WO2002005478A1 - Network security system - Google Patents

Network security system Download PDF

Info

Publication number
WO2002005478A1
WO2002005478A1 PCT/US2001/021038 US0121038W WO0205478A1 WO 2002005478 A1 WO2002005478 A1 WO 2002005478A1 US 0121038 W US0121038 W US 0121038W WO 0205478 A1 WO0205478 A1 WO 0205478A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
user
remote computer
remote
access
Prior art date
Application number
PCT/US2001/021038
Other languages
French (fr)
Other versions
WO2002005478A9 (en
Inventor
Gerald R. Black
Original Assignee
Black Gerald R
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Black Gerald R filed Critical Black Gerald R
Priority to AU2002218801A priority Critical patent/AU2002218801A1/en
Priority to EP01984200A priority patent/EP1393493A4/en
Priority to US10/032,591 priority patent/US7047419B2/en
Publication of WO2002005478A1 publication Critical patent/WO2002005478A1/en
Publication of WO2002005478A9 publication Critical patent/WO2002005478A9/en
Priority to US11/124,016 priority patent/US7822232B2/en
Priority to US12/857,819 priority patent/US8520905B2/en
Priority to US13/241,817 priority patent/US8374402B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2139Recurrent verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to a network security system with identity authentication, and more particularly, to such authentication by biometric capture as access to data from a remote computer to a host computer is being processed.
  • Handheld computer systems are ideal for applications which require: (1 ) highly portable devices - that are no longer constrained by a keyboard; (2) intuitive features - that resemble an environment familiar to the users; (3) improved efficiency, - that enables accurate data collection and manipulation; and (4) flexibility - that enables a wide variety of types of data entry.
  • 5,991 ,413 discloses a mouse adapted to scan fingerprint data.
  • a biometric pointing device such as a mouse is presented incorporating therein a contact imager.
  • the contact imager fits within a small enclosure.
  • data transmission means within the mouse provides a signal to a single port on a computer indicative of the output data from both the contact imaging means and the pointing device.
  • Patent Application 09/535,411 entitled “Method for Identity Verification” filed on March 20, 2000; and PCT Application No. PCT/US00/19652 entitled “Identity Authentication System and Method” filed July 18, 2000 by this applicant disclose the use of fingerprint sensors disposed in the barrel of a stylus used to generate an electronic signature as the preferred digital signature.
  • Polaroid has introduced a low-cost finger image scanner, targeting users with concerns for desktop security concerns and for personal security in e-commerce.
  • the new finger image scanner is built into keyboards.
  • Compaq Computer also markets a keypad with a fingerprint scanner.
  • What is needed is a network security system wherein data resources are available only to authorized users and when requested, confidential information is available only to authorized parties, the user's identity is continually authenticated, and the user cannot deny the communication.
  • What is needed is a network security system that authenticates identity for access to secure networks; that authenticates in a nonobtrusive manner with each data access request without the necessity of extra hand or finger movements that are distracting; that authenticates continually to ensure that the person seeking data access has been authorized for such access; and that is secure and discourages hackers.
  • the network security system of the present invention addresses these needs and dramatically improves the nature data access for handheld computers.
  • the preferred embodiment of the network security system of the present invention comprises a host computer, and a plurality of handheld computers.
  • Each computer provides advanced biometric authentication of a user prior to responding to the user request for data access.
  • the handheld computers are handheld when in operational mode.
  • a sensor in the computer housing captures a print of a finger or hand of the user while the computer is being held.
  • the biometric sensor is positioned in such a way that the sensor remains in continual contact with the hand of the user enabling a continual authentication of the identity of the user with each request for access to a secure record.
  • the biometric sensor is preferably a fingerprint sensor. The fingerprint authentication is captured in an incidental manner as the data request is submitted from the handheld computer to the host computer enabling user identity authentication simultaneously with each request to access the secure record.
  • Each computer of the present invention in the network security system of the present invention is a handheld processor that enables access to a computer network and a biometric sensor disposed in the casing of the handheld processor.
  • These handheld processors maintain continual contact with a finger, thumb, or palm of the user so that biometric authentication can be accomplished without the need to press special surfaces or otherwise alter conventional computer manipulations.
  • the technology of the present invention applies to all portable computers (e.g. - laptops, handhelds, palms, and pockets), the technology is preferably directed at palm and pocket computers.
  • a palm or pocket computer the size of the user's hand is used that can conveniently be held in one hand.
  • One or more fingerprint sensors are disposed in the back or side surfaces of the handheld computer such that the identity of the user is continually verified while the computer is being held and used. The ability to provide continual verification by means of biometric print sensors is particularly important to ensure network security.
  • fingerprints and palm prints are used in this application for purposes of illustration, it is understood that the principles of this invention are also applicable to other biometric technologies where identity can be confirmed when the user touches a sensor, such as cell capture and DNA.
  • a “handheld computer” refers to any computing device and application, including, but not limited to, a pocket computer; a palm-type computer; a laptop computer; a cell-phone; and similar devices, that involve continual contact with the hand of the user during routine usage. Also, many smaller computers are embedded in walls, desktop, and car instrument panels, and are generally precluded from these definitions unless the user continually touches a part of such computers.
  • a “remote computer” refers to a hard-wired or wireless handheld computer.
  • “Casing” refers to either the housing of the handheld computer or a pocket or container for storing the handheld computer.
  • Biometrics refers to the technology of verifying the identity of an individual by measuring and analyzing data relative to a physiological characteristic or behavioral characteristic of an individual. Examples of physiological characteristics are retina, iris, hand geometry, body odor, and fingerprint; and examples of behavioral biometrics are voice, keystroke rhythm and signature.
  • a “fingerprint” is a biometric and refers to either the print of the thumb, index finger, any other finger, or combination thereof.
  • FIGURE 1 is a schematic the preferred embodiment of the network system of the present invention.
  • FIGURE 2A shows a view of the backside of a palm computer for use in the network security system of FIGURE 1 , the palm computer having a pair of fingerprint sensors capturing print of the thumb and index finger of the user and a third sensor to capture the palm print of the user, for identity authentication while the palm computer is being used, and
  • FIGURE 2B shows the frontside of the palm computer of FIGURE 2A;
  • FIGURE 3 discloses the frontside of another processor device for use in the network security system of FIGURE 1 , a fingerprint sensor being positioned in the casing of a palm computer;
