Described are various embodiments of a user activity-related monitoring system and method, and a user access authorization system and method employing same. In one embodiment, a system is provided for authenticating a user authorised to perform a designated activity in a designated environment. The system comprises a wireless digital user authentication device (UAD) operable to: wirelessly establish an authenticated access session at an access point within the designated environment for performing the designated activity; and acquire activity-related data during performance of the designated activity. The system further comprises a digital application operatively associated with the wireless digital UAD and operable to: digitally compare and evaluate compliance of the activity-related data with a digital authenticated activity template within a designated tolerance.
Described are various embodiments of a system for monitoring a physical user presence. In one embodiment, the system comprises a wireless digital user authentication device (UAD) operable to: wirelessly establish the authenticated user access session at the access point; periodically communicate an authenticated presence code during the session so to actively maintain the session; and acquire motion-related data during the session so to capture a UAD departure motion representative of the user departing from the access point; and a digital application operatively associated with the access point and operable to: wirelessly establish the session with the UAD upon arrival at the access point; and periodically receive said authenticated presence code so to maintain the session, and otherwise terminate the session upon failure to timely receive the authenticated presence code.
G07C 9/28 - Enregistrement de l’entrée ou de la sortie d'une entité isolée comportant l’utilisation d’un laissez-passer le laissez-passer permettant le repérage ou signalant la présence
G07C 9/29 - Enregistrement de l’entrée ou de la sortie d'une entité isolée comportant l’utilisation d’un laissez-passer le laissez-passer comportant des éléments électroniques actifs, p.ex. des cartes à puce
A61B 5/0295 - Mesure du débit sanguin utilisant la pléthysmographie, c. à d. par mesure des variations du volume d'une partie du corps induites par la circulation du sang qui traverse cette partie, p.ex. pléthysmographie par impédance
3.
LIVE USER AUTHENTICATION DEVICE, SYSTEM AND METHOD AND FRAUD OR COLLUSION PREVENTION USING SAME
Described are various embodiments of a digital user authentication device, the device comprising: a user authentication interface operable to receive as input unique user identification data required to execute a digital user authentication process; a distinct physiological sensor operable to interface with the user to acquire a physiological signal from the user to automatically confirm a live user presence during said authentication process; and a digital data processor and computer-readable memory operable to execute computer-readable instructions to invoke said user authentication process based on said unique user identification data while confirming said live user presence based on said physiological signal such that a successful user authentication is only concluded upon confirmation of said live user presence during said authentication process. Various authentication, access authorization and revocation systems and processes are also described.
H04W 12/33 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles utilisant des dispositifs portables, p.ex. utilisant une montre intelligente ou des lunettes intelligentes
4.
CRYPTOGRAPHIC PROCESS FOR PORTABLE DEVICES, AND USER PRESENCE AND/OR ACCESS AUTHORIZATION SYSTEM AND METHOD EMPLOYING SAME
Described are various embodiments of a cryptographic process for portable devices, and user presence and/or access authorization systems and methods employing such protocols. In one embodiment, a digital user authentication system is described to comprise a wireless digital user authentication device (UAD) operable to authenticate the user and wirelessly communicate an authenticated identity thereof; and a network application operatively associated with a wireless access point and operable to authenticate the user presence. Upon the network application authenticating the user presence based, at least in part, on the authenticated identity, the UAD and the network application securely establish a short-term symmetric advertising (STSA) key. During a prescribed advertising lifetime of the STSA, the UAD periodically computes and advertises authentication codes encompassing the STSA key so to securely advertise the authenticated user presence.
Described are various embodiments of a digital user authentication device, the device comprising: a user authentication interface operable to receive as input unique user identification data required to execute a digital user authentication process; a distinct physiological sensor operable to interface with the user to acquire a physiological signal from the user to automatically confirm a live user presence during said authentication process; and a digital data processor and computer-readable memory operable to execute computer-readable instructions to invoke said user authentication process based on said unique user identification data while confirming said live user presence based on said physiological signal such that a successful user authentication is only concluded upon confirmation of said live user presence during said authentication process. Various authentication, access authorization and revocation systems and processes are also described.
H04W 12/082 - Sécurité d'accès utilisant la révocation d’autorisation
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.
H04W 48/10 - Distribution d'informations relatives aux restrictions d'accès ou aux accès, p.ex. distribution de données d'exploration utilisant des informations radiodiffusées
Embodiments are directed towards communicating using a mobile device, wherein the mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.
Embodiments are directed towards authenticating users using biometric devices. The biometric device may be arranged to capture one or more biometric feature of a user that may be wearing the biometric device such as biometric features that correspond to an electrocardiogram of the user. The user of the biometric device may be authenticated based on one or more biometric features, or a combination thereof. Authenticating the user of the biometric device, may include communicating information that includes biometric features to an authorized authentication device (AAD). When the user is authenticated, the biometric device may be preauthorized for the user. When the preauthorized biometric device senses at least one access point, an authorization signal may be provided to the access point. If the preauthorized biometric device is removed from the user, the biometric device is deauthorized, disabling access to access points by the user.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
9.
SYSTEM AND METHOD FOR ENABLING CONTINUOUS OR INSTANTANEOUS IDENTITY RECOGNITION BASED ON PHYSIOLOGICAL BIOMETRIC SIGNALS
The present invention is a biometric security system and method operable to authenticate one or more individuals using physiological signals. The method and system may comprise one of the following modes: instantaneous identity recognition (MR); or continuous identity recognition (CIR). The present invention may include a methodology and framework for biometric recognition using physiological signals and may utilize a machine learning utility. The machine learning utility may be presented and adapted to the needs of different application environments which constitute different application frameworks. The present invention may further incorporate a method and system for continuous authentication using physiological signals and a means of estimating relevant parameters.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée