the present disclosure provide embodiments of such systems and methods, such as live user authentication devices, systems, and/or methods.

According to an aspect, there is provided a digital user authentication device for authenticating an authorized user, the device comprising: a wearable user authentication interface to be worn by the authorized user and operable to receive as input, via authorized user digit (figure) contact, unique user identification data required to perform a digital user authentication process, wherein the wearable user authentication interface is operable to capture, via the authorized user digit contact, a user digit image representative of the unique user identification data as input; different physiological sensors operable to interact with the authorized user via the same user finger contact and different physiological interfaces formed at different wearable user contact locations to simultaneously acquire physiological signals from the authorized user via the same user finger contact and the different physiological interfaces to automatically confirm live user presence during the authentication process after the device is worn by the authorized user; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data when confirming the presence of the living user based on the physiological signal such that successful user authentication is concluded only after confirming the presence of the living user during the authentication process, wherein the digital data processor and computer readable memory are further operable to invoke a comparison of the physiological signal to a general physiological signal profile (signal profile) to confirm the presence of the living user.

According to another aspect, there is provided a digital user authentication system for authenticating an authorized user, the system comprising: a wearable wireless digital user authentication device comprising: a wearable user authentication interface to be worn by the authorized user and operable to receive as input, via authorized user digit contact, unique user identification data required to perform a digital user authentication process, wherein the wearable user authentication interface is operable to capture, via the authorized user digit contact, a user digit image representative of the unique user identification data as input; different physiological sensors operable to interact with the authorized user via the same user finger contact and different physiological interfaces formed at different wearable user contact locations to simultaneously acquire physiological signals from the authorized user via the same user finger contact and the different physiological interfaces to automatically confirm live user presence during the authentication process after the device is worn by the authorized user; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirmation of the presence of the living user during the authentication process, wherein the digital data processor and computer readable memory are further operable to invoke a comparison of the physiological signal to a generic physiological signal profile to confirm the presence of the living user; and a wireless communication interface operable to communicate an authenticated user signal to the wireless access point upon successful authentication; and a wireless access point operable to wirelessly receive the authenticated user signal from the wireless digital user authentication device to authenticate the authorized user based on the successful authentication.

According to another aspect, there is provided a computer-implemented digital user authentication process comprising: receiving unique user identification data as input at a wearable user authentication device via an authorized user digit contact to invoke a digital user authentication process, the device to be worn by an authorized user, wherein the wearable user authentication interface is operable to capture a user digit image as input representative of the unique user identification data via the authorized user digit contact; simultaneously receiving a physiological signal as a further input via the same user digit contact and a different physiological interface formed at a different wearable user contact location of the wearable user authentication device to automatically confirm a live user presence of the authorized user during the authentication process; and invoking, using one or more digital data processors, the user authentication process based on the unique user identification data when confirming the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirming the presence of the living user during the authentication process, wherein the presence of the living user is confirmed after successfully comparing the physiological signal to a generic physiological signal profile within a specified confidence level.

According to another aspect, there is provided a digital user authentication device for authenticating an authorized user, the device comprising: a wearable biometric sensor to be worn by the authorized user and operable to receive, via authorized user finger contact, unique user identification data required to perform a digital user authentication process as input; different physiological sensors operable to interact with the authorized user via the same user finger contact and different physiological interfaces formed at different wearable user contact locations to simultaneously acquire physiological signals from the authorized user via the same user finger contact and the different physiological interfaces to automatically confirm live user presence during the authentication process after the device is worn by the authorized user; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirmation of the presence of the living user during the authentication process, wherein the digital data processor and computer readable memory are further operable to invoke a comparison of the physiological signal to a generic physiological signal profile to confirm the presence of the living user.

According to another aspect, there is provided a digital user authentication system for authenticating an authorized user, the system comprising: a wearable wireless digital user authentication device to be worn by the authorized user and comprising: a wearable biometric sensor operable to receive as input, via authorized user digit contact, unique user identification data required to perform a digital user authentication process; different physiological sensors operable to interact with the authorized user via the same user finger contact and different physiological interfaces formed at different wearable user contact locations to simultaneously acquire physiological signals from the authorized user via the same user finger contact and the different physiological interfaces to automatically confirm live user presence during the authentication process after the device is worn by the authorized user; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal such that successful user authentication is only concluded after confirmation of the presence of the living user during the authentication process, wherein the digital data processor and computer readable memory are further operable to invoke a comparison of the physiological signal to a generic physiological signal profile to confirm the presence of the living user; and a wireless communication interface operable to communicate an authenticated user signal to the wireless access point upon successful authentication; and a wireless access point operable to wirelessly receive the authenticated user signal from the wireless digital user authentication device to authenticate the authorized user based on the successful authentication.

According to another aspect, there is provided a digital user authentication device comprising: a user authentication interface operable to receive as input unique user identification data required to perform a digital user authentication process; a different physiological sensor operable to interact with a user to acquire a physiological signal from the user to automatically confirm the presence of a living user during the authentication process; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal, such that successful user authentication is concluded only after confirmation of the presence of the living user during the authentication process.

According to another aspect, there is provided a digital user authentication system for accessing a specified resource, the system comprising: a wireless digital user authentication device, comprising: a user authentication interface operable to receive as input unique user identification data required to perform a digital user authentication process; a different physiological sensor operable to interact with a user to acquire a physiological signal from the user to automatically confirm the presence of a living user during the authentication process; a digital data processor and a computer readable memory operable to execute computer readable instructions to invoke the user authentication process based on the unique user identification data upon confirmation of the presence of the living user based on the physiological signal, such that successful user authentication is concluded only after confirmation of the presence of the living user during the authentication process; and a wireless communication interface operable to communicate with a wireless access point to wirelessly authorize user authenticated access to a resource operatively associated with the wireless access point upon successful authentication; and a wireless access point operatively associated with the specified resource and operable to wirelessly receive data from the wireless digital user authentication device to authorize user authenticated access to the specified resource based on the successful authentication.

According to another aspect, there is provided a digital user authentication system for providing authorized authenticated user access to a specified resource, the system comprising: a wireless access point operatively associated with the specified resource and operable to wirelessly receive user resource access data from a wireless digital user authentication device to authorize user authenticated access to the specified resource; a wireless digital user authentication device, comprising: a wireless communication interface operable to communicate the user resource access data to the wireless access point to obtain authorized authenticated user access to the specified resource; a physiological sensor operable to interact with a user to acquire physiological signals from the user to automatically confirm the presence of a living user during authorized access; a digital data processor and a computer readable memory operable to execute computer readable instructions to: confirming the presence of the living user based on the physiological signal in order to maintain the authorized access; and otherwise invoking a revocation of the authorized access via the access point upon identifying a specified failure in the physiological signal.

According to another aspect, there is provided a wireless digital user authentication device operable to provide authorized user access, the device comprising: a wireless communication interface operable to communicate data in providing authorized user access; a physiological sensor operable to interact with a user to acquire physiological signals from the user to automatically confirm live user presence during authorized user access; a digital data processor and a computer readable memory operable to execute computer readable instructions to: confirming the presence of the living user based on the physiological signal in order to maintain authorized user access; and otherwise invoking revocation of authorized access upon identifying a specified failure in the physiological signal.

According to another aspect, there is provided a computer-implemented digital user access authorization process, the process comprising: receiving unique user identification data as input at the wearable user authentication device to invoke a digital user authentication process; receiving a physiological signal as a further input at the wearable user authentication device to automatically confirm a live user presence during the authentication process; and invoking, using one or more digital data processors, the user authentication process based on the unique user identification data upon confirming the presence of the living user based on the physiological signal, such that successful user authentication is concluded only after confirming the presence of the living user during the authentication process.

Other aspects, features and/or advantages will become more apparent upon reading the following non-limiting description of specific embodiments thereof, given by way of example only with reference to the accompanying drawings.

Drawings

Some embodiments of the present disclosure will now be provided by way of example only with reference to the accompanying drawings in which:

FIG. 1 is a component diagram of an environment in which embodiments of the present disclosure may be practiced;

FIG. 2 is a diagram of an exemplary client computer that can be included in a system in accordance with at least one of the various embodiments;

FIG. 3 is a diagram of an exemplary network computer that can be included in a system in accordance with at least one of the various embodiments;

fig. 4A and 4B are schematic physical and logical diagrams, respectively, of a wearable user authentication/access authorization device, in accordance with at least one of various embodiments;

fig. 5A is a logic diagram illustrating a biometric identification device of a sensor for fingerprint scanning and electrocardiogram signal capture according to at least one of various embodiments;

fig. 5B is a logic diagram of a biometric identification device showing another arrangement of sensors for fingerprint scanning and electrocardiogram signal capture, in accordance with at least one of the various embodiments;

FIG. 5C is a logic diagram illustrating a biometric identification device from a top view of the embodiment of FIG. 5B for fingerprint scanning and electrocardiogram signal capture;

FIG. 6 is a flow diagram of a process for enrolling an authentication device, such as a biometric device as contemplated in this example, in accordance with at least one of the various embodiments;

FIG. 7 is a flow diagram of a biometric device authentication process for implementing device pre-authorization in a multi-mode user access authorization process, according to one embodiment;

fig. 8 is a flow diagram of a process for authenticating a user having one or more access points, according to at least one of multiple embodiments.

Fig. 9 is a flow diagram of a process for authenticating a user having one or more access points, according to at least one of various embodiments.

Fig. 10 is a flow diagram of a process for de-authenticating a biometric identification device when removed from a wearer, according to at least one of various embodiments;

FIG. 11 is a flow diagram of a process for managing if a biometric identification device encounters multiple access points, according to at least one of the various embodiments;

fig. 12 is a flow diagram of a process for authenticating a biometric device during encounter with an access point, according to at least one of multiple embodiments;

FIG. 13 is a flow diagram of a process for configuring a profile for a user and an access point, according to at least one of embodiments;

FIG. 14 is a flow diagram of a process for configuring a profile for a user in accordance with at least one of the various embodiments;

FIG. 15 is a flow diagram of a process for configuring a profile for an access point in accordance with at least one of the various embodiments;

fig. 16 is an exemplary screen shot of a graphical user interface for enrolling and/or configuring an authentication/access authorization device, such as a multimodal biometric device, in accordance with at least one of the various embodiments;

fig. 17 is a perspective view of a wearable authentication/access authorization device, such as a multi-mode biometric device, according to at least one of various embodiments;

FIG. 18 is a high-level system diagram illustrating various User Authentication Devices (UADs) operable to authenticate user presence and/or gain access to different network application-enabled resources, according to one embodiment;

fig. 19A-19C are illustrative ECG signals acquired using a juxtaposed finger and wrist probe pair of a wearable authentication device, with progressively less user compliance with a prescribed same user ECG contact configuration, resulting in reduced signal quality, whereas fig. 19D is an illustrative ECG signal according to one embodiment, with the probe pair being triggered by different users, resulting in acquisition of a non-compliant ECG signal;

20A and 20B are diagrams illustrating exemplary live and generic ECG signals indicating a high degree of compliance for live user authentication;

21A and 21B are illustrative live ECG signals and generic ECG signals showing a sufficient degree of consistency to confirm likely live user authentication compliance; and

fig. 22A and 22B are illustrative live ECG signals and generic ECG signals showing a low degree of consistency indicating a lack of live user authentication compliance, according to one embodiment.

For simplicity and clarity, elements in some of the figures are illustrated and not necessarily drawn to scale. For example, the dimensions of some of the elements in the figures may be emphasized relative to other elements to facilitate an understanding of the various presently disclosed embodiments. Additionally, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are often not depicted in order to facilitate a less obstructed view of these various embodiments of the present disclosure.

Detailed Description

Various embodiments and aspects of the present description will be described with reference to details discussed below. The following description and drawings are illustrative of the present specification and are not to be construed as limiting the present specification. Numerous specific details are described to provide a thorough understanding of various embodiments of the present description. However, in certain instances, well-known or conventional details are not described in order to provide a concise discussion of embodiments of the present description.

A number of instruments and processes will be described below to provide examples of embodiments of the systems disclosed herein. The embodiments described below do not limit any of the claimed embodiments, and any of the claimed embodiments may cover processes or apparatuses different from those described below. The claimed embodiments are not limited to an instrument or process having all of the features of any one instrument or process described below, or features common to a plurality or all of the instruments or processes described below. The instruments or processes described below may not be implementations of any claimed subject matter.

Furthermore, numerous specific details are set forth in order to provide a thorough understanding of the embodiments described herein. However, it will be understood by those skilled in the relevant art that the embodiments described herein may be practiced without these specific details. In other instances, well-known methods, procedures, and components have not been described in detail so as not to obscure the embodiments described herein.

In this specification, an element may be described as "configured to" perform one or more functions or "configured to" such functions. Typically, an element configured to perform a function or configured to perform a function is enabled to perform the function, or is adapted to perform the function, or is operable to perform the function, or is otherwise capable of performing the function.

It is to be understood that for purposes of this specification, the language "at least one of X, Y and Z" and "one or more of X, Y and Z" can be understood as X only, Y only, Z only, or any combination of two or more of X, Y and Z (e.g., XYZ, XY, YZ, ZZ, etc.). Similar logic may be applied to two or more items in any occurrence of the languages "at least one … …" and "one or more … …".

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

Throughout the specification and claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise. The phrase "in one of the embodiments" or "in at least one of the embodiments" as used herein does not necessarily refer to the same embodiment, although it may. Furthermore, the phrase "in another embodiment" or "in some embodiments" as used herein does not necessarily refer to a different embodiment, although it may. Thus, as described below, multiple embodiments may be readily combined without departing from the scope or spirit of the innovations disclosed herein.

In addition, as used herein, the term "or" is an inclusive "or" operator, and is equivalent to the term "and/or," unless the context clearly dictates otherwise. The term "based on" is not exclusive and allows for being based on additional factors not described, unless the context clearly dictates otherwise. In addition, throughout the specification, the meaning of "a", "an", and "the" includes plural references. The meaning of "in … …" includes "in … …" and "on … …".

As used in the specification and in the claims, the singular form of "a", "an", and "the" include plural referents unless the context clearly dictates otherwise.

The term "comprising" as used herein is to be understood to mean that the following list is not exhaustive and may or may not include any other additional suitable items, as appropriate, such as one or more additional features, components and/or elements.

The terms "physiological," "physiological data," or "physiological signal" as used herein are understood to mean any signal that may be obtained via a sensor or device when operatively interacting with a user to confirm the presence of a living user. Non-limiting examples of physiological signals are heart rate, galvanic skin response, temperature, Electrocardiogram (ECG), plethysmogram (PPG), electromyography, electroencephalography, transient otoacoustic emissions, phonocardiogram, sweat, or combinations thereof. Any combination of the above or other physiological parameters may also be used to confirm the presence of a living user, as other physiological signals and/or sensors may be considered, alone or in combination, to produce this result.

The terms "biometric," "biometric data," or "biometric signal" as used herein are understood to mean any signal obtainable from a user that is capable of uniquely identifying the user, including, but not limited to, one or more unique physiological signals or signatures (signatures) that may be processed to uniquely identify the user. Non-limiting examples of biometric identification signals are gait, heart rate, galvanic skin response, temperature, fingerprint, voice or voice print, body electrical properties, body thermal properties, iris pattern, vein pattern, eye vein pattern, facial or other anatomical structures, Electrocardiogram (ECG), plethysmogram (PPG), electromyogram, electroencephalogram, transient otoacoustic emissions, phonocardiogram, DNA, one or more chemical markers, one or more biochemical markers, skin color change or discoloration, sweat, or combinations thereof. The unique identity of the user may also be obtained by observing a pattern or combination of one or more biometric characteristics. For example, a person may have a unique heart rhythm at a particular temperature and a particular amount of perspiration. In this way, two or more biometric observations may be combined or fused to obtain a multimodal unique biometric profile. This is particularly useful in situations where a particular biometric identification is not sufficient as an independently operating identifier. In one embodiment, sweat and gait may be combined or fused to provide a unique biometric profile for the user. Information from sources that are independently functioning identifiers may also be combined to improve accuracy and/or security. In another embodiment, the multimodal biometric system may fuse the fingerprint with iris and face characteristics.

