US007494061B2
`
`(12) United States Patent
`Reinhold
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,494,061 B2
`Feb. 24, 2009
`
`(54) SYSTEMS AND METHODS FOR IDENTITY
`VERIFICATION USING CONTINUOUS
`BIOMETRIC MONITORING
`
`(75)
`
`(73)
`
`Inventor: Dennis J. Reinhold, Dallas, TX (US)
`
`Assignee: Evercom Systems, Inc., Dallas, TX
`(Us)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 209 days.
`
`(21)
`
`(22)
`
`(65)
`
`(51)
`
`(52)
`(58)
`
`(56)
`
`Appl. No.: 11/480,258
`
`Filed:
`
`Jun. 30, 2006
`
`Prior Publication Data
`
`US 2008/0040780 A1
`
`Feb. 14, 2008
`
`Int. Cl.
`(2006.01)
`G06K 5/00
`US. Cl. ..................................... .. 235/382; 235/375
`
`Field of Classi?cation Search ............... .. 235/382,
`235/375, 470, 487
`See application ?le for complete search history.
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,872,834 A
`6,628,757 Bl
`6,819,219 Bl
`2003/0163710 A1
`2004/0215968 A1
`2005/0043014 A1
`2005/0138391 A1 *
`
`2/1999 Teitelbaum
`9/2003 Cannon et al.
`11/2004 Bolle et al.
`8/2003 Ortiz et al.
`10/2004 Rodwell et al.
`2/ 2005 Hodge
`6/2005 Mandalia et al. .......... .. 713/186
`
`705/44
`2007/0027807 Al* 2/2007 Bronstein
`379/188
`2/2007 Gainsboro
`2007/0041545 A1 *
`2007/0061590 A1 *
`3/2007 Boye et al. ................ .. 713/186
`2007/0121882 Al*
`5/2007 Timmins et a1. ..... .. 379/21801
`
`FOREIGN PATENT DOCUMENTS
`
`W0
`
`WO 00/28721
`
`5/2000
`
`OTHER PUBLICATIONS
`
`European Search Report dated Nov. 21, 2007.
`International Search Report and Written Opinion of the International
`Searching Authority for International Application No. PCT/US
`07/72551 dated Jan. 24, 2008.
`
`* cited by examiner
`Primary ExamineriEdWyn Labaze
`(74) Attorney, Agent, or FirmiSlater & Matsil, L.L.P.
`
`(57)
`
`ABSTRACT
`
`Systems and methods for verifying the identity of a person
`operating a device are shoWn. In some representative embodi
`ments, a method comprises authorizing a person to operate a
`device, continuously monitoring a biometric trait of a device
`operator, and using the monitored biometric trait of the device
`operator to verify, during operation of the device, Whether the
`device operator is the authorized person. In other representa
`tive embodiments, a system comprises a biometric sensor
`associated With a device, and a continuous biometric moni
`toring (CBM) module coupled to the biometric sensor. The
`CBM module may be adapted to continuously acquire a one
`biometric sample from the device operator during operation
`of the device.
