WO2005117527A2 - An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication - Google Patents

An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication Download PDF

Info

Publication number
WO2005117527A2
WO2005117527A2 PCT/IN2005/000180 IN2005000180W WO2005117527A2 WO 2005117527 A2 WO2005117527 A2 WO 2005117527A2 IN 2005000180 W IN2005000180 W IN 2005000180W WO 2005117527 A2 WO2005117527 A2 WO 2005117527A2
Authority
WO
WIPO (PCT)
Prior art keywords
electronic device
group
user
authentication
data
Prior art date
Application number
PCT/IN2005/000180
Other languages
French (fr)
Other versions
WO2005117527A3 (en
WO2005117527B1 (en
Inventor
Brian Abram
Original Assignee
Brian Abram
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Brian Abram filed Critical Brian Abram
Publication of WO2005117527A2 publication Critical patent/WO2005117527A2/en
Publication of WO2005117527A3 publication Critical patent/WO2005117527A3/en
Publication of WO2005117527B1 publication Critical patent/WO2005117527B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the present invention relates to a device, system and method for authentication and more particularly to a wearable device and method for providing secure authentication, secure communication, and verification of a user.
  • Patent No. WO 97/32284 SECURITY IDENTIFICATION AND INFORMATION SYSTEM This invention is a Radio Frequency Chip Transponder fitted into a wearable finger-ring. It is a simple technology which just transmits an identification number back to the RFID reader. The RFID method of encryption was cracked some time ago.
  • Sun Microsystems introduced another simple authentication device packaged in a finger-ring, however, the technology is based on the smart card chips and uses an interface which is not commonly available. It is more sophisticated than an RFID tag. It has the capability of providing a unique number along with a small amount of other data.
  • smart card chips are very limited in what they can do and store, it is therefore not comparable with the current invention.
  • This invention is essentially an extension of Sun Microsystems idea as it integrates the smartcard chip into a personal device with bluetooth and/or infra-red interfaces along with some biometric data.
  • the object of the present invention is to provide a system and methods of a single universal means of authentication, which can be considered to be of several parts, first being an electronic signature by means of hashing algorithms, secondly the ability to encrypt and decrypt channels of communication by means of asymmetric cryptography, thirdly, authentication by a remote trusted authentication server and finally, one or more biometric cross-checks to verify the wearer as the genuine owner of the device of invention called as WIPAD (Wearable Identity Protection & Authentication Device).
  • WIPAD Wearable Identity Protection & Authentication Device
  • the word WIPAD is herein defined to mean that part of the invention worn by a user and more specifically defined as a wearable electronic identity protection and authentication device.
  • the device comprises a hermatically sealed housing having a protrusion with electrical contacts and means for providing a . communication channel between said electronic device and a receptor of any host device for accomplishing the process of authentication.
  • the device further comprises atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port for interfacing with atleast one host and supplying power to said electronic device.
  • USB Universal Serial Bus
  • IrDA Infrared Data Association
  • a multi-chip-package which comprises plurality of sub-components electrically connected to each other and said ports; wherein said multi-chip-package includes; an encryption logic chip having hard-coded algorithms for encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets-of- information (EDAS packets), generating Digital Right Management (DRM) licenses.
  • an encryption logic chip having hard-coded algorithms for encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets-of- information (EDAS packets), generating Digital Right Management (DRM) licenses.
  • the encryption logic chip includes a control module for determining appropriate encrypting and hashing algorithms, a DRM license processor for generating and processing Digital Rights Management (DRM) licenses, creating at least one subordinate license being distributed to other electronic devices for allowing limited access to devices or media, an EDAS processor for receiving and converting said licenses into EDAS packet and rapid assembling / disassembling and verification of said EDAS packets, a group messaging sub system having a buffer, a group secret key and a group public key for generating group message packets that can be encrypted or decrypted in real time for communicating a data or message securely to a group of people and a self-verified authorised secure fund transfer mechanism (YTRAXS) having a
  • the device also supports a key generator in the encrypted logic chip for generating encryption keys including a special secret key, a second dummy secret key , and a pseudo key.
  • a tamper detection module for detecting any tampering is provided for raising an anti- tamper signal for protecting the special secret key by allowing the second dummy secret key to overwrite the special secret key thereby preventing the use of said special secret key and said electronic device for further authentication process
  • the housing of the electronic device may be in the form of a finger ring or a wristwatch or a pendant or a broach or the like.
  • the multi-chip-package of said electronic device further includes a memory module for storing private data of a user and storing program codes, for controlling main operations of said electronic device.
  • Said multi-chip-package also includes a communication module for sending and receiving data to and from the interfaces and the memory module.
  • the multi-chip-package includes a processor communicating with said memory and other modules by means of a shared bus thereby controlling the activities of said encryption logic chip tamper detection module and the communication module.
  • a black box is also provided for storing an encrypted copy of user's profile and history of the most recent transactions and activities.
  • a real time clock for correct functioning of said electronic device, a battery for keeping said real time clock ON and a photovoltaic cell for charging said battery is also included in said multi-chip- package.
  • the multi-chip-package also includes a power control module and plurality of sensor circuits for sensing a number of inputs like temperature, electrical probing, penetration of the sealed housing, pressure or the like due to any tampering.
  • Another embodiment of the present invention includes an authentication system comprising a communication network, a remote service terminal coupled to the network, atleast one authenticating server communicating with said remote service terminal via the network for cross checking the authenticity of said remote service terminal and a user, atleast one host coupled to the network and the user-wearable electronic device (WIPAD) for authentication being capable of interfacing with said host.
  • the electronic device used in said authentication system is capable of being used with a phone enabled device and a biomedical sensor (BMS) in a configuration, for sending an alert signal upon detecting any abnormal condition such as a serious medical condition of any user.
  • BMS biomedical sensor
  • the electronic device is also capable of being used with a device/ gadget/ system having in built Digital Rights Management Module; said electronic device being capable of storing and managing licenses for authorizing a person to access to the features and functions of the device/gadget/system.
  • the authentication system also supports the electronic device for creating a bank transfer authorization via self-verified authorized secure fund transfer mechanism (YTRAXS) sent to the recipient for scanning with a bar-code reader and automatically uploading to the banking transaction system for checking against the originators bank transaction system thereby commencing a transfer if the transaction is valid.
  • YTRAXS self-verified authorized secure fund transfer mechanism
  • the authentication system enables the electronic device to get connected to a host device used by an authenticated user for creating a group message to be sent via a server, to the members' servers, for verifying the messages, further passing the messages to the host devices of the members. Furthermore, the authentication system also enables plurality of electronic devices connected to host devices of member to receive, verify and decrypt the message, with the groups shared secret key thereby sending the decrypted message back to the host device.
  • Another embodiment of the present invention discloses a method for authentication comprising the steps of: establishing a wireless or electrical communication channel between a user-wearable electronic device and a receptor of any host device via atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port of said electronic device for checking if a user of said electronic device has any rights to access any functions or media or data of said host device;encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets- of-information (EDAS packets), generating Digital Right Management (DRM) licenses by using hard-coded algorithms; sending a user's digital certificate to said host device; sending user's biometric data to said host device; verifying the biometric data of said user;using network security protocols for authenticating said user's digital certificate upon said host device being connected to a suitable network; transmitting and logging the result of authentication to user- authentication management modules of all the devices which were a party to the authentication process via a remote
  • the method for authentication is disclosed in the present invention for enabling an authenticated user to create and administrate a secure group key set.
  • the group keys are distributed among selected persons and entities and the persons and entities are invited to be a member of a group. Thereafter the persons and entities are allowed to accept or decline to be a member of said group and an administrator of the group is allowed to optionally remove said persons and entities from the group at a later time. Further, transmitting of encrypted and digitally signed messages and data to other group members using the appropriate group key is accomplished and, group messages and data from any other person or entity having a copy of the group keys is received.
  • An authenticated user is therefore capable of; receiving, creating, administrating and transmitting DRM licenses for permitting or denying the person or other entities various rights of access to other devices, functions, applications or contents. Further, the authenticated user is capable of enabling a creator and owner of a group to retain control of the group, whereby the owner of a group gives license to the group members to be part of said group and enables the owner of a group to create and transmit new licenses which override the existing licenses, thereby changing the status and privileges of one or more group members, which could even extend to revocation or replacement of the group keys.
  • the authenticated user is capable of generating atleast one copy of a printed electronic bank transfer authorizations with unique transaction numbers and bar codes including a digital signature (YTRAXS), which can later be scanned using a bar code reader by the recipient's authenticated operator and subsequently credited to the recipient's account through electronic fund clearing with no requirement for the printed transaction slips to be processed through the bank's cheque clearing system.
  • YTRAXS digital signature
  • FIG 1 is an overview of internal parts of the invention (WIPAD - Wearable
  • Figure 2 shows the protruding part of the WIPAD sitting in an electro-optical receptor.
  • FIG. 3 shows the main components of the WIPAD.
  • Figure 4 shows the main components of the encryption logic module.
  • Figure 5 shows the concept of an EDAS digital envelop.
  • Figure 6 shows the main parts of an EDAS digital envelop.
  • Figure 7 is one possible layout of a printable WIPAD Transaction Slip (YTRAXS).
  • Figure 8 is a flowchart of an authentication session between a WIPAD and another device.
  • Figure 9 shows a WIPAD and counterpart device in a configuration to provide full authentication.
  • FIG 1 an overview of internal parts of the invention 100 (WIPAD - Wearable Identity Protection & Authentication Device) is shown.
  • a photovoltaic cell 107 helps keep a battery 108 charged, which in turn keeps a real time clock 316 in the custom computer chip 109 alive when no external power is applied to the device.
  • the custom computer chip 109 can receive power through any of interfaces including USB1 105, USB2 106 and contacts 103 and 104.
  • the lower part of the WIPAD 100 sitting in an electro-optical receptor 201 is shown in Figure 2 where the receptor 201 can be incorporated into everyday devices, vending & ticket machines, access control points, shop payment terminals and biometric reading devices.
  • the lower part of the WIPAD 100 has electrodes 103 and 104, which make contact with receptor electrodes 203 & 204, which provide power to the WIPAD 100.
  • WIPAD 100 is in close proximity to an opto-transceiver 202 in the receptor 201 , which provides a communication channel between the WIPAD 100 and the other device.
  • the base of WIPAD 100 and receptor could also have ridges and groves to facilitate a better or a more a permanent connection, which has a clip-on type of action.
  • Figure 3 illustrates the heart of the WIPAD 100, which consists of a Custom Computer Chip 109 for integrating ' multiple subcomponents.
  • the main operations of the device are controlled by program code in the WORM (Write Once Read Many) memory 306.
  • Volatile memory 307 provides workspace for a controller 314, Encryption Logic module 303,
  • Communication control module 310 Although, Bluetooth, Telephony, and GPS and other functionality could be integrated into the Custom Computer Chip, this goes against the design philosophy of the invention, which is (a) to provide the highest possible security and (b) to ensure that the device is reliable for its required lifetime. Since the said additional functionality is commonly integrated into other mobile devices and since the invention is intended to be temporarily or permanently connected to other personal devices, there is no benefit in integrating additional functionality into the WIPAD 100, which can be better incorporated into a complementary device.
  • An additional problem with introducing additional modules into the WIPAD 100 is that it devalues the security of the device, since said extra modules may have security flaws, which could be exploited and these extra modules once embedded in the hermetically sealed WIPAD 100 can never be upgraded, whereas the said personal device can be serviced and have its chips or program code updated.