  • FIGURE 4 discloses yet another processor device for use in the network security system of FIGURE 1 , the processor device being a full screen computer, the processor device having a fingerprint sensor disposed on a side of the full-screen computer;
  • FIGURE 5 discloses a simplified logic diagram of one embodiment for registering in the network security system of FIGURE 1 , a user file and reference biometrics being secured in a user file that is created during the registration process;
  • FIGURE 6 discloses a simplified logic diagram of one embodiment for logging onto the network security system of FIGURE 1 , a captured print being compared to a reference record for purposes of authentication;
  • FIGURES 7A and 7B disclose a simplified logic diagram of one preferred embodiment for requesting access to the network security system of the present invention
  • FIGURES 8A and 8B disclose a simplified logic diagram of one preferred embodiment for requesting entry of new data to the network security system of the present invention
  • FIGURES 9A and 9B disclose a simplified logic diagram of one preferred embodiment for requesting access to high security data of the network security system of the present invention, the high security data access request requiring a match authentication of a pair of user fingerprints;
  • FIGURE 10A discloses a simplified layout for a user record of one preferred embodiment of the network security system of the present invention
  • FIGURE 10B discloses a simplified layout for a data access record of the preferred embodiment of the network security system of FIGURE 10A;
  • FIGURE 10C discloses a simplified layout for a remote processor record of the preferred embodiment of the network security system of FIGURE 10A;
  • FIGURE 11 discloses a simplified flowchart for performing a network security audit of the network security system of the present invention
  • FIGURE 12A discloses a simplified curve analysis for a regular security environment where the threshold position is located at the juncture of the normal curve for authorized users and the normal curve for unauthorized users;
  • FIGURE 12B discloses a simplified curve analysis showing for high-security applications similar to FIGURE 12A, where the position of the threshold has been repositioned to minimize false negatives.
  • FIGURE 1 discloses the preferred embodiment of the network security system of the present invention.
  • the preferred embodiment of the network security system of the present invention comprises a host computer, and a plurality of handheld computers.
  • Each handheld computer provides authentication of a user prior to responding to the user request for data access.
  • a sensor of a biometric property of the user disposed in the computer housing captures a biometric print of the user while the handheld computer is being held.
  • the biometric sensor is preferably a fingerprint sensor.
  • At least one fingerprint sensor is positioned at one or more strategic sites such that a portion of the hand of the user is in continuous contact therewith during usage of the processor, enabling a continual authentication of the identity of the user with each request for access to each secure record.
  • the fingerprint authentication is captured in an incidental manner as the data request is submitted from the handheld computer to the host computer enabling user identity authentication simultaneously with each request to access the secure record.
  • the processor includes sensors to capture a thumbprint, the print of the index finger, and a palm print.
  • a palm print sensor can be disposed on the back surface of the computing device of the present invention to supplement or complement the fingerprint sensors. Multiple sensors are recommended for high-security applications (see for example FIGURES 9A and 9B).
  • FIGURE 3 discloses the frontside of another embodiment of a processor device for use in another preferred embodiment of the network security system of the present invention.
  • the fingerprint sensor is positioned in the casing of a palm computer, the casing being used to house the palm computer when used and stored.
  • the casing may also be a wallet or pouch in digital engagement with the processor, either through wire or a wireless mode - enabling identity authentication whenever network access to data is required.
  • the principle advantage of this approach is that registration is conducted through the casing and the computers need not be altered (off the shelf).
  • FIGURE 4 discloses yet another full-screen processor for use in the network security system of the present invention.
  • These processors are sometimes referred to as handheld computers in the literature, but are referred to as full-screen processors herein for clarity.
  • the screen is roughly the size of a screen of a PC, except that the computer does not have a conventional keypad.
  • a fingerprint sensor is disposed on one side of the fullscreen computer.
  • the strategic positioning of individual and multiple sensors depends on the size and shape of the individual computer, and the size of the hands of the computer user. And, it is advised that either the location of the sensors is symmetrical (both sides of the processor) to accommodate both left-handed and right-handed users.
  • some processors can be designed for right-handed users and others for left-handed users.
  • the user enrolls his or her prints by submitting the thumb, index finger, and/or palm prints to the network in a secure process.
  • the reference print is preferably stored in the host computer for security purposes to prevent user access and tampering.
  • the prints may need to be stored in the system also.
  • network access is enabled to authorized users. Data access is only enabled once a match has occurred that equals or exceeds a threshold value that has been set in accordance with the sensitivity of the data being requested access to.
  • the system also enables varying levels of security within the same network since person A may be permitted access to certain data, and person B permitted access to other data. For example both are permitted access to general network data, but each is only permitted access to his/her own personal or employment or medical files.
  • the network security system of the present invention enables system designers to integrate into the system the level of security needed for each application, while allowing improved security to be incorporated as needed.
  • the network security system of the present invention continually controls network access and ensures the integrity of all data.
  • the system enhances security without the need to modify the casing of the computer with card-readers or sensing devices.
  • Identity is authenticated continually and routinely, each time there's a request to access additional information.
  • the preferred embodiments of the network security system of the present invention requires authentication prior to each login; each request for data access; and each data entry.
  • FIGURE 6 discloses a simplified logic diagram of one embodiment for logging onto the network security system of the present invention. A captured print is compared to a reference record for purposes of authentication. Since the network may include data that is not confidential (like Internet access), the user need only be authorized to access the handheld computer to gain system access - this is not recommended for high security networks.
  • FIGURES 7A and 7B disclose a simplified logic diagram of one preferred embodiment for requesting access to the network security system of the present invention.
  • FIGURES 8A and 8B disclose a simplified logic diagram of one preferred embodiment for requesting entry of new data to the network security system of the present invention.
  • FIGURES 9A and 9B disclose a simplified logic diagram of one preferred embodiment for requesting access to high security data of the network security system of the present invention, the high security data access request requiring a match authentication of a pair of user fingerprints.
  • the handheld computer of FIGURE 2A and 2B enable the capture of multiple fingerprints.
  • FIGURE 10A disclose a simplified layout for a user record of one preferred embodiment of the network security system of the present invention.
  • FIGURE 10B discloses a simplified layout for a data access record of the preferred embodiment of the network security system of FIGURE 10A.
  • FIGURE 10C discloses a simplified layout for a remote processor record of the preferred embodiment of the network security system of FIGURE 10A.
  • FIGURE 10A depicts a simplified user record for the network security system of the present invention.
  • the user record includes the user's name, address, reference prints and signature, user authorized security level, a list of data records that the user is authorized to access, a list of handheld computers that the user is authorized to use, a history of records accessed by the user, and a list of records that the user was denied access to and when.
  • FIGURE 10B depicts a simplified data record for the network security system of the present invention.
  • the data record includes a data record number, a data security level, names of users authorized to access this record, the reference prints of authorized users, a list of handheld computers authorized to access this record, a history of persons who accessed this record and when, and a history of all persons denied access to this record.
  • FIGURE 10C depicts a simplified computer record for the network security system of the present invention.
  • the computer record includes a remote computer number, the names of authorized users, the reference prints of all authorized users, a list of records that can be authorized from this computer, a list of all persons authorized to access each record, a history of all persons using this computer, a history of all users denied access to the computer, and prints of all users denied access to the computer.
  • Each of these records is updated upon the occurrence of each relevant user, record, and computer event to enable a tracking for audit purposes.
  • FIGURE 11 discloses a simplified flowchart for performing a network security audit of the network security system of the present invention. Routines investigation as to network activity is needed to identify and remedy any security breaches. For these purposes, a distinction is made between an authorized attempt to enter a record or computer and an incidental breach - the latter being the result of sensor error or innocent mistakes by a user during network usage.
  • FIGURE 12A discloses a simplified curve analysis for a regular security environment where the threshold position is located at the juncture of the normal curve for authorized users and the normal curve for unauthorized users. By placing the threshold at such juncture, there will be considerably more false positives (an authorized user denied entry) than false negatives (an authorized user gaining entry) - and this is generally an acceptable balance of the competing interests.
  • FIGURE 12B discloses a simplified curve analysis showing for high-security applications where the position of the threshold as shown in FIGURE 12A has been repositioned to minimize false negatives. In these high-security applications, essentially any unauthorized entry is unacceptable and so the threshold is reduced - resulting in an increase in false positives.
  • Nurses and doctors can track and record patient histories as they make their rounds, using clipboard-like computers and pens to access and enter patient information over a wireless network from servers throughout the hospital.
  • Insurance claims adjusters can assess automobile damages on site, looking up relevant cost information with the handheld computer, then printing the estimate and writing a check to the repair shop at the end of the visit.
  • Sales representatives can track inventory and the effect of promotional campaigns in retail stores, using a pen-based computer. At the end of the day, the information is transmitted through a phone line back to headquarters.
  • Government employees in the field or traveling on business can access secure data, with authentication and assurance that the person is the remote user authorized to access each data stream.
  • Inkless fingerprint sensors have now been developed that capture a forensic quality fingerprint in less than a second.
  • the fingerprint sensors packages are less than 0.75 in. wide, and smaller packages are being developed.
  • Infineon associated with Siemens
  • STMicroelectronics formerly SGS Thomson
  • the Infineon sensor enables the integration of a miniature fingerprint sensor into a wide variety of end products.
  • the chip is compact, and robust enough to convert a previously exotic technology-biometric user ID into an everyday reality.
  • the chip is a small (18mm x 21mm x 1.5mm) IC embedding a 288 x 224 pixel contact sensor array that images the lines and ridges of a human fingerprint when a user touches the device.
  • Each pixel has an 8-bit data depth, enabling evaluation of subtle gradations (256 shades of gray) of a fingertip and their translation into a set of indices - the key identifying features of an individual fingerprint. Imaging and data transfer of an impression takes 100 milliseconds.
  • the STMicroelectronics fingerprint sensor is substantially the same size as the Infineon sensor and that use capacitive-sensor-array technology, building silicon IC's containing an array of sensor plates.
  • ST technology uses a capacitive sensing technique to capture, in less than one tenth of a second, a high-resolution image of a fingerprint when the finger is applied directly to the chip surface.
  • the output of the chip is a digital representation of the fingerprint, which can be processed by the algorithms developed by SAGEM, which immediately confirm or invalidate the recognition of pre-identified persons and then be further processed by application-dependent software.
  • Another biometric that is recommended in the network security system of the present invention involves cell capture while the processor device of the present invention is being used.
  • the advantage of this biometric over fingerprints is that accuracy is not dependent upon the size of the sensor or print that is captured.
  • GeneTrace Systems has a high-resolution mass spectrometry-based method for chemical analysis of large single-stranded DNA oligomers.
  • the mass spectra are obtained in seconds instead of the usual hours needed for gel electrophoresis currently used, and no radioactive or fluorescent materials are needed.
  • the technique has high mass capabilities and opens new avenues of study as in chemical modifications of DNA, DNA- peptide/protein interactions such as antisense drug development.
  • DNA sequencing and quality control for synthetic DNA and related products are also potential applications.
  • the basic technology can be applied also to peptides and proteins and used for protein structure determination, phosphorylation, glycosylation, and other studies.
  • ssDNA single-stranded DNA
  • the network security system of the present invention provides network access security by; (1 ) controlling unauthorized access to the network; (2) controlling improper access by network users; and (3) monitoring user access to network resources.
  • the network security system of the present invention initially identifies the user, and continually controls and monitors user activity while the user is plugged in.
  • a preferred method of authenticating a remote computer is to make each remote computer unique from all others. The unique quality is identified and stored in the host computer. A comparison is made between the unique quality of the remote computer and the stored value in the host computer prior to enabling access to or entry of a data stream. This can be done with the random use photo refracted crystals as shown in U.S. Patent No.

Abstract

A network security system comprises a host computer, and a plurality of remote computers. Each computer provides fingerprint authentication of a user prior to responding to the user request for data access. The remote computers are handheld when in operational mode. A sensor in the computer housing captures a print of a finger or hand of the user while the remote computer is being held. The fingerprint sensor is positioned in such a way that the sensor remains in continual contact with the hand of the user while the remote computer is being held by the user enabling a continual authentication of the identity of the user with each request for access to each secure record. The fingerprint authentication is captured in an incidental manner as the data request is submitted from the remote computer to the host computer enabling user identity authentication simultaneously with each request to access the secure record.

Description

NETWORK SECURITY SYSTEM FIELD OF USE
The present invention relates to a network security system with identity authentication, and more particularly, to such authentication by biometric capture as access to data from a remote computer to a host computer is being processed.
BACKGROUND OF THE INVENTION
The global workforce is increasingly mobile and handheld computing is on the rise. Smart handheld processors are emerging from the realm of individual purchases to enterprise deployment as they become key tools for connectivity to the corporate environment. Development of handheld applications and wireless technology tailored for a specific enterprise represent are serving the increasing mobile worker population. Handheld computer systems are ideal for applications which require: (1 ) highly portable devices - that are no longer constrained by a keyboard; (2) intuitive features - that resemble an environment familiar to the users; (3) improved efficiency, - that enables accurate data collection and manipulation; and (4) flexibility - that enables a wide variety of types of data entry.
By the year 2005 as much as 50 percent of all communication terminals will be mobile. These machines, while offering substantial storage capacity and computing power have only limited communication capabilities. As a result, users are gaining access to the powerful computing infrastructure.
Security is no longer an optional network component. Today organizations of all sizes are discovering the need to protect their networks from both external and internal unauthorized users. In the days before remote access, organizations had controlled, hard-wired networks, which provided a certain degree of physical security. Network access was limited to users physically located in the building. Requiring users to type in a name and password, added another layer of security to the network. Providing remote network access has added an entirely new dimension to network access and system integrity. U.S. Patent No. 5,838,306 (O'Connor, et al.) discloses a mouse with a security feature. The mouse computer input peripheral device includes a window area integrally constructed within the mouse and positioned at an area on the mouse upon which a user normally places a finger in operating the mouse. U.S. Patent No. 5,991 ,413 (Borza, et al.) discloses a mouse adapted to scan fingerprint data. In an attempt to address these concerns, a biometric pointing device such as a mouse is presented incorporating therein a contact imager. The contact imager fits within a small enclosure. Further, data transmission means within the mouse provides a signal to a single port on a computer indicative of the output data from both the contact imaging means and the pointing device. Also, PCT Application No. PCT/US99/17900 entitled "Identification Confirmation System" filed on April 7, 1999; U.S. Patent Application 09/490,687, entitled "Writing Implement and Network security systems" filed on January 24, 2000; U.S. Patent Application 09/535,411 , entitled "Method for Identity Verification" filed on March 20, 2000; and PCT Application No. PCT/US00/19652 entitled "Identity Authentication System and Method" filed July 18, 2000 by this applicant disclose the use of fingerprint sensors disposed in the barrel of a stylus used to generate an electronic signature as the preferred digital signature.
In addition, Polaroid has introduced a low-cost finger image scanner, targeting users with concerns for desktop security concerns and for personal security in e-commerce. The new finger image scanner is built into keyboards. Compaq Computer also markets a keypad with a fingerprint scanner.
While connected to systems and retrieving or transmitting data, security is at times critical. Secure connections may not be necessary when browsing the news, for example, but are desirable when connected to corporate databases or when electronic commerce is undertaken.
What is needed is a network security system wherein data resources are available only to authorized users and when requested, confidential information is available only to authorized parties, the user's identity is continually authenticated, and the user cannot deny the communication. What is needed is a network security system that authenticates identity for access to secure networks; that authenticates in a nonobtrusive manner with each data access request without the necessity of extra hand or finger movements that are distracting; that authenticates continually to ensure that the person seeking data access has been authorized for such access; and that is secure and discourages hackers.
SUMMARY OF THE INVENTION
The network security system of the present invention addresses these needs and dramatically improves the nature data access for handheld computers. The preferred embodiment of the network security system of the present invention comprises a host computer, and a plurality of handheld computers. Each computer provides advanced biometric authentication of a user prior to responding to the user request for data access. The handheld computers are handheld when in operational mode. A sensor in the computer housing captures a print of a finger or hand of the user while the computer is being held. The biometric sensor is positioned in such a way that the sensor remains in continual contact with the hand of the user enabling a continual authentication of the identity of the user with each request for access to a secure record. The biometric sensor is preferably a fingerprint sensor. The fingerprint authentication is captured in an incidental manner as the data request is submitted from the handheld computer to the host computer enabling user identity authentication simultaneously with each request to access the secure record.
Each computer of the present invention in the network security system of the present invention is a handheld processor that enables access to a computer network and a biometric sensor disposed in the casing of the handheld processor. These handheld processors maintain continual contact with a finger, thumb, or palm of the user so that biometric authentication can be accomplished without the need to press special surfaces or otherwise alter conventional computer manipulations. While the technology of the present invention applies to all portable computers (e.g. - laptops, handhelds, palms, and pockets), the technology is preferably directed at palm and pocket computers.
In the network security system of the present invention, a palm or pocket computer the size of the user's hand is used that can conveniently be held in one hand. One or more fingerprint sensors are disposed in the back or side surfaces of the handheld computer such that the identity of the user is continually verified while the computer is being held and used. The ability to provide continual verification by means of biometric print sensors is particularly important to ensure network security.
While fingerprints and palm prints are used in this application for purposes of illustration, it is understood that the principles of this invention are also applicable to other biometric technologies where identity can be confirmed when the user touches a sensor, such as cell capture and DNA.
For purposes herein, a list of key terms is hereafter set forth to clarify the scope of this specification. A "handheld computer" refers to any computing device and application, including, but not limited to, a pocket computer; a palm-type computer; a laptop computer; a cell-phone; and similar devices, that involve continual contact with the hand of the user during routine usage. Also, many smaller computers are embedded in walls, desktop, and car instrument panels, and are generally precluded from these definitions unless the user continually touches a part of such computers. A "remote computer" refers to a hard-wired or wireless handheld computer. "Casing" refers to either the housing of the handheld computer or a pocket or container for storing the handheld computer.
"Biometrics" refers to the technology of verifying the identity of an individual by measuring and analyzing data relative to a physiological characteristic or behavioral characteristic of an individual. Examples of physiological characteristics are retina, iris, hand geometry, body odor, and fingerprint; and examples of behavioral biometrics are voice, keystroke rhythm and signature. A "fingerprint" is a biometric and refers to either the print of the thumb, index finger, any other finger, or combination thereof.
For a more complete understanding of the network security system of the present invention, reference is made to the following detailed description and accompanying drawings in which the presently preferred embodiments of the invention are shown by way of example. As the invention may be embodied in many forms without departing from spirit of essential characteristics thereof, it is expressly understood that the drawings are for purposes of illustration and description only, and are not intended as a definition of the limits of the invention. Throughout the description, like reference numbers refer to the same component throughout the several views.