`
`26 Claims, 3 Drawing Sheets
`
`'1/O0
`
`F ------- “"1 r ---------------- "1
`:
`BIOMETRIC ARRAY :
`:
`CBM MODULE
`:
`I
`l
`I
`l
`I 102_1\ SENSOR I
`I
`106 I
`'
`|
`PROCESSOR
`l
`i
`i
`|
`M
`| 102-2\
`I
`I
`'
`:
`SENSOR i
`i = 105
`:
`I
`Z
`'
`'
`:
`LOG
`:
`o
`:
`:
`|
`ETABASE
`:
`/ SENSOR :
`: ~
`107 :
`L1PZԤ_/T______1 L __________ __T\ _________ __J
`101
`103
`
`>
`
`BIOMETRIC
`DATABASE
`
`CBM
`APPLICATION
`
`GTL 1003
`PGR of U.S. Patent No. 8,855,280
`
`

`
`US. Patent
`
`Feb. 24, 2009
`
`Sheet 1 of3
`
`US 7,494,061 B2
`
`FIG. 1
`
`‘IOU
`/
`
`I‘ """""" ""1 r ----------------- '"l
`:
`BIOMETRICARRAY :
`:
`CBM MODULE
`:
`1 102-1\ SENSOR l
`l
`:
`P80223808
`: 102 2
`I
`I
`106 |
`l
`|
`|
`l
`:
`\ SENSOR i
`i : 105 _
`:
`
`|
`
`BIOMETRIC
`DATABASE
`
`>
`
`-
`
`l
`l
`o
`|
`l
`l
`l
`o
`l
`l
`|
`LOG
`|
`°
`|
`l
`107 :
`DATABASE
`: —
`SENSOR :
`:
`L1PZ§_/T______1 L __________ __T\ _________ __.l
`101
`103
`
`_ /
`
`FIG. 2
`101\ BIOMETRIC
`ARRAY
`
`200
`'/
`
`E
`
`203
`
`EXTERNAL
`
`CBM f103
`MODULE
`
`202
`/
`PHONE
`SWITCH
`
`204
`
`AUTHORITIES
`
`

`
`US. Patent
`
`Feb. 24, 2009
`
`Sheet 2 of3
`
`US 7,494,061 B2
`
`FIG. 3A
`
`30M
`
`FIG. 3B
`
`

`
`US. Patent
`
`Feb. 24, 2009
`
`Sheet 3 of3
`
`US 7,494,061 B2
`
`500
`FIG. 5 /
`
`501 \ INITIAL AUTHORIZATION
`
`V‘
`5O2\ PERFORM CONTINUOUS
`BIOMETRIC MONITORING -
`
`AUTHENTICATION
`FAILED?
`
`504 / TAKE ACTION
`
`FIG. 6
`600
`‘N
`
`606
`
`NETWORK
`< f612
`
`601
`\
`
`603
`\
`
`604
`\
`
`605
`/
`
`CPU
`
`RAM
`
`ROM
`
`I/O
`ADAPTER
`
`COMMUNICATIONS [611
`ADAPTER
`
`002 f
`
`608
`\
`‘I’: INTERFACE
`613
`ADAPTER
`
`_____ - -
`
`UsER
`
`607
`
`v
`
`gig/EL
`\
`609
`
`

`
`US 7,494,061 B2
`
`1
`SYSTEMS AND METHODS FOR IDENTITY
`VERIFICATION USING CONTINUOUS
`BIOMETRIC MONITORING
`
`RELATED APPLICATIONS
`
`The present application is related to co-pending and com
`monly assigned US. patent applications Ser. No. 10/217,149
`entitled “SYSTEM AND METHOD FOR CALL TREAT
`MENT;” Ser. No. 10/642,532 entitled “CENTRALIZED
`CALL PROCESSING;” Ser. No. 10/701,549 entitled “SYS
`TEMS AND METHODS FOR CROSS-HATCHING BIO
`METRICS WITH OTHER IDENTIFYING DATA;” and Ser.
`No. 11/334,522 entitled “SYSTEM AND METHOD FOR
`KEYWORD DETECTION IN A CONTROLLED ENVI
`RONMENT FACILITY USING A HYBRID APPLICA
`TION,” the disclosures of each of Which are hereby incorpo
`rated herein by reference in their entirety.
`
`TECHNICAL FIELD
`
`The present invention relates generally to identity veri?ca
`tion, and more particularly, to identity veri?cation using con
`tinuous biometric monitoring.
`
`BACKGROUND OF THE INVENTION
`
`Some telecommunication providers offer services to resi
`dents of controlled-environment facilities. Examples of con
`trolled-environment facilities include prisons, police depart
`ments, hospitals, hospices, dorms, and camps, among others.
