906090
`
`Old'90083w
`
`PROVISIONAL APPLICATION COVER SHEET
`
`This is a request for filing a PROVISIONAL APPLICATION under 37 CFR 1.53(c).
`
`DOCKET NUMBER: W0537-701000
`Express Mail Label No. EV 307786275 US
`Date of De-osit: June 9. 2006
`
`INVENTOR(S)IAPPLICANT(S)
`
`Given Name (first and middle [if any])
`
`Family Name or Surname
`.
`
`Residence (City and either State or
`Foreign Country)
`
`[ ] Additional inventors are being named on the separately numbered sheet attached hereto.
`
`TITLE OF THE INVENTION (500 characters max)
`
`UNIVERSAL SECURE REGISTRY
`
`CORRESPONDENCE ADDRESS
`
`LCD
`
`“EN
`
`.
`
`I
`
`CUSTOMER NUMBER: 37462
`
`~
`
`ENCLOSED APPLICATION PARTS (check all that apply)
`
`[X] Specification Number of Pages 61
`
`'[X] Drawing(s) Number of Sheets 24
`
`[X] Application Data Sheet. See 37 CFR 1.76
`
`[X] Return receipt postcard
`
`[
`
`]Other (specify)
`
`The invention was made by an agency of the United States Government or under a contract with an agency of the
`United States Government.
`
`[X] No
`
`[
`
`]Yes, the name of the US. Government Agency and the Government Contract Number are:
`
`METHOD OF PAYMENT (check all that apply)
`
`[X] A check is encIosed to cover the Provisional Filing Fees, including the Application Size Fee (if applicable).
`
`[
`
`] The Commissioner is hereby authorized to charge the filing fee and the application size fee (if applicable) or credit
`overpayment to Deposit Account 50/2762. A dupIicate of this sheet is enclosed.
`
`[X] Small Entity Status is claimed.
`
`PROVISIONAL FILING FEE AMOUNT
`
`$ 100.00
`
`
`
`. June 9, 2006
`
`Date
`
`= :
`
`ectfully submitted.
`
`‘.__.4 .
`
`- si, RegNo. 37,765
`. No.2617-395-7000
`
`..
`
`Send to: Commissioner for Patents, P.O. : .'~ 1450, Alexandria, VA 22313-1450
`
`Page 1 of 1
`7874151
`Page 1 of 89
`Page 1 of 89
`
`Apple 1122
`Apple 1122
`
`

`

`- 1 -Express Mail Label No.1 EV 307786275 US
`Date of Deposit: June 9, 2006
`
`UNIVERSAL SECURE REGISTRY
`
`1.
`
`Field of Invention
`
`BACKGROUND OF INVENTION
`
`This invention generally relates to a method and apparatus for securely storing
`
`and disseminating information regarding individuals and, more particularly, to a
`
`computer system for authenticating identity or verifying the identity of individuals
`
`and other entities seeking access to certain privileges and for selectively granting
`
`privileges and providing other services in response to such
`
`identifications/verifications.
`
`2.
`
`Discussion of Related Art
`
`Control of access to secure systems presents a problem related to the
`
`identification of a person. An individual may be provided access to the secure system
`
`afier their identity is authorized. Generally, access control to secure computer
`
`networks is presently provided by an authentication scheme implemented, at least
`
`partly, in sofiware located on a device being employed to access the secure computer
`
`network and on a server within the secure computer network. For example, if a
`
`corporation chooses to provide access control for their computer network, they may
`
`purchase authentication sofiware that includes server-side software installed on a
`
`server in their computer system and corresponding client-side sofiware that is
`
`installed on the devices that are used by employees to access the system. The devices
`
`may include desktop computers, laptop computers, and handheld computers (e.g.,
`
`PDAs and the like).
`
`In practice, the preceding approach has a number of disadvantages including
`
`both the difficulty and cost of maintaining the authentication system and the difficulty
`
`and cost of maintaining the security of the authentication system. More specifically,
`
`the sofiware resides in the corporation’s computers where it may be subject to
`
`tampering/unauthorized use by company employees. That is, the information
`
`technology team that manages the authentication system has access to the private keys
`
`787047.]
`
`Page 2 of 89
`Page 2 of 89
`
`