  • the present invention provides security functions and features isolated in a separate tamper resistant smaller device and communicates with and secures external devices.
  • the present invention is built on top of computer network technology and not smart-chip technology.
  • Tamper detection module 301 can be triggered by any one of a number of inputs like temperature going outside certain limits, or electrical probing, or failure of diagnostic self tests, penetration of the hermetically sealed case, a pressure transducer reporting out of range pressure reading.
  • the secret key 419 must be protected at all cost; therefore when tampering is detected a second random number 415 is used to overwrite the secret key, which prevents the WIPAD from being used for authentication.
  • All the private data in the persistent memory 308 is already encrypted with the WIPAD's Public Key and cannot be deciphered without a supercomputer to break the code.
  • a number of sensors can be added to the current invention to improve detection of removal of the device from a finger or wrist or from the proximity of the owner. This can be configured when a WIPAD is issued according to the requirement of the owner. Removing the device from the person does not amount to tampering, however, WIPAD can be set to require biometric verification as part of the next authentication cycle.
  • One method of detecting removal of a WIPAD applies to the ring version, whereby said removal is detected when both the photocell 107 and IrDA port 102 are simultaneously covered along with a change in the electrical parameters of surface contacts.
  • the Black-Box 405 contains an encrypted copy of the user's profile and latest transactions and activities, which can be decoded by an authorised entity, which has the corresponding secret key to the Public Key in 413.
  • the secret key 419 corresponding to 413 must be protected from probing and hacking, otherwise the security value of the WIPAD is significantly reduced. This is achieved by storing the secret key in a register, which cannot be read by the processor.
  • the said register is a direct input to the encryption logic module.
  • the encryption logic module can select which key registers to use as inputs to the cryptographic algorithms, but the content of said registers are not readable or transferable outside the cryptographic processor.
  • the WIPAD has several sources of external power, which must be prioritised.
  • USB Master Power Control
  • these could also be FireWire or other kinds of interfaces.
  • the invention is to be used with existing commonly available personal computers as well as later versions, therefore there should be at least one USB interface.
  • a complementary personal device could provide additional interfaces and protocols.
  • a cabled or physical interface or very short-range infrared provides better resistance to snooping, cracking and spoofing, interference, than radio.
  • the Communication Control Module 310 manages the activities and data buffers of the serial interfaces.
  • the Encryption module 303 is instructed by the CPU 314, which algorithms and keys to use and data to process, so that the encryption module is semi-autonomous in processing a block or stream of data.
  • the Communication Control module is also semi-autonomous in sending and receiving data to and from the serial interfaces and memory.
  • the CPU manages the activities of the WIPAD and controls the operations of 301, 303 and 310.
  • the Encryption logic module 303 has several hard-coded algorithms and is optimised for generating and checking digital signatures, for encrypting and decrypting blocks and streams of data and for generating temporary session keys.
  • a real time clock 316 is an essential part for the correct operation of the device, as real time is an important part of cryptographic methods and the device is configured to expire after a specified number of years.
  • the CPU 314 communicates with memory and other modules by means of a shared bus. 303 and 310 also use the bus to read and write to and from memory.
  • the WIPAD handles data and communications and establishes authentication and secure communication by implementing Internet Standards for secure communication and authentication based on TLS, X.509 and ASN X9.84-2001 Biometric Information Management and Security and Open Digital Rights
  • ODRML Wired Equivalent Privacy
  • FIG. 4 shows a schematic diagram of the cryptographic module which implements in hardware algorithms required to create, manage, transmit, receive, verify and disassemble messages and transactions.
  • the control module 406 manages all activities with the encryption module. Buffers 401 , 402, 403 and 404 enable maximum through put of data and processing in a multitasking environment.
  • the cryptographic algorithms to be included in 407 are dependent on a number of factors such as national laws, changes in IETF recommendations and international standards; customer requirements and backwards and forwards compatibility.
  • 408 and 409 show two different hashing algorithms as this is current practice to produce stronger digital signatures.
  • 414 is a random number and key generator.
  • 416 and 417 are register which hold a group public key and a group secret key respectively.
  • 418 permanently holds a black-box key which is used to make a copy an encrypted copy of each transaction, which is subsequently stored in the circular black-box buffer405.
  • the user's public key is permanently stored in a register 413.
  • 411 is a processor optimised for assembling and disassembling EDAS packets.
  • 411 contains buffers, registers and logic which enable rapid access to 601 a header, 602 a message descriptor, 603 an identifier associated with the recipient which could be one of several forms such as an email address, a public key or an alias; wherein said identifier must be resolvable via a lookup process or server to a real identity; wherein said identity is ultimately verified by means of authenticating a digital certificate; 604 an identifier of the creator; wherein the real identity of the creator is determined by resolving the given identity to a digital certificate and authenticating the same.
  • 605 is a digital signature for the said header which ensures tampering with the header information is made very difficult; wherein the status of the header can be returned to the controller, which determines whether or not it is appropriate to process the message body; wherein said message body could be potentially hundreds of megabytes. In this way unwanted EDAS packets can be rejected before the payload is transmitted to the recipient.
  • 606 is the message body or payload of the EDAS packet and may or may not be encrypted.
  • the digital signature 607 of the whole EDAS packet makes it very difficult for another entity to modify any part of said packet and therefore the recipient has a very high confidence that the sender is genuine.
  • the YTRAXS processor has a similar arrangement whereby a YTRAXS packet can be assembled, disassembled and verified rapidly by means of buffers and registers corresponding to 701 a human readable description of the transaction, 702 a bar coded version of the unique transaction identifier, 703 a biometric or physical signature in machine readable form, 704 the date of creation, 705 the recipients postal address, 706 a bar coded postal franking transaction number, 707 a bill or invoice reference number, 708 a digital signature of the transaction details and which can be printed on paper as a bar code.
  • the DRM processor 412 is an important aspect of authentication and access control process in the context of giving others access to personal or employer devices. Everything created by the user is to some extent their own intellectual property and copyright.
  • the DRM processor manages the relationship between entities in terms of what licence does the recipient of a message or file have with regards to said message or file.
  • An employer owns the I PR of work done by an employee.
  • the DRM module implements aspects of ODRML (Open Digital Rights Management Language) for the purpose of rapidly assembling and parsing DRM licences.
  • ODRML Open Digital Rights Management Language
  • the WIPAD licensing system is not limited to content and media as it also concerned with giving shared and group or subordinate access to other personal or an organisation's electronic devices. Where ODRML is insufficient to define the DRM features described herein, extensions can be defined.
  • the WIPAD's DRM and access control features are described in more
  • Block 500 is a schematic representation of an EDAS packet, which is conceptually similar to a letter ready for posting, hence the term 'Enveloped Data Addressed and Stamped (signed)'. Therefore, a packet has a creator/sender 503 and it is for another entity/recipient 502. 501 is a packet descriptor, which is a guide to the contents without having to decrypt the whole packet. Two stamps are required, the first 504 is used to prove that the packet header is genuine and the second 505 is the digital signature for the whole packet. Therefore, any party can check the integrity of the packet but only the intended recipient can open the packet. Servers can use the descriptor to filter out unwanted or invalid packets.
  • Figure 6 gives a hierarchical diagram of an EDAS packet 600, consisting of header 601 containing a message descriptor 602, the identifier of a target identity 603, and the identifier of the creator 604.
  • a header signature 605 follows the header, then actual data 606 and finally a second digital signature 607.
  • Figure 7 is one possible layout of a digitally signed pay order.
  • the WIPAD makes it possible to link the creation of a payorder to an individual person who can be held accountable for issuing electronic cheques.
  • Each YTRAXS cheque has a unique date, time and transaction number which is bar-coded 702; a date 704; an optional coded postal instruction; human readable details 701 ; an optional bill identifer; a postal address 705; an optional physical mark or signature 703 and importantly a bar-coded digital signature 708.
  • Creating a YTRAXS cheque opens an 'intention to pay' transaction; wherein said transaction can be tracked by the user's accounting software and the user's bank.
  • the user can keep one or more copies for auditing and tax purposes.
  • One copy is delivered to the recipient.
  • the recipient being an authorised and authenticated individual can present the YTRAXS cheque to a corresponding bar-code reader or type in the transaction ID, which verifies the YTRAXS transaction and sends a banking instruction to the sender's bank to complete the transaction.
  • the YTRAXS cheque can be filed for reference.
  • the YTRAXs cheque need not be sent to the banks cheque clearing system unless there is a dispute or reason to investigate the transaction.
  • the cheque issuer can add further security features like printing onto special security paper and requiring one or more biometric checks of the authorised operative and/or special marks on the cheque paper.
  • the device When the device is manufactured it has a certain amount of code and data programmed into it. When the device is powered up it detects that it is not yet issued and enters a basic diagnostic mode. The manufacturer may program data about the identity of legal deployment centres, which will prevent organised criminals from setting up illegal deployment centres. When a customer requires a WIPAD they will take their personal details to a deployment centre and have them checked and also all their biometric details taken and recorded. A blank
  • WIPAD is connected to the programming station. On power-up it enters diagnostic mode.
  • the programming station runs a set of diagnostics to check that the device is working properly, then it instructs the WIPAD to enter issuing mode, where upon the important personal data is burned into the WIPAD.
  • the WIPAD is ready for use and thoroughly tested. If the WIPAD passes all the tests, then the results are transmitted to the owners nominated home authentication servers. Now the owner is able to start using the device as described in the discussions of features and functions of the device.
  • An issued WIPAD can be instructed to enter a post-issued diagnostic mode in order to check that the device is still working properly.
  • An entity having access to the black-box secret key can upload the encrypted contents of the black-box to an authorised black-box host.
  • the black-box secret must be in a highly protected hardware environment, wherein access to data retrieved from black-boxes is revealed on a need to know basis and only to authenticated individuals and such access is logged and audited by other authorised and authenticated individuals.
  • FIG. 8 shows a sequence of steps involved in going from unauthenticated to partially authenticated, then to fully authenticated.
  • the WIPAD is connected to a host device 810.
  • the host device asks the WIPAD to send it's digital certificate to the host. This tells the host who is trying to use the host.
  • the device checks whether or not authentication is required and if not the host grants access 875.
  • the host checks that the WIPAD is generally valid using public-private key cryptography and an authorised user.
  • the host requests a access licence (created by one authorised to create such a licence) 835, if no such licence is provided then authentication fails 840 and the user is denied access 890. However, if 830 or 840 is successful the host checks whether or not biometric authentication is required 845.
  • any biometric processing is carried out.
  • the user is denied access 890 (note that the pre-network-authentication biometric verification is partial without network authentication because the biometric data on the authentication server has higher priority than the data from the WIPAD);
  • biometric testing is successful (or not required) the host checks whether or net network authentication is required 860; In 860 if network authentication is not required then access is granted 875; otherwise the remote server is used to authenticate the user's digital certificate 865. On successful network authentication 870 the user is granted access 875 otherwise the user is denied access 890.
  • Some host devices may permit the use of a login packet 880.
  • a login packet can contain settings and operations to be carried out, in which case the host processes any login packet 885.
  • a login packet is a set of preferences, licences and instructions to be set by run by the host device.
  • FIG. 9 shows a schematic network configuration for full authentication of a user.
  • the WIPAD 100 is connected to a counterpart host 902; wherein said host could be a computer, transaction terminal or access control point; wherein 902 requests the digital certificate from the WIPAD; one or more biometric devices of 901 read biometric information from the user 904.
  • the device 902 uses the authentication server 903 to verify the digital certificate of the WIPAD and cross- checks the reference biometric data against the current biometric readings. The user is accepted as genuine if all said verification processes are successful.
  • An import aspect of the WIPAD is the implementation of shared access to resources on the basis of licences and the ability of an original owner to create licences & grant different kinds of access to other WIPAD owners.
  • a WIPAD can be connected to a computer whose OS and applications are loaded from CDROM/DVD/USB-memory-stick. This provides users with an additional level of security and flexibility. It means that systems normally running older or insecure operating systems can still be used securely by booting and running a secure operating system directly from said means. The user will not be affected by viruses, Trojans and malware residing on the computer's hard-disk. Further the user's preferences and data can be read and written to and from the WIPAD. When more memory storage is required the WIPAD can be linked to a PDA or the like and large data files can be stored and retrieved from the PDA.
  • the invention can be used to obtain a secure authenticated session between the user's computer and a remote service.
  • the authentication servers provide trusted third party cross checking of the authenticity of the user and the remote service. All parties communicate over a network/Internet.
  • the user uses the keyboard and mouse or voice-control and the user's WIPAD is connected to the local host by one of the methods described in the embodiment. Authentication is only achieved when both parties have been successfully cross-checked against trusted authentication servers.
  • the WIPAD can protect such devices from unauthorised use by means of USB or other connection and passing the owner's digital certificate to the device.
  • a simple counterpart receptor module can be fitted to devices, vending machines, payment terminals and access control points for the purpose of authentication by brief physical contact using the counterpart receptor to power up the WIPAD and short-range optical communication by means of IrDA.
  • the WIPAD can be connected to a personal device and communicate by IrDA or radio with another device or system. This would be the preferred and more hygienic method of achieving interaction with a nearby device, vending machines, payment terminals and access control point.
  • the WIPAD can be used along with a phone enabled personal device (PED) by means of a USB connection for interactive authenticated sessions with a remote service.
  • PED personal device
  • said PED is providing a secure channel to a remote host and menus/choices are made using said PED.
  • the WIPAD has an application module for downloading, managing, creating and transmitting licences.
  • WIPADs have a basic internal protocol for defining and understanding Digital Access Control based on ODRML.
  • the WIPAD can work with other protocols provided that there is a way to link a specific licence to a specific media entity.
  • the WIPAD does this by associating a unique ID with a specific device or a specific media entity.
  • Any third party licence can be embedded in an EDAS packet, which ties two entities together by unique IDs.
  • an EDAS packet is just an envelope for securely packaging any kind of data, it could also contain a set of licences.
  • the envelope is not concerned with the contents but the WIPAD needs sufficient information to locate and link licences to media.
  • the WIPAD distinguishes between device and media licences.
  • the WIPAD maintains a simple database of licences and the location of an entity under licence. It might also need to know where a device or media is. However, media can usually be used anywhere but only in one place at a time, whereas a device is unique and has a unique ID.
  • the WIPAD has a simple internal database for managing and keeping track of these associations.
  • the WIPAD DRM is compatible with devices containing the open standard TCG chip.
  • An IR-transceiver is fitted into the base of the WIPAD so that a person can be authenticated quickly and conveniently, either without physical contact (if the device is already powered by a PED) or by pressing the IR port part of the
  • a suitably designed biometric palm or fingerprint-checking device can authenticate the user both electronically & biometrically at the same time.
  • the WIPAD is also able to receive power through the segmented metal of the lower part of the WIPAD in such a way to make one negative and one positive electrode.
  • This is a convenient way to operate ticket or other types of vending machines and automatically pay fares on rapid transit systems.
  • the wearer would place their WIPAD- against the vending device to initiate a session, then make a selection, then confirm the selection/purchase by second press of the WIPAD against the machine.
  • a person gets on a bus or train their starting point is recorded by a press of the WIPAD, and when they get off/leave the station it completes the transaction by another press of the WIPAD.
  • This would work even more conveniently when the WIPAD is powered by a PED, which has a short-range radio interface. This would work without a person having to make any physical contact. It would be a fast and convenient way of passing through one or more access control points.
  • the WIPAD is not directly involved with content filtering, however the age-range of an authenticated user can be used by the browser, firewall or an ISP or authenticated server to filter-out pages and domains which are not suitable for children. Systems can be configured to ignore URLs to domains, which do not have a valid certificate.
  • the WIPAD device has a multiple serial ports and requires power from the another device or battery. It can be used to limit access to WIPAD enabled personal electronic devices or authenticate the identity of the owner and a local or remote service. Full authentication occurs when both parties cross-reference with a certified authentication server. Only partial authentication is possible if there is no network path to an authentication server. Most WIPAD enabled personal belongings, do not require authentication against an authentication server, however, some high value items might have GPS & network connectivity.
  • the WIPAD can keep track of multiple sessions and session keys because it can have overlapping authenticated sessions with different systems or devices. This also means the user has a single sign on and common identity to multiple servers. It creates the possibility of a 3 or 4 way interdependent transaction. That is the user might wish to book a train ticket only if he is able buy a ticket to a concert and vice versa if he can't get a train ticket then there is no point in buying a ticket to the concert. The transaction only completes if both services are able to provide the desired service. There is an additional opportunity to role back the multi-party-transaction if either provider is unable to provide goods offered.
  • WIPAD users can reject all communication from non-authenticated sources.
  • suitable telephones which are WIPAD compatible, can have automatically authenticated connections.
  • Subordinate access control It is often necessary to share access to devices and machines with others, therefore it is important to be able to manage the process of giving access to others.
  • the WIPAD has a feature of allowing an owner to register other users to have access (either directly or indirectly).
  • the owner is a master licence administrator (MLA) has to be able to control one or more groups of licensees and one or more entities to be sub-licensed.
  • the Administrator's WIPAD therefore has a mini-database to keep track of people, licence groups and equipment to be licensed and the licence. In the home there might be a single group or an adult-group and child-group.
  • a desktop computer or PED can be used to administrate these groups and licenses.
  • the invention includes methods of creating and distributing secure EDAS packets, which can be copied and transmitted to devices and WIPADs.
  • the transmitted packet has a digital signature so that the receiving device can validate it. Corrupted packets are automatically deleted.
  • the MLA can encrypt part of a sub-licence with the target's PK so that only the target device can decrypt (with it's secret key) the licence attributes.
  • Each licence EDAS contains a time stamp so that access rights can be easily updated by throwing away older EDAS licences.
  • Access privileges can be combined in a logical hierarchically manner to reflect that some organisations need sophisticated control of resources which could include variations based on-peak and off-peak or out-of-hours or number of people sharing a resource.
  • An owner can give equal rights to another entity, they also become a Master Licence Administrator.
  • Copies of licences can be stored in multiple locations as a normal precaution against a single point of failure.
  • Direct subordinate licensing In this scenario the MLA approaches the equipment to be sub-licensed, (power-on/start initiates authentication of the MLA) the MLA then selects (by means of a button or menu) 'add licensee(s)', if the subordinate is in range or when they connect to the target by means of a USB port or receptor the device will register them as a subordinate.
  • Indirect subordinate licensing In this scenario a person uses a computer or PED to create the digitally signed licence tokens (DSLT). Copies of these can be stored in multiple locations including the remote authentication servers. DSLTs can be carried in WIPADs to the target device or sent over a network.
  • Double indirect subordinate licensing As a licensee cannot change or create a licence it is quite safe for a third party to carry a DSLT to the target.
  • the target will first request authentication, which will reveal that the subordinate is not registered to use the device.
  • the target will then return a message meaning "authentication failed because you are not licensed, please provide a DSLT”.
  • the WIPAD can then lookup the correct DSLT for the target from the targets public key or UID and send the third party licence to the target.
  • Age related access WIPADs can be available for children who require unsupervised but restricted access to television, video and Internet.
  • the host device will block material, which comes from an unknown source, is not age rated, or is rated as not suitable for their age. This content classification can be achieved quite easily with XML.
  • WIPAD relationships It is useful in a number of situations to be able define relationships between WIPAD owners, such as spouse, child, grandparent, friend, guest, colleague, boss, subordinate. This could help in simplifying providing access rights or license privileges to others, by having a set of defaults for each group. This is a feature to simplify the setting up of access rights of others to a new device or equipment.
  • the WIPAD can assist in authenticated remote control by means of sessions.
  • the user can begin a session by bringing the WIPAD's IR interface close to the device to be controlled and pressing a button on the device
  • the remote control can be brought near device and given a temporary session key, or the remote control can be activated by the WIPAD by close proximity IR to IR communication.
  • a WIPAD is connected to a personal device with bluetooth or longer range IR interfaces.
  • the user could select the devices, which he wants to control and let the sessions be opened by his personal device with authentication provided by the WIPAD. Thereafter it would be possible to use simple voice commands to the PDA, which translates them and sends them to the appropriate device.
  • control is tied to a single individual. This is important for devices, which are controlled over networks. Sessions can be ended by use of power-off/stand-by commands.
  • Remote menu selection When a PED is connected to a WIPAD it will be possible to download information and menus from a WIPAD enabled device, to a screen on the PED and for the owner to make selections on the PED and send them back via WIPAD to the host device. This would be useful in a number ways: remote controlling home entertainment systems, central heating/air conditioning, buying a ticket /planning a journey, even if all the normal terminals are in use, without physical contact with the host. Many PEDs already have short-range wireless and telephony capability, therefore, it is likely PEDs will be used to control everyday devices. The WIPAD therefore permits this to be done only by authenticated individuals with appropriate access rights.
  • Disabled Access The above can be extended for people with disabilities by including voice-to-text and text-to-speech facilities. These means partially sighted persons could safely buy services without relying on another person to operate or explain what is displayed. Downloaded information and options could be spoken and they could give voice commands back to the host via PED.
  • Business Cards Two WIPADs connected to PEDs (or host or hosts) can swap identities/profiles like exchanging business cards (when the owners authorize the exchange). This avoids having to manually put an email address into an address book and both parties can immediately enjoy secure communication including secure VoIP.
  • Tax & business expenses The WIPAD can store transactions, which later on can be uploaded to accounting applications, which keeps track of a person's transactions. With the help of unique transaction numbers tax offices can cross reference expenses directly with the service providers. This would reduce the amount of manual labour in dealing with expenses and cross checking.
  • the WIPAD could be used as proof of identity when paying in shops and supermarkets.
  • Pressure-alert A special feature could be added to a WIPAD comprising a pressure sensor whereby the owner can disable the device by applying maximum thumb pressure to part of the ring for a number of seconds, this could also cause the WIPAD to transmit an alert.
  • Skin-conductivity/temperatu re-alert A special feature could be added where by the WIPAD monitors the electrical conductivity and/or temperature of the finger. It would be useful where a person is in charge of something, which might be hijacked by criminals or terrorists. A sudden change in skin conductivity (due to fear or strong emotion) would send an alert to a monitoring station. Similarly, an unexpected change in skin temperature could also trigger an alert.
  • Chip-Packaging which is required to put more and more functionality and memory into smaller spaces. Communication is provided by USB/FireWire and IrDA ports or other interfaces. In this manner the WIPAD is able to communicate with a wide range of devices as USB & IrDA ports are commonly available and will remain so for the foreseeable future. Additional security is provided by remote authentication servers, which validate the WIPAD's electronic signature.
  • this invention can be used to complement existing weaker methods of identification to prevent fraud and identity theft.
  • This invention also makes it possible to differentiate genuine e-mail from spam, fake and spoofed emails by configuring email client applications and/or network servers to ignore anonymous email.

