The present invention generally relates to the fields of machine-to-machine communications and biometrics, and more specifically, to methods and apparatus for processing information from sensors and humans, and applications thereof.
During the past several decades, the field of electronic communications has evolved rapidly. With the advent of the Arpanet, later the Internet, basic electronic messaging applications based on Internet Protocol, such as email and telnet, became widely available to anyone with a computer and a modem. Interpersonal and commerce-oriented communications and applications, most notably hypertext-based browsers utilizing the World Wide Web, rapidly accelerated, thanks to expansion of infrastructure and the advent of higher level applications.
E-Commerce applications developed to enable users to conduct purchases and financial transactions remotely based on personal authentication methods. Authenticating a person involves verifying that the person actually is whom he or she purports to be. In e-commerce applications, the identity of a user should be remotely verified before completing a transaction. One system that has evolved to support this is the Public Key Infrastructure, or PKI. PKI comprises methods, technologies and techniques that together provide a secure infrastructure. PKI uses a public and private key pair for authentication. No one should be able to access another's private key, so access to private keys is generally protected with a password of the owner's choice. PKI's main problem is the management of private keys. They need to be stored somewhere like a PC, a server, or smart card, etc. and be protected with a password. Accessing a private key requires knowledge of the password, not being the right person, so the PKI method is vulnerable to attacks by hackers. A description of this can be found in Shahriar Mohammadi and Sanaz Abedi, ECC-Based Biometric Signature: A New Approach in Electronic Banking Security, International Symposium on Electronic Commerce and Security, 2008.
The “next wave” accommodates electronic communications between humans and machines as well as among machines themselves, and is often referred to as “man-to-machine” and “machine-to-machine,” both abbreviated “M2M.” Man-to-machine applications range from basic security access using wireless key FOBs to ever-expanding applications based on Smart Phones and other personal digital appliances. In a typical scenario, machine-to-machine communication uses a device such as a sensor or observation device to capture information or an event, such as temperature, status information, etc., which is transmitted through a network (e.g., wireless, wired or hybrid) to inform an application such as a software program. The application translates the captured event into some type of meaningful information or instruction, for example, that temperature needs to be increased or items need to be restocked. This is accomplished through the use of a language that the machines use to intercommunicate. It is estimated that the potential exists for intercommunication among 50 billion machines, a number outstripping global human population by nearly an order of magnitude. A description of this can be found in “M2M: The Internet of 50 Billion Devices”, WinWin Magazine, January 2010.
Modern M2M communication has evolved to enable networks to carry data between machines and personal appliances. The expansion of wireless networks worldwide has expedited this and has lessened the amount of power and time required. These factors enable new applications and connections between humans and machines. Examples range from building environmental control to applications supporting the evolving Smart Grid. A description of this can be found in “How Machine-to-Machine Communication Works,” HowStuffWorks.com, and in “When Machines Speak,” InfoWorld.
While the field of M2M communications promises exciting new prospects, it simultaneously presents a number of challenges. A vast array of legacy protocols and standards must be supported, encompassing wired and wireless techniques as well as a broad array of networking practices. Large-scale M2M systems might comprise thousands of sensors and other devices, each having unique protocols and other requirements, and each producing substantial amounts of data. Traditionally, such sensors have been physically and electrically disparate, such that individual sensors need to be separately mounted and electrically connected. Information communication to and from such sensors may be simplified by using wireless transmission and networking technology, which can be especially attractive in legacy scenarios. Nonetheless, as the number of sensors in a given installation increases, the tasks of managing their operation and data output can become prohibitively complex. Furthermore, modern sensors may be amenable to control, for example, receiving commands to vary their sensitivity, orientation and other characteristics. Thus, there is thus a need for techniques that can efficiently manage the complexity of M2M systems, both in terms of information processing and control.
M2M functionality is an aspect of modern energy and building management systems (BMSs).1 BMSs are most commonly applied in large buildings. Among other tasks, BMSs manage the internal environment and may control lighting, temperature, carbon dioxide levels and humidity. Most BMSs control heating, cooling and air flow throughout the building and maintain desired room temperatures. BMSs sometime also monitor the level of human-generated CO2, mixing outside air with internal waste air to increase oxygen level while minimizing hot or cold air loss. BMSs may link to access control or other security systems such as fire alarm systems and elevators. For example, if a fire is detected then the system could close ventilation dampers to stop smoke from spreading and send all elevators to the ground floor to prevent people from using them. 1 http://en.wikipedia.org/wild/Building_management_system
Systems linked to a BMS typically represent 40% of a building's energy usage; if lighting is included, this number approaches 70%. BMSs are critical to managing large building energy usage. Poorly configured BMSs are believed to account for 20% of building energy usage, or approximately 8% of total energy usage in the United States, clearly a substantial amount.2 There is thus a need for improved BMS technology that will increase effectiveness and reduce loss. 2 ibid
Meanwhile, the field of biometrics has experienced significant growth. Biometrics comprises methods for uniquely recognizing or accommodating humans based upon intrinsic physical or behavioral traits, such as fingerprint or retina patterns or cardiac-derived signatures. A biometric is a “measurable physiological and/or behavioral trait that can be captured and subsequently compared with another instance at the time of verification.” Biometrics can be used to authenticate and identify an individual by processing his/her biometric information. A biometric identifier derives from “something the user is,” and can be created from fingerprints, retina or iris scans, hand geometry, voice patterns, vein patterns or any other such technologies. Biometric data can be collected by a sensor device, and a reference signature can be generated therefrom and stored in a database. For each attempted identification, a corresponding biometric sample is collected from the individual and a new signature is created. This signature is then compared with the reference signature and a decision made to accept or reject the claimed identity based on a comparison threshold. A description of this can be found in Anoop Miss., “Elliptic Curve Cryptography, An implementation Tutorial,” Tata Elxsi Ltd, Thiruvananthapuram, India; and in V. Zorkadis, P. Donos, “On biometrics-based authentication and identification from a privacy protection perspective: Deriving privacy-enhancing requirements,” Information Management & Computer Security, Vol. 12 No. 1, 2004, pp. 125-137.
It is known that the human heart bears a signature that is unique to the individual. Such a “heart signature” can be captured using a variety of techniques, such as electrocardiogram (ECG), echocardiogram (ultrasound-based), Doppler RADAR, laser Doppler vibrometry and other means. Wireless cardiac biometric identification is considered advantageous compared to other biometric methods in that identity can be determined without physically invasive measures or even cooperation by the subject. A description of identity determined via ECG can be found in Irvine, et al., “eigenPulse: Robust Human Identification from Cardiovascular Function,” Pattern Recognition, Vol. 41, 2008, pp 3427-3435.
The convergence of M2M and biometrics promises a wealth of new or improved applications. Security and e-Commerce applications can benefit from the ability to determine or authenticate a person's identity without the need for personal passwords, PIN codes, FOBs etc. that can be forgotten, lost, stolen or otherwise compromised. Energy management systems can benefit from knowledge of the identity of human inhabitants and of their personal preferences. For example, if a particular occupant of an office building desires unique heating, cooling, lighting conditions etc, those needs can potentially be better accommodated while eliminating unneeded lighting, heating etc.
While straightforward in principle, practical biometric-based identification and security systems can be compromised by a number of factors. For example, age, emotional state, fatigue and so forth can alter some aspects of cardiac-based signatures. Security measures that rely on fingerprints, retina scans and the like can be spoofed by applying surreptitiously obtained counterfeit signatures.
From the above, there is a need for improved methods, apparatus and applications that will further the evolution of M2M and biometric identification systems and techniques, and that furthermore will gracefully and effectively enable their convergence.
The present invention includes technologies, algorithms and applications that relate to M2M communications and biometric sensing, authentication and identification. Applications include secure physical access and E-commerce applications that build upon authentication methods to enable secure transactions such as purchases, financial transactions and so on. Energy management for buildings also makes use of biometric identification as well as M2M communication.
A person may be “scanned,” that is, illuminated with electromagnetic energy, such as microwave or other radio frequency electromagnetic energy, and a reflected version of such energy processed. The reflected energy bears a phase modulation relative to the incident energy based on motion of some portion of the person's anatomy, typically of the chest or back, such as results from cardiac and/or pulmonary motion. Data sequences are produced based on such modulation, and authentication tokens are generated in turn from the data sequences. A first “embedded” authentication token may be generated by a trusted authority to serve as a master, or reference token, and this embedded token may be stored in a network or database. When the person wishes to conduct a transaction or gain physical access, a subsequent “authentication token” is generated and compared to the embedded token. If a match occurs, the person is authenticated, that is, declared to be whom he or she purports to be, and the transaction or access is allowed. The tokens may be generated by encrypting the data sequence also may be stored within or transmitted over a network.
Such techniques may similarly serve to identify a person by, for example, comparing a person's authentication token with a plurality of embedded tokens corresponding to a plurality of persons. If a match is found between the authentication token and a particular embedded token, the person is identified, that is, declared to be the person to whom the matching embedded token belongs.
Such techniques may be used exclusively or combined with legacy biometric techniques. For example, a person may be authenticated based on a combination of sensing chest motion and fingerprint pattern. Other biometrics may be similarly combined, such as, for example, electrocardiogram, laser Doppler vibrometry, retina scan, facial feature and so on. Persons skilled in the art will appreciate that many such combinations are possible.
Mobile, eCommerce and other online transactions may be enhanced using the above techniques. For example, a person may be scanned by a trusted authority such as a bank or other financial institution, a passport authority, driver license bureau and so on to generate an embedded token as discussed above. When the person wishes to conduct a transaction from an appliance such as an automated teller machine, a smartphone, a computer laptop or tablet and so on, the appliance can scan the individual to produce an authentication token. The authentication token can then be compared with the embedded token. If the tokens match, the person is authenticated, and the transaction is enabled.
These operations may involve other types of appliances such as credit/debit cards, passports and so on. Each such appliance, if used, can store an additional pre-generated embedded authentication token which may also be compared to the locally-generated/real-time authentication token. A personal digital appliance such as a smartphone can perform a real-time scan to create the local authentication token. The techniques discussed above can function in the context of a variety of network and device architectures as will be described below.
According to one embodiment, an algorithm/system for biometric identification comprises an analysis network such as an artificial neural network (NN) or other adaptive network. The analysis network trains or adapts on stored or realtime biometric data sequences derived from biometric sensors of any type. After the adaptive network substantially convergences, functional datasets that capture the converged parameters of the adaptive network, such as tap weights etc., are stored in a functional dataset library. This library may be populated with multiple functional datasets corresponding to multiple biometric capture methods. After this library has been created, functional datasets can be applied to a fixed network for subsequently generating biometric signatures from newly conducted biometric scans.
Data fusion techniques that support the above and other applications comprise functions such as data formatting, combining, abstracting, decimating, resampling, estimating etc. Such techniques can advantageously manage the voluminous data produced from sensors within large-scale systems such as may be found in industrial or military applications. The methods and algorithms disclosed are capable of functioning on dedicated implementations or on a general purpose computer.
The above applications and algorithms in turn build upon a sensor technology foundation. Of particular interest are biometric sensors, especially Doppler radar-based “heart signature” sensors that are particularly sensitive to cardiac activity. Such a sensor can be employed to generate a “radar seismocardiogram,” or R—SCG, resulting from motion of the heart or motion of the chest or back resulting from cardiac activity. Radio waves are reflected and received from a person's heart or chest or back surface. Doppler modulation results from cardiac and pulmonary activity directly or from resultant chest displacement. The Doppler modulation is sensed and processed to provide a cardiac signature that is unique to the individual.