`

`-2-
`
`associated with each of the authorized users. As a result, these individuals have an
`
`opportunity to compromise the security of the system. Further, any modification
`
`and/or upgrade to the authentication system software is likely to require an update to
`
`at least the server-side sofiware and may also require an update of the software
`
`located on each user/client device. In addition, where the company’s computer
`
`systems are geographically distributed, software upgrades/updates may be required on
`
`a plurality of geographically distributed servers.
`
`There is also a need, especially in this post September 11 environment, for
`
`secure and valid identification of an individual before allowing the individual access
`
`to highly secure areas. For example, an FBI agent or an air marshal may need to
`
`identify themselves to airport security or a gate agent, without compromising security.
`
`Typically such identification may comprise the air marshal or FBI agent showing
`
`identification indicia to appropriate personnel. However, there are inherent flaws in
`
`this process that allow for security to be compromised, including falsification of
`
`identification information or the airport security or personnel not recognizing the
`
`situation. Of course this process could be automated, for example, by equipping
`
`airport personnel or security with access to a database and requiring the FBI agent or
`
`air marshal to appropriately identify themselves to the database, for example, by again
`
`providing identification which airport personnel can then enter into the database to
`
`verify the identity of the person seeking access to a secure area. However, this
`
`process also has the inherent flaws in it as described above. In addition, there may be
`
`times when airport security or personnel may not be able to communication with the
`
`database to check the identity of the person seeking access, for example, when they
`
`are not near a computer terminal with access to a database or are carrying a hand-held
`
`device that does not have an appropriate wireless signal to access the database. In
`
`addition, there is a need to ensure that if such a hand—held device ends up the wrong
`
`hands, that security is not compromised.
`
`Systems capable of effectively performing all or some of these functions do
`
`not currently exist.
`
`787047.]
`
`Page 3 of 89
`Page 3 of 89
`
`

`

`-3_
`
`SUMMARY OF INVENTION
`
`There is thus a need for an identification system that will enable a person to be
`
`accurately identified (“identification” sometimes being used hereinafier to mean either
`
`identified or verified) and/or authenticated without compromising security, to gain
`
`access to secure systems and/or areas. Likewise, there is a need for an identification
`
`system that will enable a person to be identified universally without requiring the
`
`person to carry multiple forms of identification.
`
`Accordingly, this invention relates, in one embodiment, to an information
`
`system that may be used as a universal identification system and/or used to selectively
`
`provide information about a person to authorized users. Transactions to and from a
`
`secure database may take place using a public key/private key security system to
`
`enable users of the system and the system itself to encrypt transaction information
`
`during the transactions. Additionally, the private key/public key security system may
`
`be used to allow users to validate their identity. For example, in one embodiment, a
`
`smart card such as the Secure IDTM card from RSI Security, Inc. may be provided
`
`with the user’s private key and the USR system’s public key to enable the card to
`
`encrypt messages being sent to the USR system and to decrypt messages from the
`
`USR system 10.
`
`The system or database of the invention may be used to identify the person in
`
`many situations, and thus may take the place of multiple conventional forms of
`
`identification. Additionally, the system may enable the user’s identity to be
`
`confirmed or verified without providing any identifying information about the person
`
`to the entity requiring identification. This can be advantageous where the person
`
`suspects that providing identifying information may subject the identifying
`
`information to usurpation.
`
`Access to the system may be by smart card, such as a Secure IDTM card, or any
`
`other secure access device. The technology enabling the user to present their identity
`
`information may be physically embodied as a separate identification device such as a
`
`smart ID card, or may be incorporated into another electronic device, such as a cell
`
`phone, pager, wrist watch, computer, personal digital assistant such as a Palm PilotTM,
`
`key fob, or other commonly available electronic device. The identity of the user
`
`787047.]
`
`Page 4 of 89
`Page 4 of 89
`
`