BRIEF DESCRIPTION OF THE DRAWINGS
FIGURE 1 is a schematic the preferred embodiment of the network system of the present invention;
FIGURE 2A shows a view of the backside of a palm computer for use in the network security system of FIGURE 1 , the palm computer having a pair of fingerprint sensors capturing print of the thumb and index finger of the user and a third sensor to capture the palm print of the user, for identity authentication while the palm computer is being used, and FIGURE 2B shows the frontside of the palm computer of FIGURE 2A;
FIGURE 3 discloses the frontside of another processor device for use in the network security system of FIGURE 1 , a fingerprint sensor being positioned in the casing of a palm computer;
FIGURE 4 discloses yet another processor device for use in the network security system of FIGURE 1 , the processor device being a full screen computer, the processor device having a fingerprint sensor disposed on a side of the full-screen computer;
FIGURE 5 discloses a simplified logic diagram of one embodiment for registering in the network security system of FIGURE 1 , a user file and reference biometrics being secured in a user file that is created during the registration process;
FIGURE 6 discloses a simplified logic diagram of one embodiment for logging onto the network security system of FIGURE 1 , a captured print being compared to a reference record for purposes of authentication;
FIGURES 7A and 7B disclose a simplified logic diagram of one preferred embodiment for requesting access to the network security system of the present invention;
FIGURES 8A and 8B disclose a simplified logic diagram of one preferred embodiment for requesting entry of new data to the network security system of the present invention;
FIGURES 9A and 9B disclose a simplified logic diagram of one preferred embodiment for requesting access to high security data of the network security system of the present invention, the high security data access request requiring a match authentication of a pair of user fingerprints;
FIGURE 10A discloses a simplified layout for a user record of one preferred embodiment of the network security system of the present invention;
FIGURE 10B discloses a simplified layout for a data access record of the preferred embodiment of the network security system of FIGURE 10A;
FIGURE 10C discloses a simplified layout for a remote processor record of the preferred embodiment of the network security system of FIGURE 10A;
FIGURE 11 discloses a simplified flowchart for performing a network security audit of the network security system of the present invention;
FIGURE 12A discloses a simplified curve analysis for a regular security environment where the threshold position is located at the juncture of the normal curve for authorized users and the normal curve for unauthorized users; and
FIGURE 12B discloses a simplified curve analysis showing for high-security applications similar to FIGURE 12A, where the position of the threshold has been repositioned to minimize false negatives.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring now to the drawings, FIGURE 1 discloses the preferred embodiment of the network security system of the present invention. The preferred embodiment of the network security system of the present invention comprises a host computer, and a plurality of handheld computers. Each handheld computer provides authentication of a user prior to responding to the user request for data access. A sensor of a biometric property of the user disposed in the computer housing captures a biometric print of the user while the handheld computer is being held. The biometric sensor is preferably a fingerprint sensor.
As shown in FIGURE 2A and 2B, at least one fingerprint sensor is positioned at one or more strategic sites such that a portion of the hand of the user is in continuous contact therewith during usage of the processor, enabling a continual authentication of the identity of the user with each request for access to each secure record. The fingerprint authentication is captured in an incidental manner as the data request is submitted from the handheld computer to the host computer enabling user identity authentication simultaneously with each request to access the secure record. As shown, the processor includes sensors to capture a thumbprint, the print of the index finger, and a palm print. Also, a palm print sensor can be disposed on the back surface of the computing device of the present invention to supplement or complement the fingerprint sensors. Multiple sensors are recommended for high-security applications (see for example FIGURES 9A and 9B).
FIGURE 3 discloses the frontside of another embodiment of a processor device for use in another preferred embodiment of the network security system of the present invention. The fingerprint sensor is positioned in the casing of a palm computer, the casing being used to house the palm computer when used and stored. The casing may also be a wallet or pouch in digital engagement with the processor, either through wire or a wireless mode - enabling identity authentication whenever network access to data is required. The principle advantage of this approach is that registration is conducted through the casing and the computers need not be altered (off the shelf).
FIGURE 4 discloses yet another full-screen processor for use in the network security system of the present invention. These processors are sometimes referred to as handheld computers in the literature, but are referred to as full-screen processors herein for clarity. The screen is roughly the size of a screen of a PC, except that the computer does not have a conventional keypad. A fingerprint sensor is disposed on one side of the fullscreen computer. The strategic positioning of individual and multiple sensors depends on the size and shape of the individual computer, and the size of the hands of the computer user. And, it is advised that either the location of the sensors is symmetrical (both sides of the processor) to accommodate both left-handed and right-handed users. Alternatively, some processors can be designed for right-handed users and others for left-handed users.
Referring now to FIGURE 6, the user enrolls his or her prints by submitting the thumb, index finger, and/or palm prints to the network in a secure process. The reference print is preferably stored in the host computer for security purposes to prevent user access and tampering. The prints may need to be stored in the system also. Subsequently, when network access is requested, the relevant print or prints are captured and compared against the reference prints. Only upon authentication is network access enabled to authorized users. Data access is only enabled once a match has occurred that equals or exceeds a threshold value that has been set in accordance with the sensitivity of the data being requested access to. The system also enables varying levels of security within the same network since person A may be permitted access to certain data, and person B permitted access to other data. For example both are permitted access to general network data, but each is only permitted access to his/her own personal or employment or medical files.
For most lower security applications, one sensor is adequate. However, in many higher security applications, multiple prints may be appropriate, since processing occurs based upon only a partial print. The network security system of the present invention enables system designers to integrate into the system the level of security needed for each application, while allowing improved security to be incorporated as needed.
The network security system of the present invention continually controls network access and ensures the integrity of all data. The system enhances security without the need to modify the casing of the computer with card-readers or sensing devices. Identity is authenticated continually and routinely, each time there's a request to access additional information. The preferred embodiments of the network security system of the present invention requires authentication prior to each login; each request for data access; and each data entry. FIGURE 6 discloses a simplified logic diagram of one embodiment for logging onto the network security system of the present invention. A captured print is compared to a reference record for purposes of authentication. Since the network may include data that is not confidential (like Internet access), the user need only be authorized to access the handheld computer to gain system access - this is not recommended for high security networks.
The preferred embodiments of the network security system of the present invention create a fingerprint-authenticated record of each user (data access and entry); of each record; and of each computer. FIGURES 7A and 7B disclose a simplified logic diagram of one preferred embodiment for requesting access to the network security system of the present invention. Similarly, FIGURES 8A and 8B disclose a simplified logic diagram of one preferred embodiment for requesting entry of new data to the network security system of the present invention.
FIGURES 9A and 9B disclose a simplified logic diagram of one preferred embodiment for requesting access to high security data of the network security system of the present invention, the high security data access request requiring a match authentication of a pair of user fingerprints. The handheld computer of FIGURE 2A and 2B enable the capture of multiple fingerprints.
FIGURE 10A disclose a simplified layout for a user record of one preferred embodiment of the network security system of the present invention. FIGURE 10B discloses a simplified layout for a data access record of the preferred embodiment of the network security system of FIGURE 10A. FIGURE 10C discloses a simplified layout for a remote processor record of the preferred embodiment of the network security system of FIGURE 10A.
FIGURE 10A depicts a simplified user record for the network security system of the present invention. The user record includes the user's name, address, reference prints and signature, user authorized security level, a list of data records that the user is authorized to access, a list of handheld computers that the user is authorized to use, a history of records accessed by the user, and a list of records that the user was denied access to and when. FIGURE 10B depicts a simplified data record for the network security system of the present invention. The data record includes a data record number, a data security level, names of users authorized to access this record, the reference prints of authorized users, a list of handheld computers authorized to access this record, a history of persons who accessed this record and when, and a history of all persons denied access to this record. FIGURE 10C depicts a simplified computer record for the network security system of the present invention. The computer record includes a remote computer number, the names of authorized users, the reference prints of all authorized users, a list of records that can be authorized from this computer, a list of all persons authorized to access each record, a history of all persons using this computer, a history of all users denied access to the computer, and prints of all users denied access to the computer. Each of these records is updated upon the occurrence of each relevant user, record, and computer event to enable a tracking for audit purposes.
FIGURE 11 discloses a simplified flowchart for performing a network security audit of the network security system of the present invention. Routines investigation as to network activity is needed to identify and remedy any security breaches. For these purposes, a distinction is made between an authorized attempt to enter a record or computer and an incidental breach - the latter being the result of sensor error or innocent mistakes by a user during network usage.
FIGURE 12A discloses a simplified curve analysis for a regular security environment where the threshold position is located at the juncture of the normal curve for authorized users and the normal curve for unauthorized users. By placing the threshold at such juncture, there will be considerably more false positives (an authorized user denied entry) than false negatives (an authorized user gaining entry) - and this is generally an acceptable balance of the competing interests. FIGURE 12B discloses a simplified curve analysis showing for high-security applications where the position of the threshold as shown in FIGURE 12A has been repositioned to minimize false negatives. In these high-security applications, essentially any unauthorized entry is unacceptable and so the threshold is reduced - resulting in an increase in false positives.
Several applications of the network security system of the present invention include: Nurses and doctors can track and record patient histories as they make their rounds, using clipboard-like computers and pens to access and enter patient information over a wireless network from servers throughout the hospital. Insurance claims adjusters can assess automobile damages on site, looking up relevant cost information with the handheld computer, then printing the estimate and writing a check to the repair shop at the end of the visit.
Sales representatives can track inventory and the effect of promotional campaigns in retail stores, using a pen-based computer. At the end of the day, the information is transmitted through a phone line back to headquarters.
Government employees in the field or traveling on business can access secure data, with authentication and assurance that the person is the remote user authorized to access each data stream.
Inkless fingerprint sensors have now been developed that capture a forensic quality fingerprint in less than a second. The fingerprint sensors packages are less than 0.75 in. wide, and smaller packages are being developed. Infineon (associated with Siemens) and STMicroelectronics (formerly SGS Thomson) manufacture the sensors of choice.
The Infineon sensor enables the integration of a miniature fingerprint sensor into a wide variety of end products. The chip is compact, and robust enough to convert a previously exotic technology-biometric user ID into an everyday reality. The chip is a small (18mm x 21mm x 1.5mm) IC embedding a 288 x 224 pixel contact sensor array that images the lines and ridges of a human fingerprint when a user touches the device. Each pixel has an 8-bit data depth, enabling evaluation of subtle gradations (256 shades of gray) of a fingertip and their translation into a set of indices - the key identifying features of an individual fingerprint. Imaging and data transfer of an impression takes 100 milliseconds. The STMicroelectronics fingerprint sensor is substantially the same size as the Infineon sensor and that use capacitive-sensor-array technology, building silicon IC's containing an array of sensor plates. ST technology uses a capacitive sensing technique to capture, in less than one tenth of a second, a high-resolution image of a fingerprint when the finger is applied directly to the chip surface. The output of the chip is a digital representation of the fingerprint, which can be processed by the algorithms developed by SAGEM, which immediately confirm or invalidate the recognition of pre-identified persons and then be further processed by application-dependent software.
Another biometric that is recommended in the network security system of the present invention involves cell capture while the processor device of the present invention is being used. The advantage of this biometric over fingerprints is that accuracy is not dependent upon the size of the sensor or print that is captured.
GeneTrace Systems has a high-resolution mass spectrometry-based method for chemical analysis of large single-stranded DNA oligomers. The mass spectra are obtained in seconds instead of the usual hours needed for gel electrophoresis currently used, and no radioactive or fluorescent materials are needed. The technique has high mass capabilities and opens new avenues of study as in chemical modifications of DNA, DNA- peptide/protein interactions such as antisense drug development. DNA sequencing and quality control for synthetic DNA and related products are also potential applications. The basic technology can be applied also to peptides and proteins and used for protein structure determination, phosphorylation, glycosylation, and other studies. Previously it had not been possible to apply mass spectrometry successfully to anything larger than about a 4-mer and thereby obtain the advantages the mass spectrometry technique can offer in precise and accurate molecular weight determination. The new physico-chemical sample preparation opens this capability to single-stranded DNA molecules above 50,000 Dalton with a mass accuracy of 0.01 percent in the 10,000 Dalton range. This is much higher accuracy and resolution than is obtainable with state-of-the-art electrophoresis techniques.
Another approach is to use surface-confined arrays of highly selective sensing elements. Chemical and biological sensors are required to perform multi-analyte measurements rapidly, accurately, and at increasingly lower cost. Arrays of immobilized single-stranded DNA (ssDNA) probes, so-called DNA chips, are being used for genetic analysis for disease detection, toxicology, forensics, industrial processing, and environmental monitoring.
The network security system of the present invention provides network access security by; (1 ) controlling unauthorized access to the network; (2) controlling improper access by network users; and (3) monitoring user access to network resources. The network security system of the present invention initially identifies the user, and continually controls and monitors user activity while the user is plugged in.
When wireless devices are used, system security becomes more of a concern, since an integral part of the system, in this instance the wireless computers, are not attached to the system, but rather are portable and carried by a customer. A preferred method of authenticating a remote computer is to make each remote computer unique from all others. The unique quality is identified and stored in the host computer. A comparison is made between the unique quality of the remote computer and the stored value in the host computer prior to enabling access to or entry of a data stream. This can be done with the random use photo refracted crystals as shown in U.S. Patent No. 5,619,025 (Hickman, et al.); at least two magnetic filaments or strips and preferably includes a multiple number of filaments of differing coerciveness, magnetic field strength, magnetic field alignment, size or spacing so that when the remote computer requests data access, approval will be given only when the proper signal is provided by the ordered array of appropriate magnetic elements in the wireless computer as shown in U.S. Patent No. 5,834,748 (Litman)
Throughout this application, various Patents and Applications are referenced by patent number and inventor. The disclosures of these Patents and Applications in their entireties are hereby incorporated by reference into this specification in order to more fully describe the state of the art to which this invention pertains.
It is evident that many alternatives, modifications, and variations of the network security system of the present invention will be apparent to those skilled in the art in light of the disclosure herein. It is intended that the metes and bounds of the present invention be determined by the appended claims rather than by the language of the above specification, and that all such alternatives, modifications, and variations which form a conjointly cooperative equivalent are intended to be included within the spirit and scope of these claims.