The above methodology offers a number of significant advantages for the applications discussed. A person may be authenticated based on his or her unique biometric characteristics, and thus risk of compromise based on lost or stolen passwords or PINs is eliminated. Biometric scanning can be accomplished either by infrastructure equipment or by a personal digital appliance such as a mentioned above and equipped with a biometric scanning device. Other applications resident on the personal digital appliance can securely process the requisite transactions. The user's identity is kept secure, and thus transaction security is improved. If a card, personal digital appliance, identification number, digital certificate etc. is corrupted, lost or stolen, the likelihood of compromise of critical personal information is reduced or eliminated, since the person must be present at the time of the transaction and must bear his or her unique biometric signature.
Indoor energy management may also make use of biometric signatures. For example, an integrated sensor pod may comprise environmental sensors that generate environmental descriptors for characterizing ambient temperature, light, carbon dioxide level etc., and may also comprise biometric sensors for identifying occupants. The pod's mechanical design can provide flexibility in mounting and orientation of the individual sensors. Energy management systems can thereby benefit substantially. Integrated sensor pods may be conveniently installed in new or legacy environments, and individual sensor outputs may be processed to manage the volume of information produced. Personal digital appliances such as smart phones may be connected, and may provide additional environmental and biometric sensors and serve as control appliances.
An information fusion platform may receive the fused sensor information pertinent to a portion or all of a building and in turn control a building management system (BMS). Energy-related resources within the environment heating, lighting, and so on can be controlled via respective resource control parameters and resource status parameters. Such arrangement is capable of intelligently optimizing comfort, utility and energy expense, and can additionally help to manage emergency situations. Variables such as changing external light, real-time demand response profiles and changes in staffing and room occupancy may be taken into consideration. The information fusion platform can be integrated with other systems such as building security etc. Using the identification techniques described above, individuals' presence and preferences can be taken into account to optimize comfort and cost. Additional, applying such techniques can support emerging Smart Grid-related functions such as Demand Response.
The features and advantages described in the specification are not all inclusive and, in particular, many additional features and advantages will be apparent to one of ordinary skill in the art in view of the drawings, specification, and claims. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter.
The Figures (“FIG.”) and the following description relate to preferred embodiments of the present invention by way of illustration only. Wherever practicable, similar or like reference numbers may be used in the figures and may indicate similar or like functionality. The figures depict embodiments of the present invention for purposes of illustration only. One skilled in the art will readily recognize from the following description that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the invention described herein.
a) illustrates a wireless Doppler radar according to one embodiment of the present invention.
b) illustrates a waveform according to one embodiment of the present invention.
a) illustrates a method for obtaining a functional dataset according to one embodiment of the present invention.
b) illustrates a method for obtaining a biometric signature according to one embodiment of the present invention.
a) illustrates a flowchart for a method for obtaining a functional dataset library according to one embodiment of the present invention.
b) illustrates a flowchart for a method for obtaining a biometric signature library according to one embodiment of the present invention.
a) illustrates a method for obtaining an authentication token according to one embodiment of the present invention.
b) illustrates a method for authentication according to one embodiment of the present invention.
c) illustrates a method for authentication via a network according to one embodiment of the present invention.
a) illustrates a method for conducting general e-commerce transactions according to one embodiment of the present invention.
b) illustrates a method for conducting e-commerce transactions over a network according to one embodiment of the present invention.
Reference will now be made in detail to several embodiments of the present invention, examples of which are illustrated in the accompanying figures. One skilled in the art will readily recognize that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the invention described. For purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the invention can be practiced without these specific details.
Reference to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the referenced embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places do not necessarily all refer to the same embodiment.
The present invention also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, flash memory devices, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
Input module 712 receives digital information from a database 740. Input module 712 may also receive digital information directly from a sensing device 730, for example, a biometric sensor, a video system (e.g., closed circuit television), an image, retina or fingerprint scanner, or the like. Alternatively, input module 712 may be an interface to receive information from a network system, for example, another database, another biometric sensor system, Internet servers, or the like. The network interface may be a wired interface, such as, a USB, RS-232 serial port, Ethernet card, or the like, or may be a wireless interface module, such as a device configured to communicate using a wireless protocol, e.g., Bluetooth, WiFi, IEEE 802.11, or the like. Sensor data processor 720 could be used to pre-process biometric information received through input module 712 to convert the digital information to the preferred format that processors 720 and/or 722 operate.
