In most companies employees are provided with a badge used to gain access into secure buildings and different areas owned by the company. These badges are usually unique and difficult to duplicate. When logging into a computer system owned by the company or any secure system, a form of multi-point authentication is generally used that requires a password and a separate username. Often; however, the username is easily known by other individuals in the company or can be easily deciphered by others, which may decrease the level of security. Furthermore, by the use of a password and username, both of which must be remembered by a user attempting to access a secure system, ease of access is decreased. There is also the possibility may write down or keep passwords and usernames in an unsecure location.
Therefore, what are needed are systems and methods that overcome challenges in the art, some of which are described above.
Embodiments of the invention described herein allow a user to use a physical ID badge to log into the computer system. The badge can serve where a traditional username would typically be used and a password would be used for authentication. The used of the ID badge adds an extra layer of protection where it is harder to duplicate a physical badge and reduces the amount of methods the company needs to maintain for access into their systems.
In one aspect, a method of accessing a secure system requiring multi-point authentication is described. One embodiment of the method comprises receiving an optical image, wherein the optical image includes at least a portion of an identification badge; determining a plurality of characteristics from the optical image of at least a portion of the identification badge; comparing one or more of the plurality of characteristics to a database of characteristics of authorized users; assigning a confidence factor based on the comparison; and prompting for a second form of authentication if the confidence factor meets or exceeds a threshold or denying access to the secure system if the confidence factor does not meet or exceed the threshold.
Alternatively or optionally, the secure system can comprise a secure computer system such as, for example, a secure control system.
Alternatively or optionally, receiving the optical image can comprise receiving a digital image or video from a digital camera or a display screen with sensors.
Alternatively or optionally, determining a plurality of characteristics from the optical image of at least a portion of the identification badge can comprise using a processor executing recognition algorithms encoded as computer-readable instructions to determine the characteristics, the one or more recognition algorithms executed by the processor can include one or more of principal component analysis algorithms, Fisherface recognition algorithms, eigenfaces recognition algorithms, linear discriminate analysis algorithms, or combinations and modifications thereof, and the like.
Another aspect of embodiments of the present invention comprises a system for accessing a secure system requiring multi-point authentication. One embodiment of the system comprises an image capture mechanism, wherein the image capture mechanism captures an optical image that includes at least a portion of an identification badge; a memory; and a processor in communication with the memory, wherein the processor determines by executing one or more recognition algorithms encoded as computer-executable instructions stored in the memory, a plurality of characteristics from the optical image of at least a portion of the identification badge; compares one or more of the plurality of characteristics to characteristics of authorized users, the database stored on the memory; assigns a confidence factor based on the comparison; and prompts for a second form of authentication if the confidence factor meets or exceeds a threshold or denies access to the secure system if the confidence factor does not meet or exceed the threshold.
Yet another aspect of embodiments of the present invention comprises a non-transitory computer-readable medium having computer-readable instructions for accessing a secure system requiring multi-point authentication stored thereon, which when executed by a processor, cause the processor to: receive an optical image, wherein the optical image includes at least a portion of an identification badge; determine a plurality of characteristics from the optical image of at least a portion of the identification badge; compare one or more of the plurality of characteristics to a database of characteristics of authorized users; assign a confidence factor based on the comparison; and prompt for a second form of authentication if the confidence factor meets or exceeds a threshold or denying access to the secure system if the confidence factor does not meet or exceed the threshold.
Other systems, methods, features and/or advantages will be or may become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional systems, methods, features and/or advantages be included within this description and be protected by the accompanying claims.
The components in the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding parts throughout the several views.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. Methods and materials similar or equivalent to those described herein can be used in the practice or testing of the present disclosure.
As used in the specification and the appended claims, the singular forms “a,” “an” and “the” include plural referents unless the context clearly dictates otherwise. Ranges may be expressed herein as from “about” one particular value, and/or to “about” another particular value. When such a range is expressed, another embodiment includes from the one particular value and/or to the other particular value. Similarly, when values are expressed as approximations, by use of the antecedent “about,” it will be understood that the particular value forms another embodiment. It will be further understood that the endpoints of each of the ranges are significant both in relation to the other endpoint, and independently of the other endpoint.
“Optional” or “optionally” means that the subsequently described event or circumstance may or may not occur, and that the description includes instances where said event or circumstance occurs and instances where it does not.
Throughout the description and claims of this specification, the word “comprise” and variations of the word, such as “comprising” and “comprises,” means “including but not limited to,” and is not intended to exclude, for example, other additives, components, integers or steps. “Exemplary” means “an example of” and is not intended to convey an indication of a preferred or ideal embodiment. “Such as” is not used in a restrictive sense, but for explanatory purposes.
Disclosed are components that can be used to perform the disclosed methods and systems. These and other components are disclosed herein, and it is understood that when combinations, subsets, interactions, groups, etc. of these components are disclosed that while specific reference of each various individual and collective combinations and permutation of these may not be explicitly disclosed, each is specifically contemplated and described herein, for all methods and systems. This applies to all aspects of this application including, but not limited to, steps in disclosed methods. Thus, if there are a variety of additional steps that can be performed it is understood that each of these additional steps can be performed with any specific embodiment or combination of embodiments of the disclosed methods.
The present methods and systems may be understood more readily by reference to the following detailed description of preferred embodiments and the Examples included therein and to the Figures and their previous and following description.
Further comprising the exemplary system of
Further in communication with the processor 104 is a memory 108. In one aspect, the memory 108 further comprises a database. The database can store information about users that are authorized to access the secure system. For example, the database can store information about the characteristics of users that are authorized to access the secure system such as name, identification number, social security number, address, age, size of the user's identification badge, the user's department, name of the user's employer or business, address or location of the user's employer or business; the user's security clearance, color of the user's identification badge, date on the user's identification badge, facial characteristics of the user, hair color of the user, eye color of the user, clothing color on the user's identification badge; Q/R code information from the user's identification badge; bar code information from the user's identification badge; arrangement of images and text on the user's identification badge; a security image on the user's identification badge, or any other identifying text, images, markings or features associated with the user or the user's identification badge, and the like. The memory 108 can further comprise computer-executable instructions that are stored in the memory 108 and are executable by the processor. For example, the memory 108 can be used to store one or more recognition algorithms encoded as computer-executable instructions stored in the memory 108. For example, the one or more recognition algorithms executed by the processor can include one or more of principal component analysis algorithms, Fisherface recognition algorithms, eigenfaces recognition algorithms, linear discriminate analysis algorithms, combinations and modifications thereof, and the like.
Referring now to
Referring now to
If the confidence factor fails to meet or exceed the threshold, then at step 214 the person attempting to access the secure system is denied access. In various aspects, the threshold can be a pre-established value that is stored in the memory 108 or, it can be a dynamically-adjusted value based on positive comparisons of certain of the plurality of characteristics. For example, if certain high-confidence characteristics are positively identified from the identification badge 106, the threshold value can be lowered, thus requiring fewer positive comparisons to meet or exceed the threshold. Alternatively, the threshold value could be static, but the characteristics from the identification badge 106 have varying (weighted) confidence values. For example, the machine-readable code on the identification badge 106 may have a higher confidence value than the color of the identification badge 106. Such comparisons, adjustment of the threshold, or weighting of the characteristics can be performed by a threshold module. The threshold module comprises computer-readable instructions stored in the memory 108 that are executed by the processor 104. The computer-readable instructions cause the processor to dynamically adjust the threshold based on positive comparisons of certain of the plurality of characteristics or, in another embodiment, the threshold module comprises computer-readable instructions stored in the memory 108 that are executed by the processor 104 that cause the processor 104 to assign weights to each of the plurality of characteristics, wherein all of the assigned weights are not equal, so that fewer or greater positive comparisons of certain characteristics are required to meet or exceed the threshold.
When the logical operations described herein are implemented in software, the process may execute on any type of computing architecture or platform. As noted herein, the computing device may comprise the secure system that a person is attempting to access. For example, referring to
Computing device 300 may have additional features/functionality. For example, computing device 300 may include additional storage such as removable storage 308 and non-removable storage 310 including, but not limited to, magnetic or optical disks or tapes. Computing device 300 may also contain network connection(s) 316 that allow the device to communicate with other devices. Computing device 300 may also have input device(s) 314 such as a keyboard, mouse, touch screen, etc. Output device(s) 312 such as a display, speakers, printer, etc. may also be included. The additional devices may be connected to the bus in order to facilitate communication of data among the components of the computing device 300. All these devices are well known in the art and need not be discussed at length here.
The processing unit 306 may be configured to execute program code encoded in tangible, computer-readable media. Computer-readable media refers to any media that is capable of providing data that causes the computing device 300 (i.e., a machine) to operate in a particular fashion. Various computer-readable media may be utilized to provide instructions to the processing unit 306 for execution. Common forms of computer-readable media include, for example, magnetic media, optical media, physical media, memory chips or cartridges, a carrier wave, or any other medium from which a computer can read. Example computer-readable media may include, but is not limited to, volatile media, non-volatile media and transmission media. Volatile and non-volatile media may be implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data and common forms are discussed in detail below. Transmission media may include coaxial cables, copper wires and/or fiber optic cables, as well as acoustic or light waves, such as those generated during radio-wave and infra-red data communication. Example tangible, computer-readable recording media include, but are not limited to, an integrated circuit (e.g., field-programmable gate array or application-specific IC), a hard disk, an optical disk, a magneto-optical disk, a floppy disk, a magnetic tape, a holographic storage medium, a solid-state device, RAM, ROM, electrically erasable program read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices.
In an example implementation, the processing unit 306 may execute program code stored in the system memory 304. For example, the bus may carry data to the system memory 304, from which the processing unit 306 receives and executes instructions. The data received by the system memory 304 may optionally be stored on the removable storage 308 or the non-removable storage 310 before or after execution by the processing unit 606.
Computing device 300 typically includes a variety of non-transitory computer-readable media. Computer-readable media can be any available media that can be accessed by device 300 and includes both volatile and non-volatile media, removable and non-removable media. Computer storage media include volatile and non-volatile, and removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. System memory 304, removable storage 308, and non-removable storage 310 are all examples of computer storage media. Computer storage media include, but are not limited to, RAM, ROM, electrically erasable program read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computing device 300. Any such computer storage media may be part of computing device 300.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, where appropriate, with a combination thereof. Thus, the methods and apparatuses of the presently disclosed subject matter, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium wherein, when the program code is loaded into and executed by a machine, such as a computing device, the machine becomes an apparatus for practicing the presently disclosed subject matter. In the case of program code execution on programmable computers, the computing device generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. One or more programs may implement or utilize the processes described in connection with the presently disclosed subject matter, e.g., through the use of an application programming interface (API), reusable controls, or the like. Such programs may be implemented in a high level procedural or object-oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language and it may be combined with hardware implementations.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US2014/066566 | 11/20/2014 | WO | 00 |