Abstract

An electronic device packaged into a small wearable device (100) containing methods, algorithms, software and hardware & interfaces for the purpose of secure encrypted communication and authentication to personal devices, computers and remote systems (902), combined with biometric information (901) for additional security and verification of the user (904). The device (100) prevents the unauthorised use of personal devices and computers (902). It provides mechanisms to receive, manage and distribute licenses for the purpose of access control to music, video, software and data. It facilitates filtering out unsolicited communication by ignoring unauthenticated sources of mail and messages and by providing traceability of authenticated persons using computers & networks for illegal purposes or infringement of terms of conditions of service providers.

Description

AN ELECTRONIC DEVICE TO SECURE AUTHENTICATION TO THE OWNER AND METHODS OF IMPLEMENTING A GLOBAL SYSTEM FOR HIGHLY SECURED AUTHENTICATION.
FIELD OF INVENTION
The present invention relates to a device, system and method for authentication and more particularly to a wearable device and method for providing secure authentication, secure communication, and verification of a user.
BACKGROUND OF THE INVENTION
There are currently many approaches to the problem of authenticating a person's identity. Current methods include user names, passwords, pin numbers, bank cards, smart cards, USB port cards, finger prints, iris prints and so on. However, none of these methods is suitable for all situations and they all have problems or limitations.
Therefore there is a need for a rationalised and robust single method of authentication in all situations, which is not limited to a particular context, or impractical because of the need for additional special equipment at the point of authentication, which could be anywhere in the world. Not only should this innovation provide authentication to a local or remote service, but it should also protect personal belongings such as cell-phones, PDAs, computers, vehicles, buildings, software, files, email and media etc. Further to this, the same method should enable vendors of music video & software to sell and licence products, services & media to customers, which is satisfactory to the vendor without creating unduly harsh restrictions on customers. Therefore the invention must include flexibility in its ability to manage licences and to be able to sub-licence others within the context of fare-use. Finally the device must be difficult to steal, loose or forget and when it does happen, embedded information including biometric data should make it hard for a thief to misuse the device. Finally, such a device will be the electronic equivalent of a passport.
Many systems in common use are not true methods of authentication. For example, keys, user names, passwords, swipe cards, smart cards and pin numbers are not physically linked to an individual, although in some cases a swipe or smart card might be combined with biometric information. The first real authentication systems relied on signatures and fingerprints. Although these can be forged, fabricated, scanned and transmitted, they are based on true physical parameters linked to an individual. A search of various patent databases and online publications revealed that one patent application published in 1976 is concerned with a finger-ring authentication device.
Patent No. WO 97/32284 SECURITY IDENTIFICATION AND INFORMATION SYSTEM This invention is a Radio Frequency Chip Transponder fitted into a wearable finger-ring. It is a simple technology which just transmits an identification number back to the RFID reader. The RFID method of encryption was cracked some time ago.
Sun Microsystems introduced another simple authentication device packaged in a finger-ring, however, the technology is based on the smart card chips and uses an interface which is not commonly available. It is more sophisticated than an RFID tag. It has the capability of providing a unique number along with a small amount of other data. However, smart card chips are very limited in what they can do and store, it is therefore not comparable with the current invention.
US patent 2003/0046228 was filed in August 2001 entitled User Wearable
Functional Jewellery with Biometrics & Smart card To Remotely Sign and/or Authenticate to E-services, also known as authentiswatch. This invention is essentially an extension of Sun Microsystems idea as it integrates the smartcard chip into a personal device with bluetooth and/or infra-red interfaces along with some biometric data.
SUMMARY OF THE INVENTION
The object of the present invention is to provide a system and methods of a single universal means of authentication, which can be considered to be of several parts, first being an electronic signature by means of hashing algorithms, secondly the ability to encrypt and decrypt channels of communication by means of asymmetric cryptography, thirdly, authentication by a remote trusted authentication server and finally, one or more biometric cross-checks to verify the wearer as the genuine owner of the device of invention called as WIPAD (Wearable Identity Protection & Authentication Device).
The word WIPAD is herein defined to mean that part of the invention worn by a user and more specifically defined as a wearable electronic identity protection and authentication device. The device comprises a hermatically sealed housing having a protrusion with electrical contacts and means for providing a . communication channel between said electronic device and a receptor of any host device for accomplishing the process of authentication. The device further comprises atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port for interfacing with atleast one host and supplying power to said electronic device. A multi-chip-package is provided which comprises plurality of sub-components electrically connected to each other and said ports; wherein said multi-chip-package includes; an encryption logic chip having hard-coded algorithms for encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets-of- information (EDAS packets), generating Digital Right Management (DRM) licenses. Further, the encryption logic chip includes a control module for determining appropriate encrypting and hashing algorithms, a DRM license processor for generating and processing Digital Rights Management (DRM) licenses, creating at least one subordinate license being distributed to other electronic devices for allowing limited access to devices or media, an EDAS processor for receiving and converting said licenses into EDAS packet and rapid assembling / disassembling and verification of said EDAS packets, a group messaging sub system having a buffer, a group secret key and a group public key for generating group message packets that can be encrypted or decrypted in real time for communicating a data or message securely to a group of people and a self-verified authorised secure fund transfer mechanism (YTRAXS) having a
YTRAXS assembler for collecting, compressing and signing the required fields and a YTRAXS verifier for checking the digital signature, decompressing and checking the validity of certain fields against specified criteria thereby processing business-to-business and/or business-to-consumer and/or person-to-person digitally signed electronic transaction slips. The device also supports a key generator in the encrypted logic chip for generating encryption keys including a special secret key, a second dummy secret key , and a pseudo key. A tamper detection module for detecting any tampering is provided for raising an anti- tamper signal for protecting the special secret key by allowing the second dummy secret key to overwrite the special secret key thereby preventing the use of said special secret key and said electronic device for further authentication process, the housing of the electronic device may be in the form of a finger ring or a wristwatch or a pendant or a broach or the like.
The multi-chip-package of said electronic device further includes a memory module for storing private data of a user and storing program codes, for controlling main operations of said electronic device. Said multi-chip-package also includes a communication module for sending and receiving data to and from the interfaces and the memory module. Further, the multi-chip-package includes a processor communicating with said memory and other modules by means of a shared bus thereby controlling the activities of said encryption logic chip tamper detection module and the communication module. A black box is also provided for storing an encrypted copy of user's profile and history of the most recent transactions and activities. A real time clock for correct functioning of said electronic device, a battery for keeping said real time clock ON and a photovoltaic cell for charging said battery is also included in said multi-chip- package. For controlling and prioritizing several sources of external power supplied to said electronic device, the multi-chip-package also includes a power control module and plurality of sensor circuits for sensing a number of inputs like temperature, electrical probing, penetration of the sealed housing, pressure or the like due to any tampering.
Another embodiment of the present invention includes an authentication system comprising a communication network, a remote service terminal coupled to the network, atleast one authenticating server communicating with said remote service terminal via the network for cross checking the authenticity of said remote service terminal and a user, atleast one host coupled to the network and the user-wearable electronic device (WIPAD) for authentication being capable of interfacing with said host. The electronic device used in said authentication system is capable of being used with a phone enabled device and a biomedical sensor (BMS) in a configuration, for sending an alert signal upon detecting any abnormal condition such as a serious medical condition of any user. The electronic device is also capable of being used with a device/ gadget/ system having in built Digital Rights Management Module; said electronic device being capable of storing and managing licenses for authorizing a person to access to the features and functions of the device/gadget/system. The authentication system also supports the electronic device for creating a bank transfer authorization via self-verified authorized secure fund transfer mechanism (YTRAXS) sent to the recipient for scanning with a bar-code reader and automatically uploading to the banking transaction system for checking against the originators bank transaction system thereby commencing a transfer if the transaction is valid. Further, the authentication system enables the electronic device to get connected to a host device used by an authenticated user for creating a group message to be sent via a server, to the members' servers, for verifying the messages, further passing the messages to the host devices of the members. Furthermore, the authentication system also enables plurality of electronic devices connected to host devices of member to receive, verify and decrypt the message, with the groups shared secret key thereby sending the decrypted message back to the host device.
Another embodiment of the present invention discloses a method for authentication comprising the steps of: establishing a wireless or electrical communication channel between a user-wearable electronic device and a receptor of any host device via atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port of said electronic device for checking if a user of said electronic device has any rights to access any functions or media or data of said host device;encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets- of-information (EDAS packets), generating Digital Right Management (DRM) licenses by using hard-coded algorithms; sending a user's digital certificate to said host device; sending user's biometric data to said host device; verifying the biometric data of said user;using network security protocols for authenticating said user's digital certificate upon said host device being connected to a suitable network; transmitting and logging the result of authentication to user- authentication management modules of all the devices which were a party to the authentication process via a remote trusted authentication server; verifying of the user as an authenticated user; generating encryption keys such as a special secret key, a second dummy secret key , and a pseudo key; detecting any tampering by a tamper detection module and raising an anti-tamper signal for protecting said special secret key by allowing the second dummy secret key to overwrite the special secret key thereby preventing the use of said secret key or electronic device for further authentication process.