Claims

1. A computer network comprising:
a host computer; and
a plurality of remote computers, each remote computer being distal from the host computer, a remote computer providing authentication of a user prior to responding to the user request, the authentication being fingerprint authentication, the fingerprint authentication being captured continually, the fingerprint authentication being captured in an incidental manner as the data request is submitted from the remote computer to the host computer enabling user identity authentication simultaneously with the request to access the secure record.
2. A computer network comprising:
a host computer; and
a plurality of remote computers, each remote computer being distal from the host computer, a remote computer providing authentication of a user prior to responding to the user request, the authentication being biometric authentication, the fingerprint authentication being captured continually, a biometric property being captured in an incidental manner as the data request is submitted from the remote computer to the host computer enabling user identity authentication simultaneously with the request to access the secure record.
3. A system for restricting data access of a computer user to a data network, the system comprising:
a remote processor having access to a computer network through a digital connection with a host computer, the remote computer being remote from the host computer, the remote computer being handheld while in operational mode, the remote computer having a casing; and a sensor disposed in the remote computer, the sensor providing user authentication by capture of a predetermined characteristic of the computer user and comparison of the sensed predetermined characteristic with a reference predetermined characteristic, the capture occurring while the remote computer is being held by the computer user, the sensor being disposed in part of the remote computer that is touched by a portion of the hand of the computer user while the remote computer is being used, the sensor enabling a capture of the predetermined characteristic in an incidental manner as the request for data access is being processed.
4. A system for restricting data access of a computer user to a data network, the system comprising:
a remote computer having access to a computer network through a digital connection with a host computer, the remote computer being remote from the host computer, the remote computer being handheld while in operational mode, the remote computer having a casing; and
a sensor disposed in the remote computer, the sensor providing user authentication by capture of a predetermined characteristic of the computer user and comparison of the sensed predetermined characteristic with a reference predetermined characteristic, the capture occurring while the remote computer is held by the computer user, the sensor being disposed in the casing of the remote computer that is touched by at least a portion of the hand of the computer user while the remote computer is being used, the sensor enabling a repeated capture of the predetermined characteristic in a continual manner while the remote computer is being held.
5. A system comprising:
a remote computer access to a computer network, the remote computer being portable, the device being handheld when in operational mode; and
a biometric sensor disposed in the casing of the remote computer, the sensor enabling capture of a finger or hand of the user while the remote computer is being held, the biometric sensor being positioned in such a way that the sensor remains in continual contact with a portion of the hand of the user while the remote computer is being used enabling a continual verification of the identity of the user during access to the computer network.
6. A method for restricting data access to a computer user relative to a data network through a remote computer, the remote computer being remote from a host computer, the method comprising:
holding at least a portion of the remote computer with at least a portion of the hand of the computer user;
requesting a login to the data network through the remote computer;
sensing a predetermined characteristic of the user making the request, the remote computer being handheld when in operational mode, the sensing being accomplished by use of a sensor, the sensor being disposed in the portion of the remote computer that is touched by a portion of a hand of the computer user during computer usage, the sensing being accomplished in an incidental manner while the computer user holds the remote computer and requests access to additional data-streams;
comparing the sensed predetermined characteristic of the computer user with a reference predetermined characteristic; and
providing network access representative of the comparing the sensed predetermined - characteristic and the reference predetermined characteristic.
7. A method for restricting data access to a user relative to a data network through a remote computer, the remote computer being remote from a host computer, the method comprising:
holding at least a portion of the remote computer with at least a portion of the hand of the computer user; requesting a login to the data network through the remote computer;
sensing a predetermined characteristic of the user making the request, the remote computer being handheld when in operational mode, the sensing being accomplished by use of a sensor, the sensor being disposed in the portion of the remote computer that is touched by a portion of the hand of the computer user during computer usage, the sensing being accomplished continually while the computer user holds the remote computer and requests access to additional data-streams;
comparing the sensed predetermined characteristic of the computer user with a reference predetermined characteristic; and
providing network access representative of the comparing the sensed predetermined characteristic and the reference predetermined characteristic.
8. A method of enabling access to a computer network, the method comprising:
logging onto a remote computer, the remote computer being touched by a portion of a hand of a user during computer usage;
capturing a first biometric identifier of a user while the remote computer is being held relative to such holding; and
enabling access to the computer network when the captured biometric matches a reference biometric, and blocking access to the computer network in the absence of a match between the captured biometric and the reference biometric.
9. A casing for a remote computer, the casing comprising:
a pocket for housing the remote computer, the remote computer enabling access to a computer network, the remote computer being touched by a portion of a hand of a user during computer usage; and
a biometric sensor disposed in the outer surface of the casing, the biometric sensor enabling capture of a biometric property from the hand of the user while the remote computer is being held, the biometric sensor being positioned in such a way that the sensor remains in continual contact with the hand of the user while the remote computer is being held by the user enabling a continual verification of the identity of the user during access to the computer network.
PCT/US2001/021038 1999-09-17 2001-07-05 Network security system WO2002005478A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
AU2002218801A AU2002218801A1 (en) 2000-07-09 2001-07-05 Network security system
EP01984200A EP1393493A4 (en) 2000-07-09 2001-07-05 Network security system
US10/032,591 US7047419B2 (en) 1999-09-17 2001-10-28 Data security system
US11/124,016 US7822232B2 (en) 1999-09-17 2005-08-08 Data security system
US12/857,819 US8520905B2 (en) 1999-09-17 2010-10-25 Data security system
US13/241,817 US8374402B2 (en) 1999-09-17 2011-09-23 Data security system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US21715100P 2000-07-09 2000-07-09
US60/217,151 2000-07-09

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2000/019652 Continuation-In-Part WO2001022351A1 (en) 1999-09-17 2000-07-18 Identity authentication system and method
US09/865,756 Continuation-In-Part US6970583B2 (en) 1999-09-17 2001-05-25 Identity authentication device

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US09/490,687 Continuation-In-Part US6307956B1 (en) 1998-04-07 2000-01-24 Writing implement for identity verification system
US10/032,591 Continuation-In-Part US7047419B2 (en) 1999-09-17 2001-10-28 Data security system
US11/124,016 Continuation-In-Part US7822232B2 (en) 1999-09-17 2005-08-08 Data security system

Publications (2)

Publication Number Publication Date
WO2002005478A1 true WO2002005478A1 (en) 2002-01-17
WO2002005478A9 WO2002005478A9 (en) 2003-02-06

Family

ID=22809859

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/021038 WO2002005478A1 (en) 1999-09-17 2001-07-05 Network security system

Country Status (3)