`

`-4-
`
`possessing the identifying device may be verified at the point of use via any
`
`combination of a memorized PIN number or code, biometric identification such as a
`fingerprint, voice print, signature, iris or facial scan, or DNA analysis, or any other
`
`method of identifying the person possessing the device. If desired, the identifying
`
`device may also be provided with a picture of the person authorized to use the device
`
`to enhance security.
`
`According to one embodiment of the invention, a method of controlling access
`
`to a plurality of secure computer networks using a secure registry system located
`
`remotely from the secure computer networks is disclosed. The secure registry system
`
`includes a database containing selected data of a plurality of users each authorized to
`
`access at least one of the plurality of secure computer networks. The method
`
`comprises acts of receiving authentication information from an entity at a secure
`
`computer network, communicating the authentication information to the secure
`registry system, and validating the authentication information at the secure registry
`
`system. The method also includes receiving from the secure registry system an
`
`indication of whether the entity is authorized to access the secure computer network,
`
`granting the entity access to the secure computer network when the authentication
`
`information of the entity corresponds to one of the plurality of users, and denying the
`
`entity access to the secure computer network when the authentication information of
`
`the user does not correspond to one of the plurality of users.
`
`Another embodiment of the invention comprises a method of controlling
`
`access to a secure computer network using a secure registry system. The secure
`
`registry system includes a database containing selected data of a plurality of users
`
`authorized to access the secure computer network and selected data identifying the
`secure computer network. The method comprises receiving an access request
`
`including authentication information and a computer network ID from an entity,
`
`determining whether the authentication information is valid for any of the plurality of
`
`users, accessing data when the authentication information of the entity is valid for one
`
`of the plurality of users to determine whether the entity is authorized to access the
`
`computer network identified by the computer network ID, and allowing the entity to
`
`access the secure computer network when the authentication information of the entity
`
`787047.l
`
`Page 5 of 89
`Page 5 of 89
`
`

`

`-5-
`
`is valid for one of the plurality of users authorized to access the computer network
`
`identified by the computer network ID.
`
`Another embodiment of the invention comprises a method of authenticating an
`
`identity of a first entity. The method comprises the acts of wirelessly transmitting
`
`from a first device, first encrypted authentication information of the first entity,
`
`receiving with a second device the wirelessly transmitted first encrypted
`
`authentication information, decrypting with the second device, the first wirelessly
`
`encrypted authentication information to provide the first authentication information of
`the first entity to the second device; and authenticating the identity of the first entity
`
`based upon the first authentication information; and acting based on the assessed
`
`identity of the first entity.
`
`Another embodiment of the invention comprises a system for authenticating
`
`an identity of a first entity, comprising a first wireless device comprising a first
`
`wireless transmitter and receiver configured to transmit a first wireless signal
`
`including first encrypted authentication information, a first processor configured to
`
`compare stored biometric data with detected biometric data of the first entity and
`
`configured to enable or disable use of the first device based on a result of the
`
`comparison, and configured to encrypt first authentication information with a first
`
`private key of the first entity into the first encrypted authentication information, a first
`
`biometric detector for detecting biometric data of the first entity, and a first memory
`
`for storing biometric data of the first entity, a private key of the first entity authorized
`
`to use the first device, and the first authentication information.
`
`'
`
`According to some embodiments, the system further comprises a second
`
`wireless device comprising a second wireless transmitter and receiver configured to
`
`receive the first wireless signal and to process the first wireless signal, a second
`
`processor configured to compare detected biometric data of a second entity with
`
`stored biometric data and configured to enable or disable use of the second device
`
`based upon a result of the comparison, and configured to decrypt the first
`
`authentication information received in the first wireless signal, a' biometric detector
`
`for detecting biometric data of a second entity, and a second memory storing
`
`787047.l
`
`Page 6 of 89
`Page 6 of 89
`
`