The method for authentication is disclosed in the present invention for enabling an authenticated user to create and administrate a secure group key set. The group keys are distributed among selected persons and entities and the persons and entities are invited to be a member of a group. Thereafter the persons and entities are allowed to accept or decline to be a member of said group and an administrator of the group is allowed to optionally remove said persons and entities from the group at a later time. Further, transmitting of encrypted and digitally signed messages and data to other group members using the appropriate group key is accomplished and, group messages and data from any other person or entity having a copy of the group keys is received. An authenticated user is therefore capable of; receiving, creating, administrating and transmitting DRM licenses for permitting or denying the person or other entities various rights of access to other devices, functions, applications or contents. Further, the authenticated user is capable of enabling a creator and owner of a group to retain control of the group, whereby the owner of a group gives license to the group members to be part of said group and enables the owner of a group to create and transmit new licenses which override the existing licenses, thereby changing the status and privileges of one or more group members, which could even extend to revocation or replacement of the group keys. Further the authenticated user is capable of generating atleast one copy of a printed electronic bank transfer authorizations with unique transaction numbers and bar codes including a digital signature (YTRAXS), which can later be scanned using a bar code reader by the recipient's authenticated operator and subsequently credited to the recipient's account through electronic fund clearing with no requirement for the printed transaction slips to be processed through the bank's cheque clearing system.
BRIEF DESCRIPTION OF DRAWINGS
Figure 1 is an overview of internal parts of the invention (WIPAD - Wearable
Identity Protection & Authentication Device).
Figure 2 shows the protruding part of the WIPAD sitting in an electro-optical receptor.
Figure 3 shows the main components of the WIPAD.
Figure 4 shows the main components of the encryption logic module.
Figure 5 shows the concept of an EDAS digital envelop.
Figure 6 shows the main parts of an EDAS digital envelop.
Figure 7 is one possible layout of a printable WIPAD Transaction Slip (YTRAXS).
Figure 8 is a flowchart of an authentication session between a WIPAD and another device.
Figure 9 shows a WIPAD and counterpart device in a configuration to provide full authentication.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
In the following description, specific details are set forth in order to provide an understanding of the invention.
Referring to figure 1 , an overview of internal parts of the invention 100 (WIPAD - Wearable Identity Protection & Authentication Device) is shown. A photovoltaic cell 107 helps keep a battery 108 charged, which in turn keeps a real time clock 316 in the custom computer chip 109 alive when no external power is applied to the device. The custom computer chip 109 can receive power through any of interfaces including USB1 105, USB2 106 and contacts 103 and 104.
The lower part of the WIPAD 100 sitting in an electro-optical receptor 201 is shown in Figure 2 where the receptor 201 can be incorporated into everyday devices, vending & ticket machines, access control points, shop payment terminals and biometric reading devices. The lower part of the WIPAD 100 has electrodes 103 and 104, which make contact with receptor electrodes 203 & 204, which provide power to the WIPAD 100. An opto-transceiver 102 in the WIPAD
100 is in close proximity to an opto-transceiver 202 in the receptor 201 , which provides a communication channel between the WIPAD 100 and the other device. The base of WIPAD 100 and receptor could also have ridges and groves to facilitate a better or a more a permanent connection, which has a clip-on type of action.
As per the present invention, Figure 3 illustrates the heart of the WIPAD 100, which consists of a Custom Computer Chip 109 for integrating ' multiple subcomponents. The main operations of the device are controlled by program code in the WORM (Write Once Read Many) memory 306. Volatile memory 307 provides workspace for a controller 314, Encryption Logic module 303,
Communication control module 310. Although, Bluetooth, Telephony, and GPS and other functionality could be integrated into the Custom Computer Chip, this goes against the design philosophy of the invention, which is (a) to provide the highest possible security and (b) to ensure that the device is reliable for its required lifetime. Since the said additional functionality is commonly integrated into other mobile devices and since the invention is intended to be temporarily or permanently connected to other personal devices, there is no benefit in integrating additional functionality into the WIPAD 100, which can be better incorporated into a complementary device. An additional problem with introducing additional modules into the WIPAD 100 is that it devalues the security of the device, since said extra modules may have security flaws, which could be exploited and these extra modules once embedded in the hermetically sealed WIPAD 100 can never be upgraded, whereas the said personal device can be serviced and have its chips or program code updated.
The present invention provides security functions and features isolated in a separate tamper resistant smaller device and communicates with and secures external devices. The present invention is built on top of computer network technology and not smart-chip technology.
Tamper detection module 301 can be triggered by any one of a number of inputs like temperature going outside certain limits, or electrical probing, or failure of diagnostic self tests, penetration of the hermetically sealed case, a pressure transducer reporting out of range pressure reading. The secret key 419 must be protected at all cost; therefore when tampering is detected a second random number 415 is used to overwrite the secret key, which prevents the WIPAD from being used for authentication. All the private data in the persistent memory 308 is already encrypted with the WIPAD's Public Key and cannot be deciphered without a supercomputer to break the code. A number of sensors can be added to the current invention to improve detection of removal of the device from a finger or wrist or from the proximity of the owner. This can be configured when a WIPAD is issued according to the requirement of the owner. Removing the device from the person does not amount to tampering, however, WIPAD can be set to require biometric verification as part of the next authentication cycle.
One method of detecting removal of a WIPAD applies to the ring version, whereby said removal is detected when both the photocell 107 and IrDA port 102 are simultaneously covered along with a change in the electrical parameters of surface contacts.
To reactivate the WIPAD 100 the user must use one of several methods to reestablish genuine ownership, which could be biometric, numerical, password or the correct answers to personal questions. The Black-Box 405 contains an encrypted copy of the user's profile and latest transactions and activities, which can be decoded by an authorised entity, which has the corresponding secret key to the Public Key in 413. The secret key 419 corresponding to 413 must be protected from probing and hacking, otherwise the security value of the WIPAD is significantly reduced. This is achieved by storing the secret key in a register, which cannot be read by the processor. The said register is a direct input to the encryption logic module. The encryption logic module can select which key registers to use as inputs to the cryptographic algorithms, but the content of said registers are not readable or transferable outside the cryptographic processor.
The WIPAD has several sources of external power, which must be prioritised.
This is done by the MPC (Master Power Control) module 311. Where USB is just one possible method of interfacing and these could also be FireWire or other kinds of interfaces. However, the invention is to be used with existing commonly available personal computers as well as later versions, therefore there should be at least one USB interface. It should be noted that a complementary personal device could provide additional interfaces and protocols. For the purposes of high security, a cabled or physical interface or very short-range infrared provides better resistance to snooping, cracking and spoofing, interference, than radio.
The Communication Control Module 310 manages the activities and data buffers of the serial interfaces. The Encryption module 303 is instructed by the CPU 314, which algorithms and keys to use and data to process, so that the encryption module is semi-autonomous in processing a block or stream of data. The Communication Control module is also semi-autonomous in sending and receiving data to and from the serial interfaces and memory. The CPU manages the activities of the WIPAD and controls the operations of 301, 303 and 310. The Encryption logic module 303 has several hard-coded algorithms and is optimised for generating and checking digital signatures, for encrypting and decrypting blocks and streams of data and for generating temporary session keys. A real time clock 316 is an essential part for the correct operation of the device, as real time is an important part of cryptographic methods and the device is configured to expire after a specified number of years. The CPU 314 communicates with memory and other modules by means of a shared bus. 303 and 310 also use the bus to read and write to and from memory.
The WIPAD handles data and communications and establishes authentication and secure communication by implementing Internet Standards for secure communication and authentication based on TLS, X.509 and ASN X9.84-2001 Biometric Information Management and Security and Open Digital Rights
Language (ODRML). The WIPAD has to be compatible with current and proposed protocols based on these standards in order to be compatible with current computers as well as newer devices with enhanced security and DRM mechanisms.
Some of these protocols are already integrated into the software infrastructure on personal computers and many devices. It is only necessary for these systems to let the WIPAD take over the client part of the authentication process. In addition to this kind of communication the WIPAD also has a secure packet system for creating, storing and transmitting packets of information. The advantage of EDAS packet system is that they can be transported end-to-end over existing plain text protocols without loss of integrity or confidentiality. Figure 4 shows a schematic diagram of the cryptographic module which implements in hardware algorithms required to create, manage, transmit, receive, verify and disassemble messages and transactions. The control module 406 manages all activities with the encryption module. Buffers 401 , 402, 403 and 404 enable maximum through put of data and processing in a multitasking environment. The cryptographic algorithms to be included in 407 are dependent on a number of factors such as national laws, changes in IETF recommendations and international standards; customer requirements and backwards and forwards compatibility. 408 and 409 show two different hashing algorithms as this is current practice to produce stronger digital signatures. 414 is a random number and key generator. 416 and 417 are register which hold a group public key and a group secret key respectively. 418 permanently holds a black-box key which is used to make a copy an encrypted copy of each transaction, which is subsequently stored in the circular black-box buffer405. The user's public key is permanently stored in a register 413. 411 is a processor optimised for assembling and disassembling EDAS packets. 411 contains buffers, registers and logic which enable rapid access to 601 a header, 602 a message descriptor, 603 an identifier associated with the recipient which could be one of several forms such as an email address, a public key or an alias; wherein said identifier must be resolvable via a lookup process or server to a real identity; wherein said identity is ultimately verified by means of authenticating a digital certificate; 604 an identifier of the creator; wherein the real identity of the creator is determined by resolving the given identity to a digital certificate and authenticating the same. 605 is a digital signature for the said header which ensures tampering with the header information is made very difficult; wherein the status of the header can be returned to the controller, which determines whether or not it is appropriate to process the message body; wherein said message body could be potentially hundreds of megabytes. In this way unwanted EDAS packets can be rejected before the payload is transmitted to the recipient. 606 is the message body or payload of the EDAS packet and may or may not be encrypted. The digital signature 607 of the whole EDAS packet makes it very difficult for another entity to modify any part of said packet and therefore the recipient has a very high confidence that the sender is genuine. 410 the YTRAXS processor has a similar arrangement whereby a YTRAXS packet can be assembled, disassembled and verified rapidly by means of buffers and registers corresponding to 701 a human readable description of the transaction, 702 a bar coded version of the unique transaction identifier, 703 a biometric or physical signature in machine readable form, 704 the date of creation, 705 the recipients postal address, 706 a bar coded postal franking transaction number, 707 a bill or invoice reference number, 708 a digital signature of the transaction details and which can be printed on paper as a bar code.