Country Link
EP (1) EP1393493A4 (en)
AU (1) AU2002218801A1 (en)
WO (1) WO2002005478A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1653320A1 (en) * 2004-10-26 2006-05-03 Fujitsu Limited Data processing apparatus
US7363505B2 (en) 2003-12-03 2008-04-22 Pen-One Inc Security authentication method and system
US7609863B2 (en) 2001-05-25 2009-10-27 Pen-One Inc. Identify authentication device
US7609862B2 (en) 2000-01-24 2009-10-27 Pen-One Inc. Method for identity verification
US7822232B2 (en) 1999-09-17 2010-10-26 Pen-One, Inc. Data security system
US7961917B2 (en) 1999-02-10 2011-06-14 Pen-One, Inc. Method for identity verification
CN103136464A (en) * 2011-11-28 2013-06-05 常熟安智生物识别技术有限公司 Palm vein network login system
US8785120B2 (en) 2005-04-01 2014-07-22 Qiagen Gmbh Method for the treatment of a sample containing biomolecules
US9577992B2 (en) 2015-02-04 2017-02-21 Aerendir Mobile Inc. Data encryption/decryption using neuro and neuro-mechanical fingerprints
US9836896B2 (en) 2015-02-04 2017-12-05 Proprius Technologies S.A.R.L Keyless access control with neuro and neuro-mechanical fingerprints
US10357210B2 (en) 2015-02-04 2019-07-23 Proprius Technologies S.A.R.L. Determining health change of a user with neuro and neuro-mechanical fingerprints

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9590986B2 (en) 2015-02-04 2017-03-07 Aerendir Mobile Inc. Local user authentication with neuro and neuro-mechanical fingerprints

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6035403A (en) * 1996-09-11 2000-03-07 Hush, Inc. Biometric based method for software distribution
US6038666A (en) * 1997-12-22 2000-03-14 Trw Inc. Remote identity verification technique using a personal identification device
US6041410A (en) * 1997-12-22 2000-03-21 Trw Inc. Personal identification fob
US6219793B1 (en) * 1996-09-11 2001-04-17 Hush, Inc. Method of using fingerprints to authenticate wireless communications

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) * 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
WO1999052060A2 (en) * 1998-04-07 1999-10-14 Black Gerald R Identification confirmation system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6035403A (en) * 1996-09-11 2000-03-07 Hush, Inc. Biometric based method for software distribution
US6219793B1 (en) * 1996-09-11 2001-04-17 Hush, Inc. Method of using fingerprints to authenticate wireless communications
US6038666A (en) * 1997-12-22 2000-03-14 Trw Inc. Remote identity verification technique using a personal identification device
US6041410A (en) * 1997-12-22 2000-03-21 Trw Inc. Personal identification fob
US6182221B1 (en) * 1997-12-22 2001-01-30 Trw Inc. Remote identity verification technique using a personal identification device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1393493A4 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7961917B2 (en) 1999-02-10 2011-06-14 Pen-One, Inc. Method for identity verification
US8520905B2 (en) 1999-09-17 2013-08-27 Pen-One, Inc. Data security system
US7822232B2 (en) 1999-09-17 2010-10-26 Pen-One, Inc. Data security system
US8374402B2 (en) 1999-09-17 2013-02-12 Pen-One, Inc. Data security system
US7609862B2 (en) 2000-01-24 2009-10-27 Pen-One Inc. Method for identity verification
US7609863B2 (en) 2001-05-25 2009-10-27 Pen-One Inc. Identify authentication device
US7363505B2 (en) 2003-12-03 2008-04-22 Pen-One Inc Security authentication method and system
EP1653320A1 (en) * 2004-10-26 2006-05-03 Fujitsu Limited Data processing apparatus
US8785120B2 (en) 2005-04-01 2014-07-22 Qiagen Gmbh Method for the treatment of a sample containing biomolecules
CN103136464A (en) * 2011-11-28 2013-06-05 常熟安智生物识别技术有限公司 Palm vein network login system
US9577992B2 (en) 2015-02-04 2017-02-21 Aerendir Mobile Inc. Data encryption/decryption using neuro and neuro-mechanical fingerprints
US9836896B2 (en) 2015-02-04 2017-12-05 Proprius Technologies S.A.R.L Keyless access control with neuro and neuro-mechanical fingerprints
US9853976B2 (en) 2015-02-04 2017-12-26 Proprius Technologies S.A.R.L. Data encryption/decryption using neurological fingerprints
US10333932B2 (en) 2015-02-04 2019-06-25 Proprius Technologies S.A.R.L Data encryption and decryption using neurological fingerprints
US10357210B2 (en) 2015-02-04 2019-07-23 Proprius Technologies S.A.R.L. Determining health change of a user with neuro and neuro-mechanical fingerprints
US11244526B2 (en) 2015-02-04 2022-02-08 Proprius Technologies S.A.R.L. Keyless access control with neuro and neuromechanical fingerprints

Also Published As

Publication number Publication date
EP1393493A1 (en) 2004-03-03
AU2002218801A1 (en) 2002-01-21
WO2002005478A9 (en) 2003-02-06
EP1393493A4 (en) 2006-04-05

Similar Documents

Publication Publication Date Title
US8520905B2 (en) Data security system
TWI828620B (en) Biometric sensor
Jansen Authenticating users on handheld devices
TW539981B (en) Flexible method of user authentication
US6539101B1 (en) Method for identity verification
US6307956B1 (en) Writing implement for identity verification system
US7961917B2 (en) Method for identity verification
US7609862B2 (en) Method for identity verification
US20030131247A1 (en) System and method that provides access control to entertainment media using a personal identification device
US20030028811A1 (en) Method, apparatus and system for authenticating fingerprints, and communicating and processing commands and information based on the fingerprint authentication
US20030065626A1 (en) User verification for conducting health-related transactions
US20080005578A1 (en) System and method for traceless biometric identification
US20070279187A1 (en) Patient information storage and access
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
US9042608B2 (en) Data security system
US20060213970A1 (en) Smart authenticating card
US20040264746A1 (en) System and method for performing personal identification based on biometric data recovered using surface acoustic waves
EP1393493A1 (en) Network security system
US20060136743A1 (en) System and method for performing security access control based on modified biometric data
US20040218789A1 (en) Fingerprint reader using surface acoustic wave device
JP5107885B2 (en) Personal information providing apparatus, personal information providing method
WO2004038630A1 (en) Secure method to identify and retrieve patient information
JP2003140955A (en) Information processing system, information processing program, computer readable recording medium recording information processing program and information processing method
JP2002073572A (en) Authentication system, authentication method, authentication device and controlling method therefor
Atkins A bill of health for biometrics?

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

COP Corrected version of pamphlet

Free format text: PAGES 1/14-14/14, DRAWINGS, REPLACED BY NEW PAGES 1/14-14/14; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

WWE Wipo information: entry into national phase

Ref document number: 2001984200

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001984200

Country of ref document: EP

NENP Non-entry into the national phase
WWE Wipo information: entry into national phase

Ref document number: 11124016

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 11124016

Country of ref document: US

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)