The terms "access point" and "resource" are used interchangeably herein to refer to any logical or physical gateway, device, or application (application) that requires authorization and/or authentication, such as for security or personalization purposes, and is otherwise locked or inaccessible to a user. Some non-limiting examples of physical access points are electronically locked doors, parking transceivers, smart environmental technologies, vehicle doors, and transportation systems. Some non-limiting examples of logical access points are passwords, PINs, passwords (passcodes) or otherwise digitally secured electronic devices (e.g., smart phones, desktop computers, laptop computers, tablet computers, workstations, onboard vehicle devices, etc.) or accounts, payment system certificates, sales sites, automated bank teller machines, library check-out systems, and hotel check-in and airport check-in stations. Further, an access point may be considered a generic term for an application, computer, terminal, device, etc., that is enabled to communicate using the protocols described herein. For example, a wireless access point may be operatively associated with a web application to identify, monitor, or track authenticated user presence without necessarily invoking additional actions in response to such identified user presence. That is, although some embodiments may incorporate access points for the purpose of authenticating user presence to grant user authentication access to particular resources, user presence authentication may not be limited to such applications, but may also include embodiments in which a user's authenticated presence is identified, monitored, and/or tracked for other purposes, such as for advertising, analyzing user traffic and/or use of specified physical spaces, law enforcement, and the like. For simplicity, the terms "access point" and "resource" will be used interchangeably herein to refer not only to a computing device or application (e.g., physical hardware, firmware, and/or software application) that is accessed and operated to implement or provide user presence authentication and/or access authorization, but also to any resource or resources operatively associated therewith, whereby resources may include, but are not limited to: a physical space, room, area or region contained or otherwise bounded by an electronically controlled gateway, door, gate or entryway; physical or computational workstations, devices, equipment, and/or tools for manufacturing, testing, verifying, simulating, developing, researching, experimentation, developing, assembling, etc.; physical or digital libraries, catalogs, repositories, and/or other categorized or limited information repositories, and the like.

The term "access control signal" as used herein refers to a signal sent by an access control device, such as a User Authentication Device (UAD), to a physical or logical access point and/or resource that may enable a user to unlock, interact with, and/or access the access point/resource. The control signal may be a binary coded sequence or user identifier transmitted wired or wirelessly using, but not limited to, bluetooth (e.g., BLE), near field communication, ultra wideband, RFID, or Wifi. The control signal may include, represent or correspond to a biometric signal, a non-biometric signal, a physiological and/or non-physiological signal, depending on the application and/or context at hand.

The term "finger" as used herein refers to any finger or toe attached to a hand or foot, including the thumb or toe.

The term "encryption" as used herein is understood to refer to the act of changing (information) from one form to another, in particular in order to hide its meaning. Further, in some embodiments, encryption as used herein may include employing a pseudorandom transform that produces a pseudorandom output in the sense that the ciphertext may be distinguishable from a completely random sequence of bits of the same length without revealing anything about the plaintext. For example, consider adding one or more zeros at the end of each encrypted output. In at least one of the various embodiments, the encrypting may include applying pseudorandom function information, wherein a key of the pseudorandom function may be stored locally on the mobile device.

The terms "authorization authentication device" and "user authentication device" as used herein refer to devices and/or access points that may be arranged to include specialized applications for registering/registering mobile devices with users. The Authorization Authentication Device (AAD) may be arranged to store a key, an encrypted biometric user profile, or the like. In some embodiments, implementations of at least some of the AAD functionality may be included and/or otherwise embedded within functionality of the portable device, such as within a wearable authentication/user access authorization device, and/or the like, and/or distributed between such portable/wearable device and/or one or more network-accessible servers, client computers, access points, and/or the like. In some of the embodiments provided herein, a user authentication device or "UAD" is defined as a portable or wearable device operable to execute an onboard user authentication procedure to activate the UAD to broadcast or otherwise communicate or distribute an authenticated user status or identity for enforcing/processing authentication user presence or access privileges through one or more access points/resources.

Various embodiments are briefly described below to provide a basic understanding of some aspects of the technology described herein. This brief description is not intended as an extensive overview. It is not intended to identify key or critical elements or to delineate or otherwise narrow the scope. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.

According to various embodiments, the systems and methods described herein provide various examples of user access authorization systems and methods, and physiological user sensors and authentication devices therefor.

For example, different embodiments as contemplated herein allow for digital user authentication and/or access authorization based on both user authentication and confirmation of live user presence, e.g., as confirmed via acquired physiological signals or similar data that may be used to confirm that the authenticated user is actually present during authentication and/or during valid authorized user access. For example, in one embodiment, the digital authentication device may be configured to receive as input unique user authentication data, such as a Personal Identification Number (PIN), username and/or password, passphrase, or similar input, or to reacquire or otherwise receive as input biometric data that uniquely identifies the user (e.g., a fingerprint, finger vein or similar finger image-based biometric, iris scan, voice recognition, facial recognition, unique physiological signature-ECG, heart rate, gait, sweat, PPG vein recognition, body temperature, etc.), which may be used to digitally authenticate the user. Such authentication may be required in different contexts, such as for gaining access to one or more digital and/or physical resources via operatively associated access points, implementing authenticated user presence monitoring or tracking, or similar considerations as introduced above and detailed further below.

In connection with user authentication, the authentication device may also include one or more identical and/or different physiological sensors or similar components operable to interact with the user (e.g., via direct or indirect user contact, such as skin contact or similar interface operable to be in contact with or in close proximity to the user's skin or body) to acquire physiological signals to automatically confirm the presence of a living user during authentication. Exemplary physiological signals may include, but are not limited to, static and/or time varying signals such as ECG, heart rate, sweat, body temperature, and the like.

In such embodiments, after successful live user presence authentication, the user may then, and only then, successfully complete the authentication process, or again, may only obtain fully authorized access to certain resources, attributes, features, and/or functions, which are generally referred to herein as resources for simplicity.

As described in further detail below, the provision of multi-modal access authentication and authorization may provide various features, functions, and advantages in preventing unauthorized access or otherwise illegitimate access to certain resources, for example. For example, in the absence of a legitimate physiological signal providing sufficient live user presence confirmation, the user's illegal use of authentication data, whether in the form of a stolen PIN or password, or stolen biometric data, can be thwarted. That is, the authentication device will require not only sufficient input of authentication data, but also sufficient use and configuration (e.g., in the context of a wearable authentication device) to acquire an appropriate physiological signal. In some further embodiments, the operation of the biometric sensor in obtaining the authentication access may be inherently coupled with the operation of the physiological sensor. For example, a touch-sensitive biometric sensor (e.g., a fingerprint reader) may double as one of the contact points implementing a dual-contact physiological sensor (e.g., an ECG and/or similar listening monitor, etc.), or again serve as a concurrent optical probe for other types of physiological sensors. These and other such considerations will become more apparent to the skilled person upon reading the following non-limiting examples of illustrative embodiments.

In some of the same or additional embodiments, the presence of a living user, as confirmed by an on-board physiological sensor, may be required to maintain authorized access to a given resource, e.g., whereby digital authentication and/or authorized access may be revoked upon failure to maintain the presence confirmation of the living user. Such confirmation may be detected, accessed or otherwise monitored continuously or again through routine scheduled, random or otherwise intermittent physiological signal processing. Thus, an authentication device (such as a wearable device or similar device) may see its associated authentication state revoked upon removal of the device (e.g., removal of the device from an authenticated user).

In still further or other such embodiments, access authorization may additionally or alternatively be invoked/revoked based on the proximity of the user to the authorized access point. For example, live authenticated users may have their access authorization revoked after alienating themselves from a given access point or associated resource. This may be particularly beneficial in the following cases: otherwise authorized access to a given resource may be maintained in the absence of an authorized user, allowing unauthorized users to gain illegitimate access to such resources. Finally, access authorization may be regained after the authorized user returns within the predefined range of the authorized access point in question.

In one or more of the various embodiments, different secondary features may be employed to obtain and/or maintain authenticated access authorization such that, in response to sensing one or more access points, for example, an authorization authentication device may be employed to provide access to the one or more access points and/or resources associated therewith until it is determined that the authenticated user is unverified based on the one or more secondary features. In one or more of the various embodiments, for example, providing access to the one or more access points or associated resources may be delayed until the user may perform one or more desired physical gestures or actions to confirm the user's access to the one or more access points.

In one or more of the various embodiments, the authentication device may comprise a band adapted to encircle one or more of the user's wrist, finger, toe, foot, arm, waist, chest, head, or neck, for example, although other wearable configurations, such as, but not limited to, patches, skin probes, or other wearable devices, should be considered to fall within the general scope and spirit of the present disclosure, as the skilled artisan will readily appreciate.

Illustrative operating Environment

FIG. 1 shows components of an environment in which embodiments of the invention may be practiced, according to an illustrative embodiment. Not all components may be required to practice different embodiments of the invention, and variations in the arrangement and type of the components may be made without departing from the overall spirit or scope of the disclosure. As shown, the system 100 of fig. 1 includes a Local Area Network (LAN)/Wide Area Network (WAN) — (network) 110, a wireless network 108, a client computer 102, an authentication/access authorization device 106 (generally referred to herein as a User Authentication Device (UAD)106, which may include, but is not limited to, for example, a mobile, wireless, portable wearable device, and/or the like), an authentication/access authorization server computer 116 (generally referred to herein as an authentication server 116), and the like.

At least one embodiment of client computer 102-105 is described in more detail below in conjunction with FIG. 2. In one embodiment, at least some of the client computers 102 and 105 may operate over one or more wired and/or wireless networks, such as network 108 and/or network 110. In general, client computer 102 and 105 may comprise virtually any computer capable of communicating over a network to send and receive information, perform various online activities, offline actions, and the like. In one embodiment, one or more of the client computers 102 and 105 may be configured to operate within an enterprise or other entity to perform a wide variety of services for the enterprise or other entity. For example, client computer 102 and 105 may be configured to operate as a server, client application, media player, mobile phone, game console, desktop computer, access point, and the like. However, client computer 102-105 is not limited to these services and may also be employed in other embodiments, for example, for end user computing. It should be appreciated that more or fewer client computers (as shown in fig. 1) may be included within a system such as described herein, and thus embodiments are not limited by the number or type of client computers employed.

Computers that may operate as client computer 102 may include computers that are typically connected using wired or wireless communication media, such as personal computers, multiprocessor systems, microprocessor-based or programmable electronic devices, network PCs, and the like. In some embodiments, client computer 102-105 may comprise almost any portable computer capable of connecting to another computer and receiving information, such as laptop computer 103, mobile computer 104, tablet computer 105, and the like. However, the portable computer is not so limited, and may also include other portable computers, such as cellular telephones, display pagers, Radio Frequency (RF) devices, Infrared (IR) devices, Personal Digital Assistants (PDAs), handheld computers, wearable computers, integrated devices combining one or more of the preceding computers, and the like. As such, client computers 102-105 are typically wide ranging in capabilities and features. In addition, the client computer 102 and 105 may access various computing applications, including a browser, or other network-based application.

The network-enabled client computer may include a browser application configured to receive and send web pages, network-based messages, and the like. The browser application may be configured to receive and display graphics, text, multimedia, and the like, in virtually any web-based language, including wireless application protocol messages (WAP), and the like. In one embodiment, the browser application is enabled to display and send messages using Handheld Device Markup Language (HDML), Wireless Markup Language (WML), WMLScript, JavaScript, Standard Generalized Markup Language (SGML), hypertext markup language (HTML), extensible markup language (XML), JavaScript object notation (JSON), and the like. In one embodiment, a user of a client computer may employ a browser application to perform various activities over a network (online). However, another application may also be used to perform various online activities.

One embodiment of client computer 102-105 is described in more detail below in conjunction with FIG. 2. Briefly, however, the client computer 102-105 may also include at least one other client application configured to receive and/or transmit content between another computer. The client application may include the ability to send and/or receive content, etc. The client application may also provide information identifying itself, including type, capabilities, name, etc. In one embodiment, client computers 102 and 105 may uniquely identify themselves through any of a variety of mechanisms, including an Internet Protocol (IP) address, a telephone number, a Mobile Identification Number (MIN), an Electronic Serial Number (ESN), or other device identifier. Such information may be provided in network packets or the like sent between other client computers, server computers 116, devices 106, or other computers.

Client computer 102 may also be configured to include a client application that enables an end user to log into an end user account that may be managed by another computer, such as server computer 116. In one non-limiting embodiment, such end-user accounts may be configured to enable the end-user to manage one or more online activities, which in one non-limiting embodiment include project management, system management, configuration management, search activities, social activities, browsing various websites, communicating with other users, and the like.

One embodiment of the device 106 is described in more detail below in conjunction with fig. 4. Briefly, however, the device 106 may be any device that may be worn or otherwise carried by a user and that is capable of obtaining authentication data to invoke (in this illustrated embodiment, via the server 116) an authentication process. As introduced above and as will be detailed below in accordance with some embodiments, the authentication data may include manually entered data and/or biometric data that is acquired or otherwise entered by the user for the purpose of seeking authentication and, in some embodiments, for the purpose of seeking certain access authorizations.

As described above, some embodiments of the device 106 will also include one or more physiological sensors and/or proximity detection mechanisms to provide secondary authentication and/or authorization measures to obtain and/or maintain authentication/authorization in use.

Non-limiting examples of suitable wearable authentication devices may include, but are not limited to, wristbands, wristwatches, bracelets, necklaces, rings, belts, glasses, clothing, hats, foot chains, headbands, chest belts, patches, skin probes, or earrings, to name a few, or any other wearable item capable of obtaining a biometric identification signal. The device 106 may also be incorporated into clothing. In another embodiment, the device 106 may include more than one biometric and/or physiological sensor to be used individually and/or in combination to perform user authentication and/or live user presence confirmation. The device 106 may be arranged to communicate with one or more of the client computers 102 and 105 over a network, such as the wireless network 108. Further, the device 106 may be arranged to communicate with an access point, enabling a user to access secure locations and secure electronic devices and to customize the user experience.

As the skilled person will appreciate, some of the features and/or functionalities described above with respect to the client computer 102 and 105 may be interchangeably applied to the functionalities and features of the herein described embodiments of the portable device 106. For example, although a client computer is expressly illustrated herein in one particular embodiment, some embodiments may additionally or alternatively contemplate a portable and/or wearable client computer, as other embodiments may be contemplated to implement the features and functionality of the embodiments described herein.

The wireless network 108 is configured to couple the client computer 102 and/or the authentication device 106 with the network 110. The wireless network 108 may include any of a variety of wireless sub-networks that may also overlay an independently operating ad-hoc (ad-hoc) network or the like to provide infrastructure-oriented connections for the client computers 102, 105 and/or the authentication devices 106. Such sub-networks may include mesh networks, bluetooth, Wireless Local Area Network (WLAN) networks, cellular networks, and the like. In one embodiment, the system may include more than one wireless network.

The wireless network 108 may also include an autonomous system of terminals, gateways, routers, and the like connected by wireless radio links, and the like. These connectors may be configured to move and organize themselves freely and randomly so that the topology of the wireless network 108 may change rapidly.

The wireless network 108 may also employ a variety of access technologies including second generation (2G), third generation (3G), fourth generation (4G), fifth generation (5G) radio access for cellular systems, WLAN, bluetooth, Wireless Router (WR) mesh, and the like. Access technologies such as 2G, 3G, 4G, 5G and future access networks may enable wide area coverage for mobile computers (such as client computer 102 and 105) and authentication devices 106 with various degrees of mobility. In one non-limiting embodiment, the wireless network 108 may enable radio connection through radio network access such as global system for mobile communications (GSM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wideband Code Division Multiple Access (WCDMA), High Speed Downlink Packet Access (HSDPA), Long Term Evolution (LTE), and the like. In essence, the wireless network 108 can include virtually any wireless communication mechanism by which information can travel between the client computer 102 and 105, the authentication device 106, and another computer, network, cloud-based network, cloud instance, and the like.

The network 110 is configured to couple the network computer with other computers, including the authentication server computer 116, the client computer 102, 105, the authentication device 106, through the wireless network 108, and the like. Network 110 is enabled to employ any form of computer-readable media for communicating information from one electronic device to another. Additionally, network 110 may include the internet in addition to Local Area Networks (LANs), Wide Area Networks (WANs), direct connections, such as through a Universal Serial Bus (USB) port, other forms of computer-readable media, or any combination thereof. On a group of LANs that include an interconnection of LANs based on different architectures and protocols, a router acts as a link between LANs, enabling messages to be sent from one to another. Additionally, the communication links within LANs typically include twisted wire pairs or coaxial cables, while the communication links between networks may utilize analog telephone lines, dedicated digital lines including all or portions of T1, T2, T3, and T4, and/or other carrier mechanisms including, for example, E-carriers, Integrated Services Digital Networks (ISDN), Digital Subscriber Lines (DSL), wireless links including satellite links, or other communication links known to those of skill in the art. Further, the communication links may also employ any of a variety of digital signal technologies including, but not limited to, for example, DS-0, DS-1, DS-2, DS-3, DS-4, OC-3, OC-12, OC-48, etc. In addition, remote computers and other related electronic devices can be remotely connected to either LANs or WANs via a modem and temporary telephone link. In one embodiment, the network 110 may be configured to transport Internet Protocol (IP) information.