`

`-5-
`
`biometric data of the second entity and a plurality of public keys of a plurality of first
`
`entities.
`
`BRIEF DESCRIPTION OF DRAWINGS
`
`This invention is pointed out with particularity in the appended claims. The
`
`above and further advantages of this invention may be better understood by referring
`
`to the following description when taken in conjunction with the accompanying
`
`drawings. The accompanying drawings are not intended to be drawn to scale. In the
`
`drawings, each identical or nearly identical component that is illustrated in various
`
`figures is represented by a like numeral. For purposes of clarity, not every component
`
`may be labeled in every thawing. In the drawings:
`
`FIG. 1 is a functional block diagram of a computer system configured to
`
`implement the universal secure registry (“USR”), including a USR database,
`
`according to one embodiment of the invention;
`
`FIG. 2 is a functional block diagram of a first embodiment of a networked
`
`environment including the computer system of FIG. 1;
`
`FIG. 3 is a functional block diagram of an entry of a database forming the
`
`USR database of FIG. 1;
`
`FIG. 4 is a functional block diagram of a second embodiment of a networked
`
`environment including the computer system of FIG. 1;
`
`FIG. 5 is a flow chart illustrating steps in a process of inputting data into the
`
`USR database;
`
`I
`
`FIG. 6 is a flow chart illustrating steps in a process of retrieving data from the
`
`USR database;
`
`.
`
`FIG. 7 is a flow chart illustrating a first protocol for purchasing goods from a
`
`merchant via the USR database without transmitting credit card information to the
`
`merchant;
`
`FIG. 8 is a flow chart illustrating a second protocol for purchasing goods from
`
`a merchant via the USR database without transmitting credit card information to the
`
`merchant;
`
`787047]
`
`Page 7 of 89
`Page 7 of 89
`
`

`

`-7-
`
`FIG. 9 is a flow chart illustrating a protocol for purchasing goods from a
`
`merchant via the USR database by validating the user’s check;
`
`FIG. 10 is a flow chart illustrating a protocol for purchasing goods from an on-
`
`line merchant via the USR database without transmitting credit card information to
`
`the on-line merchant, and enabling the on-line merchant to ship the goods to a virtual
`
`address;
`
`FIG. 11 is a flow chart illustrating a protocol for shipping goods to a virtual
`
`address via the USR database;
`
`FIG. 12 is a flow chart illustrating a protocol for telephoning a virtual phone
`
`number via the USR database;
`
`FIG. 13 is a flow chart illustrating a protocol for identifying a person via the
`
`USR database;
`
`FIG. 14 is a flow chart illustrating a protocol for identifying a person to a
`
`policeman via the USR database;
`
`FIG. 15 is a flow chart illustrating a protocol for providing information to an
`
`authorized recipient of the information via the USR database;
`
`FIG. 16 is a flow chart illustrating a protocol for providing application
`
`information to an authorized recipient of the information via the USR database;
`
`FIG. 17 is a functional block diagram of an embodiment configured to use
`
`information in the USR system to activate or keep active property secured through the
`
`USR system; and
`
`_
`
`FIG. 18A is a functional block diagram of an embodiment configured to use
`
`the USR system to control access to a secure computer network;
`
`FIG. 18B is a functional block diagram of another embodiment configured to
`use the USR system to control access to a secure computer networic;
`
`FIG. 19 is a flow diagram of a process for controlling access to a secure
`
`computer network with the USR system in accordance with an embodiment of the
`
`invention;
`FIG. 20 is a flow diagram of a process for controlling access to a secure
`
`computer network with the USR system in accordance with another embodiment of
`
`the invention;
`
`787047.]
`
`Page 8 of 89
`Page 8 of 89
`
`