The DRM processor 412 is an important aspect of authentication and access control process in the context of giving others access to personal or employer devices. Everything created by the user is to some extent their own intellectual property and copyright. The DRM processor manages the relationship between entities in terms of what licence does the recipient of a message or file have with regards to said message or file. An employer owns the I PR of work done by an employee. The DRM module implements aspects of ODRML (Open Digital Rights Management Language) for the purpose of rapidly assembling and parsing DRM licences. The WIPAD licensing system is not limited to content and media as it also concerned with giving shared and group or subordinate access to other personal or an organisation's electronic devices. Where ODRML is insufficient to define the DRM features described herein, extensions can be defined. The WIPAD's DRM and access control features are described in more
' detail later. In Figure 5, Block 500 is a schematic representation of an EDAS packet, which is conceptually similar to a letter ready for posting, hence the term 'Enveloped Data Addressed and Stamped (signed)'. Therefore, a packet has a creator/sender 503 and it is for another entity/recipient 502. 501 is a packet descriptor, which is a guide to the contents without having to decrypt the whole packet. Two stamps are required, the first 504 is used to prove that the packet header is genuine and the second 505 is the digital signature for the whole packet. Therefore, any party can check the integrity of the packet but only the intended recipient can open the packet. Servers can use the descriptor to filter out unwanted or invalid packets. Further, Figure 6 gives a hierarchical diagram of an EDAS packet 600, consisting of header 601 containing a message descriptor 602, the identifier of a target identity 603, and the identifier of the creator 604. A header signature 605, follows the header, then actual data 606 and finally a second digital signature 607.
Figure 7 is one possible layout of a digitally signed pay order. The WIPAD makes it possible to link the creation of a payorder to an individual person who can be held accountable for issuing electronic cheques. Each YTRAXS cheque has a unique date, time and transaction number which is bar-coded 702; a date 704; an optional coded postal instruction; human readable details 701 ; an optional bill identifer; a postal address 705; an optional physical mark or signature 703 and importantly a bar-coded digital signature 708. Creating a YTRAXS cheque opens an 'intention to pay' transaction; wherein said transaction can be tracked by the user's accounting software and the user's bank. Several copies of the said cheque can be printed but because of the unique transaction number and digital signature, all copies refer to a single transaction. The user can keep one or more copies for auditing and tax purposes. One copy is delivered to the recipient. The recipient being an authorised and authenticated individual can present the YTRAXS cheque to a corresponding bar-code reader or type in the transaction ID, which verifies the YTRAXS transaction and sends a banking instruction to the sender's bank to complete the transaction. The YTRAXS cheque can be filed for reference. The YTRAXs cheque need not be sent to the banks cheque clearing system unless there is a dispute or reason to investigate the transaction. The cheque issuer can add further security features like printing onto special security paper and requiring one or more biometric checks of the authorised operative and/or special marks on the cheque paper.
Commissioning & issuing a WIPAD to a user :
When the device is manufactured it has a certain amount of code and data programmed into it. When the device is powered up it detects that it is not yet issued and enters a basic diagnostic mode. The manufacturer may program data about the identity of legal deployment centres, which will prevent organised criminals from setting up illegal deployment centres. When a customer requires a WIPAD they will take their personal details to a deployment centre and have them checked and also all their biometric details taken and recorded. A blank
WIPAD is connected to the programming station. On power-up it enters diagnostic mode. The programming station runs a set of diagnostics to check that the device is working properly, then it instructs the WIPAD to enter issuing mode, where upon the important personal data is burned into the WIPAD. The WIPAD is ready for use and thoroughly tested. If the WIPAD passes all the tests, then the results are transmitted to the owners nominated home authentication servers. Now the owner is able to start using the device as described in the discussions of features and functions of the device.
An issued WIPAD can be instructed to enter a post-issued diagnostic mode in order to check that the device is still working properly. An entity having access to the black-box secret key can upload the encrypted contents of the black-box to an authorised black-box host. However, for WIPADs to be a useful security device the black-box secret must be in a highly protected hardware environment, wherein access to data retrieved from black-boxes is revealed on a need to know basis and only to authenticated individuals and such access is logged and audited by other authorised and authenticated individuals.
The WIPAD must be powered-up in order to be used. Therefore, the first step in using the WIPAD is connecting to one of its interfaces. Figure 8 shows a sequence of steps involved in going from unauthenticated to partially authenticated, then to fully authenticated.
First the WIPAD is connected to a host device 810. In 815 the host device asks the WIPAD to send it's digital certificate to the host. This tells the host who is trying to use the host. In 820 the device checks whether or not authentication is required and if not the host grants access 875. In 825 the host checks that the WIPAD is generally valid using public-private key cryptography and an authorised user. In 830 if the user is not known to the host then the host requests a access licence (created by one authorised to create such a licence) 835, if no such licence is provided then authentication fails 840 and the user is denied access 890. However, if 830 or 840 is successful the host checks whether or not biometric authentication is required 845. In 850 any biometric processing is carried out. In 855, if a biometric check fails then the user is denied access 890 (note that the pre-network-authentication biometric verification is partial without network authentication because the biometric data on the authentication server has higher priority than the data from the WIPAD); When biometric testing is successful (or not required) the host checks whether or net network authentication is required 860; In 860 if network authentication is not required then access is granted 875; otherwise the remote server is used to authenticate the user's digital certificate 865. On successful network authentication 870 the user is granted access 875 otherwise the user is denied access 890. Some host devices may permit the use of a login packet 880. A login packet can contain settings and operations to be carried out, in which case the host processes any login packet 885. A login packet is a set of preferences, licences and instructions to be set by run by the host device.
Figure 9 shows a schematic network configuration for full authentication of a user. The WIPAD 100 is connected to a counterpart host 902; wherein said host could be a computer, transaction terminal or access control point; wherein 902 requests the digital certificate from the WIPAD; one or more biometric devices of 901 read biometric information from the user 904. The device 902 uses the authentication server 903 to verify the digital certificate of the WIPAD and cross- checks the reference biometric data against the current biometric readings. The user is accepted as genuine if all said verification processes are successful.
Merchants and banks can upgrade their servers to work with strong WIPAD based authentication. When this happens more users will have confidence in Internet based transactions. Moving away from a password-based login to a hardware-based login simplifies the user's use of online services and reduces the likelihood of identity theft. A user can even use public terminals in the surety that after he leaves the terminal it is not possible for a snoop to capture any passwords or encryption keys.
An import aspect of the WIPAD is the implementation of shared access to resources on the basis of licences and the ability of an original owner to create licences & grant different kinds of access to other WIPAD owners.
A WIPAD can be connected to a computer whose OS and applications are loaded from CDROM/DVD/USB-memory-stick. This provides users with an additional level of security and flexibility. It means that systems normally running older or insecure operating systems can still be used securely by booting and running a secure operating system directly from said means. The user will not be affected by viruses, Trojans and malware residing on the computer's hard-disk. Further the user's preferences and data can be read and written to and from the WIPAD. When more memory storage is required the WIPAD can be linked to a PDA or the like and large data files can be stored and retrieved from the PDA.
The invention can be used to obtain a secure authenticated session between the user's computer and a remote service. The authentication servers provide trusted third party cross checking of the authenticity of the user and the remote service. All parties communicate over a network/Internet. The user uses the keyboard and mouse or voice-control and the user's WIPAD is connected to the local host by one of the methods described in the embodiment. Authentication is only achieved when both parties have been successfully cross-checked against trusted authentication servers.
Manufacturers are starting to put an embedded security chip in new devices such as computers, cell-phones, PDAs and the like. The WIPAD can protect such devices from unauthorised use by means of USB or other connection and passing the owner's digital certificate to the device.
A simple counterpart receptor module can be fitted to devices, vending machines, payment terminals and access control points for the purpose of authentication by brief physical contact using the counterpart receptor to power up the WIPAD and short-range optical communication by means of IrDA.
The WIPAD can be connected to a personal device and communicate by IrDA or radio with another device or system. This would be the preferred and more hygienic method of achieving interaction with a nearby device, vending machines, payment terminals and access control point.
The WIPAD can be used along with a phone enabled personal device (PED) by means of a USB connection for interactive authenticated sessions with a remote service. In this situation said PED is providing a secure channel to a remote host and menus/choices are made using said PED.
How WIPAD based Digital Rights Management works:
The WIPAD has an application module for downloading, managing, creating and transmitting licences. WIPADs have a basic internal protocol for defining and understanding Digital Access Control based on ODRML. However, the WIPAD can work with other protocols provided that there is a way to link a specific licence to a specific media entity. The WIPAD does this by associating a unique ID with a specific device or a specific media entity. Any third party licence can be embedded in an EDAS packet, which ties two entities together by unique IDs.
Since an EDAS packet is just an envelope for securely packaging any kind of data, it could also contain a set of licences. The envelope is not concerned with the contents but the WIPAD needs sufficient information to locate and link licences to media. The WIPAD distinguishes between device and media licences. The WIPAD maintains a simple database of licences and the location of an entity under licence. It might also need to know where a device or media is. However, media can usually be used anywhere but only in one place at a time, whereas a device is unique and has a unique ID. The WIPAD has a simple internal database for managing and keeping track of these associations.
The WIPAD DRM is compatible with devices containing the open standard TCG chip.
Features of the invention:
An IR-transceiver is fitted into the base of the WIPAD so that a person can be authenticated quickly and conveniently, either without physical contact (if the device is already powered by a PED) or by pressing the IR port part of the
WIPAD against a receptor, which provides power to the ring and communicates through the IrDA port. A suitably designed biometric palm or fingerprint-checking device can authenticate the user both electronically & biometrically at the same time.
The WIPAD is also able to receive power through the segmented metal of the lower part of the WIPAD in such a way to make one negative and one positive electrode. This is a convenient way to operate ticket or other types of vending machines and automatically pay fares on rapid transit systems. The wearer would place their WIPAD- against the vending device to initiate a session, then make a selection, then confirm the selection/purchase by second press of the WIPAD against the machine. When a person gets on a bus or train their starting point is recorded by a press of the WIPAD, and when they get off/leave the station it completes the transaction by another press of the WIPAD. This would work even more conveniently when the WIPAD is powered by a PED, which has a short-range radio interface. This would work without a person having to make any physical contact. It would be a fast and convenient way of passing through one or more access control points.
Authenticated web sites and content filtering:
The WIPAD is not directly involved with content filtering, however the age-range of an authenticated user can be used by the browser, firewall or an ISP or authenticated server to filter-out pages and domains which are not suitable for children. Systems can be configured to ignore URLs to domains, which do not have a valid certificate.
Authenticated Sessions: The WIPAD device has a multiple serial ports and requires power from the another device or battery. It can be used to limit access to WIPAD enabled personal electronic devices or authenticate the identity of the owner and a local or remote service. Full authentication occurs when both parties cross-reference with a certified authentication server. Only partial authentication is possible if there is no network path to an authentication server. Most WIPAD enabled personal belongings, do not require authentication against an authentication server, however, some high value items might have GPS & network connectivity.
Multiple Authenticated Sessions: The WIPAD can keep track of multiple sessions and session keys because it can have overlapping authenticated sessions with different systems or devices. This also means the user has a single sign on and common identity to multiple servers. It creates the possibility of a 3 or 4 way interdependent transaction. That is the user might wish to book a train ticket only if he is able buy a ticket to a concert and vice versa if he can't get a train ticket then there is no point in buying a ticket to the concert. The transaction only completes if both services are able to provide the desired service. There is an additional opportunity to role back the multi-party-transaction if either provider is unable to provide goods offered.
Freedom from unsolicited email: WIPAD users can reject all communication from non-authenticated sources.
Identity Authenticated Telephone Conversations and services : suitable telephones, which are WIPAD compatible, can have automatically authenticated connections.
A bi-directionally authenticated VoIP session : Protocols already exist to provide secure voice over IP, therefore systems that use WIPADs for authentication will not require any additional changes.for VoIP.
Subordinate access control : It is often necessary to share access to devices and machines with others, therefore it is important to be able to manage the process of giving access to others. The WIPAD has a feature of allowing an owner to register other users to have access (either directly or indirectly). The owner is a master licence administrator (MLA) has to be able to control one or more groups of licensees and one or more entities to be sub-licensed. The Administrator's WIPAD therefore has a mini-database to keep track of people, licence groups and equipment to be licensed and the licence. In the home there might be a single group or an adult-group and child-group. A desktop computer or PED can be used to administrate these groups and licenses. The invention includes methods of creating and distributing secure EDAS packets, which can be copied and transmitted to devices and WIPADs. The transmitted packet has a digital signature so that the receiving device can validate it. Corrupted packets are automatically deleted. Also the MLA can encrypt part of a sub-licence with the target's PK so that only the target device can decrypt (with it's secret key) the licence attributes. Each licence EDAS contains a time stamp so that access rights can be easily updated by throwing away older EDAS licences.
Access privileges can be combined in a logical hierarchically manner to reflect that some organisations need sophisticated control of resources which could include variations based on-peak and off-peak or out-of-hours or number of people sharing a resource.
An owner can give equal rights to another entity, they also become a Master Licence Administrator.
Copies of licences can be stored in multiple locations as a normal precaution against a single point of failure.
Direct subordinate licensing : In this scenario the MLA approaches the equipment to be sub-licensed, (power-on/start initiates authentication of the MLA) the MLA then selects (by means of a button or menu) 'add licensee(s)', if the subordinate is in range or when they connect to the target by means of a USB port or receptor the device will register them as a subordinate. Indirect subordinate licensing : In this scenario a person uses a computer or PED to create the digitally signed licence tokens (DSLT). Copies of these can be stored in multiple locations including the remote authentication servers. DSLTs can be carried in WIPADs to the target device or sent over a network.
Double indirect subordinate licensing : As a licensee cannot change or create a licence it is quite safe for a third party to carry a DSLT to the target. The target will first request authentication, which will reveal that the subordinate is not registered to use the device. The target will then return a message meaning "authentication failed because you are not licensed, please provide a DSLT". The WIPAD can then lookup the correct DSLT for the target from the targets public key or UID and send the third party licence to the target.
Age related access : WIPADs can be available for children who require unsupervised but restricted access to television, video and Internet. The host device will block material, which comes from an unknown source, is not age rated, or is rated as not suitable for their age. This content classification can be achieved quite easily with XML.
WIPAD relationships : It is useful in a number of situations to be able define relationships between WIPAD owners, such as spouse, child, grandparent, friend, guest, colleague, boss, subordinate. This could help in simplifying providing access rights or license privileges to others, by having a set of defaults for each group. This is a feature to simplify the setting up of access rights of others to a new device or equipment.
Remote controls : The WIPAD can assist in authenticated remote control by means of sessions. The user can begin a session by bringing the WIPAD's IR interface close to the device to be controlled and pressing a button on the device
(e.g. Power -on, Start, Play), then the remote control can be brought near device and given a temporary session key, or the remote control can be activated by the WIPAD by close proximity IR to IR communication.
Another form of remote control is possible when a WIPAD is connected to a personal device with bluetooth or longer range IR interfaces. In this case the user could select the devices, which he wants to control and let the sessions be opened by his personal device with authentication provided by the WIPAD. Thereafter it would be possible to use simple voice commands to the PDA, which translates them and sends them to the appropriate device. In this case control is tied to a single individual. This is important for devices, which are controlled over networks. Sessions can be ended by use of power-off/stand-by commands.
Additional Functions and Features of the invention
Remote menu selection : When a PED is connected to a WIPAD it will be possible to download information and menus from a WIPAD enabled device, to a screen on the PED and for the owner to make selections on the PED and send them back via WIPAD to the host device. This would be useful in a number ways: remote controlling home entertainment systems, central heating/air conditioning, buying a ticket /planning a journey, even if all the normal terminals are in use, without physical contact with the host. Many PEDs already have short-range wireless and telephony capability, therefore, it is likely PEDs will be used to control everyday devices. The WIPAD therefore permits this to be done only by authenticated individuals with appropriate access rights.
Disabled Access : The above can be extended for people with disabilities by including voice-to-text and text-to-speech facilities. These means partially sighted persons could safely buy services without relying on another person to operate or explain what is displayed. Downloaded information and options could be spoken and they could give voice commands back to the host via PED. Business Cards : Two WIPADs connected to PEDs (or host or hosts) can swap identities/profiles like exchanging business cards (when the owners authorize the exchange). This avoids having to manually put an email address into an address book and both parties can immediately enjoy secure communication including secure VoIP.
Tax & business expenses : The WIPAD can store transactions, which later on can be uploaded to accounting applications, which keeps track of a person's transactions. With the help of unique transaction numbers tax offices can cross reference expenses directly with the service providers. This would reduce the amount of manual labour in dealing with expenses and cross checking.
Shopping : The WIPAD could be used as proof of identity when paying in shops and supermarkets.
Pressure-alert : A special feature could be added to a WIPAD comprising a pressure sensor whereby the owner can disable the device by applying maximum thumb pressure to part of the ring for a number of seconds, this could also cause the WIPAD to transmit an alert.
Skin-conductivity/temperatu re-alert : A special feature could be added where by the WIPAD monitors the electrical conductivity and/or temperature of the finger. It would be useful where a person is in charge of something, which might be hijacked by criminals or terrorists. A sudden change in skin conductivity (due to fear or strong emotion) would send an alert to a monitoring station. Similarly, an unexpected change in skin temperature could also trigger an alert.
All the necessary electronics is packaged into a piece of hermetically sealed wearable jewellery referred to as a WIPAD. Recent advances in packaging of separate chips into a single package make this possible. This is known as Multi-
Chip-Packaging, which is required to put more and more functionality and memory into smaller spaces. Communication is provided by USB/FireWire and IrDA ports or other interfaces. In this manner the WIPAD is able to communicate with a wide range of devices as USB & IrDA ports are commonly available and will remain so for the foreseeable future. Additional security is provided by remote authentication servers, which validate the WIPAD's electronic signature.
It is not necessary to replace existing methods of identification, instead this invention can be used to complement existing weaker methods of identification to prevent fraud and identity theft. This invention also makes it possible to differentiate genuine e-mail from spam, fake and spoofed emails by configuring email client applications and/or network servers to ignore anonymous email.
Although methods exist to implement secure authenticated mail, setting up the certificates is an issue for administrators and ordinary people. This invention simplifies this process so that security certificates and keys are automatically set up when the WIPAD is issued. Therefore, users do not have to concern themselves with the technical aspects of secure communication and authentication. Nor is the set up limited to one computer as the settings and data are stored in the WIPAD. User's can elect to receive authenticated mail from genuine advertisers. Organisations who send out mail will be traceable by their authenticated digital certificates.