In addition, communication media typically embodies computer readable instructions, data structures, program modules or other transport mechanisms and includes any information delivery media. By way of example, communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, rf, infrared, and other wireless media.

One embodiment of the authentication server computer 116 is described in more detail below in conjunction with fig. 3. Briefly, however, the authentication server computer 116 comprises virtually any network computer capable of performing actions for storing, authenticating, processing biometric identification information, users, access points, and the like.

Although fig. 1 illustrates authentication server computer 116 as a single computer, the innovations and/or embodiments are not limited thereto. For example, one or more functions of the authentication server computer 116 may be distributed across one or more different network computers. Further, the authentication server computer 116 is not limited to a particular configuration, such as the particular configuration shown in fig. 1. Thus, in one embodiment, the authentication server computer 116 may be implemented using multiple network computers and/or client computers. In other embodiments, the development computer may operate as multiple network computers within a cluster architecture, peer-to-peer architecture, cloud or virtualization architecture, or the like. Further, in at least one of the various embodiments, the authentication server computer 116 may be implemented using one or more cloud instances in one or more cloud networks.

Described herein, according to some embodiments, is a system, method, and apparatus for authenticating a user being authenticated when it is a truly living person. The system may additionally or alternatively seek to confirm the presence of live users during authenticated/authorized use, confirm the proximity of such users to a given access point or associated resource (i.e., within a specified authorized region, area, or distance threshold) during use, and/or evaluate other secondary user authorization parameters. In the embodiments illustrated herein, the system is centered around a wearable authentication device that, based on the acquired physiological signals, confirms that the wearer is actually a live person, authenticates the wearer based on available authentication data, which may include biometric data. Some embodiments also allow for confirmation that the same user (i.e., wearer) is the source of both the physiological signal and the authentication data, for example, in the context of biometric authentication. In other embodiments, such live user presence, proximity, and/or other related provisions may not be implemented, for example, in a reduced security environment and/or to reduce or limit the complexity of the authentication device/system implemented.

In one embodiment, once authenticated, the wearable authentication device synchronizes with a pre-initialized authorization registration application to authorize the wearable authentication device to wirelessly communicate the pre-authenticated user identity to other devices and systems. In another embodiment, once authenticated, the wearable authentication device activates the user's identification and privately broadcasts the user's identification to other devices and systems. In other embodiments, authentication and/or physiological data is communicated or otherwise communicated to a trusted computing device, such as authentication server 116, for remote processing, thereby reducing the computing load on the wearable device. This enables a user to have both logical and physical access at one or more access points due to single user authorization.

In contrast, conventional access systems, including biometric access systems, may be subject to hacking and/or abuse. For example, a hacker may steal a fingerprint and create a fingerprint mold that can be applied to a fingerprint sensor to gain access. A hacker can also take a picture of the fingerprint and keep it in front of the scanner. Similarly, a user of an authentication device that authenticates once and then grants access within a defined period of time may be worn by a person without authorization while the person with authorization authenticates the device. There are naturally other drawbacks, such as maintaining authorized access activation when the user removes the authentication device and/or leaves or moves away from the restricted access area or resource. Such a possibility may be unacceptable to security-conscious agencies, resulting in the addition of additional layers of security, such as recurring user authentication, or the use of out-of-band mechanisms.

The embodiments described herein provide an attractive security solution to at least some of these typical shortcomings by significantly reducing, if not eliminating, concerns about hacking and abuse of authentication/authorization devices. For example, in one illustrative embodiment, where a biometric authentication sensor, such as a fingerprint reader, shares one contact point with a complementary physiological sensor, such as an ECG, even if a hacker would steal the fingerprint, create a fingerprint mold, and attach or otherwise embed the fingerprint mold on the glove upon touching the biometric authentication sensor, the analysis of the physiological sensor would determine that the user is not a live, flesh-form person, and thus the authentication device would not authenticate the user. Furthermore, it is inferred from the same illustrative embodiment that abuse of the authentication device, such as authenticating a device worn by another person, may also be prevented, as the physiological sensor may be configured to not take a reading unless the device is worn by the same user and authenticated (e.g., an electrocardiogram or galvanic skin response is not present between the two persons). Thus, the authentication device does not authenticate even if the biometric features (e.g., fingerprints) are matched. In addition, at least some of the presently described embodiments allow for faster access control, since the user does not need to authenticate each time she needs to access a physical or logical system. As described above, other features, advantages, and benefits of the embodiments described herein, such as live user confirmation during and/or after authentication, user proximity metrics, and/or other such features and advantages will be apparent to the skilled artisan in light of the present disclosure.

With reference to fig. 18, and in accordance with one embodiment, an illustrative high-level system architecture for managing authenticated user identity, authenticated user presence, and/or access authorization will now be described. In this embodiment, a set of end users is provided with a corresponding set of portable (wearable) User Authentication Devices (UADs) 1802 to be used to authenticate each end user (e.g., via PIN, password, on-board biometric authentication, etc.) for the purpose of conveying an authenticated user identity, e.g., in authenticating user presence and, in some other embodiments, obtaining user access to one or more customer resources 1804 accordingly. Various measures to ensure secure user authentication, live user presence, fraud prevention, collusion, etc., are illustratively introduced above and further described below, as are other complementary/alternative means for securely authenticating a user via onboard and/or communicatively accessible authentication and status broadcast resources.

After on-board authentication in this embodiment, once the UAD is valid, it can be used to securely authenticate a user, for example, to obtain authenticated access to certain authorized resources 1804, access to which resources 1804 is operatively controlled, at least in part, by a locally or distributively operated security-enabled (network) application 1805 to communicate with a nearby UAD 1802 via an associated access point or similar communication path. For example, a given UAD 1802 may be logically linked to a particular user to perform onboard user authentication to activate the UAD 1802 and thereby actively or selectively communicate or broadcast user authentication status or authenticate user identity. For example, an actively authenticated UAD or a pre-authorized UAD may be transacted (transacted) with one or more instances of a security-enabled (network) application 1805, which security-enabled (network) application 1805 may be operated to identify, monitor, and/or track authenticated user presence, e.g., to grant an authenticated user access to one or more corresponding resources 1804 operatively associated therewith. For example, if so authorized, the web application 1805 may be operated to securely identify an authenticated user (e.g., using one or more (mutual) user/device/application authentication procedures) in providing authenticated access to the corresponding resource. For simplicity, the following embodiments will be directed to a system for granting authenticated user access privileges to an authenticated user based on successful user identification, authentication, and communications related thereto between a given UAD and a network application (instance).

Thus, each end user (users A, B and C) may be given one or more guest access privileges or authorizations (e.g., guest access privileges or authorizations to resources X, Y and/or Z) to be enforced via their respective UADs 1802. To this end, a corresponding digital certificate may be issued to accommodate such diversified access privileges; that is, user a may seek to register user-specific credentials to access resource X (e.g., credentials (a, X)1820), user B may seek to register corresponding user-specific credentials to access each of resources Y and Z, respectively (but not X), and user C may seek to register corresponding user-specific credentials and possibly higher level authorization credentials for each resource to access Enterprise Management Application (EMA) 1806. Each certificate may then be used to successfully negotiate access to its corresponding resource via its respective security-enabled application (SEA) instance 1805 (or EMA 1806).

In the illustrated embodiment, for the purpose of providing customer security services, an external enterprise security services system is implemented in which multiple user authentication devices can be used to routinely authenticate authorized end users and manage user access privileges accordingly. For example, and with reference to the illustrative embodiment of fig. 18, end-user certificate enrollment, processing regulations, and related regulations are implemented via an external (independently running) CA1816, enterprise directory 1818, and related sources, e.g., to reduce customer impact and points of contact in the outsource management of such secure resources (which may be used to concurrently provide security management services to various customers with which they interact). In this embodiment, the enterprise management application 1806 operates on a client/client machine (e.g., local network infrastructure) 1808, which client/client machine 1808 interacts with an enterprise server 1810 operated by an external security service provider to process certificate enrollment requests, optionally including UAD enterprise setup programs, and related security provisions and procedures. The enterprise management application 1806 may not only interact with the various UADs for enterprise setup, processing, and maintenance purposes, but may optionally provide management functions in a corresponding instance of the link security enabled application 1805, e.g., for software/firmware updates, synchronization, and/or resource sharing, e.g., via a secure local network database 1822 or the like. Access to local or server-based enterprise directories or databases may also be facilitated through a centralized management hub (hub) or application, as other system architectures and/or configurations may be considered.

Exemplary client computer

FIG. 2 illustrates one embodiment of a client computer 200 that can be included in a system according to at least one of the various embodiments. Client computer 200 may include more or fewer components than those shown in fig. 2. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing various embodiments of the present invention. Client computer 200 may represent, for example, one embodiment of at least one of client computers 102 and 105 of FIG. 1.

As shown in this figure, client computer 200 includes a processor 202 in communication with a mass memory 226 via a bus 234. In some embodiments, processor 202 may include one or more Central Processing Units (CPUs). Client computer 200 also includes a power supply 228, one or more network interfaces 236, an audio interface 238, a display 240, a keypad 242, an illuminator 244, a video interface 246, an input/output interface 248, a haptic interface 250, and a Global Positioning System (GPS) receiver 232.

The power supply 228 provides power to the client computer 200. Rechargeable or non-rechargeable batteries may be used to provide power. Power may also be provided by an external power source, such as an Alternating Current (AC) adapter or powered docking cradle (powered docking cradle) that supplements and/or recharges a battery or directly powers the unit.

Client computer 200 may optionally communicate with a base station (not shown), or directly with another computer. Network interface 236 includes circuitry for coupling client computer 200 to one or more networks and is constructed for use with one or more communication protocols or technologies including, but not limited to, GSM, CDMA, TDMA, GPRS, EDGE, WCDMA, HSDPA, LTE, User Datagram Protocol (UDP), transmission control protocol/internet protocol (TCP/IP), Short Message Service (SMS), WAP, ultra-wideband (UWB), IEEE 802.16 worldwide interoperability for microwave access (WiMax), session initiation protocol/real-time transport protocol (SIP/RTP), or any of a wide variety of other wireless communication protocols. Network interface 236 is sometimes referred to as a transceiver, transceiving device, or Network Interface Card (NIC).

The audio interface 238 is arranged to generate and receive audio signals, such as the sound of a human voice. For example, audio interface 238 may be coupled to a speaker and microphone (not shown) to enable radio communication with others and/or generate audio confirmation for some action.

The display 240 may be a Liquid Crystal Display (LCD), gas plasma, Light Emitting Diode (LED), organic LED, AMOLED, PMOLED, or any other type of display used with a computer. The display 240 may also comprise a touch sensitive screen arranged to receive input from an object such as a stylus or a finger of a human hand.

Keypad 242 may include any input device arranged to receive input from a user. For example, keypad 242 may include a push button numeric dial or a keyboard. Keypad 242 may also include command buttons associated with selecting and sending images.

Illuminator 244 may provide status indications and/or provide light. Illuminator 244 may remain active for a particular period of time or in response to an event. For example, when illuminator 244 is active, it may backlight the buttons on keypad 242 and remain illuminated while the client computer is powered. In addition, illuminator 244 may backlight these buttons in various patterns when performing certain actions, such as dialing a phone call to another client computer. Illuminator 244 may also cause a light source located within a transparent or translucent housing of the client computer to illuminate in response to an action.

The video interface 246 is arranged to capture video images, such as still photographs, video clips, infrared video, and the like. For example, video interface 246 may be coupled to a digital video camera, a web cam, and the like. The video interface 246 may include a lens, an image sensor, and other electronics. The image sensor may include a Complementary Metal Oxide Semiconductor (CMOS) integrated circuit, a Charge Coupled Device (CCD), or any other integrated circuit for sensing light.

Client computer 200 also includes input/output interface 248 for communicating with external devices, such as a headset, or other input or output devices not shown in fig. 2. The input/output interface 248 may utilize one or more communication technologies, such as USB, infrared, Bluetooth^TMUltrasound, WiFi, ultra wideband, etc.

The haptic interface 250 is arranged to provide haptic feedback to a user of the client computer. For example, the haptic interface 250 may be employed to vibrate the client computer 200 in a particular manner when another user of the computer is calling. In some embodiments, the haptic interface 250 may be optional.

The client computer 200 may also include a GPS transceiver 232 to determine the physical coordinates of the client computer 200 on the surface of the earth. In some embodiments, the GPS transceiver 232 may be optional. The GPS transceiver 232 typically outputs the position in the form of latitude and longitude values. However, the GPS transceiver 232 may also employ other geolocation mechanisms including, but not limited to, triangulation, assisted GPS (agps), enhanced observed time difference (E-OTD), Cell Identifier (CI), Service Area Identifier (SAI), Enhanced Time Advance (ETA), Base Station Subsystem (BSS), etc. to further determine the physical location of the client computer 200 on the surface of the earth. It should be understood that under different conditions, the GPS transceiver 232 may determine the physical location of the client computer 200 within millimeters; and in other cases, the determined physical location may be less accurate, such as within a meter or significantly greater distance. However, in one embodiment, client computer 200 may provide, through other components, other information that may be employed to determine the physical location of the computer, including, for example, a Media Access Control (MAC) address, an IP address, and the like.

The mass memory 226 includes Random Access Memory (RAM)204, Read Only Memory (ROM)222, and other storage devices. The mass memory 226 illustrates one embodiment of computer-readable storage media (devices) for storage of information such as computer-readable instructions, data structures, program modules or other data. The mass memory 226 stores a Basic Input Output System (BIOS)224 or the like for controlling low-level operations of the client computer 200. The mass memory also stores an operating system 206 for controlling the operation of client computer 200. It will be appreciated that this component may comprise, for example, a version of UNIX, or LINUX^TMOr a general-purpose operating system such as Windows Mobile from microsoft corporation^TMiOS of apple Inc^TMAndroid of google, inc^TMEtc. communicate with the operating system. The operating system may include or may interact with a Java virtual machine module that enablesThe hardware components and/or operating system operations can be controlled by Java applications.

The mass memory 226 also includes one or more data stores 208, which one or more data stores 208 can be utilized by the client computer 200 to store, among other things, applications 214 and/or other data. For example, the data store 208 may also be employed to store information describing various capabilities of the client computer 200. This information may then be provided to another computer based on any of a variety of events, including being sent as part of a header during a communication, being sent upon request, etc. The data store 208 may also be employed to store social networking information including address books, buddy lists, aliases, user profile information, user credentials, and the like. In addition, the data store 208 may also store messages, web page content, or any of a wide variety of user-generated content.

At least a portion of the information stored in data storage 208 may also be stored on another component of client computer 200, including but not limited to processor-readable storage media 230, a disk drive or other computer-readable storage device (not shown) within client computer 200. Further, at least a portion of the data store 208 may be used to store user (e.g., authentication, authorization, and/or biometric) profile information 210 for one or more users and/or one or more authentication devices.

Processor-readable storage media 230 may include volatile, non-transitory, non-volatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer or processor readable instructions, data structures, program modules, or other data. Examples of computer-readable storage media include RAM, ROM, electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other physical medium which can be used to store the desired information and which can be accessed by a computer. Processor-readable storage medium 230 may also be referred to herein as a computer-readable storage medium and/or a computer-readable storage device.

The applications 214 may include computer-executable instructions that, when executed by the client computer 200, transmit, receive, and/or otherwise process network data. Network data may include, but is not limited to, messages (e.g., SMS, Multimedia Messaging Service (MMS), Instant Messaging (IM), email, and/or other messages), audio, video, and enable radio communication with another user of another client computer. Applications 214 may include, for example, user (e.g., biometric identification) authentication application 216, enrollment application 218, other applications 220, and so on.