`

`-3-
`
`FIG. 21 illustrates an embodiment of a system for validating the identity of an
`
`individual;
`
`FIGS. 22A and 223 illustrate one embodiment of a process for validating the
`
`identity of an individual;
`
`FIG. 23 illustrates one embodiment of various fields included within a first
`
`wireless signal and a second wireless signal as transmitted by the system of FIG. 21;
`
`FIG. 24 illustrates one embodiment of a process for verifying or authenticating
`the identity of a first user of a first wireless transmission device;
`
`FIG. 25 illustrates another embodiment of a process for authenticating the
`
`identity of a first user of a wireless transmission device;
`
`FIG. 26 illustrates still another embodiment of a process for authenticating the
`
`identity of a first user of a wireless transmission device; and
`
`FIG. 27 illustrates one embodiment of a data structure that can be used by any
`
`wireless device of the system of FIG. 21.
`
`DETAILED DESCRIPTION
`
`This invention is not limited in its application to the details of construction and
`the arrangement of components set forth in the following description or illustrated in
`the drawings. The invention is capable of other embodiments and of being practiced
`
`or of being carried out in various ways. Also, the phraseology and terminology used
`
`herein is for the purpose of description and should not be regarded as limiting. The
`’9 6‘
`9’ 3‘
`3’
`‘6
`containing ,
`
`involving”, and
`
`use of “including,
`
`comprising,” or “having,
`
`variations thereof herein, is meant to encompass the items listed thereafier and
`
`equivalents thereof as well as additional items.
`
`In one embodiment, an information system is formed as a computer program
`
`running on a computer or group of computers configured to provide a universal secure
`
`registry (U SR) system. The computer, in this instance, may be configured to run
`
`autonomously (without the intervention of a human operator), or may require
`
`intervention or approval for all, a selected subset, or particular classes of transactions.
`The invention is not limited to the disclosed embodiments, and may take on many
`
`different forms depending on the particular requirements of the information system,
`
`787047.l
`
`Page 9 of 89
`Page 9 of 89
`
`

`

`-9-
`
`the type of information being exchanged, and the type of computer equipment
`
`employed. An information system according to this invention, may optionally, but
`
`need not necessarily, perform functions additional to those described herein, and the
`
`invention is not limited to a computer system performing solely the described
`
`functions.
`
`In the embodiment shown in FIG. 1, a computer system 10 for implementing a
`
`USR system according to the invention includes at least one main unit 12 connected
`
`to a wide area network, such as the Internet, via a communications port 14. The main
`
`unit 12 may include one or more processors (CPU 16) running USR sofiware 18
`
`configured to implement the USR system fimctionality discussed in greater detail
`
`below. The CPU 16 may be connected to a memory system including one or more
`
`memory devices, such as a random access memory system RAM 20, a read only
`
`memory system ROM 22, and one or more databases 24. In the illustrated
`
`embodiment, the database 24 contains a universal secure registry database. The
`
`invention is not limited to this particular manner of storing the USR database. Rather,
`
`the USR database may be included in any aspect of the memory system, such as in
`
`RAM 20, ROM 22 or disc, and may also be separately stored on one or more
`
`dedicated data servers.
`
`The computer system may be a general purpose computer system which is
`
`programmable using a computer programming language, such as C, CH, Java, or
`
`other language, such as a scripting language or even assembly language. The
`
`computer system may also be specially programmed, special purpose hardware, an
`
`application specific integrated circuit (ASIC) or a hybrid system including both
`
`special purpose components and programmed general purpose components.
`
`In a general purpose computer system, the processor is typically a
`
`commercially available microprocessor, such as Pentium series processor available
`from Intel, or other similar commercially available device. Such a microprocessor
`
`executes a program called an operating system, such as UNIX, Linux, Windows NT,
`
`Windows 95, 98, or 2000, or any other commercially available operating system,
`
`which controls the execution of other computer programs and provides scheduling,
`
`debugging, input/output control, accounting, compilation, storage assignment, data
`
`787047.]
`
`Page 10 of 89
`Page 10 of 89
`
`