`In order to control, monitor, or restrict telephone usage
`among its residents, a controlled-environment facility may
`employ a call processing system.
`In a typical call processing system, a personal identi?ca
`tion number (PIN) authorization mechanism may request that
`a resident provide a PIN before placing or receiving a call.
`After the resident enters his or her PIN, the system determines
`the resident’ s identity and decides Whether to alloW him or her
`to operate a telephone. The call processing system may then
`apply a set of calling restrictions or rules associated With that
`resident. For example, some restrictions may prevent the
`resident from calling speci?c non-resident parties. Alterna
`tively, other restrictions may only alloW the resident to call
`speci?c parties and/or may establish a maximum number of
`calls that can be made or received by that resident at that time.
`Yet other restrictions may include preventing the resident
`from initiating a three-Way call, taking part in a conference
`call, or the like.
`An alternative to PIN-based systems involves the use of
`biometrics. The term “biometrics” refers to technologies that
`measure and analyZe human characteristics for authentication
`purposes. A biometrics-based call processing system may
`acquire a resident’s biometric sample before alloWing the
`resident to place or receive a call. The system may use the
`biometric sample to determine the resident’s identity, and it
`may then grant access to a telephone While applying a set of
`rules or restrictions associated With the resident.
`The inventor hereof has discovered a number of problems
`With both PIN-based and biometric-based authorization
`mechanisms. Particularly, a problem unique to controlled
`environment facilities such as prisons is that inmates fre
`quently attempt to circumvent identity veri?cation proce
`dures. For example, inmates may share, trade, buy, and sell
`PINs, Which may then be used by any person in possession
`thereof. An inmate having another’s PIN may gain access to
`the system While avoiding particular call restrictions that
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`Would otherWise be applied to his or her calls. Moreover, an
`inmate may have his or her biometric feature scanned by a
`biometric authoriZation mechanism and, upon successful
`completion of this initial authentication procedure, he or she
`may hand the phone to another inmate Who actually conducts
`the call. Consequently, authorities seldom knoW With cer
`tainty Which inmate actually participated through the entire
`course of a phone call, despite the presence of a PIN and/or
`biometric identity veri?cation procedure.
`The inventor hereof has also identi?ed a need to monitor
`and record the identity of a person Who is actually participat
`ing in a telephone call, even if that person’s identity is not
`susceptible to veri?cation prior to, or during the ongoing call.
`For instance, When a crime suspect is arrested, he or she has
`the right to make a phone call. During this ?rst phone call, the
`suspect may call a friend or a co-conspirator to provide
`instructions regarding a crime in Which the suspect is
`involved. Accordingly, it Would be useful to laW enforcement
`agencies to have the ability to record the identity of that
`suspect While knoWing With certainty that it Was he or she Who
`actually conducted the entire telephone conversation, even
`though his or her identity may only be ultimately veri?ed or
`matched at a later time.
`
`BRIEF SUMMARY OF THE INVENTION
`
`Aspects of the present invention are directed generally to
`identity veri?cation using biometric monitoring. In certain
`embodiments, the identity of a device operator may be veri
`?ed through the continuous monitoring of at least one of his or
`her biometric traits. Therefore, even after the successful
`completion of an initial authentication procedure by Which
`the device operator gains access to a device, embodiments of
`the present invention may continuously verify the operator’ s
`identity during operation of the device. The term “continu
`ously,” as used herein, means “constantly” or “reoccurring in
`rapid succession.” As such, a record may be created Which
`contains the biometric traits and/ or the identity of all persons
`Who have operated the device since the original authentica
`tion procedure. In addition, Where there may be a need to
`control or otherWise restrict usage of a device according to
`access rules associated With a device operator, the present
`invention may alloW these rules to be updated as a function of
`Which operator is actually using the device.
`Certain embodiments of the present invention are particu
`larly Well suited for use in the monitoring of telephone calls
`betWeen residents and non-residents of controlled-environ
`ment facilities. Controlled-environment facilities include
`correctional facilities (e.g., municipal jails, county jails, state
`prisons, federal prisons, military stockades, juvenile facili
`ties, detention camps, and home incarceration environments),
`healthcare facilities (e.g., hospitals, nursing homes, mental
`health facilities, and rehabilitation facilities, such as drug and
`alcohol rehabilitation facilities), restricted living quarters
`(e.g., hotels, resorts, camps, dormitories, and barracks), and
`the like. Certain controlled-environment facilities may be
`thought of as a small community or city, perhaps Walled or
`otherWise access restricted, Wherein various activities occur
`Within the community and betWeen the community and those
`outside the community in the daily operation thereof. Such a
`community may include a number of individuals and enter
`prises directly associated thereWith, including management,
`staff, and inmates, residents, patients, or guests (herein
`referred to as “residents”), and a number of individuals and
`enterprises indirectly associated thereWith, including friends
`
`

`
`US 7,494,061 B2
`
`3
`and family of residents, vendors, government agencies, pro
`viders of services to residents, and individuals connections to
`the facility or its residents.
`In one exemplary, non-limiting embodiment, a method
`may comprise determining the identity of a party to a tele
`phone call by continuously monitoring a biometric feature of
`that party While the telephone call is in progress. If authenti
`cation fails While the call is ongoing, appropriate action may
`be taken. For instance, the call may be terminated, a Warning
`may be issued, the call may be recorded, authorities may be
`alloWed to listen in, etc. In another exemplary, non-limiting
`embodiment, a system may comprise a biometric sensor that
`is built into a telephone handset or otherWise placed near the
`telephone at a location Where it is accessible to persons oper
`ating the telephone. The biometric sensor may take biometric
`readings of telephone users continuously, at selected time
`intervals, or upon the occurrence of a speci?c event, such as,
`for instance, a change in voice tone or print, the presence of a
`keyWord or sound in the conversation, the expiration of a time
`limit, or the like. In addition, the system may comprise a
`database for verifying the biometric traits or the identity of
`persons Who have used the telephone, and for storing a call
`record or a telephone conversation. Hence, an investigator
`may later retrieve those records and determine the identities
`of one or more of the parties that actually participated in the
`call and/or of one or more parties that participated in the call
`at particular times during the call.
`The present invention has numerous advantages. For
`example, Whereas prior art PIN and biometric authentication
`mechanisms only verify the identity of persons attempting to
`gain access to a device, the present invention may verify the
`identity of persons Who have actually operated the device. For
`instance, if a person uses another’s PIN to place a telephone
`call, the present invention may detect, via continuous biomet
`ric monitoring, that the PIN or biometric sample used to
`obtain access to the telephone does not belong to the person
`actually participating in the call. Moreover, if a person suc
`cessfully completes an initial authentication procedure and
`subsequently hands off the phone to another person While the
`call is ongoing, the present invention may also detect that
`change and take appropriate action.
`The foregoing has outlined rather broadly the features and
`technical advantages of the present invention in order that the
`detailed description of the invention that folloWs may be
`better understood. Additional features and advantages of the
`invention Will be described hereinafter Which form the sub
`ject of the claims of the invention. It should be appreciated by
`those skilled in the art that the conception and speci?c
`embodiment disclosed may be readily utiliZed as a basis for
`modifying or designing other structures for carrying out the
`same purposes of the present invention. It should also be
`realiZed by those skilled in the art that such equivalent con
`structions do not depart from the spirit and scope of the
`invention as set forth in the appended claims. The novel
`features Which are believed to be characteristic of the inven
`tion, both as to its organiZation and method of operation,
`together With further objects and advantages Will be better
`understood from the folloWing description When considered
`in connection With the accompanying ?gures. It is to be
`expressly understood, hoWever, that each of the ?gures is
`
`20
`
`25
`
`30
`
`40
`
`45
`
`50
`
`60
`
`65
`
`4
`provided for the purpose of illustration and description only
`and is not intended as a de?nition of the limits of the present
`invention.
`
`BRIEF DESCRIPTION OF THE DRAWING
`
`For a more complete understanding of the present inven
`tion, reference is noW made to the folloWing descriptions
`taken in conjunction With the accompanying draWings, in
`Which:
`FIG. 1 is a high-level block diagram illustrating one
`embodiment of the present invention;
`FIG. 2 is a high-level block diagram illustrating a system
`Which is adapted for use according to one embodiment of the
`present invention;
`FIGS. 3A-3C shoW biometric telephone handsets used in
`certain embodiments of the present invention;
`FIGS. 4A and 4B shoW biometric computer mice used in
`other embodiments of the present invention;
`FIG. 5 is a ?owchart illustrating steps that may be per
`formed during operation of certain embodiments of the
`present invention; and
`FIG. 6 depicts a block diagram of a computer system
`adapted for use according to embodiments of the present
`invention.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`FIG. 1 is a high-level block diagram of Continuous Bio
`metric Monitoring (CBM) system 100, according to an exem
`plary embodiment of the present invention. Biometric array
`101 may have one or more biometric sensors (or scanners)
`102-1, 102-2, .
`.
`. , 102-N (collectively “sensors 102”). Each
`of sensors 102 may be adapted to scan, for example: a physi
`cal biometric trait such as a ?ngerprint, thumbprint, or hand
`geometry; an aural biometric trait such as a voice or sound; or
`a visual biometric trait such as a retina, iris, or face. Sensors
`102 may be any biometric sensor or scanner noW existing or
`yet to be developed. Sensors 102 are connected to processor
`104 of CBM module 103. Processor 104 is operable to
`execute CBM application 105. Processor 102 is also con
`nected to biometric records database 106 and activity log
`database 107. According to certain embodiments of the
`present invention, any one or more of biometric array 101,
`processor 104, biometric records database 106, and activity
`log database 107 may be disposed Within a call processing
`system. According to other embodiments, any one or more of
`these elements may be located at a user terminal (e.g., a
`telephone). Additionally or alternatively, any one or more of
`these elements may be remotely located With respect to the
`other components of CBS system 100.
`In one exemplary embodiment, a user may attempt to oper
`ate a device (not shoWn) that is associated With biometric
`array 101. Biometric array 101 may be mounted on or built
`into the device, and at least one sensor 102 of biometric array
`101 may continuously acquire at least one biometric sample
`from the operator While he or she operates the device. Accord
`ing to certain aspects of this exemplary embodiment, the
`“continuous monitoring” performed by CBS system 100 may
`be such that the interval of time betWeen the acquisition of
`successive biometric samples from the operator is small com
`pared to times typically required by actions performed by the
`operator during normal device operation. Further, it should be
`noted that continuous biometric reading may take place
`regardless of and/or in addition to an initially successful
`authentication procedure.
`
`

`
`US 7,494,061 B2
`
`5
`Biometric readings are communicated to processor 104,
`Which executes instructions contained in CBM application
`105. Processor 104 then compares biometric samples
`acquired by array 101 With biometric records or ?les stored in
`biometric records database 106. If the user’s identity changes
`While the device is being operated, processor 104 may take
`appropriate action. For example, under the direction of
`instructions contained in CBM application 105, processor
`104 may block access to the device by the unauthorized user.
`Alternatively, processor 104 may play an announcement to
`the parties involved in the operation of the device, place
`restrictions or otherWise limit functionality available to the
`current device operator, alert the authorities in charge of
`supervising operation of the device, and/or monitor or alter
`parameters related to the device’s operation (e.g., increase
`sensitivity of 3-Way call detection, increase level of Web
`content ?lter, etc.), among others.
`Processor 104 may record usage and other information in
`activity log database 107, including Which operations Were
`performed, the begin and end times of each operation, the
`biometric traits of the operator, the identity of the operator, as
`Well as particular characteristics of the operation (e.g., tele
`phone number dialed, a Website visited, etc.), among others.