Other applications 220 may include a web browser. A web browser can include virtually any application configured to receive and display graphics, text, multimedia, messages, and the like, in virtually any web-based language. In one embodiment, the browser application is enabled to employ HDML, WML, WMLScript, JavaScript, SGML, HTML, XML, and the like to display and send messages. However, any of a wide variety of other network-based programming languages may be employed. In one embodiment, the browser may enable a user of the client computer 200 to communicate with another network computer, such as the authentication server computer 116 shown in FIG. 1.

Other applications 220 may additionally include, but are not limited to, calendars, search programs, email clients, IM applications, SMS applications, Voice Over Internet Protocol (VOIP) applications, contact managers, task managers, transcoders, database programs, word processing programs, software development tools, security applications, spreadsheet programs, games, search programs, and so forth.

Exemplary network computer

Fig. 3 illustrates one embodiment of a network computer 300 according to one embodiment of the present invention. Network computer 300 may include more or fewer components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention. The network computer 300 may be configured to operate as a server, a client, a peer, a host, a cloud instance, or any other computer. The network computer 300 may represent, for example, the authentication server computer 116 and/or other network computers.

The network computer 300 includes a processor 302, a processor-readable storage medium 328, a network interface unit 330, an input/output interface 332, a hard disk drive 334, a video display adapter 336, and a memory 326, all in communication with each other via a bus 338. In some embodiments, processor 302 may include one or more central processing units.

As illustrated in fig. 3, the network computer 300 may also communicate with the internet or other communication network via a network interface unit 330, the network interface unit 330 being configured for use with various communication protocols including the TCP/IP protocol. Network interface unit 330 is sometimes referred to as a transceiver, transceiving device, or Network Interface Card (NIC).

The network computer 300 also includes an input/output interface 332 for communicating with external devices, such as a keyboard, or other input/output devices not shown in fig. 3. The input/output interface 332 may utilize one or more communication technologies, such as USB, infrared, NFC, bluetooth, etc.

Memory 326 typically includes RAM 304, ROM 322, and one or more permanent mass storage devices, such as hard disk drive 334, tape drive, optical drive, and/or floppy disk drive. The memory 326 stores the operating system 306 for controlling the operation of the network computer 300. Any general purpose operating system may be employed. A Basic Input Output System (BIOS)324 for controlling low-level operation of the network computer 300 is also provided.

Although illustrated separately, the memory 326 may include a processor-readable storage medium 328. The processor-readable storage medium 328 may be referred to as and/or include a computer-readable medium, a computer-readable storage medium, and/or a processor-readable storage device. Processor-readable storage media 328 may include volatile, nonvolatile, non-transitory, removable, and non-removable media implemented in any method or technology for storage of information, such as computer-readable instructions, data structures, program modules, or other data. Examples of processor-readable storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.

The memory 326 also includes one or more data stores 308, which one or more data stores 308 can be utilized by the network computer 300 to store, among other things, applications 314 and/or other data. For example, the data store 308 may also be employed to store information that describes various capabilities of the network computer 300. This information may then be provided to another computer based on any of a variety of events, including being sent as part of a header during a communication, being sent upon request, etc. The data store 308 may also be employed to store messages, web page content, and the like. At least a portion of the information may also be stored on another component of the network computer 300, including but not limited to the processor-readable storage medium 328, the hard drive 334, or other computer-readable storage medium (not shown) within the network computer 300.

The data store 308 may include databases, text, spreadsheets, folders, files, and the like, which may be configured to maintain and store user account identifiers, user profiles, email addresses, IM addresses, and/or other network addresses, and the like. The data store 308 may also include program code, data, algorithms, etc. for use by a processor, such as the processor 302, to perform (execute) and perform (execute) actions. In one embodiment, at least some of the data storage 308 may also be stored on another component of the network computer 300, including but not limited to the processor-readable storage medium 328, the hard drive 334, or the like.

The data store 308 may include user (e.g., authentication, authorization, and/or biometric) profile information 312. In at least one of the multiple embodiments, the user profile information 312 can include information for authentication of the wearable authentication device, such as one or more files that include authentication (e.g., biometric) data of one or more users, and the like. Additionally, in at least one of the various embodiments, the data store 308 can include authentication information 313, which authentication information 313 can include information about users, access points, access control lists, and the like.

Applications 314 may include computer-executable instructions that may be loaded into mass memory and run on operating system 306. Examples of application programs may include transcoders, schedulers, calendars, database programs, word processing programs, hypertext transfer protocol (HTTP) programs, customizable user interface programs, IPSec applications, encryption programs, security programs, SMS message servers, IM message servers, email servers, account managers, and so forth. The applications 314 may also include an enrollment application 320 for enrolling and/or activating the authentication device. The applications may also include a registration application 321 for authenticating the user by employing biometric identification information, authentication devices, additional conditions, and the like.

Web server 318 may represent any of a wide variety of information and services configured to provide content, including messages, to another computer over a network. Thus, the web servers 318 may include, for example, web servers, File Transfer Protocol (FTP) servers, database servers, content servers, email servers, and the like. Web site server 318 may provide content, including messages, over a network using any of a variety of formats, including, but not limited to, WAP, HDML, WML, SGML, HTML, XML, compressed HTML (cHTML), extensible HTML (xHTML), and the like.

Exemplary authentication device

In at least one of the embodiments, the wearable authentication device (such as authentication device 106) may be any device that may be employed by a user, typically worn or held by a user, and that is capable of receiving authentication data as input (such as, for example, a user input interface capable of providing for manual input of authentication data (username, password, code, PIN, etc.) and/or operable to obtain a biometric identification signal or the like). Non-limiting examples of wearable authentication devices are wristbands, wristwatches, bracelets, necklaces, rings, belts, glasses, clothing, hats, foot chains, headbands, chest belts, or earrings, or any other item capable of obtaining a biometric identification signal in the context of a biometric identification device. The wearable authentication device may also be incorporated into an article of clothing. In another embodiment, the wearable authentication device may include multiple input interfaces to access different authentication inputs (e.g., a combined manual input and biometric input, multiple biometric inputs, etc.).

Although a wearable authentication device is contemplated in the illustrated embodiments, authentication devices within the scope of these innovations are not limited to only wearable devices for at least one of the embodiments. In at least one of the embodiments, an authentication device having a non-wearable form factor (form factor) may be considered within the scope of the innovations described herein. For example, a fixed authentication device embedded in a chair, table, handle bar, or the like, or a combination thereof. Likewise, authentication devices that may be held rather than worn are also contemplated as being within the scope of the innovations described herein. However, for the sake of clarity and brevity, much of the discussion and embodiments presented herein are described in terms of a wearable authentication device. One of ordinary skill in the art will appreciate that other authentication device form factors are within the scope of these innovations and are contemplated.

In at least one of the embodiments, a user of a wearable authentication device may be authenticated using one or more biometric identification techniques or sensors that may capture biometric signals and/or data representing biometric identification features that may be employed to uniquely identify the user. The uniqueness of the biometric characteristic may be directly related to potential inter-individual differences in a population. Some non-limiting examples of biometric data that may be employed to uniquely identify a user are gait, heart rate, galvanic skin response, temperature, fingerprint, voice or voiceprint, body electrical characteristics, body thermal characteristics, iris pattern, vein pattern, eye vein pattern, facial or other anatomical structure, electrocardiogram, plethysmogram, electromyogram, electroencephalogram, transient otoacoustic emissions, phonocardiogram, DNA, one or more chemical markers, one or more biochemical markers, skin color change or discoloration, or sweat. In at least one of the various embodiments, the authentication is performed by an authentication device. However, additionally or alternatively, authentication may be performed by an authorized registration application.

In at least one of the embodiments, the physiological characteristic is also captured, not for the purpose of identifying the user (although this is also contemplated where different degrees of weight are given for use as the secondary biometric identification characteristic type based on the uniqueness of the physiological signal), but for the purpose of determining whether the authentication data is received from a genuine living person, and/or for the purpose of determining whether the genuine living person from which the authentication data was captured is wearing the authentication device.

For example, in some embodiments, the authentication process invoked by or via the device will be satisfied after the authentication and concurrent live user presence of the input authentication data is confirmed via the physiological characteristics of the device. Such live user presence confirmation may additionally or alternatively persist during use to confirm live user presence while user authorization is maintained, and otherwise, such authorization is revoked if physiological input is lost (e.g., if the device is removed from the user, or vice versa).

In some embodiments, as described above, the user authentication interface and the physiological sensor will be configured to be concurrent with the user during authentication, for example, where authentication data entry requires user contact (e.g., fingerprint and/or data entry) and where such contact invariably results in the user contacting a complementary physiological sensor (e.g., probe, interface and/or contact thereof). However, it will be appreciated that such concurrent user contact need not necessarily be made through a common interface, but may require that the authentication interface and the physiological interface be closely arranged or arranged to facilitate concurrent or sequential contact. In some embodiments, the physiological signals may also require two concurrent physical contact points of the same real user, for example in the context of an ECG, which may be achieved in some embodiments by a wrist band or similarly configured wrist and finger input interface in the device.

For example, because an electrocardiogram requires the detection of two contact points on the heart, in at least one of the embodiments, an Electrocardiogram (ECG) is used to verify that a fingerprint (e.g., authentication biometric data) is being captured by the wearer of the authentication device (e.g., rather than a fingerprint from a person standing next to the wearer). ECG can also be used to defeat replay attacks by verifying that the fingerprint was captured from a genuine live person rather than being obtained from a fingerprint mold that was intended to fool the authenticating device. Both verifications are accomplished by positioning one of the ECG sensors in proximity to the fingerprint sensor (e.g., adjacent to the fingerprint sensor, on top of the fingerprint sensor, around the rim of the fingerprint sensor, as part of the fingerprint sensor, etc.), such that in one embodiment, the biometric identification feature and the physiological feature are captured concurrently from the same finger. Additionally or alternatively, the authentication feature and the physiological feature may be captured sequentially, such that another person is prevented from replacing his finger for a selected defined period of time, or the authentication feature and the physiological feature may be captured in parallel. Additionally or alternatively, the authentication feature and the physiological feature may be captured for a defined period of time such that the wearable authentication device has not detected removal of the finger between captures. It will be appreciated that although biometric authentication is considered in the embodiments described above, other authentication mechanisms may be considered to benefit concurrently or sequentially from physiological user presence confirmation. For example, a user input interface (e.g., a touch sensitive screen or interface) for receiving manually entered authentication data as input may double as or be collocated with the physiological probe to provide a similar effect.

As inferred from the examples above, in one or more of the various embodiments, the second ECG sensor is positioned so as to contact the wearer's wrist. In this way, ECG signals are enabled to travel from the heart, through one arm, through one of the ECG sensors, away from the other ECG sensor, through the other arm, and back to the heart. Without this electrical connection-for example if another person is providing a fingerprint or manual input so that the ECG does not flow through the finger path (configurable path) of the user contacting the authentication interface-the authentication device will determine that the authentication data is not being provided by the wearer of the authentication device. Similarly, for example, if the electrical connection is distorted or modified in any way due to the use of a fingerprint mold, the ECG sensor will determine that the fingerprint is not being provided by the wearer of the authentication device.

Throughout this disclosure, and with particular reference to the illustrative embodiments presented above, for clarity and brevity, authentication features are discussed primarily as biometric identification features and more primarily as fingerprints, and physiological features are discussed primarily as ECGs, although other types of authentication, and in particular biometric identification features such as, but not limited to, finger veins and galvanic skin responses, are contemplated, to name a few. For example, in the context of the illustrative embodiments provided above, the biometric authentication feature may be any feature captured based on contact with the user, while the physiological feature may be any feature that is captured at least in part using the same body part used to capture the biometric authentication feature and that may determine whether the wearable authentication device is worn by the owner of that same body part. While fingerprints and ECGs are discussed in more detail below as options for providing authentication and live user presence confirmation, such examples should not be considered as limiting the general scope and spirit of the present disclosure, but merely serve as one example consistent with various embodiments of the present disclosure.

In at least one of the embodiments, the wearable authentication device may include an onboard power source to enable the authentication device to perform desired functions, such as obtaining authentication and/or physiological signals, transmitting and receiving these and related control signals, and in some embodiments, maintain a detector for detecting removal of the wearable authentication device, such as an electronic continuity detector, for example. Any power source known to the skilled person is acceptable, non-limiting examples of which are batteries, photovoltaic generators, kinetic or micro generators, thermal generators, piezoelectric generators, inductive charging and wireless power transfer.

The wearable authentication device includes one or more radios/transceivers for transmitting and receiving communications. One or more radios/transceivers may transmit and receive communications, e.g., transmit grants, from a system installed at an access point to gain access to one or more access points.

In one embodiment, the wearable authentication device may contain a wireless connection module, such as bluetooth low energy 4.0(BLE), Near Field Communication (NFC), WiFi, or other wireless technology capable of transmitting and receiving functionality. In one embodiment, a BLE radio may be used because it may consume significantly less power when communicating for a short time. In this way, the battery or other power source used to power the wearable authentication device may have an extended life, in some cases on the order of multiple weeks.

In at least one of the embodiments, the radio and/or transceiver may be used to transmit data, identify the user, and establish a unique user profile associated with the user and the wearable authentication device during initialization and authentication. The same or other radios and/or transceivers included in the wearable authentication device may also transmit and receive motion data, time of flight, signal strength, and proximity data to know the local access point. In at least one of the embodiments, the radio and/or transceiver may also be used to receive a positive authentication message that places the wearable device in an authentication state and to prompt the user for a notification event.

In at least one of the embodiments, the wearable authentication device may be arranged to include a proximity sensor for sensing an access point (physical or logical) or an authorized application. In one embodiment, the features of the bluetooth 4.0 standard may be used by a radio and/or transceiver included in the authentication device. Additionally, in at least one of the various embodiments, the wearable authentication device may be configured to transmit a beacon signal along with the transmitted signal strength. Thus, the receiving device may use this information along with the received signal strength to estimate the proximity of the wearable authentication device. Non-limiting example uses of proximity data may include: unlocking the device only when the proximity is within a specified range, i.e. unlocking the door lock only when the authorized user is within a certain distance, such as 50 cm; a "digital belt" that alerts a user when a paired device is no longer within a certain proximity; authorized access to a given resource is revoked after the device moves beyond a specified authorized distance, region, area, or the like.

In at least one of the embodiments, in addition to being used to confirm that the person providing the fingerprint is wearing the wearable authentication device, as described above in one embodiment, the wearable authentication device may utilize ECG biometric authentication as a form of confirmation of secondary, biometric authentication in addition to primary authentication mechanisms such as fingerprints, finger veins, and the like. In at least one of the embodiments, the ECG biometric authentication technique can use a unique feature of a user's Electrocardiogram (ECG) to create a highly personalized biometric signature for the individual. Like other biometric features, electrocardiograms are ubiquitous, unique to each individual, and permanent over time. An ECG may be recorded for each live user without exclusion criteria. Furthermore, studies have shown that overall distinguishable characteristics are observable even if aspects of the ECG signal become distorted over time and aging. In the case of an ECG, the uniqueness of the biometric feature is a result of some parameters of the control waveform of cardiac function. Electrophysiological changes in the myocardium such as the heart mass orientation and exact location, or the timing of depolarization and repolarization add special properties to each individual's ECG waveform.

In at least one of the various embodiments, one or more known ECG biometric recognition algorithms can analyze the overall pattern of the signal waveform rather than the specific characteristics of the heartbeat, and are therefore referred to as "fiducial-independent". One of the core algorithms is called AC/LDA (auto correlation/Linear Discriminant Analysis) and has become the standard for comparison of reference correlation and non-correlation algorithms.

In at least one of the various embodiments, a number of mechanisms for initiating ECG capture and authentication may be used. For example, the authentication device may be arranged to automatically sense when the top electrode is touched, such as using an embedded "lead on/off" detection system, optionally informing the user of the lead status. Additionally or alternatively, ECG capture is initiated in response to capturing primary authentication data, such as a fingerprint.

In at least one of the embodiments, when biometric authentication is initiated by a fingerprint, one or more images of one finger are captured and stored in the biometric profile 210. In one or more of the embodiments, when authentication is performed by a registration application, the one or more images of the finger are transmitted to the registration application for processing and storage in the biometric profile information 312. Similarly, once ECG capture and activity verification is initiated, the single channel filtered ECG data may be processed by the wearable authentication device and/or transmitted to a registration application for processing. In another embodiment, the images of the finger and ECG capture and liveness verification are processed and stored on the device.