`

`-10-
`
`management, memory management, communication control and related services, and
`
`many other functions. The processor and operating system defines a computer
`
`platform for which application programs in high-level programming languages are
`written.
`
`The database 24 may be any kind of database, including a relational database,
`
`object-oriented database, unstructured database, or other database. Example relational
`
`databases include Oracle 81 from Oracle Corporation of Redwood City, California;
`
`Informix Dynamic Server from Informix Software, Inc. of Menlo Park, California;
`
`DB2 from International Business Machines of Armonk, New York; and Access from
`
`Microsofi Corporation of Redmond, Washington. An example object-oriented
`
`database is ObjectStore fi'om Object Design of Burlington, Massachusetts. An
`
`example of an unstructured database is Notes from the Lotus Corporation, of
`
`Cambridge, Massachusetts. A database also may be constructed using a flat file
`
`system, for example by using files with character-delimited fields, such as in early
`
`versions of dBASE, now known as Visual dBASE from Inprise Corp. of Scotts
`
`Valley, California, formerly Borland International Corp.
`
`The main unit 12 may optionally include or be connected to an user interface
`
`26 containing, for example, one or more input and output devices to enable an
`
`operator to interface with the USR system 10. Illustrative input devices include a
`
`keyboard, keypad, track ball, mouse, pen and tablet, communication device, and data
`
`input devices such as voice and other audio and video capture devices. Illustrative
`
`output devices include cathode ray tube (CRT) displays, liquid crystal displays (LCD)
`
`and other video output devices, printers, communication devices such as modems,
`
`storage devices such as a disk or tape, and audio or video output devices. Optionally,
`
`the user interface 26 may be omitted, in which case the operator may communicate
`
`with the USR system 10 in a networked fashion via the communication port 14. It
`
`should be understood that the invention is not limited to any particular manner of
`
`interfacing an operator with the USR system.
`
`It also should be understood that the invention is not limited to a particular
`
`computer platform, particular processor, or particular high-level programming
`
`language. Additionally, the computer system may be a multiprocessor computer
`
`787047.l
`
`Page 11 of 89
`Page 11 0f 89
`
`

`

`-11-
`
`system or may include multiple computers connected over a computer network. It
`
`further should be understood that each module or step shown in the accompanying
`
`figures and the substeps or subparts shown in the remaining figures may correspond
`
`to separate modules of a computer program, or may be separate computer programs.
`
`Such modules may be operable on separate computers. The data produced by these
`
`components may be stored in a memory system or transmitted between computer
`
`systems.
`
`Such a system may be implemented in software, hardware, or firmware, or any
`
`combination thereof. The various elements of the information system disclosed
`
`herein, either individually or in combination, may be implemented as a computer
`
`program product, such as USR software 18, tangibly embodied in a machine-readable
`
`storage device for execution by the computer processor 16. Various steps of the
`
`process may be performed by the computer processor 16 executing the program 18
`
`tangibly embodied on a computer-readable medium to perform fimctions by operating
`
`on input and generating output. Computer programming languages suitable for
`
`implementing such a system include procedural programming languages, object-
`
`oriented programming languages, and combinations of the two.
`
`As shown in FIG. 2, the computer system 10 may be connected to a plurality
`
`of interface centers 27 over a wide area network 28. The wide area network 28 may
`
`be formed from a plurality of dedicated connections between the interface centers 27
`
`and the computer system 10, or may take place, in whole or in part, over a public
`
`network such as the Internet. Communication between the interface centers 27 and
`
`the computer system 10 may take place according to any protocol, such as TCP/IP,
`
`fip, OFX, or XML, and may include any desired level of interaction between the
`
`interface centers 27 and the computer system 10. To enhance security, especially
`where communication takes place over a publicly accessible network such as the
`
`Internet, communications facilitating or relating to transmission of data from/to the
`
`USR database 24 or the computer system 10 may be encrypted using an encryption
`
`algorithm, such as PGP, DES, or other conventional symmetric or asymmetric
`
`encryption algorithm.
`
`787047.l
`
`Page 12 of 89
`Page 12 of 89
`
`

`

`-12-
`
`In one embodiment, the USR system 10 or USR database 24 may be able to
`
`authenticate its identity to a user or other entity accessing the system by providing an
`
`~ appropriate code which may be displayed on the user’s smart card, for example a
`
`SecurIDTM card or its equivalent, or other code generator, for example a single use
`
`code generator, being employed by the user. A comparison by the user or the code
`
`generator between the provided number and an expected number can validate, to the
`
`user (or other entity) or the code generator, that communication is with the database
`
`and not an imposter.
`
`The database 24 shown in FIG. 1 has a USR database containing entries
`
`related to persons 1-n. The data in the USR database may also be segregated, as
`
`shown in FIG. 4, according to data type to enable individual computer modules to
`
`handle discrete applications on discrete data types. Segregating the data, as illustrated
`
`in FIG. 4, may make access to the database more robust by enabling portions of the
`
`data in the USR database 24 to be accessible even when it is necessary to perform
`maintenance on a portion of the database. However, storing the data in the USR
`
`database 24 according to the scheme illustrated in FIG. 1 may make it easier for a user
`
`of the database to make changes to multiple types of data simultaneously or in a
`
`single session. There are advantages and disadvantages to each data structure, and the
`
`invention is not limited to a particular manner of organizing the data within the
`
`database 24, data structures other than the two shown also being possible.
`
`As shown in FIG. 3, each entry 30 in the database 24 may contain multiple
`
`types of information. For example, in the embodiment shown in FIG. 3, the entry
`
`contains validation information 32, access information 34, publicly available
`
`information 36, address information 38, credit card and other financial information
`
`40, medical information 42, job application information 44, and tax information 46.
`
`The invention is not limited to a USR containing entries with all of this information or
`
`only this particular information, as any information on a person or other entity such as
`
`a company, institution, etc. may be stored in USR database 24.
`
`If the database information is split between multiple databases, each database
`
`will typically include at least the validation and access information to enable the USR
`
`software to correlate a validation attempt with a verified validation, and to enable the
`
`787047.]
`
`Page 13 of 89
`Page 13 of 89
`
`

`

`-13-
`
`USR software to determine access privileges to the requested data. Alternatively,
`
`databases may be linked to permit information not in a main USR database to be
`
`retrieved, with validation/identification for all databases accessed being done at the
`
`USR system.
`
`In FIG. 3, the validation information is information about the user of the
`
`database to whom the data pertains and is to be used by the USR software 18 to
`
`validate that the person attempting to access the information is the person to whom
`
`the data pertains or is otherwise authorized to receive it. The validation information
`
`may be any type of information that will reliably authenticate the identity of the
`individual.
`
`In one embodiment, the user of the database will carry a SecurIDTM card
`
`available from RSA Security, formerly Security Dynamics Technologies, Inc., of
`
`Cambridge, MA. Use of this card enables secure access to the USR database without
`
`requiring the user to transmit any personal information. Specifically, to access the
`USR database, the card retrieves a secret user code and/or time varying value from
`
`memory and obtains from the user a secret personal identification code. The card
`
`mathematically combines these three numbers using a predetermined algorithm to
`
`generate a one-time nonpredictable code which is transmitted to the computer system
`
`10. The computer system, specifically USR sofiware 18, utilizes the received one-
`
`time nonpredictable code to determine if the user is authorized access to the USR
`
`database and grants access to the USR database if the user is determined to be
`
`authorized. The verification information 32 in the database entry in the embodiment
`
`of the invention illustrated in FIG. 3 contains information to enable the USR software
`
`18 to validate the user using such a card in this manner.
`
`Alternative types of identification cards or tokens may likewise be used. For
`example, other smart cards may be used which generate non-predictable single use
`
`codes, which may or may not be time varying, or other access code generators may be
`
`used. An algorithm generating such non-predictable codes may also be programmed
`
`onto a processor on a smart card or other computing device, such as a cell phone,
`
`pager, ID badge, wrist watch, computer, personal digital assistant, key fob, or other
`
`commonly available electronic device. For convenience, the term “electronic ID
`
`787047.l
`
`Page 14 of 89
`Page 14 0f 89
`
`

`

`-14-
`
`device” will be used generically to refer to any type of electronic device that may be
`
`used to obtain access to the USR database.
`
`Likewise, various types of biometric information may be stored in the
`
`verification area of the database entry to enable the identity of the user possessing the
`
`identifying device to be verified at the point of use. Examples of the type of biometric
`
`information that may be used in this situation includes a personal identification
`
`number (PIN), fingerprint, voice print, signature, iris or facial scan, or DNA analysis.
`
`If desired, the verifying section of the database may contain a picture to be transmitted
`
`back to the person seeking to validate the device to ensure the person using the device
`
`is the correct person. Optionally, the identifying device itself may also be provided
`
`with a picture of the person authorized to use the card to provide a facial confirmation
`
`of the person’s right to use the card.
`
`In FIG. 3, the Access informatio