`This information may later be used, for example, as evidence
`to prove Which persons actually participated in the operation
`of the device. Furthermore, in some situations, processor 104
`may also record the operation itself in activity log database
`107. For example, Where the device is telephone, the tele
`phone conversation may be stored in database 107 along With
`the associated usage information.
`As a person of ordinary skill in the art Will readily recog
`nize in light of the present disclosure, system 100 may be
`employed in a Wide variety of situations. Nonetheless, system
`100 is particularly Well suited for use in the monitoring of
`inmates’ phone calls made to or from a prison. As previously
`noted, the unique problem involved in the monitoring of a
`prison’s telephone system is that inmates constantly attempt
`to circumvent authentication procedures. For example, an
`inmate having another’s PIN may gain access to the telephone
`system While avoiding particular call restrictions that Would
`otherWise be applied to his or her calls. Moreover, an inmate
`may have his or her biometric feature scanned by the biomet
`ric authorization mechanism and then hand the phone off to
`another inmate Who actually conducts the call. The inventor
`hereof has discovered that a solution to the aforementioned
`problem includes verifying the inmate’s identity using con
`tinuous biometric monitoring as disclosed herein.
`In one embodiment of the present invention, While at least
`one sensor (e.g., 102-1) continuously monitors a ?rst biomet
`ric trait of the user, at least one other sensor (e.g., 102-2)
`monitors a second biometric trait of that user at selected time
`intervals, periodically, and/or upon the occurrence of a spe
`ci?c event, such as, for example, change in voice tone or print,
`detection of a keyWord in the conversation, expiration of a
`time limit, etc. For instance, sensor 102-1 may continuously
`acquire a voice print from the user during a telephone con
`versation. If the voice print changes during the call, sensor
`102-2 may scan the user’s ?ngerprint in order to con?rm the
`user’ s identity.
`FIG. 2 is a high-level block diagram of system 200 that is
`adapted for use according to an exemplary embodiment of the
`present invention. Inmate phone 201 (i.e., device) may be
`coupled to biometric array 101. Alternatively, biometric array
`101 may be placed in proximity to inmate phone 201, so that
`a biometric trait of an inmate placing or receiving a phone call
`(i.e., device operator) from inmate phone 201 may be con
`tinuously monitored by at least one sensor of biometric array
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`101 during normal operation of inmate phone 201. Other
`biometric sensors of biometric array 101 may also take other
`biometric readings from the inmate at selected time intervals
`or upon the occurrence of a speci?c event. In one embodi
`ment, at least one biometric sensor of biometric array 101
`may be disposed to passively interface With the inmate so that
`the inmate does not have to perform any special action(s) for
`the sensor to acquire biometric samples from him or her. In
`another embodiment, system 200 may change the Way it
`acquires biometric samples during a call. For example, sys
`tem 200 may vary the Way it acquires samples or the time
`intervals at Which biometric readings are taken. Alternatively
`or additionally, system 200 may alternate Which sensors of
`biometric array 101 perform biometric readings at any time.
`As such, system 200 may make it dif?cult or impossible for
`inmates to learn hoW to circumvent its monitoring.
`Biometric array 101 is connected to CBM module 103,
`Which may verify the inmate’s identity. In one embodiment,
`biometric array 101 communicates With CBM module 103
`via the phone line used by inmate phone 210. Biometric array
`101 may also connected to CBM module 103 by dedicated
`Wires, Wirelessly (e.g., IEEE 802.11), or via a computer net
`Work. In other embodiments, CBM module 103 (or some
`portion thereof) may be embedded Within inmate phone 210.
`Communications betWeen inmate phone 201 and external
`phone 203 may travel through telephone sWitch 202, such as
`may comprise part of a service provider’s call processing
`system or may be part of the Public SWitched Telephone
`Network (PSTN), and Which is connected to CBM module
`103.
`CBM module 103 may take action as speci?ed by CBM
`application 1 05 depending upon Whether identity veri?cation
`is successful With respect to a call in progress. For example,
`CBM module 103 may control sWitch 202 in order to discon
`nect an ongoing call being conducted by an inmate other than
`the inmate initially authorized to participate in the call. CBM
`module 103 may also control sWitch 202 to tap into a phone
`call in order to alloW authorities 204 to listen to an unautho
`rized ongoing conversation.
`In one embodiment, an inmate enters a PIN number into
`inmate phone 201 to obtain initial identity veri?cation in
`order to place or receive a call. In another embodiment, an
`inmate’s Radio Frequency Identi?cation (RFID) tag or brace
`let is detected by an RFID reader (not shoWn) connected to
`CBM module 103 for granting initial access to inmate phone
`201. Alternatively, the inmate engages biometric array 101 to
`perform an initial authentication procedure. Even after the
`inmate’s identity has been veri?ed, biometric array 101 may
`continue to monitor one or more of the inmate’s biometric
`features. For example, one sensor of biometric array 101 may
`take biometric samples continuously While another sensor
`may take other biometric samples at selected time intervals,
`and/or upon the occurrence of a speci?c event, such as, for
`example, change in voice tone or print, presence of a keyWord
`in the conversation, or the expiration of a time limit. In one
`embodiment, the conversation is continuously monitored for
`a change in voice print. Upon detection of change in voice
`print, system 200 may con?rm the identity of the inmate
`currently the phone by taking another type of biometric
`sample from the inmate. Exemplary systems and methods for
`cross-hatching biometrics Which may be used in conjunctions
`With system 200 are described in the above-referenced US.
`patent application entitled “SYSTEMS AND METHODS
`FOR CROSS-HATCHING BIOMETRICS WITH OTHER
`IDENTIFYING DATA.” By using biometric cross-hatching,
`system 200 may increase the con?dence level that the same
`inmate Who Was initially authorized to make or receive the
`
`

`
`US 7,494,061 B2
`
`7
`call is the one actually conducting the conversation. In addi
`tion, system 200 may be used to monitor and record unlawful
`or undesirable activities in a call log database. And, as a
`person of ordinary skill in the art Will readily recognize in
`light of this disclosure, system 200 may be used in a Wide
`variety of environments Where it may be necessary to deter
`mine the identity of a person Who is actually operating a
`device.
`FIGS. 3A-3C are diagrams of biometric telephone hand
`sets 301-A, 301-B, and 301-C (collectively “handsets 301”),
`Which may be used in certain embodiments of the present
`invention. For example, biometric telephone handsets 301
`may comprise biometric array 101 shoWn in the embodiment
`depicted in FIG. 2. In one embodiment, biometric handsets
`301 may each include at least one biometric sensor 302-A,
`302-B, and 302-C (collectively “sensors 302”), respectively
`disposed thereon. For example, sensors 302-A and 302-B
`may be adapted to scan thumbprints, Whereas sensor 302-C
`may be adapted to scan one or more ?ngerprints. In alterna
`tive embodiments, sensor 302-C may be placed on the oppo
`site surface of handset 301-C, and may be adapted to scan a
`hand feature. Moreover, more than one sensor 302 may be
`built into or coupled to a single handset 301.
`Referring back to FIG. 1, system 100 need not be restricted
`to traditional telephone applications, but it may also be used,
`for example, in Voice over Internet Protocol (VoIP) applica
`tions. For example, a user may operate a computer system in
`order to make or receive a VoIP call. In this case, biometric
`array 101 may be placed, for instance, on a mouse or key
`board connected to the computer system.
`FIGS. 4A and 4B are diagram of biometric computer mice
`401-A and 401 -B (collectively “mice 401”), Which may be
`used in certain embodiments of the present invention. For
`example, biometric mice 401 may be used as biometric array
`1 01 shoWn in the embodiment depicted in FIG. 2 and attached
`to a computer system (device), Where the computer system
`may perform at least some of the functions of system 100. In
`one embodiment, biometric computer mice 401 may each
`include at least one biometric sensor 402-A and 402-B (col
`lectively “sensors 402”) disposed thereon. For example, sen
`sor 402-A may be adapted to scan a thumbprint, Whereas
`sensor 402-B may be adapted to scan a ?ngerprint. In an
`alternative embodiment, sensor 402-C may be placed on the
`top surface of mice 401 and may be adapted to scan a hand
`feature. Also, more than one sensor 402 may be used on a
`mouse 401.
`In one embodiment, the computer system may be acces
`sible in a restricted manner. In another embodiment, access to
`a computer program residing in the computer system, or a
`particular feature of the computer program, may be restricted
`to authorized users. In yet another embodiment, a Website
`may be accessible in a restricted manner. For example, upon
`receiving a request for access, a restricted Website may send
`or activate an authentication program Within the computer
`system. The authentication program may contain instructions
`for performing continuous biometric monitoring While users
`visit the Website.
`In one embodiment, a user enters a passWord or a combi
`nation of usemame and passWord in order to make or receive
`a VoIP call and/or to gain access to a computer system, pro
`gram, or Website. Alternatively, the user may provide a bio
`metric sample for initial identity veri?cation via mouse 401.
`After the user has been granted access, mouse 401 may con
`tinuously take biometric samples from the user in order to
`verify the identity of the user While the VoIP call is in progress
`or While the computer system, program, or Website is being
`accessed. The computer system compares biometric samples
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`acquired by mouse 401 With biometric records or ?les stored
`in the computer. If the user’s identify veri?cation fails While
`he or she is conducting the VoIP call or accessing the com
`puter, program, or Website, processor 104 may take appropri
`ate action. As such, the computer system may guarantee that
`the same user Who Was initially authorized to use the system,
`program, or Website is the one actually using it. In addition,
`the computer system may be used to monitor and record the
`user’s activities.
`FIG. 5 is a ?owchart illustrating steps that may be per
`formed in carrying out functions of described embodiments
`of the present invention, for example, as shoWn in FIG. 2. In
`step 501, an inmate may use a telephone to start an initial
`authentication procedure, for example, by inputting a PIN or
`by having an RFID device scanned by an RFID reader. Alter
`natively, the inmate may initiate the authentication procedure
`by having a biometric trait acquired by a biometric sensor.
`After successful completion of initial authentication step 501,
`biometric samples may continuously be monitored in step
`503. Other biometric samples may also be monitored at
`selected time intervals and/or upon the occurrence of a spe
`ci?c event, such as, for instance, a change in voice tone or
`print, the presence of a keyWord in the conversation, and the
`expiration of a time limit.
`Still in step 503, a match is sought for biometric samples
`acquired and a determination is made of Whether the identity
`of the inmate currently participating in the ongoing telephone
`call matches the identity of the inmate originally authorized
`to place or receive the call. If the continuous authentication of
`steps 502 and 503 fails, appropriate action may be taken in
`step 504. For example, the ongoing call may be disconnected,
`a Warning may be issued to the inmate or a third party, the call
`may be recorded, and/ or authorities may be requested to listen
`to the conversation. Others actions may include recording
`usage parameters, including the called or calling number, the
`begin and end times of the call, the biometric traits of the
`inmate Who initially authenticated the call along With her
`identity, the biometric traits of the inmate Who actually par
`ticipated in the call along With her identity, and/ or a recording
`of the conversation.
`FIG. 6 illustrates computer system 600 adapted to use
`embodiments of the present invention, e. g., storing and/or
`executing softWare associated With embodiments described
`herein. Particularly, computer system 600 may be adapted to
`be used as CBM module 103, depicted in FIGS. 1 and 2.
`Central processing unit (CPU) 601 is