Information is stored in the memory device 714 to be processed by either of processors 720 and 722. Processor 722 applies a set of instructions that when executed perform one or more of the methods according to the present invention, e.g., implementing a biometric analysis or sensor data processing or fusion algorithm. Memory device 714 may, e.g., include a module of instructions for implementing such methods.
Processor 722 may output information through input/output module 724 to an external device 750, e.g., a network element or server 750a, a display device 750b, a database 750c or the like. As with input module 712, output module 724 can be wired or wireless. Output module 724 may be a storage drive interface, (e.g., hard-drive or optical drive driver), a network interface device (e.g., an Ethernet interface card, wireless network card, or the like), or a display driver (e.g., a graphics card, or the like), or any other such device for outputting the information determined. In addition, output module 724 may interface appropriately with other systems such as an enterprise computing system, an ATM, an automobile, a banking or financial computer system, a building energy management system, and so on.
Referring now to
Referring now to
As will be described in greater detail below, waveform 850 can be further analyzed to extract key features that are unique to the subject. Such a set of features is referred to as a cardiac biometric signature, and for simplicity is depicted conceptually as the set of points 860 taken from overall waveform 850. In one embodiment, points 860 may be actual sample points of waveform 850. Points 860 may be otherwise derived as well. The amount of information required to describe points 860 may considerably less than that required to describe or reproduce overall waveform 850. Further description of this can be found in Boric-Lubecke et al., Amplitude Modulation Issues in Doppler Radar Heart Signal Extraction, BioWireleSS 2011.
Referring now to
Frame 403 may be variously shaped to allow the various sensors to attain unique fields of view, and the various interconnections may be flush mounted or concealed under frame 403. The resultant physical and electrical integration can greatly simplify both installation and power and data management, while the physical co-location of the individual sensors can provide advantageous reporting of correlated conditions. For example, ambient temperature and light level can be reported for a common area. Such integration and correlation can be particularly amenable to data fusion techniques that are discussed below. The relative orientations and described functions of the various devices on pod 400 are illustrative, and many other variations are possible.
Now referring to
Other sensor technologies are available to serve M2M applications as well. For example, Supervisory control and data acquisition (SCADA) systems typically monitor and control industrial, infrastructure, or facility-based processes. A SCADA System usually acquires data on and sends commands to a process. Remote Terminal Units (RTUs) connect to sensors placed within the process, and typically convert various sensor signals to digital data and send such data to the supervisory system. An array of sensors may be employed measure or evaluate such things as temperature, pressure, flow rate, status etc. A communication infrastructure generally connects the supervisory system to the RTUs.3 3 http://en.wikipedia.org/wiki/SCADA
Referring again to
Signature algorithms can receive sensor information and identify patterns or particular sources therefrom. Of interest are algorithms that identify human subjects from information produced by biometric sensors. According to one embodiment of the present invention, the method depicted in
An ANN comprises a network of simple processing elements that can exhibit complex overall behavior, as determined by the connections between the processing elements and element parameters.4 In an ANN simple nodes, referred to variously as “units” or “Processing Elements” (PEs), are connected to form a network. An ANN's utility flows from algorithms that alter the strength of weights in the network so as to produce a desired signal flow. ANNs can infer a function from observations and then implement such function. Unsupervised ANNs can adapt to capture the salient characteristics of the input distribution. Learning ANNs are particularly useful in applications where the complexity of the data or task makes the direct design of such functions impractical. 4 http://en.wikipedia.org/wiki/Neural_network
ANNs can be applied to tasks falling within several broad categories, including: function approximation, or regression analysis, including time series prediction and modeling; classification, including pattern and sequence recognition; novelty detection; sequential decision making; data processing, including filtering; clustering; blind signal separation and compression. Applications of ANNs comprise system identification and control (e.g., vehicle control, process control); game-playing and decision making (backgammon, chess, racing); pattern recognition (radar systems, face and other biometric identification, object recognition, etc.); sequence recognition (gesture, speech, handwritten text recognition); medical diagnosis; financial applications; data mining or knowledge discovery in databases; visualization and e-mail spam filtering.
A Bayesian network is a probabilistic graphical model that represents a set of random variables and their conditional dependencies.5 For example, a Bayesian network could represent the probabilistic relationships between diseases and symptoms, i.e., given the symptoms, the network can compute the probabilities of the presence of various diseases. Efficient algorithms exist that perform inference and learning in Bayesian networks. Bayesian networks are used for modeling knowledge in computational biology and bioinformatics (e.g., gene expression analysis, medicine, information retrieval, image processing, data fusion, engineering, gaming and law). 5 http://en.wikipedia.org/wiki/Bayesian_network
Referring again to
Analyzer 1030 may be any of a variety of implementations, e.g., hardware-, firmware- or software-based, or combinations thereof; it may be implemented as a standalone device or algorithm, or may be part of a more comprehensive entity. Furthermore, variations of analyzer 1030 may be employed to build functional dataset library 1040. For example, both ANN and Bayesian analyzers 1030 may be employed to populate functional dataset library 1040, so as to offer an assortment of datasets of varying characteristics.
Referring now to
Referring now to
Biometric data sequences 1060 are fed to signature generator 1080 to generate biometric signatures 1090, each of which is indicative of the respective subject who generated the corresponding biometric data sequence 1060. Biometric signatures 1090 may be variously expressed, ranging from simple reference numbers indicating particular recognized individuals to vectors of probabilities, each member of such vector reflecting the probability that a respective biometric data sequence 1060 corresponds to a particular individual.
Referring again to
In general, sensors employed in M2M applications may produce voluminous amounts of data. Large systems such as SCADA or other industrial applications as well as military systems may employ hundreds or thousands of sensors. Handling the voluminous data produced requires methods and systems for automatically fusing, that is, combining the data. Referring now to
A simple example serves to inform the description of system 1500. Newer automobiles may include tire pressure sensors resident inside the tires which communicate wirelessly with a central management system within the automobile. If the detected pressure of any tire falls below a threshold, say 70 percent of nominal, a warning is issued to the driver. After the car is drive some distance, particularly in a colder climate, the pressure of the tire in question may rise to an acceptable level, and thus, the driver may have been needlessly alerted to take action. A more intelligent system could fuse tire pressure, temperature and distance information and exercise a prediction algorithm to alert the driver only if eventual pressure were predicted to fall outside the acceptable range.
Authenticating an entity, such as a person, involves verifying that the person actually is who he or she purports to be. This has traditionally been commonly accomplished by use of a card or appliance such as passport, driving license or ID card. Modernly, appliances such as key fobs or personal digital appliances such as smart phones can be used in concert with wireless or optical communication links. In e-commerce applications, the identity of a user should be remotely verified, before communicating with him or her. A description of this can be found in Shahriar Mohammadi and Sanaz Abedi, which is referenced above.
Referring now to
Typically, if multiple biometric sensors 1050 are employed, they would be exercised contemporaneously, although they could be exercised separately in time. For example, a new cardiac biometric data sequence might be obtained via from a corresponding biometric sensor 1050 and applied to a signature generator 1080. The resultant cardiac biometric signature could be fed to data fusion function 1212 along with a previously-obtained biometric signature derived from a retina scan. Functions 1080, 1212 and 1215 may in practice be implemented in hardware, software, firmware or combinations thereof. They comprise an authentication token generator 1218 that may be configured as an integrated entity, thereby providing immunity against compromise of the biometric signatures or fused biometric signatures created by generators 1080 or data fusion function 1212.
Referring now to
The bearer presents appliance 1230 to a security station, kiosk etc., which in scans the bearer to generate a local AT 1220b using the method of
According to another embodiment of the present invention, appliance 1230, rather than the security station, kiosk etc., scans the bearer to generate AT 1220b. Thus in this embodiment, appliance 1230 both contains obtains embedded AT 1220a and produces locally generated AT 1220b. Appliance 1230 then transmits embedded AT 1220a and locally generated AT 1220b to the security station, kiosk etc.
Now referring to
The authentication schemes discussed above can be employed in a variety of e-commerce applications. Now referring to
ATM security can be enhanced by adding biometric-based authentication such as cardiac biometric identification 920. Referring to
According to another embodiment of the present invention, an appliance such as a smart phone or other personal digital appliance, rather than ATM 910, contains a scanning apparatus that scans the bearer to generate 1320 a biometric signature, such as a cardiac, retina, facial or fingerprint biometric signature. The personal digital appliance then wirelessly transmits the chosen biometric signature to ATM 910 or other receiving device. Such an approach can offer a choice of biometrics and enables the scanning apparatus to be calibrated or tuned to the true owner of the personal digital appliance. Closer proximity of the scanning apparatus to the user's retina, face, heart etc. could improve the fidelity of the captured biometric data. Advantageously, the probability of positively authenticating the true owner could be maximized without limiting the effectiveness of rejecting an impostor.
According to yet another embodiment of the present invention, the user's identity can be authenticated without use of an appliance. The user need only undergo a biometric scan, and thus authentication is based only upon the resultant biometric signature, the resultant generated AT and comparison with the embedded (stored) AT.
Referring now to
Referring now to
Edge device 1445 may obtain other user data such as a PIN 1435 or other information such as location data provided by a Global Positioning System (GPS) device. From the data collected, edge device 1445 may generate a local checksum to provide a first authentication of user 1405. If such first authentication is performed and is successful, edge device 1445 then transmits the local AT, embedded AT and optionally the local checksum to Authentication Authority 1455 over a network 1450. Authentication Authority 1455 determines whether there is a match between the information received from edge device 1445 and the information stored in database 1428b. If there is a match, Authentication Authority 1455 returns to edge device 1445 and/or to the e-Commerce vendor or broker a confirmation via network 1450. User 1405 then completes the transaction.
It will be appreciated that while edge device 1445 and appliances such as personal digital appliance 1415 have been described as separate entities, they may in fact be the same. As was discussed previously in the context of the ATM example, a personal digital appliance 1415 could similarly conduct the biometric scan in place of edge device 1445. A personal digital appliance 1415 could also be used to conduct the various e-Commerce transactions of interest.
According to yet another embodiment of the present invention, the user's identity can be authenticated without use of an appliance. As with the ATM application above, user 1405 need only undergo a biometric scan, and thus authentication is based only upon the resultant biometric signature, the resultant generated local AT and comparison with the embedded AT within subscriber database 1428b.
The above methodology for e-commerce application offers a number of significant advantages. The user is authenticated based on his or her unique biometric characteristics, and thus risk of compromise based on lost or stolen passwords or PINs is eliminated. Biometric scanning can be accomplished either by infrastructure equipment or by a personal digital appliance such as a smart phone, as such appliance may be equipped with a biometric scanning device. Other applications resident on the personal digital appliance can securely process the requisite transactions. The user's identity is kept secure, and thus transaction security is improved. If the personal digital appliance is lost or stolen, the risk to the owner of compromise of critical personal information (such as a stored PIN or digital certificate) is reduced or eliminated.
Referring now to
A sensor pod 400 as described above is mounted at a convenient location within the room or area, for example, at a substantially central point on the ceiling. Sensor pod 400 comprises a number of individual sensors, such as temperature sensor 505 oriented to sense heat in direction 510, a biometric sensor or sensors oriented to obtain biometric signatures along directions 515 and 530, and ambient light sensor 520 oriented to sense light in direction 525. Sensor pod 400 can also enable wireless communications for computers in the area, as shown by wireless link 540. Sensor pod 400 includes another communications link that may be uni- or bi-directional, and serves to relay sensor and other data as required to the BMS and information technology (IT) infrastructure. The types of sensors and their orientations and functions as described are merely illustrative, and many other variations are possible.
Referring now to
Ambient Environmental Smart Sensor Array Module 105 and Ambient Light Smart Sensor Array Module 109 similarly process information from environmental sensors 106 and ambient light sensors 110. Reception functions 107 and 111 similarly process and forward corresponding information to data fusion node 108 and 112, respectively.
The outputs of data fusion nodes 104, 108 and 112 are fed to reception fusion estimate function 113, which also combines the information and forwards to data fusion node 114. Data fusion node 114 then refines, decimates or reduces the received information as appropriate. For example, if a particular area of a room lacks a temperature sensor but includes an ambient light sensor that senses light incoming from an exterior window, a temperature differential relative to that sensed in a nearby area can be estimated. If no biometric sensor senses the presence of persons in the area, a summary indication of same can be forwarded rather than more detailed information such as Doppler radar echoes from inanimate objects. Furthermore, in the latter case, ambient temperature and lighting data can be discarded, as the BMS may simply shut down heating or air conditioning to the uninhabited area or room. During an emergency or disaster such as a fire or earthquake, normal communication of environmental data may be suspended to avoid overloading communication channels that may be carrying unusually high levels of data as a consequence of the emergency or disaster.
The output of data fusion node 114 may be forwarded to and from the BMS via wireline, or optionally may be forwarded to multi-band radio module 116 for wireless communication to and from the BMS. The output format of data fusion node 114 may be serial, parallel or combinations thereof. Optional multi-band radio module 116 may also accommodate data communications to and from devices in the room or area, such as personal computers, personal digital appliances and the like.
Referring now to
Information fusion platform 306 comprises database management system 319, which further comprises a support database 320 and a fusion database 321. Support database 320 may include information regarding a variety of things such as building resources (heating, air conditioning, etc.), the identities of people that may inhabit the building and their biometric profiles and personal preferences, energy management profiles such as temperature setpoints according to daily, weekly and holiday schedules, demand response profiles, and so on. Fusion database 321 may include information regarding the manner in which information from multiple sensors is to be combined, instructions on how to handle failure of sensors, etc.
Information fusion platform 306 may further serve as a liaison for human operators. In such case, one or more status/control stations 312, 313, 314 and 315 may be continually or intermittently staffed by operators, or may simply serve as monitors to be occasionally checked. These monitors may provide such functions or information as sensor monitoring, including sensor fusion activity, energy usage and management profiles, system activity monitoring and alerts upon alarms or unusual activity, security status and power grid information. Status/control stations 312, 313, 314 and 315 may also enable control over any or all building resources, security systems etc.
Data fusion platform 100 and information fusion platform 306 may interface with personal digital appliances such as smart phones. Such appliances may provide a range of utility such as serving as environmental or biometric sensors or control terminals, providing personal location data via Global Positioning System (GPS) sensors, and so on. Such an appliance may already be in use by individuals for other purposes, and so the system may thereby benefit from such utility at minimal or no marginal expense.
Advantageously, data and information fusion platform 300 optimizes the balance between providing adequate comfort and support on the one hand, and minimizing energy usage on the other. Consideration is given to the building's inhabitants and their personal preferences. Variables such as changing external light, real-time demand response profiles and changes in staffing and room occupancy may be taken into consideration. Data and information fusion platform 300 may be integrated with other systems such as building security etc.
Those of skill in the art will appreciate additional alternative methods, apparatus and applications for M2M and biometric systems. Thus, it is to be understood that the invention is not limited to the precise construction and components disclosed herein and that various modifications, changes and variations which will be apparent to those skilled in the art may be made in the arrangement, operation and details of the method and apparatus of the present invention disclosed herein without departing from the spirit and scope of the invention as defined in the appended claims.
This application claims priority under 35 USC §119(e) to U.S. Provisional Patent Application No. 61/514,654, filed Aug. 3, 2011, titled “Method, Apparatus and Applications for Man-to-Machine Communications and Sensor Data Processing,” the entire contents of which are herein incorporated by reference.
Number | Date | Country | |
---|---|---|---|
61514654 | Aug 2011 | US |