Using functionality within the enrollment application, biometric recognition/user enrollment may be initiated in which the user touches the wearable authentication device, and then biometric features (e.g., fingerprint, finger vein) and ECG are captured and processed by the wearable authentication device, and/or transmitted to the enrollment application. This process may take as little as about 1 second and up to a few seconds, a minute or a few minutes, depending on the level of user interaction with the wearable authentication device and the type of authentication signal obtained.

In at least one of the various embodiments, the user (e.g., biometric identification) profile may be created in a number of different ways. In one approach, the biometric signal may be transmitted to a cloud service, where processing is performed on a cloud server to generate a biometric profile. Alternatively, the biometric signal may be processed on the enrollment application to generate a biometric profile.

In at least one of the various embodiments, once the biometric profile is created, it may be associated with the user and stored within the cloud service. Additionally, in at least one of the various embodiments, the biometric profile may be transferred to a registration application or simply stored locally on the device. In at least one of the embodiments, the biometric profile may be stored on a wearable authentication device arranged to include processing power required to authenticate the user. In another alternative, the process for creating the biometric profile may be performed on a registration application or in the wearable authentication device itself.

In at least one of the various embodiments, the wearable authentication device may include one or more of: a CPU or system on a chip (SOC) acting as a controller, a wireless transceiver, an antenna, audible and tactile feedback, and a user interface. The controller may be operative to control overall operation of the wearable authentication device. The controller functionality may be implemented within one or more digital processing devices, for example within a wearable authentication device. The wireless transceiver is operative to support wireless communication between the wearable authentication device and one or more other wireless entities including the AAD and the wireless access point. In one embodiment, a separate transceiver is provided within the wearable authentication device to support wireless communication between the wearable authentication device and other systems or devices. The wireless transceiver may also be coupled to one or more antennas to facilitate the transmission and reception of wireless signals. Any type of antenna may be used including, for example, dipole antennas, patch antennas, helical antennas, antenna arrays, trace antennas (trace antenna), and/or other antennas including combinations of the above.

In at least one of the various embodiments, the user interface may be operative to provide an interface between the user and the wearable authentication device. The user interface of the authentication device may include a number of structures, such as, for example, a keyboard, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED), an Active Matrix Organic Light Emitting Diode (AMOLED), a Passive Matrix Organic Light Emitting Diode (PMOLED), a capacitive touch screen, a speaker, a microphone, a mouse, a stylus, one or more physical or electronic buttons, and/or any other form of device or structure that enables a user to input information or commands to or receive information or notifications from the wearable authentication device.

In one embodiment, the controller may first determine whether the wearable authentication device (and thus the user) is within a predetermined distance or proximity to the access point. In one embodiment, if the wearable authentication device is within proximity of the access point, and the wearable authentication device transmits a control signal to the access point indicating that the user has been authenticated, a receiver at the access point may automatically enable access by the user. The access point may be locked if the wearable authentication device later walks out a predetermined distance from the access point. In one embodiment, if the access point is a secured desktop computer and a pre-authorized user wearing their pre-authorized wearable authentication device temporarily leaves her desk to eat lunch, the computer will automatically lock so that no other person can use it when the user is not present. Similarly, if the access point is a smartphone, and the smartphone is inadvertently left somewhere by the user or stolen, the smartphone will automatically lock and therefore not be usable by an unauthorized party in possession of the smartphone. When the user wearing the pre-authorized wearable authentication device comes within the predetermined distance of the smartphone again, the smartphone will simply be unlocked without having to repeat the auto-login procedure, assuming the wearable authentication device remains pre-authorized.

In at least one of the embodiments, the wearable authentication device, regardless of which type of authentication data is used for authentication, should be able to maintain contact with the user (e.g., via an on-board physiological sensor) such that, in the event the wearable device is removed from the user, the wearable device will need to be reinitialized before access control is granted. The purpose of maintaining the wearable authentication device in contact with the user is to ensure that the authorized authentication device cannot be transferred to a different user without requiring re-authorization. Thus, although it is not necessary to keep skin or body contact all the time when the wearable device is in its authentication state, the wearable device should be on the user in such a way that: removal of the wearable will return the wearable device to its unauthenticated state. In the unauthenticated state, the wearable authentication device is not enabled to transmit the control signal to the access point. The security of at least some of the embodiments described herein relies on ensuring reliable detection of removal of the wearable device from the user. Thus, the wearable authentication device may be arranged such that removal from the body of the user may be easily detected.

In a particular embodiment, the wearable device may include a sensed adjustable and/or openable clasp (claspp) in addition to or in the absence of the physiological sensor to assist the user in donning and removing the wearable device while monitoring removal of the wearable device from the user in an authenticated use. For example, removal of the wearable device may be sensed by the wearable authentication device, e.g., by opening the clasp, or again by cutting the band, or typically cutting off an electrical conduit such as an electronic continuity detector (electronic continuity). One exemplary electronic continuity detector that may be used to detect device removal includes a simple circuit within the wearable device that extends around the entire wrist and is broken when the clasp or cutting band is opened. Other types of device removal detection may be used, for example, interruptions in skin contact detection including detection by conductivity, heat flux, galvanic skin response or movement, or periodic or continuous biometric signals. Other non-limiting examples of device removal detection embodiments may include pulse detection, skin temperature detection, ambient temperature detection, blood flow detection, pressure detection, ambient light detection, electromagnetic field detection, respiration detection, heart rate detection, electrocardiogram detection, plethysmogram detection, electromyogram detection, electroencephalogram detection, near infrared detection, skin color detection, close magnetic contact detection, and mechanical switch detection.

In at least one of the various embodiments, additional sensors may be incorporated into the device to obtain additional biometric or environmental readings. Some non-limiting examples of additional sensors are motion sensors, proximity sensors, barometric sensors, pressure sensors, thermometers, microphones, near infrared sensors, light sensors, GPS sensors, capacitive sensors, gyroscopes, pressure gauges, cameras, humidity sensors, hall sensors, galvanic skin sensors, plethysmography sensors, electroencephalogram sensors, electromyography sensors, blood flow sensors, bio-impedance sensors, otoacoustic emission sensors, optical sensors, altimeter sensors, or ultraviolet sensors. These additional sensors may provide one or more context signals, such as the location of the wearable device and/or proximity to the trusted environment.

In at least one of the various embodiments, the wearable authentication device may include one or more motion sensors that may be used for a variety of purposes including, but not limited to, user input (e.g., tap detection), activity tracking (e.g., pedometer, sports, fitness, etc.), gesture recognition, and the like. In one embodiment, the wearable authentication device may include a six-axis motion sensor using an integrated accelerometer and gyroscope or a nine-axis motion sensor using an integrated accelerometer, gyroscope, and magnetometer Application Specific Integrated Circuit (ASIC). Embedded motion sensors may also be used for simple gesture recognition to indicate user intent, such as, for example, gestures may be used to distinguish user intent to unlock different locks on automobiles, such as driver doors, passenger doors, trunks, and the like. In this way, computational requirements on the wearable authentication device may be kept at a minimum.

In at least one of the various embodiments, the wearable authentication device may be arranged to include a notification device and a program to alert a user to one or more notification events. Some non-limiting embodiments of these notification devices include one or more notification LEDs and/or a vibration motor. The notification event may be an event that the user should notice detected by the wearable authentication device. These events may include: when the wearable device has been placed in an authentication state; when the wearable authentication device is communicating with other devices; when the wearable device is sensing motion; and/or when some event has occurred on the paired device (such as receipt of an email or text). The paired device may be any device or system that interacts with the wearable authentication device.

In at least one of the embodiments, the wearable device may also include other components, such as a display screen, an input device (such as, for example, a button, switch, keypad, or touch screen), a clock/timer, tracking or Global Positioning (GPS) detector activity, or physiological or emotional tracking. In at least one of the embodiments, the authentication device may be arranged to indicate proximity to other devices. In at least one of the various embodiments, the wearable authentication device may be arranged to include additional electronics for storing data for access and use that is not related to the presently described security system.

Fig. 4A and 4B are schematic physical and logical diagrams, respectively, of a wearable user authentication/access authorization device, according to at least one of various embodiments.

Fig. 4a illustrates an authentication device 400 arranged as a wearable wristband/bracelet. In at least one of the various embodiments, wristband 402 may be arranged to include various hardware components, probes, sensors, and software for capturing authentication (e.g., biometric identification) signals and/or physiological signals from its wearer; determining whether authentication data is captured from a living person wearing the wearable wristband/bracelet based on the captured physiological characteristics; communicating with a registration application or access point; authenticating the wearer, etc., as discussed above. Further, in at least one of the various embodiments, the wristband 402 may include an adjustable clasp mechanism, such as clasp 404, for detecting whether the wearer has removed the wristband 402 from his or her wrist. For example, in at least one of the embodiments, if the authentication device detects that the clasp is opened, it may automatically de-authenticate itself.

Fig. 4B schematically illustrates some of the various components that may be included in an authentication device in accordance with at least one of the various embodiments. In at least one of the various embodiments, wristband 402 may include one or more presence sensors, such as presence sensor 406, which may be arranged to determine whether authentication device 402 is in front of the wearer, a registration application, an access point, and the like, or a combination thereof. Additionally, in at least one of the various embodiments, the authentication device 402 may include one or more radios or transceivers, such as a high bandwidth radio 410 and a low bandwidth radio 412. These radios may enable the authentication device to communicate with other computers or devices, such as access points, authentication servers, and the like, or combinations thereof.

In at least one of the various embodiments, the clasp sensor 408 can be arranged to determine whether a clasp or other securing mechanism is opened or closed. In at least one of the various embodiments, an open clasp may indicate that the authentication device may be separated from its authenticated user. Thus, for example, the authentication device may be arranged to automatically reset or otherwise de-authenticate itself if the fob sensor 408 indicates that the authentication device was removed from the wearer. Furthermore, removal of the wearable device may be sensed by the wearable authentication device, for example, by opening a clasp, cutting a band, or typically cutting off an electrical conduit such as an electronic continuity detector. One exemplary electronic continuity detector that may be used to detect device removal includes a simple circuit within the wearable device that extends around the entire wrist and is broken when the clasp or cutting band is opened. Other types of device removal detection may be used, including, for example, interruptions in physiological signals such as skin contact detection detected by electrical conductivity, heat flux, galvanic skin response or movement, or periodic or continuous biometric signals. Other non-limiting examples of device removal detection embodiments include physiological tests such as pulse detection, skin temperature detection, blood flow detection, pressure detection, electromagnetic field detection, respiration detection, heart rate detection, electrocardiography detection, plethysmography detection, electromyography detection, electroencephalography detection, near infrared detection, skin color detection, close magnetic contact detection, and/or non-physiological tests such as mechanical switch detection, ambient temperature detection, ambient light detection, and the like.

In at least one of the various embodiments, the authentication device 402 may be arranged to communicate with various devices (such as access points, authentication servers, cloud services, and the like, or combinations thereof), as discussed above. In at least one of the various embodiments, the high bandwidth radio 410 may include a radio for communicating using a high bandwidth mechanism such as Wi-Fi. Low bandwidth radio 412 may represent a component for communicating using a low power, short range radio system, such as bluetooth, bluetooth low energy, NFC, RFID, or the like, or a combination thereof. Further, in at least one of the various embodiments, the radios may be coupled to one or more antennas to facilitate transmission and reception of wireless signals. Any type of antenna may be used including, for example, dipole antennas, patch antennas, helical antennas, antenna arrays, trace antennas (traceantenna), and/or other antennas including combinations of the above.

In at least one of the various embodiments, the RAM 414 can be non-volatile and/or volatile random access memory for storing information used to authenticate the operation of the device 402. In at least one of the various embodiments, all or part of the contents of RAM 414 may be erased if the authentication device is removed from its wearer. As such, in at least one of the various embodiments, the ROM 416 may contain data and/or instructions for authenticating the operation of the device. In at least one of the various embodiments, the ROM 416 may be "flash-enabled" such that it can be updated with system updates provided by a registration application or a biometric server service.

In at least one of the various embodiments, secure memory 418 may be a hardened tamper-resistant storage device that is resistant to physical tampering. In at least one of the various embodiments, sensitive information such as encryption keys, biometric profiles derived from captured biometric features, and the like may be stored in the secure memory 418.

In at least one of the various embodiments, the authentication device 402 may be arranged to include a CPU or system on a chip (SOC) for controlling operation of the authentication device. The performance of the CPU/SOC 420 may vary depending on how much processing the authentication device 402 is intended to perform.

In at least one of the various embodiments, GPS transceiver 422 may represent the radio, hardware, and instructions (e.g., software) for receiving a geographic location. GPS transceiver 422 may determine the physical coordinates of authentication device 402 on the surface of the earth. The GPS transceiver 422 typically outputs a position in the form of latitude and longitude values. However, GPS transceiver 422 may also employ other geolocation mechanisms including, but not limited to, triangulation, assisted GPS (agps), enhanced observed time differential (E-OTD), Cell Identifier (CI), Service Area Identifier (SAI), Enhanced Time Advance (ETA), Base Station Subsystem (BSS), etc. to further determine the physical location of authentication device 402 on the surface of the earth. It is to be understood that under different conditions, GPS transceiver 422 may determine the physical location of authentication device 402 within millimeters; and in other cases, the determined physical location may be less accurate, such as within a meter or significantly greater distance.

In at least one of the various embodiments, the additional sensors 424 represent one or more sensor systems that include additional sensors such as accelerometers, motion sensors, proximity sensors, barometric pressure sensors, thermometers, microphones, near infrared sensors, light sensors, capacitive sensors, gyroscopes, pressure gauges, cameras, humidity sensors, hall sensors, galvanic skin sensors, plethysmography sensors, electroencephalography sensors, electromyography sensors, blood flow sensors, bio-impedance sensors, otoacoustic emission sensors, optical sensors, altimeter sensors, ultraviolet sensors, and the like.

In at least one of the various embodiments, the authentication device 402 may be arranged to include a variety of biometric and/or physiological sensors and probes for detecting, sensing and/or sampling a variety of biometric and/or physiological signals from the wearer, as discussed above. ECG sensor 426 represents one or more sensors for detecting, sensing, and/or sampling ECG information as described above. The fingerprint sensor 427, depicted adjacent to the ECG sensor 426 to indicate physical proximity on a physical device, represents a sensor for scanning fingerprints as described above. Likewise, biometric sensor 428 represents one or more sensors for detecting, sensing, and/or sampling other biometric information as described above. In some embodiments, the sensor may include one or more probes, contacts, or the like. In some embodiments, one or more probes or contacts, represented by probe 436, may be used to collect signals for more than one sensor.

In at least one of the various embodiments, the ECG sensor 426 can be adjacent to the fingerprint sensor 427, surround the fingerprint sensor 427, be internal to the fingerprint sensor 427, be integral with the fingerprint sensor 427, and/or otherwise be sufficiently close to the fingerprint sensor 427 that a user can easily place one finger on the probes of both sensors at the same time. In another of the embodiments, the stylet for the ECG sensor 426 can be positioned alongside or integrated with one or more stylets for the fingerprint sensor 427, making it difficult, if not impossible, to selectively activate one sensor without activating the other, and making it difficult, if not impossible, to have two fingers, each from a different person, captured separately by different sensors.

In one or more of the various embodiments, one or more probes or other components may be shared by two or more sensors. For example, in some embodiments, sensors for detecting body temperature, heart rate, ECG, etc. may be arranged to share the same probe.

In at least one of the various embodiments, the biometric sensor 402 can be arranged to include a wide variety of components for interacting with the wearer. The vibration motor 430 may enable the authentication device to vibrate to notify the wearer of various status changes, etc. (as discussed above). Likewise, the user interface 432 may include elements that enable a user to provide input to or receive output from an authentication device, as discussed above, including biometric identification data that may be employed to uniquely identify the user, such as gait, heart rate, galvanic skin response, temperature, fingerprint, voice or voice print, body electrical characteristics, body thermal characteristics, iris pattern, vein pattern, eye vein pattern, facial or other anatomical structures, electrocardiogram, plethysmogram, electromyogram, electroencephalogram, transient otoacoustic emissions, phonocardiogram, DNA, one or more chemical markers, one or more biochemical markers, skin color changes or discolorations, sweat, and the like. Additionally, in at least one of the various embodiments, the user interface 432 can include a keypad, buttons, a microphone for LEDs (for voice instructions), the like, or combinations thereof.

Additionally, in at least one of the various embodiments, the power source 434 can be arranged to provide power to operate the authentication device 402. The power source 434 may include various batteries, storage batteries, power adapters, chargers, and the like, as well as power sources such as photovoltaic generators, kinetic or micro-generators, thermal generators, piezoelectric generators, inductive charging, wireless power transfer, and the like, or combinations thereof.

One of ordinary skill in the art will appreciate that the authentication device 402 is one non-limiting example of an authentication device according to at least one of the various embodiments. Even though authentication device 402 represents a wristband wearable authentication device, authentication devices within the scope of these innovations may be arranged in other form factors, such as those discussed above.

Further, in at least one of the various embodiments, some or all of the components described in fig. 4B and/or elsewhere herein may be implemented in hardware including dedicated (custom) hardware, ASICs, FPGAs, and the like. Likewise, these components or portions thereof may be implemented in whole or in part using software.

Fig. 5A illustrates a logical schematic diagram of an authentication device 500 showing sensors for fingerprint scanning and ECG signal capture, according to at least one of the various embodiments. In at least one of the embodiments, the authentication device section 502 represents a side cross-section highlighting one arrangement for capturing fingerprints and ECG signals. In at least one of the various embodiments, a fingerprint sensor in the authentication device may be arranged to receive signals from one or more probes, such as probe 504. The probe 504 may be a camera, scanner, or other device or component capable of capturing a signal corresponding to a fingerprint. The ECG sensor may be arranged to use a stylet, such as stylet 506 and stylet 508, which may be a stylet contact (e.g., electrode, conductive contact, etc.) arranged to capture ECG signals after direct contact with the user's skin. In at least one of the embodiments, the probe 504 and the probe 506 are arranged so that the user can touch with one finger of his or her other hand (the hand not wearing the authentication device). In at least one of the various embodiments, the probe 508 is arranged to contact the skin of the wrist of a user wearing the authentication device. Thus, a circuit can be formed from one hand to the other, enabling an ECG signal to be captured by the stylet and provided to one or more sensors, concurrently capturing fingerprints of the same finger. Note that one of ordinary skill in the art will appreciate that other probe or sensor arrangements may be employed. Further, more or fewer probes or sensors may be arranged in different locations — however, the arrangement disclosed in fig. 5B is at least sufficient to practice the innovations described herein.

Fig. 5B illustrates a logical schematic diagram of an authentication device 510 showing another arrangement of probes for fingerprint scanning and ECG signal capture, according to at least one of the various embodiments. In at least one of the embodiments, authentication device section 512 represents a side cross-section highlighting one arrangement for capturing fingerprints and ECG signals. In at least one of the various embodiments, a fingerprint sensor, such as fingerprint sensor 427, may be arranged to receive signals from one or more probes, such as probe 514, which may be a camera, scanner, or other device capable of capturing an image of a fingerprint. The probe 516 represents a contact (e.g., a conductive metal ring or bezel) arranged to capture an ECG signal after direct contact with the user's skin. In some embodiments, the probe 516 may be positioned to contact the user's digit when the user's digit is in contact with the probe 514.

In at least one of the embodiments, because the probe 514 and the probe 516 are arranged so that the user can simultaneously contact both probes with the same digit of his or her other hand (the hand not wearing the authentication device). Thus, when the user's fingertip is in contact with both probes at the same time, the probe 514 captures the user's fingerprint information, and the probe 516 acts as a conductive contact.

In at least one of the embodiments, the probe 518 is arranged to contact the skin of the wrist of a user wearing the authentication device. Thus, a circuit can be formed from one hand to the other, enabling an ECG signal to be captured by the stylet and provided to an ECG sensor, such as ECG sensor 426, concurrently capturing a fingerprint of the same finger. Note that one of ordinary skill in the art will appreciate that other probe arrangements may be employed. Moreover, more or fewer sensors may be arranged in different locations — however, the arrangement disclosed in fig. 5B is at least sufficient to practice the innovations described herein.

Fig. 5C illustrates a logical schematic diagram of an authentication device 510 showing an overhead view of an arrangement of sensors for fingerprint scanning and ECG signal capture, in accordance with at least one of the various embodiments. In at least one of the embodiments, the authentication device portion 512 represents a top view of the device 510 highlighting one arrangement for capturing fingerprints and ECG signals. In at least one of the various embodiments, a fingerprint sensor, such as fingerprint sensor 427, can be arranged to receive signals from one or more probes, such as probe 514. The one or more probes may include a camera, scanner, or other device capable of capturing an image of a fingerprint. The probe 516 represents a conductive contact (e.g., a conductive metal ring or bezel) arranged to capture ECG signals after direct contact with the user's skin. In some embodiments, the probe 516 may be positioned to contact the user's digit when the user's digit is in contact with the probe 514.

In at least one of the embodiments, the probe 518 (not visible in fig. 5C) is arranged to contact the skin of the wrist of a user wearing the authentication device. Thus, a circuit can be formed from one hand to the other, enabling the capture of an ECG signal by the stylet, concurrently capturing a fingerprint capture of the same finger. Note that one of ordinary skill in the art will appreciate that other sensor arrangements or probe arrangements may be employed. Further, more or fewer probes or sensors may be arranged in different locations — however, the arrangement disclosed in fig. 5C is at least sufficient to practice the innovations described herein.

Again, one of ordinary skill in the art will appreciate that the authentication device 502/512 is a non-limiting example of an authentication device according to at least some of the various embodiments. Even though authentication device 502/512 represents a wristband wearable authentication device, authentication devices within the scope of these innovations may be arranged in other form factors, such as those discussed above.

Furthermore, in at least one of the various embodiments, some or all of the components described in fig. 4B and/or elsewhere herein that are associated with the embodiments shown in fig. 5A-5C may also be implemented in hardware, including dedicated (custom) hardware, ASICs, FPGAs, and the like. Likewise, these components, or portions thereof, may be implemented in whole or in part using software, firmware, and/or combinations thereof.

As described above, in at least one of the various embodiments, the wearable device may be arranged to omit features and components related to biometric sensors, biometric signals, and the like. In such embodiments, pre-authorization and/or authentication of the device may identify the security factor based on a non-biometric characteristic. However, for the sake of brevity, the term biometric device is used throughout the specification even though some wearable devices may be arranged to omit biometric identification features for authentication and/or pre-authorization.

Exemplary operations

Fig. 6-15 represent exemplary operations of various functions, features and processes contemplated by the embodiments described herein. For simplicity, these examples will consider embodiments that rely on biometric authentication, although other authentication mechanisms may be considered in conjunction therewith or as an alternative thereto, as described above. In at least one of the various embodiments, the processes 600, 700, 800, 900, 1000, 1100, 1200, 1300, 1400, and 1500 described in connection with fig. 6-15, or portions thereof, may be implemented by and/or performed on a single computer or device, such as the client computer 200, network computer 300, authentication device 402, etc. of fig. 2. In other embodiments, these processes, or portions of the processes thereof, may be implemented and/or performed by and/or on multiple network computers, such as network computer 300 of fig. 3, or in a cloud/cloud service environment. Further, in at least one of the various embodiments, the processes described in connection with fig. 6-15 may operate in and on an authentication device such as the authentication device described above and at least the authentication device described in connection with fig. 4A, 4B, and 5.

Fig. 6 illustrates an overview flow diagram of a process 600 for enrolling an authentication device in accordance with at least one of the various embodiments. In at least one of the various embodiments, the enrollment of the user or the initialization of the user is performed when the user uses the wearable authentication device for the first time. After a start block, at block 602, in at least one of the various embodiments, an authentication device can be paired with or registered with a registration application.

At block 604, in at least one of the various embodiments, a biometric signal is captured from a user for generating a biometric profile. For example, a primary biometric signal from a fingerprint scanner may be captured and stored. Additionally, physiological and/or secondary biometric signals, such as ECG signals, may be captured at the time the fingerprint is captured. As discussed below with respect to fig. 7, the ECG may then be analyzed to verify that the captured fingerprint is from a genuine live user. In some embodiments, the system may store the biometric identification signal in a corresponding user profile on one or more network-accessible computers or servers to allow a network-mediated (network-mediated) authentication process to be performed upon receiving the biometric identification data from the wearable authentication device. In other embodiments, biometric data may be stored exclusively on each given user authentication device in order to invoke an onboard user authentication process.

At block 606, in at least one of the various embodiments, the authentication device may employ one or more biometric signals and/or biometric data to authenticate the user.

At block 608, in at least one of the various embodiments, the authentication device may perform one or more actions to verify the presence of the genuine user. In one or more of the various embodiments, one or more physiological and/or secondary biometric signals, such as ECG or other physiological sensors, may be used to verify the presence of the user. In some embodiments, other user identification and/or authentication may also be captured and stored in the user's network and/or onboard profile.

At block 610, in at least one of the multiple embodiments, a registration status may be communicated from the authentication device to the registration application. Control may then be returned to the callback process.

In at least one of the various embodiments, additional authentication factors may be employed during enrollment for high security applications. Optional motion sensors in the wearable device may enable, for example, recognition of secret hand gestures. A password, PIN, voice command, or other deterministic user input may be used as an additional authentication mechanism. Once authenticated, the wearable device may be considered pre-authorized and may remain in a pre-authorization mode until it is detached from the user. In at least one of the various embodiments, the enrollment application performing the enrollment action may be configured to collect one or more of the additional authentication factors.

Fig. 7 shows an overview flow diagram of a process 700 for multimodal authentication to confirm the presence of a genuine user. After a start block, at block 702, in at least one of the various embodiments, a user can initiate a procedure for pre-authorizing an authentication device.

At block 704, in at least one of the various embodiments, biometric data may be captured using an authentication device. A biometric signal of one or more biometric features of the user may be captured by the wearable device. In at least one of the various embodiments, the primary biometric identification feature is captured concurrently with the capturing of the physiological signal, wherein the same finger used to capture the primary biometric identification feature is used to capture the physiological feedback. However, as discussed above, different timing and ordering of biometric/physiological feature capture may be similarly contemplated.

At decision block 706, in at least one of the various embodiments, the secondary physiological characteristic is analyzed to determine whether a digit of a real living human user is provided to the primary biometric scanner for capture. In one embodiment, at the time of fingerprint capture, an ECG is captured from the same location on the wearable authentication device and compared to one or more stored ECG profiles. If it is determined that the ECG biometric characteristic matches one or more of the stored ECG contours within the given confidence level, the wearable authentication device (or enrollment application) determines that the genuine live person provided the fingerprint because the fingerprint was captured co-locally and concurrently, and the process continues at block 708. However, if it is determined that the ECG is decaying, missing or corrupted, such as if a hacker is attempting to use a mold of the stolen fingerprint, the process continues to a return block. As discussed above, the stored ECG profile is not necessarily, or even often, a user-specific ECG profile stored in the user's biometric profile. In contrast, the stored ECG contours may be generic, composite, and/or representative ECG contours, as ECG comparisons may be used to determine activity rather than identity. Thus, a user-agnostic (user-agnostic) comparison may be invoked to meet live authenticated user requirements based on satisfaction: biometric sensors (e.g., finger image based sensors) are effectively collocated with a physiologically living user sensor probe (e.g., an ECG probe), and a valid ECG signal can typically be successfully acquired only when the ECG circuit is completed by the same finger invoking the biometric sensor and another wearable contact location on the same user. In doing so, for example, complex signal analysis procedures (e.g., spatio-temporal signal classifiers, etc.) typically required for full ECG biometrics based on stored user-specific ECG waveforms may be avoided, facilitating computationally-justified live user profile validation and validation procedures based on generic (user-agnostic) profiles.

Furthermore, comparison to a generic (ECG) profile may take various forms and invoke various profile parameters, features, etc. For example, varying degrees of accuracy and/or confidence levels may be required depending on the application at hand, the level of security required, the likelihood of expected fraud or collusion, and/or other availability of other security or authentication means that may be provided concurrently with the attributes described herein. For example, in one particular embodiment, live user ECG signals acquired by the UAD may be compared to stored generic ECG signals to identify certain similarities and/or differences, such as expected signal amplitudes (e.g., to identify overly attenuated signals), reasonable pulse signal frequency ranges, rates, completeness, peak-to-peak consistency and/or shape (e.g., to distinguish signals expected to be actually captured from the same user between two opposing body contact points (such as opposing hand/wrist contacts) from signals captured between contact points from two different users or some unintended combination of user contact points/touch points), or similar features and/or parameters.

For example, and referring to fig. 19A-19C, different ECG signals acquired from the same user are illustrated, where the user completes the ECG acquisition circuitry by interacting with a first ECG finger probe (i.e., juxtaposed with the fingerprint sensor) with one finger of one hand and a second ECG wrist probe with the wrist of the other hand. In the context of a wearable wristband implementation, this particular configuration is similar to that set forth above. In each of fig. 19A to 19C, a pulsatile waveform is observed, however, the overall quality of this waveform is shown to decrease and thus become more difficult to identify as a true, authentic ECG profile. This may be due, for example, to increased misalignment of the user's fingers and/or wrists or decreased contact quality as compared to what the design is intended for. For example, when the authentication band is worn by an unauthorized user, the authorized user can still attempt to provide their fingerprint on a collocated fingerprint scanner while the unauthorized user awkwardly completes the ECG circuit through the collocated finger and wrist contacts. Given this awkward arrangement, a poor quality ECG signal can be captured and therefore not successfully compared to a generic profile. On the other hand, if the ECG signal is instead caused by contact with a different user (e.g., an authorized user finger on a juxtaposed finger probe and an unauthorized user wrist contact), a more noisy signal may be acquired, as shown, for example, at fig. 19D.

As described above, different methods may be employed in order to verify a certain level of confidence in comparing the acquired ECG or similar physiological signal to the generic profile at the time of authentication. In one particular embodiment, the acquired ECG is compared to a generic profile to determine, within a specified degree of confidence, whether this signal corresponds to a well-characterized pulsatile waveform and/or frequency range. In fig. 20A and 20B, the sample ECG signal (fig. 20A) is processed to detect peaks based on the stored ECG template, showing good agreement and, therefore, indicating that the ECG signal is likely to be acquired according to design specifications. In fig. 21A, a somewhat less clear ECG signal is tested, in which case sufficient agreement with the stored generic ECG template is again shown in fig. 21B. However, in fig. 22A, the ECG signal acquired according to the prescribed authenticated user profile exhibits insufficient agreement with the template (fig. 22B), resulting in the identification of aperiodic or inconsistent peaks. As a result, the ECG signal acquired during authentication as shown in fig. 20A and 21A will likely succeed in confirming the presence of an authenticated live user during authentication according to the prescribed level of confidence required for a given application, whereas the ECG signal shown in fig. 22A will likely fail.

This approach may be equally applicable to embodiments where different physiological sensors are used concurrently at the time of authentication. For example, two or more ECG probes may be juxtaposed with a fingerprint sensor to form respective or associated ECG contacts and/or circuitry with one or more corresponding wrist probes. In doing so, where the corresponding ECG circuit is formed to acquire the corresponding ECG signal, in some embodiments, only a successful authentication will result provided all ECG signals can be satisfactorily compared to the stored generic profile. Similarly, different pairs of ECG probes arranged at other locations around the wearable device may also require that each acquired ECG signal meets preset ECG signal requirements. For example, one or more additional finger/wrist ECG probe pairs may be provided along the wristband to complement one pair collocated with the fingerprint scanner, such as, for example, to have both a thumb/wrist ECG and a finger/wrist ECG acquired after an authorized user wears the band and forms a C-shaped gesture around the band with their thumb and index finger to concurrently interact with each ECG probe pair and the fingerprint scanner. Other single-handed gestures/configurations are also contemplated without departing from the general scope and spirit of the present disclosure, as other non-wrist supported embodiments are contemplated. In some embodiments, interference or noise introduced through authorized contact with any one or more of the ECG probes may otherwise cause the quality of the ECG signal to degrade and thus may result in failure to meet live user authentication requirements.

Thus, the physiological signal can be effectively analyzed with a degree of confidence to determine whether the finger from which the primary biometric characteristic was captured is the same finger from which the physiological signal was captured. In one such embodiment, as discussed above, ECG data from the physiological sensor is compared to one or more stored generic, synthetic and/or representative ECG contours when determining whether the fingerprint is from a genuine live human user. If the finger from which the primary biometric feature was captured is also used to capture the ECG (knowable because the biometric feature was captured at the same time and from the same location on the wearable authentication device), and if the captured ECG matches one or more stored ECG profiles within a given confidence level, then the captured fingerprint is likely captured from the wearer of the authentication device, and control flows to block 708. Otherwise, control flows to a return block to return control to the callback process.

At block 708, in at least one of the various embodiments, the primary biometric data may be processed and compared to one or more biometric profiles for associating the biometric data with the user. In at least one of the embodiments, to pre-authorize the wearable authentication device after initialization, primary biometric identification data is received from the wearable authentication device, and the primary biometric identification data is authenticated on the authentication device or, in some embodiments, on the enrollment application. In either case, the primary biometric data may be authenticated based on a biometric profile that may be stored on the authentication device or, in some embodiments, on the enrollment application. In at least one of the various embodiments, the obtained primary biometric signal is then compared to a previously obtained biometric profile to perform biometric matching. In at least one of the various embodiments, secondary biometric identification is also used to confirm the identity of the wearer.

At block 710, in at least one of the multiple embodiments, an authentication status, which is based in part on a result of the matching with the primary biometric identification signal, may be communicated from the enrollment application to the authentication device. Alternatively, in at least one of the embodiments, an authorization key may be generated on the authentication device and communicated to the registration application. In at least one of the various embodiments, the registration application may use the authorization key to decrypt user profile information that may associate the user with the authentication device. Thus, in some embodiments, the registration application may authenticate the user without directly receiving the biometric signal or the biometric data.

Thus, in at least one of the various embodiments, the authentication device may be set to a pre-authorization state if the primary biometric signal matches the biometric profile of the user. In at least one of the various embodiments, the registration application may communicate a control signal to the authentication device to signal that the authentication device should enter a pre-authorization state. Or, in at least one of the embodiments, the authorization key provided by the authentication device may enable the enrollment application to decrypt the biometric profile of the user so that the enrollment application can pre-authorize the authentication device.

In at least one of the various embodiments, at this point, the authentication device is authenticated as being worn by a user that corresponds to the matching biometric profile and is pre-authorized to enable access to the one or more access points. Control may then be returned to the callback process.

In at least one of the embodiments, once successful authentication is achieved, the application on the registered application returns to communicating with the wearable device and pre-authorizes it to the user. The authentication device remains in the pre-authorized state until it is removed from or separated from the user.

In some embodiments, the pre-authorization of the wearable authentication device may be performed twice daily, once daily, or even less frequently, such as every second day, every third day, every fourth day, every fifth day, every sixth day, or once weekly.

Additionally, in at least one of the embodiments, once the authentication device is pre-authorized, the registration application need not be within wireless range of the wearable authentication device to enable the user to transmit control signals to the access point to gain access to the physical or logical access point. Obtaining access to the access point does not require further interaction between the wearable device and the registration application.

In at least one of the various embodiments, by detecting a device removal from the user, the wearable authentication device may be further trusted to remain associated with the same person during later business processes. In this way, the wearable device is able to transmit an authenticated control signal that serves as a proxy for user identity authentication. In essence, the wearable authentication device becomes a trusted arbiter or identity agent for all other devices, access points, and systems with which the user interacts. Although the wearable authentication device can transmit the biometric identification signal as a control signal at the access point, pre-authorization of biometric identification of the wearable device via the enrollment application enables the control signal to be different from the biometric identification signal.

Fig. 8 illustrates an overview flow diagram of a process 800 for authenticating a user having one or more access points in accordance with at least one of the various embodiments. After a start block, at decision block 802, in at least one of the various embodiments, if a pre-authorized authentication device is within range of the access point, control may flow to block 804; otherwise, control may flow to block 808.

At decision block 804, in at least one of the various embodiments, if one or more additional conditions (if any) are satisfied, control may flow to block 806; otherwise, control may flow to block 808. As discussed below, the authentication device or access point may be configured to require additional information before access to the access point is enabled. In at least one of the various embodiments, increasing security may require additional security factors, such as requiring one or more additional biometric features to authenticate the user, or requiring a password to be entered into the enrollment application. Such a password may be alphanumeric, or may be a gesture or gesture (finger tap/swipe) captured by the wearable authentication device through one or more sensors on the wearable device. Such additional security factors may be added to systems with high security requirements.

Additionally, in at least one of the various embodiments, additional conditions may be required based on information included in the user's profile. For example, the user profile may be configured to limit access to certain times of the day or certain times of the day, etc. See fig. 14 for a more detailed description of user profiles and their configuration.

Further, in at least one of the various embodiments, additional conditions may be required based on information included in the profile of the access point. For example, the access profile may be configured to limit the number of pre-authorized users that may gain access to the access point on a daily basis, and the like. See fig. 15 for a more detailed description of the access profiles and their configuration. Further, in at least one of the various embodiments, the condition may be that the user is a member of one or more associations or groups, such as employees, customers, VIPs, security guards, or the like, or a combination thereof.

Additionally, in at least one of the various embodiments, the authentication device may include a key or other identifier that may be associated with one or more parties or associations that may have issued the authentication device to the user. Thus, in order to satisfy the access conditions, it may be necessary to authenticate and pre-authorize the authentication device, as well as include additional information indicating the authentication device associated with the correct community.

Further, in at least one of the various embodiments, an additional condition may be a requirement to sense and authorize one or more particular users in addition to the user attempting to gain access. For example, one or more access points may be disabled to allow access by any user unless the access point senses an authenticated supervisor user. In this embodiment, the access point profile may be configured to disable other users unless the access point simultaneously senses a supervisor user. Or, in at least one of the embodiments, the access point may be configured to always require a certain number of authenticated users (e.g., 2,3, 5) to be present and pre-authorized before allowing any user to gain access. For example, an access point configured to require the presence of two users may be incorporated into an industrial machine that requires two authenticated operators for insurance and/or security reasons.

At block 806, in at least one of the multiple embodiments, access to one or more access points may be enabled for a user having an authentication device. Next, control may loop back to decision block 802. At block 808, in at least one of the multiple embodiments, access to one or more access points can be disabled. Control may then be returned to the callback process.

In at least one of the various embodiments, user access to physical and logical access points may be controlled by the transmission of control signals from the wearable authentication device to the access point. For example, in at least one of the embodiments, a method of gaining access at an access point may be determining whether a wearable authentication device has been pre-authorized and whether the wearable authentication device is within an allowable range of the access point. If the answer to both the authorization and the range to the access point is positive, the wearable authentication device may be arranged to transmit a control signal to the access point, the control signal positively confirming that the authentication device is pre-authorized. Thus, the user can gain access to the access point. Further, access authorization to the access point may be enabled by the wearable device at a plurality of access points after a single authorization by the registration application.

For example, in at least one of the embodiments, a user may access various access points with a single biometric authentication/pre-authorization during the course of a day, such as a security gate at home, a security gate at work, a point-of-sale device (e.g., to purchase coffee), a wireless password to enter a personal electronic device, a gym or dressing room security gate, transit payment, and the like. Thus, multiple security transactions, each traditionally requiring a unique security card or identification, may each be accessed using the same pre-authorized authentication device employing control signals that positively confirm that the authentication device is pre-authorized.

In at least one of the embodiments, if the wearable authentication device is in authentication mode, it may communicate this status information by wirelessly transmitting control signals to devices and systems (such as access points) that may be in the user's environment. Thus, the presence of a user with a pre-authorized authentication device within range of an intelligently connected access point device may be sufficient to unlock and/or enable access to the device. One method of determining proximity to an access point is via measuring bluetooth energy levels.

In at least one of the embodiments, the pre-authorized wearable authentication device may then be used to access/unlock the wearer's smartphone, tablet, online account, vehicle, and physical space, as well as to provide personalization for the smart environment, and allow third parties to detect their presence (e.g., offices, clubs, retail environments, etc.).

In one or more of the various embodiments, since the pre-authorized wearable authentication device remains authorized while the confirmed genuine user is wearing the biometric identification device, one or more actions at one or more access points or access terminals may be associated with the confirmed genuine user without additional or subsequent actions specifically directed to authentication.

In at least one of the various embodiments, another example of a logical access point is a paired device. For example, if the wearable authentication device has been pre-authorized, other paired devices that do not have the ability to authorize the wearable authentication device but that would otherwise be locked, such as smartphones, computer terminals, tablet computers, laptop computers, environmental control systems, may be accessed via control signals transmitted through the pre-authorized wearable authentication device.

In at least one of the embodiments, the transmission of the entry authorization signal by means of the control signal from the pre-authorized wearable authentication device to the desired access point is preferably done wirelessly. Some non-limiting examples of wireless technologies that may be used are bluetooth, WIFI, NFC, etc. In some embodiments, the wearable authentication device may be arranged to include more than one type of transmitter or transmitting means to suit the range of receivers that may be used at various access points. Additionally, in some embodiments, the wearable authentication device may be arranged to include more than one type of receiver or reception technology. In this way, an access point that is already in place can be accessed by including a corresponding communication technology into the wearable authentication device.

In at least one of the embodiments, if a person is wearing a pre-authorized wearable authentication device, they may then access devices and accounts configured as access points in their environment (e.g., they include an access point application for controlling access). In a preferred embodiment, when a pre-authorized wearable authentication device is detected in close proximity and when an authentication control signal is received, the device or system acts as an access point granting access to the user. Additionally, access control may be further adjusted by requiring one or more of the following: determination of proximity/range of the wearable authentication device to the access point, detection of gesture input by the wearable authentication device, and additional skin or body contact detection by the wearable authentication device, voice commands such as with a finger (tap), password, PIN, and the like, or combinations thereof.

In a different embodiment, the user may use a gestural control to indicate an intent to access the access point. Thus, in at least one of the various embodiments, the authentication device may be arranged to collect motion or gesture signals, process the motion or gesture signals and match the motion or gesture signals to predefined or user-defined gestures. In one embodiment, if the "unlock" gesture is performed by the user and detected by the authenticated wearable authentication device, an "access" control signal may be transmitted to the device or system that includes the access point that the user intends to access.

In at least one of the embodiments, the user may indicate an intent to access a device or system that includes an access point by touching or tapping the wearable authentication device with a body part and/or contacting the skin with the device. For example, to access a smartphone, the wearable authentication device may transmit a control signal to the smartphone indicating that the wearable authentication device is pre-authorized and also within proximity to a device or system to be unlocked or accessed. After that, when the user double-clicks the authentication device, the smartphone may be unlocked.

In another embodiment, a signal transmitted from the wearable authentication device to an access point that the user desires to access through a human body may be used to detect a user's intent with skin contact. In at least one of the embodiments, the wearable authentication device may be arranged to include a unique sequence of transmitters and the access device is equipped with a receiver. Capacitive or galvanic coupling may be employed for the transmission of signals through the body.

Fig. 9 illustrates an overview flow diagram of a process 900 for authenticating a user having one or more access points in accordance with at least one of the various embodiments. After a start block, at block 902, in at least one of the various embodiments, an authentication device may optionally be issued to a user. In at least one of the embodiments, an organization, such as an employer, school, entertainment offering, amusement park, etc., may provide an authentication device to users that may be associated with the organization. In other cases, the user may own their own authentication device.

At block 904, in at least one of the multiple embodiments, an authentication device can be authenticated for a particular user. Additionally, in at least one of the various embodiments, the authentication device may be registered and pre-authorized for the user, as discussed above.

At block 906, in at least one of the multiple embodiments, access point permission information can be communicated to the authentication device based on the user's profile. In at least one of the embodiments, during authorisation of the authentication device, the registration application may be arranged to retrieve information about which access points the user may enable for access. In at least one of the embodiments, the information may be in the form of a list of restricted access points or may be in the form of a list of accessible access points or a combination thereof.

In at least one of the various embodiments, the license information may be configured and stored on an authentication server, a registration application, or the like. In at least one of the various embodiments, permissions may be specified or assigned on a per user basis or on a user community, user role, or other user attribute basis. In at least one of the various embodiments, the permissions may be included as part of a biometric profile of the user.

In at least one of the embodiments, the permission information may enable an administrator to configure which users may be enabled to access certain access points. See fig. 13-15. Importantly, in at least one of the various embodiments, permissions can be managed outside the access point. Thus, in at least one of the various embodiments, the access point may be relieved of any responsibility of managing authorized users/identifying whether a user actually has permission to access a particular access point.

At block 908, in at least one of the multiple embodiments, the authenticated authentication device encounters an access point. In at least one of the various embodiments, the authentication device and the access point may identify each other's presence. For example, in at least one of the various embodiments, a wireless protocol, such as an advertising protocol such as bluetooth, may be employed to enable the authentication device and the access point to identify each other.

In at least one of the embodiments, the authentication device and the access point may initiate a handshake protocol (e.g., exchange control signals) for determining whether the authentication device is authenticated to its wearer and is pre-authorized.

At decision block 910, in at least one of the multiple embodiments, if access to the access point is allowed based on the user profile and the access point profile, then control may flow to block 914; otherwise, control may flow to block 912. In at least one of the embodiments, prior to the authentication device communicating its authentication status to the access point, permission information onboard the authentication device may be checked to determine whether the user wearing the authentication device should be enabled to access the access point. In at least one of the embodiments, the authentication device and/or the access point may employ the user's profile or the access point's profile (if any) to determine whether the authenticated and pre-authorized user may gain access to the access point.

In at least one of the embodiments, the user profile information or a portion thereof may be located on the authentication device or stored on an authentication server accessible over a network. Likewise, in at least one of the embodiments, the access point profile information, or a portion thereof, may be located on the access point or stored on an authentication server accessible over a network. In at least one of the various embodiments, the user profile information and/or the access point profile information may be accessible from a cloud-based service.

In at least one of the embodiments, the authenticated authentication device authenticates the identity of the user wearing the device, but it may also indicate whether the particular user is allowed to access the access point.

In at least one of the various embodiments, the access point may maintain permission information regarding authenticated users that are enabled for access. However, for some access points, especially those designed to be low power and/or not have a network connection, they may not have sufficient facilities to determine whether the user, even if authenticated through wearable biometric identification, is authorized to access the access point.

For example, in at least one of the various embodiments, each member of a family including adults and children may use a wearable authentication device. The authentication device can authenticate the identity of each member of the family, as can adults and children. However, in this embodiment, it may be important to restrict children from accessing a particular access point. For example, access points like automobile doors or automobile ignition may be limited to only certified adults.

Thus, rather than requiring the car access point to maintain an access control list that distinguishes between family members, the authentication device for the child may maintain permission information. This license information may be updated for an individual each time the user authenticates using a given authentication device. Returning to the previous embodiment, if the child obtains his or her driving license, the parent may update the child's permissions information so that they can use their authentication device to enable access to the car. Note that this can be done without directly updating the car access point.

At block 912, in at least one of the various embodiments, the user may be denied access to the access point because the access point is not accessible to the user. Next, control may flow to a return block to return control to the callback process. During the handshake between the authentication device and the access point, the authentication device rejects the access point control signal, or it may be arranged to refrain from sending an "authentication" state to the access point. At block 914, in at least one of the multiple embodiments, access to the access point is enabled because the user is permitted or otherwise not prohibited from accessing the access point. Control may then be returned to the callback process.

Fig. 10 illustrates an overview flow diagram of a process 1000 for deauthenticating an authentication device when it is removed from a wearer, in accordance with at least one of various embodiments. After a start block, at block 1002, in at least one of the various embodiments, a wearable authentication device is removed from an authenticated wearer. In at least one of the various embodiments, the authentication device may detect that it has been or will be removed from the authenticated user (e.g., buckled open), as described above. Additionally, in at least one of the various embodiments, the authentication device may include a lanyard attached by a clasp such that removal of the lanyard from the authentication device resets (de-authorizes/de-authenticates) the authentication device. As described above, the breach of contact with the on-board physiological sensor may also trigger the user authentication/authorization to be revoked.

In at least one of the various embodiments, the authentication device may remain pre-authorized and authenticated as long as it remains within a defined range/proximity of the user. Additional sensors or radios on the user's body may be employed to determine whether the authentication device is within the user's allowed range. For example, the user may pre-authorize the handheld instrument or device using biometric identification features. The pre-authorized device then remains pre-authorized as long as it remains within the user's range-defined range-enabling the tool to be used by the user.

At block 1004, in at least one of the multiple embodiments, access to one or more access points can optionally be disabled. In at least one of the embodiments, if an authentication device is employed to enable a user to access an access point, the access point may be configured to automatically disable access to the access point. In at least one of the various embodiments, in some cases, such as an operating automobile, the access point may be configured to continue operation until it is safe to disable operation. In other cases, such as accessing a secure terminal, the access point may immediately disable access by the current user. In at least one of the various embodiments, other configurations may include starting a countdown timer before disabling access. In addition, the access point may be configured to generate a log entry and/or generate a notification upon removal of the authentication device. Note that in at least one of the embodiments, this block may be considered optional because the user may not be accessing the access point when the authentication device is removed.

At block 1006, in at least one of the multiple embodiments, the wearable authentication device may be reset and set to an unauthenticated state. In at least one of the embodiments, as discussed above, resetting the authentication device will require the user to re-authenticate the authentication device by: the wearable authentication device is worn by a user providing a primary biometric feature by providing biometric identification information to the enrollment application, satisfying the wearable authentication device via a secondary biometric feature, and matching a biometric profile corresponding to the user prior to returning the authentication device to an authentication state. At block 1008, in at least one of the various embodiments, further to resetting the wearable authentication device, security and encryption information related to operation and/or authentication of the authentication device may be cleared or otherwise erased from the authentication device. Control may then be returned to the callback process.

Fig. 11 illustrates an overview flow diagram of a process 1100 for managing if an authentication device encounters multiple access points, in accordance with at least one of the various embodiments. After a start block, at block 1102, in at least one of the multiple embodiments, an authenticated authentication device enters a sensing range of multiple access points. In at least one of the embodiments, a user wearing an authenticated authentication device may walk into a room having multiple access points that enable him or her to access. For example, in at least one of the embodiments, a supervisor entering a room with some access points may not want multiple access points within range of the wearable authentication device to enable simultaneous access.

At block 1104, in at least one of the multiple embodiments, the authentication device initiates one or more access differentiation policies. In at least one of the various embodiments, since the authentication device has sensed multiple access points simultaneously, it may be configured to enforce one or more discrimination policies.

In at least one of the various embodiments, the discrimination policy may be configured to have different rules for different classifications of access points. In some embodiments, it may not be necessary to distinguish between some types of access points. For example, if multiple access points correspond to room lighting switches, it may be harmless and/or desirable to turn on all switches when a user wearing an authenticated authentication device enters a room. However, in other cases, such as computer terminals, it may not be desirable to unlock and enable access to each detected terminal at the same time.

Thus, in at least one of the embodiments, the distinguishing policy may include rules and filters that may be associated with the various access points that may be encountered. In at least one of the various embodiments, a discrimination policy may be established that one or more secondary conditions must be met to discriminate between certain multiple access points.

In at least one of the various embodiments, the secondary conditions may be similar to those described above, such as requiring a PIN, password, proximity requirement, gesture, etc., with respect to the particular access point that the user wishes to access.

At decision block 1106, in at least one of the various embodiments, if one or more secondary conditions for distinguishing between access points are met, control may flow to block 1108; otherwise, control may flow to a return block. In at least one of the various embodiments, if the secondary condition is not satisfied, access to those access points requiring the secondary condition may remain disabled. At block 1108, in at least one of the multiple embodiments, access to one or more access points may be enabled based on a secondary condition that may have been met. Control may then be returned to the callback process.

Fig. 12 illustrates an overview flow diagram of a process 1200 for authenticating an authentication device during encountering multiple access points, in accordance with at least one of multiple embodiments. After a start block, at block 1202, in at least one of the various embodiments, an access point can sense an authentication device. Further, in at least one of the various embodiments, the authentication device may sense one or more access points within range of its radio. As discussed above, one or more features of the radio and/or wireless infrastructure on the authentication device and the access point may be employed for sensing the presence of each other. For example, the authentication device and/or the access point may employ one or more wireless advertisement protocols. Thus, control signals may be exchanged between the authentication device and the access point each time a user with a valid authentication device encounters the access point.

At decision block 1204, in at least one of many embodiments, if the authentication device is authenticated, control may flow to block 1206; otherwise, control may flow to block 1208. In at least one of the embodiments, if the authentication device is pre-authorized for the user, the access point may assume that the authentication device is authenticated and authorized for the user and enable access to the access point (e.g., confirm that the authentication device is in an authenticated state). Note that access to the access point may be enabled without having to capture additional biometric signals or information from the user. Thus, in at least one of the various embodiments, a user may be enabled to access multiple access points at different times as long as the authentication device remains in an authenticated state (e.g., as long as the authentication device has not been removed or detached from the authenticated user).

At block 1206, in at least one of the multiple embodiments, access to the encountered access point may be enabled. Next, control may loop back to block 1202. Thus, in at least one of the various embodiments, the process 1200 may continue to sense access points and enable access to them based on the authentication state of the pre-authorized authentication device.

At block 1208, in at least one of the multiple embodiments, access to the encountered access point may be denied because the authentication device is not authenticated or pre-authorized. In at least one of the various embodiments, as discussed above, an authentication device may become unauthenticated if a previously authenticated user removes a pre-authorized authentication device. Additionally, as discussed above, in at least one of the various embodiments, the authentication device may be configured to require periodic re-authentication even if the user does not remove the device.

At block 1210, in at least one of the various embodiments, the authentication device may attempt to authenticate using the enrollment application and the one or more primary biometric signals captured from the user and the one or more secondary signals captured from the user, as discussed in detail above. In at least one of the various embodiments, since the authentication device is not authenticated to the user, the user may continue to perform the action of placing the authentication device in the authentication state and the pre-authorization state, as discussed in detail above.

At decision block 1212, in at least one of many embodiments, if the attempt to authenticate and pre-authorize the authentication device is successful, control may flow to block 1202; otherwise, process 1200 may exit, returning control to the callback process. Assuming that the authentication device is pre-authorized and authenticated by the user, process 1200 may loop back to block 1202 to continue sensing the access point.

Fig. 13 illustrates an overview flow diagram of a process 1300 for configuring profiles for users and access points in accordance with at least one of the various embodiments. After a start block, at block 1302, in at least one of the multiple embodiments, an administrative user can view, create, update, or delete users associated with one or more communities. At block 1304, in at least one of the multiple embodiments, the administrative user may view, create, update, or delete one or more of the user profiles. At block 1306, in at least one of the multiple embodiments, an administrative user can view, create, update, or delete one or more access points. Control may then be returned to the callback process.

In at least one of the various embodiments, an authentication device may be employed to authenticate the identity of a user wearing or otherwise controlling the authentication device. Further, organizations such as employers, entertainment providers, amusement park operators, and the like may provide or distribute biometric metrics to users such as employees, visitors, customers, and the like. In addition, in at least one of the various embodiments, the owner of the household may issue an authentication device to each member of the household.

Thus, in at least one of the various embodiments, an administrative user may generate a user profile that includes configuration rules or other information that may be employed for determining whether an authenticated and/or pre-authorized user may indeed be permitted to gain access to the access point. For example, in at least one of the embodiments, if the authentication device has been issued to each member of a family, the result in many cases is that not every family will have access to the same access point as every family. For example, the young children of a home may be made unable to access certain access points, such as home cars or bank information. Likewise, in at least one of the embodiments, an employer issuing an authentication device to its employees may employ a user profile and/or an access profile to control the employees' access to the access points. Further, in at least one of the various embodiments, the amusement park operator may issue authentication devices that may be employed to enable or disable customers to gain access to various attractions, events, attractions, etc. that may be hosted at the amusement park.

In at least one of the various embodiments, profile information may be generated using one or more predefined tables and/or attribute tables. Additionally, in at least one of the various embodiments, the profile information may include customized rules that may include one or more regular expressions, computer software programming languages, scripts, or the like, or combinations thereof.

Fig. 14 illustrates an overview flow diagram of a process 1400 for configuring a profile for a user in accordance with at least one of the various embodiments. After a start block, at block 1402, in at least one of the various embodiments, an administrative user can select one or more user profiles. In at least one of the various embodiments, user profiles may be selected individually or in groups using batch selection, filters, and the like. Additionally, in at least one of the various embodiments, portions of one or more user profiles may be shared by one or more points of users. For example, a global user profile may provide basic configuration information for each employee in a company.

At block 1404, in at least one of the multiple embodiments, the user profile can be configured to enable a user to access one or more access points. In at least one of the various embodiments, the individual access points and/or groups of access points can be a blacklist or a whitelist of one or more users. This information may be included in or associated with the user profile of each user.

At block 1406, in at least one of the various embodiments, the user profile can optionally be configured to enable the user to access one or more access points based on date, time of day, day of week, etc., or a combination thereof.

At block 1408, in at least one of the various embodiments, optionally, the user profile may be configured for one or more count-based restrictions that enable the user to access the one or more access points. In at least one of the embodiments, these can be numerical limits that control the number of times an individual can access an access point. In other embodiments, the limit may be limited to one or more time periods or time ranges. For example, a user may be restricted to access a particular access point once within a defined period of time, while the same user may be configured for unrestricted access at other times.

At block 1410, in at least one of the multiple embodiments, optionally, the user profile can be configured to enable or disable one or more additional features associated with enabling the user to access the one or more access points. For example: based on geographic location, a user may be restricted or enabled to access an access point; the number of other users currently accessing the same or different access points exceeds a threshold; the number of other users who have accessed the same or different access points within a defined period of time exceeds a threshold, the like, or a combination thereof.

At block 1412, in at least one of various embodiments, the configured user profile may be stored. In at least one of the various embodiments, the configured user profile may be stored in one or more computers, such as the biometric authentication service computer 116, a cloud service, and/or a computing and/or storage instance (e.g., a virtual machine) in a cloud environment, and so forth. One of ordinary skill in the art will appreciate that user profile configuration rules may include enabling and disabling user access to access points based on a number of features and/or conditions other than those described herein. Such configuration rules are contemplated, however, for the sake of brevity and clarity, embodiments are limited herein. The embodiments, however, are sufficient to enable those skilled in the art to understand and practice the innovations included herein. Control may then be returned to the callback process.

Fig. 15 illustrates an overview flow diagram of a process 1500 for configuring a profile for an access point in accordance with at least one of the various embodiments. After a start block, at block 1502, an administrative user may select one or more access point profiles. In at least one of the various embodiments, the access point profiles can be selected individually or in groups using batch selection, filters, and the like. Additionally, in at least one of the various embodiments, one or more access point profiles may be shared by one or more access points.

At block 1504, in at least one of the multiple embodiments, optionally, the administrative user can configure rules for determining which users can access the access point. In at least one of the various embodiments, users may be whitelisted or blacklisted based on individual identity, filters, community rules, and the like. In at least one of the various embodiments, the filter can be inclusive or exclusive. Further, in some embodiments, the filter may be directed to one or more of various attributes of the user and/or user profile, such as name, age, access level, security permissions (securitylearea), frequency of access, and the like, or combinations thereof.

At block 1506, in at least one of the multiple embodiments, optionally, the administrative user may configure the access point with time of day rules. Similar to that described with respect to block 1406 in fig. 14. Likewise, at block 1508, in at least one of the multiple embodiments, optionally the administrative user may configure policy rules for access based on the number of times, similar to that described with respect to block 1408 of fig. 14. At block 1510, in at least one of the multiple embodiments, optionally, the administrative user can configure one or more additional policy rules based on one or more other characteristics/attributes associated with the access point-similar to block 1410 in FIG. 14.

At block 1512, in at least one of the various embodiments, the administrative user may optionally store the access point profile. In at least one of the various embodiments, the configured access point profile may be stored in one or more computers, such as the biometric authentication service computer 116, a cloud service, and/or a computing and/or storage instance (e.g., a virtual machine) in a cloud environment, and so forth. One of ordinary skill in the art will appreciate that the access point profile configuration rules may include enabling and disabling user access to the access point based on a number of features and/or conditions other than those described herein. These and other additional configuration rules are contemplated, however, for the sake of brevity and clarity, the number of embodiments included herein is limited. The embodiments provided, however, are sufficient to enable those skilled in the art to understand and practice the innovations. Control may then be returned to the callback process.

It will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks. The computer program instructions may be executed by a processor to cause the processor to perform a series of operational steps to produce a computer-implemented process such that the instructions, which execute on the processor, provide steps for implementing the actions specified in the flowchart block or blocks. The computer program instructions may also cause at least some of the operational steps illustrated in the blocks of the flowchart to be performed in parallel. These program instructions may be stored on some type of machine-readable storage medium, such as a processor-readable non-transitory storage medium. Furthermore, some of the steps may also be performed on more than one processor, such as might occur in a multi-processor computer system. Additionally, one or more blocks or combinations of blocks in the flowchart illustrations may also be performed concurrently with other blocks or combinations of blocks, or even in a different order than illustrated, without departing from the general scope or spirit of the disclosure.

Accordingly, blocks of the flowchart illustrations support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions. The foregoing examples should not be construed as limiting and/or exhaustive, but rather as illustrative use cases (use cases) to illustrate implementations of at least one of the various embodiments of the present invention.

Illustrative use cases

Fig. 16 illustrates a portion of a user interface 1600 for enrolling and/or configuring an authentication device in accordance with at least one of the various embodiments. In at least one of the embodiments, the registration application and/or authentication server may be arranged to include one or more user interfaces that enable users to register and/or configure their authentication devices. In at least one of the various embodiments, the user interface 1600 can include a representation of an authentication device, such as an authentication device image 1602, and one or more menu items for configuring such a device, such as a menu item 1604. Further, in some embodiments, a user may be enabled to update software and/or firmware for their authentication device by activating a user interface input, such as button 1606.

In at least one of the various embodiments, the user interface layout and features may be arranged to be suitable for different platforms, such as client computers, network computers, mobile computers, tablet computers, smart phones, and the like. Further, in at least one of the various embodiments, the user interface may include more or fewer elements as shown herein and remain within the scope of the contemplated innovations.

Fig. 17 illustrates a wearable authentication device 1700 in accordance with at least one of the various embodiments. In at least one of the various embodiments, the authentication device 1700 may be arranged in the form of a wristband, such as the wristband 1702. Additionally, in at least one of the various embodiments, the authentication device 1700 may include a plurality of LEDs 1704 arranged so as to be visible to the wearer.

In at least one of the various embodiments, the plurality of LEDs 1704 can be arranged to flash in different patterns and/or colors. In some embodiments, different patterns of flashing and/or colors may correspond to particular operations, states, actions, etc. For example, a unique blinking or light pattern may be established to indicate whether the authentication device is capturing and/or transmitting biometric identification signals/data. Additionally, for example, a particular LED pattern may indicate whether an authentication device is authenticated, pre-authorized, etc. within range of one or more access points.

In at least one of the various embodiments, the contacts 1706 can be buttons, sensors, electrodes, or the like, or a combination thereof. In some embodiments, contact point 1706 may be a sensor similar to sensor 504 and/or sensor 506 of fig. 5. In at least one of the various embodiments, the contacts 1706 can be arranged to be sensitive to receiving user input such as a finger tap, a finger swipe, a touch, or the like, or a combination thereof.

While this disclosure describes various embodiments for illustrative purposes, such descriptions are not intended to be limited to such embodiments. On the contrary, the applicants' teachings as described and illustrated herein encompass various alternatives, modifications, and equivalents, without departing from the overall scope as defined by these embodiments, and in the appended claims. No particular order to steps or stages of a method or process described in this disclosure is intended or implied except to the extent necessary or inherent in the process itself. In many cases, the order of process steps may be varied without changing the purpose, effect, or meaning of the methods described.

The information as shown and described in detail herein is fully capable of attaining the above-described objects of the present disclosure, the presently preferred embodiments of the present disclosure, and is thus representative of the subject matter which is broadly contemplated by the present disclosure. The scope of the present disclosure fully encompasses other embodiments that may become obvious to those skilled in the art, and is accordingly intended to be limited only by the appended claims, in which any reference to an element in the singular is not intended to mean "one and only one" unless explicitly so stated, but rather "one or more. All structural and functional equivalents to the elements of the above-described preferred and additional embodiments that are recognized by those of ordinary skill in the art are intended to be encompassed by the present claims. Moreover, there is no requirement for a system or method that addresses each and every problem sought to be solved by the present disclosure, for the present claims to encompass such apparatus and methods. Furthermore, no element, component, or method step in the present disclosure is intended to be dedicated to the public regardless of whether the element, component, or method step is explicitly recited in the claims. However, various changes and modifications in form, material, work and details of the materials of manufacture, as would be apparent to those skilled in the art, which may be made without departing from the spirit and scope of the present disclosure, as set forth in the appended claims, are also encompassed in the present disclosure.

76页详细技术资料下载

Live user authentication apparatus, system and method

相关技术

网友询问留言