Claims

I CLAIM
1. A user-wearable electronic device for authentication comprising : a housing for sealing the electronic device; said housing having a protrusion with electrical contacts and means for providing a communication channel between said electronic device and a receptor of a host device for accomplishing the process of authentication; atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port for interfacing with atleast one host and supplying power to said electronic device; a multi-chip-package comprising plurality of sub-components electrically connected to each other and said ports; wherein said multi-chip-package includes; an encryption logic chip having hard-coded algorithms for encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets-of-information (EDAS packets), generating Digital Right Management (DRM) licenses; said encryption logic chip includes: a control module for determining appropriate encrypting and hashing algorithms; a DRM license processor for generating and processing Digital Rights Management (DRM) licenses, creating at least one subordinate license being distributed to other electronic devices for allowing limited access to devices or media; an EDAS processor for receiving and converting said licenses into EDAS packet and rapid assembling / disassembling and verification of said EDAS packets; a group messaging sub system having a buffer, a group secret key and a group public key for generating group message packets that can be encrypted or decrypted in real time for communicating a data or message securely to a group of people; a self-verified authorised secure fund transfer mechanism (YTRAXS) having a YTRAXS assembler for collecting, compressing and signing the required fields and a YTRAXS verifier for checking the digital signature, decompressing and checking the validity of certain fields against specified criteria thereby processing business-to-business and/or business-to- consumer and/or person-to-person digitally signed electronic transaction slips; a key generator for generating encryption keys including a special secret key, a second dummy secret key , and a pseudo key; a tamper detection module for detecting any tampering by raising an anti- tamper signal for protecting the special secret key by allowing the second dummy secret key to overwrite the special secret key thereby preventing the use of said special secret key and said electronic device for further authentication process.
2. The electronic device as claimed in claim 1 wherein said housing is in the form of a finger ring or a wristwatch or a pendant or a broach or the like.
3. The electronic device as claimed in claim 1 wherein said multi-chip- package further includes a memory module for storing private data of a user and program codes, for controlling main operations of said electronic device.
4. The electronic device as claimed in claim 1 and 3 wherein said multi-chip- package further includes a communication module for sending and receiving data to and from said interfaces and the memory module.
5 The electronic device as claimed in claims 1 , 3 and 4 wherein said multi- chip-package includes a processor communicating with said memory and other modules for controlling the activities of said encryption logic chip, tamper detection module and the communication module.
6. The electronic device as claimed in claim 1 wherein said multi-chip- package includes a black box for storing an encrypted copy of user's profile and history of the most recent transactions and activities.
7. The electronic device as claimed in claim 1 wherein said multi-chip- package further includes a real time clock for correct functioning of said electronic device, a battery for keeping said real time clock ON and a photovoltaic cell for charging said battery.
8. The electronic device as claimed in claim 1 wherein said multi-chip- package further includes a power control module for controlling and prioritizing several sources of external power supplied to said electronic device.
9. The electronic device as claimed in claim 1 wherein said multi-chip- package further includes plurality of sensor circuits for sensing inputs including temperature, electrical probing, penetration of the sealed housing, pressure or the like.
10. The electronic device as claimed in claim 1 wherein said electronic device is capable of being used with a phone enabled device and a biomedical sensor (BMS) in a configuration, for sending an alert signal upon detecting any abnormal condition such as a serious medical condition of any user.
11. The electronic device as claimed in claim 1 wherein said electronic device is capable of being used with a device/ gadget/ system having in built Digital Rights Management Module; said electronic device being capable of storing and managing licenses for authorizing a person to access to the features and functions of the device/gadget/system.
12. The electronic device as claimed in claim 1 wherein said electronic device is capable of creating a bank transfer authorization via self-verified authorized secure fund transfer mechanism (YTRAXS) sent to the recipient for scanning with a bar-code reader and automatically uploading to the banking transaction system for checking against the originators bank transaction system thereby commencing a transfer if the transaction is valid.
13. The electronic device as claimed in claim 1 wherein said electronic device connected to a host device is capable of being used by an authenticated user for creating a group message to be sent via a server, to the members' servers, for verifying the messages, further passing the messages to the host devices of the members
14. The electronic device as claimed in claim 1 wherein plurality of said electronic devices connected to host devices of member can receive, verify and decrypt the message, with the groups shared secret key thereby sending the decrypted message back to the host device.
15. An authentication system comprising : a communication network; a remote service terminal coupled to the network; atleast one authenticating server communicating with said remote service terminal via the network for cross checking the authenticity of said remote service terminal and a user;
atleast one host coupled to the network;
a user-wearable electronic device for authentication being capable of interfacing with said host; wherein said user-wearable electronic device for authentication comprises;
a housing for sealing the electronic device; said housing atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port for interfacing with atleast one host and supplying power to said electronic device;
a multi-chip-package comprising plurality of sub-components electrically connected to each other and said ports; said multi-chip-package includes;
an encryption logic chip having hard-coded algorithms for encrypting or decrypting data, generating digital signatures, rapid assembling / disassembling and verification of packets-of-information (EDAS packets), generating Digital Right Management (DRM) licenses or decrypting data; said encryption logic chip includes:
a control module for determining appropriate encrypting and hashing algorithms;
a DRM license processor for generating and processing Digital Rights Management (DRM) licenses, creating at least one subordinate license being distributed to other electronic devices for allowing limited access to devices or media; an EDAS processor for receiving and converting said licenses into EDAS packet and rapid assembling / disassembling and verification of said EDAS packets; a group messaging sub system having a buffer, a group secret key and a group public key for generating group message packets that can be encrypted or decrypted in real time for communicating a data or message securely to a group of people, a self-verified authorized secure fund transfer mechanism (YTRAXS) having a YTRAXS assembler for collecting, compressing and signing the required fields and a YTRAXS verifier for checking the digital signature, decompressing and checking the validity of certain fields against specified criteria thereby processing business-to-business and/or business-to- consumer and/or person-tό-person digitally signed electronic transaction slips; a key generator for generating encryption keys including but not limited to: a special secret key, a second dummy secret key , and a pseudo key; a tamper detection module for detecting any tampering raising an anti- tamper signal for protecting the special secret key by allowing the second dummy secret key to overwrite the special secret key thereby preventing the use of said special secret key and said electronic device for further authentication process.
16. A method for authentication comprising the steps of : establishing a wireless or electrical communication channel between a user-wearable electronic device and a receptor of any host device via atleast one Universal Serial Bus (USB) port and atleast one Infrared Data Association (IrDA) port of said electronic device for checking if a user of said electronic device has any rights to access any functions or media or data of said host device; generating a user's data; sending user's data to said host device; verifying the user's data; using network security protocols for authenticating said user's data upon said host device being connected to a suitable network; transmitting and logging the result of authentication to user- authentication management modules of all the devices which were a party to the authentication process via a remote trusted authentication server verifying of the user as an authenticated user.
17. A method of claim 16 wherein the user's data is a digital certificate, a biometric data or a Digital Right Management (DRM) license.
18. A method of claim 16 whereby the authenticated user is capable of; creating and administrating a secure group key set; distributing said group keys among selected persons and entities; inviting said persons and entities to be a member of a group; allowing said persons and entities to accept or decline to be a member of said group; allowing an administrator of the group to optionally remove said persons and entities from the group at a later time; transmitting encrypted and digitally signed messages and data to other group members using the appropriate group key; and, receiving group messages and data from any other person or entity having a copy of the group keys.
19. A method of claim 16 whereby the authenticated user is capable of; receiving, creating, administrating and transmitting DRM licenses for permitting or denying the person or other entities various rights of access to other devices, functions, applications or contents;
20. A method of claim 16 whereby the authenticated user is capable of; enabling a creator and owner of a group to retain control of the group, whereby the owner of a group gives license to the group members to be part of said group and enables the owner of a group to create and transmit new licenses which override the existing licenses, thereby changing the status and privileges of one or more group members, which could even extend to revocation or replacement of the group keys.
21. A method of claim 16 whereby the authenticated user is capable of; generating atleast one copy of a printed electronic bank transfer authorizations with unique transaction numbers and bar codes including a digital signature (YTRAXS), which can later be scanned using a bar code reader by the recipient's authenticated operator and subsequently credited to the recipient's account through electronic fund clearing with no requirement for the printed transaction slips to be processed through the bank's cheque clearing system.
PCT/IN2005/000180 2004-06-02 2005-06-02 An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication WO2005117527A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN613MU2004 2004-06-02
IN613/MUM/2004 2004-06-02

Publications (3)

Publication Number Publication Date
WO2005117527A2 true WO2005117527A2 (en) 2005-12-15
WO2005117527A3 WO2005117527A3 (en) 2006-04-20
WO2005117527B1 WO2005117527B1 (en) 2006-09-28

Family

ID=35463240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2005/000180 WO2005117527A2 (en) 2004-06-02 2005-06-02 An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication

Country Status (1)

Country Link
WO (1) WO2005117527A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009052634A1 (en) * 2007-10-24 2009-04-30 Securekey Technologies Inc. Method and system for effecting secure communication over a network
WO2015011552A1 (en) * 2013-07-25 2015-01-29 Bionym Inc. Preauthorized wearable biometric device, system and method for use thereof
US9032501B1 (en) 2014-08-18 2015-05-12 Bionym Inc. Cryptographic protocol for portable devices
US9071441B2 (en) 2010-01-04 2015-06-30 Google Inc. Identification and authorization of communication devices
US9197414B1 (en) 2014-08-18 2015-11-24 Nymi Inc. Cryptographic protocol for portable devices
CN106411498A (en) * 2016-12-23 2017-02-15 艾体威尔电子技术(北京)有限公司 Method of achieving cryptographic algorithm
US9646261B2 (en) 2011-05-10 2017-05-09 Nymi Inc. Enabling continuous or instantaneous identity recognition of a large group of people based on physiological biometric signals obtained from members of a small group of people
KR101810945B1 (en) * 2016-05-25 2018-01-26 한국스마트아이디(주) Wearable device and certification system using it
US10061905B2 (en) 2016-01-26 2018-08-28 Twentieth Century Fox Film Corporation Method and system for conditional access via license of proprietary functionality
US20210398108A1 (en) * 2011-11-29 2021-12-23 Cardlogix Layered security for age verification and transaction authorization
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997032284A1 (en) * 1996-02-27 1997-09-04 Richard Sydney Thorp Security identification and information system
US20030046228A1 (en) * 2001-08-28 2003-03-06 Jean-Marc Berney User-wearable functional jewelry with biometrics and smartcard to remotely sign and/or authenticate to e-services

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997032284A1 (en) * 1996-02-27 1997-09-04 Richard Sydney Thorp Security identification and information system
US20030046228A1 (en) * 2001-08-28 2003-03-06 Jean-Marc Berney User-wearable functional jewelry with biometrics and smartcard to remotely sign and/or authenticate to e-services

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9094213B2 (en) 2007-10-24 2015-07-28 Securekey Technologies Inc. Method and system for effecting secure communication over a network
WO2009052634A1 (en) * 2007-10-24 2009-04-30 Securekey Technologies Inc. Method and system for effecting secure communication over a network
US9071441B2 (en) 2010-01-04 2015-06-30 Google Inc. Identification and authorization of communication devices
US9646261B2 (en) 2011-05-10 2017-05-09 Nymi Inc. Enabling continuous or instantaneous identity recognition of a large group of people based on physiological biometric signals obtained from members of a small group of people
US20210398108A1 (en) * 2011-11-29 2021-12-23 Cardlogix Layered security for age verification and transaction authorization
US9472033B2 (en) 2013-07-25 2016-10-18 Nymi Inc. Preauthorized wearable biometric device, system and method for use thereof
US8994498B2 (en) 2013-07-25 2015-03-31 Bionym Inc. Preauthorized wearable biometric device, system and method for use thereof
WO2015011552A1 (en) * 2013-07-25 2015-01-29 Bionym Inc. Preauthorized wearable biometric device, system and method for use thereof
US9349235B2 (en) 2013-07-25 2016-05-24 Nymi Inc. Preauthorized wearable biometric device, system and method for use thereof
US9189901B2 (en) 2013-07-25 2015-11-17 Nymi Inc. Preauthorized wearable biometric device, system and method for use thereof
US9407634B2 (en) 2014-08-18 2016-08-02 Nymi Inc. Cryptographic protocol for portable devices
US9032501B1 (en) 2014-08-18 2015-05-12 Bionym Inc. Cryptographic protocol for portable devices
US9832020B2 (en) 2014-08-18 2017-11-28 Nymi Inc. Cryptographic protocol for portable devices
US9197414B1 (en) 2014-08-18 2015-11-24 Nymi Inc. Cryptographic protocol for portable devices
US10061905B2 (en) 2016-01-26 2018-08-28 Twentieth Century Fox Film Corporation Method and system for conditional access via license of proprietary functionality
US10445475B2 (en) 2016-01-26 2019-10-15 Twentieth Century Fox Corporation Method and system for conditional access via license of proprietary functionality
KR101810945B1 (en) * 2016-05-25 2018-01-26 한국스마트아이디(주) Wearable device and certification system using it
CN106411498A (en) * 2016-12-23 2017-02-15 艾体威尔电子技术(北京)有限公司 Method of achieving cryptographic algorithm
CN106411498B (en) * 2016-12-23 2019-07-30 艾体威尔电子技术(北京)有限公司 A method of realizing national secret algorithm
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Also Published As

Publication number Publication date
WO2005117527A3 (en) 2006-04-20
WO2005117527B1 (en) 2006-09-28

Similar Documents

Publication Publication Date Title
TWI274500B (en) User authentication system
JP5517314B2 (en) Method, program and computer system for generating a soft token
WO2005117527A2 (en) An electronic device to secure authentication to the owner and methods of implementing a global system for highly secured authentication
KR101584510B1 (en) Method for reading attributes from an id token
CN101336436B (en) Security token and method for authentication of a user with the security token
US7254705B2 (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
US20130219481A1 (en) Cyberspace Trusted Identity (CTI) Module
US20100042835A1 (en) System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device
US7844832B2 (en) System and method for data source authentication and protection system using biometrics for openly exchanged computer files
US20060229988A1 (en) Card settlement method using portable electronic device having fingerprint sensor
US20090198618A1 (en) Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce
US20090293111A1 (en) Third party system for biometric authentication
TWI241106B (en) Personal authentication device and system and method thereof
KR20080108549A (en) Secure network commercial transactions
JP2010170561A (en) Portable electronic charge and authorization device and method therefor
KR20090006831A (en) Authentication for a commercial transaction using a mobile module
AU2001283128A1 (en) Trusted authentication digital signature (TADS) system
JP2007527059A (en) User and method and apparatus for authentication of communications received from a computer system
US11681792B2 (en) Digital, personal and secure electronic access permission
JP4510392B2 (en) Service providing system for personal information authentication
CN104010306A (en) Mobile device user identity authentication system and method
WO2010108554A1 (en) Method and device for digitally attesting the authenticity of binding interactions
JP2003518283A (en) Hardware token self-registration process
KR20190004250A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal
US20240129139A1 (en) User authentication using two independent security elements

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase