[go: up one dir, main page]

WO2015052120A1 - Method and system for detection and identification of a wearable device - Google Patents

Method and system for detection and identification of a wearable device Download PDF

Info

Publication number
WO2015052120A1
WO2015052120A1 PCT/EP2014/071312 EP2014071312W WO2015052120A1 WO 2015052120 A1 WO2015052120 A1 WO 2015052120A1 EP 2014071312 W EP2014071312 W EP 2014071312W WO 2015052120 A1 WO2015052120 A1 WO 2015052120A1
Authority
WO
WIPO (PCT)
Prior art keywords
access point
network access
wearable device
providing unit
service providing
Prior art date
Application number
PCT/EP2014/071312
Other languages
French (fr)
Inventor
Philippe NIEDERHAUSER
Original Assignee
Niederhauser Philippe
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Niederhauser Philippe filed Critical Niederhauser Philippe
Publication of WO2015052120A1 publication Critical patent/WO2015052120A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/73Access point logical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to systems and devices for detection and identification of a wearable device.
  • a wireless device such as, for example, a passive or active RFID element, a contactless smartcard, or a Bluetooth, NFC or WLAN enabled mobile equipment.
  • a wireless device such as, for example, a passive or active RFID element, a contactless smartcard, or a Bluetooth, NFC or WLAN enabled mobile equipment.
  • dedicated equipment such as RFID tags or smartcards
  • RFID tags or smartcards are impractical since many users does not want to carry a plurality of dedicated devices for the sole purpose of being authenticated or identified with a particular service.
  • the range of many protocols such as passive RFIDs, Bluetooth or NFC transmission protocols, is limited to near-range communication only.
  • authenticating a mobile equipment with a WLAN client requires first establishment of a WLAN session between the user's WLAN client and the access point managed by the service that needs to identify or authenticate the user. Many users don't want to establish such a session since it might compromise the security of their equipment, and waste power. The connection is usually not automatic, and requires user's manipulations. Moreover, establishing the WLAN session still does not allow for a user authentication or identification by the access point; additional steps, such as entering a user identification and/or password, access to a smart card in the user's equipment, or biometrical measures for example. Additionally, a WLAN connection can only be established if the signals received by the access point and by the user's equipment are strong enough, i.e. if they are at close range.
  • An aim of the invention is to provide a simple and efficient method and system to provide identification data to a central unit.
  • Another aim of the invention is to provide a simple and efficient method and system adapted to receive and transmit targeted input data to a centralized unit.
  • a further aim of the invention is to provide a system adapted to receive identification or authentication data from a wearable device, while protecting the device against possible intrusion.
  • a further aim of the invention is to provide a system adapted to receive identification data from a wearable device requiring low power resources from the device.
  • a still further aim of the invention is to provide a system and method enabling a central unit to provide targeted services to a user after identification of said user.
  • the invention relates to a method for detection and identification of a wearable device by a fixed service providing unit comprising the following steps:
  • -a fixed service providing unit scans a working area for reception of eventual network access point identification signals
  • At least one wearable device entering the working area acts as a network access point and emits a network access point identification signal
  • -a fixed service providing unit receives network access point identification signal from the wearable device
  • the fixed service providing unit provides a service to said wearable device or to wearable device user and/or another user.
  • a mobile device with Internet access such as a smartphone, a tablet or the like, as a WLAN access point allowing other devices in the vicinity, such as laptops etc, to connect to the mobile device and have access to the Internet or to resources of the mobile device.
  • a mobile device with Internet access such as a smartphone, a tablet or the like
  • WLAN access point allowing other devices in the vicinity, such as laptops etc, to connect to the mobile device and have access to the Internet or to resources of the mobile device.
  • this function is called "share connection”.
  • the smartphone When the connection sharing is activated, the smartphone emits a network access point identification signal, such as a SSID signal, that will be received by other devices with a WLAN network card in the vicinity. The other devices can then select this SSID in the list of available access points, and establish a wireless connection with the smartphone in order to access the Internet or other resources.
  • a network access point identification signal such as a SSID signal
  • the invention is based on an inversion of the roles of the access point and of the WLAN client.
  • the user's mobile device works as an access point whose network identification (for example the SSID) is used as user's identification.
  • This identification is received by a usually fixed service providing unit, such as a WLAN client that permanently scans the identification of available access points in the vicinity, to identify or authenticate the corresponding equipment.
  • the fixed service providing unit provides a validation signal to the wearable device.
  • the validation signal is a Wired signal to the wearable device.
  • connection request for requesting establishment of a connection between said fixed service providing unit and said access point.
  • the wearable device refuses the connection request received from the fixed service providing unit. Such a connection is not necessary to identify or authenticate the wearable device.
  • the wearable device after reception of such a request, stops emission of the network access point identification signal in order to reduce the power consumption. In another variant, the wearable device emits network access point identification signal intermittently. In another variant, the wearable device changes its network access point identification in response to such a request, in order to build a dialogue between the wearable device and the fixed service providing unit without establishing a complete WLAN session that would compromise the security of the wearable device.
  • the network access point identification signal is advantageously a Service Set Identifier (SSID) signal.
  • SSID Service Set Identifier
  • identification is changed in order to get different service from one or a plurality of fixed service providing unit(s).
  • the network access point identification may be defined by the wearable device user or an authorized third party for a given application.
  • the network access point identification may for instance be a random number or other secret value.
  • the network access point identification can't be changed by the user's, to avoid manipulations or impersonation.
  • the network access point identification may be read from a smart card, such as a SIM card.
  • the network access point identification may correspond or depend on a number, such as an IMSI or MSISDN number, stored in a SIM card of the user's wearable device or a mobile phone number.
  • a program or an APP executed by the user's wearable device may be used to retrieve the network access point identification and use it, for example as a SSID.
  • the network access point identification may be different for different applications.
  • the access point identification may be changed during a dialogue between the fixed service providing unit and wearable device.
  • the method of the invention provides a user authentication of the identified wearable device before a targeted service is provided.
  • the service may include access to physical or logical resources.
  • the method may also be used to command a separate device or system such as a car (or a system in the car), the house (or a system in the house), at the office, etc.
  • said fixed service providing unit provides targeted services in relation to the network access point identification.
  • the fixed service providing unit provides targeted services in relation to the distance between the network access point and the fixed service providing unit. For instance, in a store application, when the user is entering the working area, in this case corresponding to the store surface, the distance is substantially long (for example up to about 30 m for a SSID). The service providing unit then sends welcoming data to the user. Later, when the user is coming near the payment passage, payment data and/or instructions are sent to the user. In another application, related to safety, the system uses the various distances between the wearable devices and the fixed service providing unit to send messages or data related to the zone in which users are entering, such as safe area, restricted area, and strictly forbidden area.
  • the invention also relates to a detection and identification system for wearable devices comprising:
  • -a fixed service providing unit for receiving network access point identification signals, control if a received signal is valid, and in case of validity of the signal, provides a service to said wearable device or to wearable device user.
  • system further comprises a central network access point identification data base provided with data and/or instructions related to pre-identified users.
  • system further comprises a central receptor, for receiving input signals from surrounding wearable devices located within a working area allowing network access point identification signals transmission and reception.
  • the wearable device is a cellular telephone, a USB key, glasses, a wristband, or other light weight device well adaptable to be wearable by a user.
  • Figure 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention
  • Figure 2 illustrates optional complementary step of the method presented in figure 1 ;
  • Figure 3 illustrates a schematic diagram representing an example of a detection and identification system for wearable device according to the invention.
  • FIG. 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention.
  • the Fixed Service Providing Unit (FSPU) 30 scans a working area 10 in order to detect any eventual wearable device 20 that would have entered into the area 10.
  • the wearable device 20 is emitting a Network Access Point Identification Signal (NAPIS).
  • NAPIS Network Access Point Identification
  • the Network Access Point Identification is preferably specific to a single wearable device or a group of parent devices, sharing a common identity.
  • An application executed by the user's wearable device retrieves the network access point identification, for example from a SIM card in the equipment.
  • the Fixed Service Providing Unit 30 receives the Network Access Point Identification Signal (NAPIS).
  • NAPIS Network Access Point Identification Signal
  • the Fixed Service Providing Unit 30 controls if the signal is valid, for example whether it matches one identification in a list of previously defined authorised identifications, or if it corresponds to given safety or selection criteria (step 130). If the signal is accepted, the Fixed Service Providing Unit provides service and/or related data and/or operations, preferably with targeted data to said wearable device 20 (step 140). The services provided are customable according to the Network Access Point Identification data received.
  • Figure 2 illustrates examples of additional steps for the method of figure 1.
  • the Fixed Service Providing Unit 30 provides validation signal, such as a request for establishing a connection, to wearable device 20.
  • the wearable device uses this signal in order to either stop emission of the Network Access Point Identification Signal (step 220) or to block any connection or instruction received from the Fixed Service Providing Unit (step 210).
  • FIG. 3 shows an example of a detection and identification system for wearable devices according to the invention.
  • the system comprises a Fixed Service Providing Unit (FSPU) 30 comprising a Network Access Point Identification Signal (NAPIS) receptor 34, a Network Access Point Identification Signal data base 31 , for storing a list of accepted Network Access Point Identifications, a processing unit 32 and instruction code or commands 33, providing all data and software instructions for the operation of the Fixed Service Providing Unit 30, a service providing unit 36 and the related service data base 35, for actually providing the services and or operations resulting from the detection of a given wearable device 20 into a corresponding working area 10. Different services may be provided depending on the detected Network Access Point Identification.
  • NAPIS Network Access Point Identification Signal
  • the method may comprise a step of user authentication of a wearable device previously identified with said network access point identification signal.
  • the authentication may comprise providing a further proof of the identity of the wearable device, for example using a
  • the requested service may be provided once this authentication is successful.
  • the authentication may be based on replies provided by the wearable device through modifications of the network access point identification signal, and/or without establishing a WLAN or similar session.
  • the authentication of a wearer of the wearable device will be based on biometric data;
  • the Fixed Service Providing Unit (FSPU) 30 may include a database of biometric data of all persons that may wear wearable devices 20; in the database the biometric data of each person is associated with a Network Access Point Identification Signal of the wearable device 20 which that person wears. Any suitable biometric data may be used, such as finger print or facial images.
  • the Fixed Service Providing Unit (FSPU) 30 receives the Network Access Point Identification Signals from one or more wearable devices 20 which are within a predefined area (e.g.
  • the Fixed Service Providing Unit (FSPU) 30 retrieves from the database the biometric data which is associated with each of the one or more received Network Access Point Identification Signals.
  • the Fixed Service Providing Unit (FSPU) 30 thus preselects biometric data from the database based on the one or more received Network Access Point Identification Signals which it has received.
  • the retrieved biometric data is compared with the corresponding physical characteristic of the person to be
  • the system can determine that the person is authentic. For example if the biometric data is a finger print then the Fixed Service Providing Unit (FSPU) 30 retrieves from the database one or more finger print data which associated with each of the one or more Network Access Point Identification Signals which it has received; the person to be authenticated will position their finger so that the Fixed Service Providing Unit (FSPU) 30 can read the physical finger print of the person; the read physical finger print is compared to each of the one or more finger print data which was retrieved from the database; if the physical finger print matches one of the one or more finger print data retrieved from the database, then the system can determine that the person is authentic. If the physical finger print does not match one of the one or more finger print data retrieved from the database then the system can detect that the person wearing the wearable device is not an
  • the physical finger print of a person is compared to all of the finger prints stored in the database to determine if the physical finger print matches any one of the stored finger prints; if the physical finger print matches any of the finger prints in the database the system
  • the Fixed Service Providing Unit uses the received Network Access Point Identification Signals which it receives from one or more wearable devices, which are all located within a predefined area around the Fixed Service Providing Unit (FSPU), to pre-select from the database, finger prints which are associated with each of said one or more wearable device, to which the physical finger print of a person is to be compared to.
  • none of the existing authorization techniques which are currently used in the field make a pre-selection from stored biometric data based on wearable devices which have been detected as being present within a predefined area.
  • a comparison of the physical finger print to only those pre-selected finger prints which are associated with those wearable devices which have been detected as being present within the predefined area, rather than to all of the stored finger prints in the database, is required to achieve
  • the system also comprises a plurality of wearable devices 20 that are adapted for detection/identification by the Fixed Service Providing Unit.
  • wearable device may be provided in accordance with the invention, such as smartphones, tablets, PDAs, USB keys, glasses,
  • the service provided by the fixed service providing unit to the user of one identified wearable devices might be diverse. Those services might comprise access to physical resources, for example unlocking a door or an object, or to logical resources, for example access to data or network resources with the wearable device or with another device. For example, the presence of a user at a particular location may be detected when a Network Access Point Identification Signal is received by a fixed service providing unit at this location. This presence might be used to provide access to a computer network, to physical places, or to other resources at the particular location.
  • NAPIS Network Access Point Identification Signal
  • FSPU Fixed Service Providing Unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a method for detection and identification of a wearable device by a fixed service providing unit comprising the following steps: • - fixed service providing unit scans a working area for reception of eventual network access point identification signals (100); • - at least one wearable device entering the working area acts as a network access point and emits a network access point identification signal (110); • - fixed service providing unit receives network access point identification signal from the wearable device (120); • - fixed service providing unit controls if network access point identification signal is valid (130); • - if signal is valid, fixed service providing unit provides a service to said wearable device or to wearable device user (140).

Description

Method and system for detection and identification of a wearable device
[0001] The present invention relates to systems and devices for detection and identification of a wearable device.
Related art
[0002] It is well known in the art to identify or authenticate a nomadic user with a wireless device such as, for example, a passive or active RFID element, a contactless smartcard, or a Bluetooth, NFC or WLAN enabled mobile equipment. The use of dedicated equipment, such as RFID tags or smartcards, is impractical since many users does not want to carry a plurality of dedicated devices for the sole purpose of being authenticated or identified with a particular service. Moreover, the range of many protocols, such as passive RFIDs, Bluetooth or NFC transmission protocols, is limited to near-range communication only.
[0003] On the other hand, authenticating a mobile equipment with a WLAN client requires first establishment of a WLAN session between the user's WLAN client and the access point managed by the service that needs to identify or authenticate the user. Many users don't want to establish such a session since it might compromise the security of their equipment, and waste power. The connection is usually not automatic, and requires user's manipulations. Moreover, establishing the WLAN session still does not allow for a user authentication or identification by the access point; additional steps, such as entering a user identification and/or password, access to a smart card in the user's equipment, or biometrical measures for example. Additionally, a WLAN connection can only be established if the signals received by the access point and by the user's equipment are strong enough, i.e. if they are at close range.
[0004] There is therefore a need for a new method for authenticating or identifying user's that avoid or mitigate the drawbacks of the above mentioned methods. [0005] In one aspect, there is a need for a method of user's
authentication or identification that doesn't require a dedicated
equipment.
[0006] In another aspect, there is need for a method of user's
authentication or identification with a larger range than most methods of the prior art.
[0007] In another aspect, there is need for a method of user's
authentication or identification that does not require any user's
manipulation.
[0008] In another aspect, there is need for a method of user's
authentication or identification that does not require establishment of a communication session.
[0009] In another aspect, there is need for a method of user's
authentication or identification that does not compromise the security or privacy of data in the user's equipment.
Summary of the invention
[0010] An aim of the invention is to provide a simple and efficient method and system to provide identification data to a central unit.
[0011 ] Another aim of the invention is to provide a simple and efficient method and system adapted to receive and transmit targeted input data to a centralized unit.
[0012] A further aim of the invention is to provide a system adapted to receive identification or authentication data from a wearable device, while protecting the device against possible intrusion. [0013] A further aim of the invention is to provide a system adapted to receive identification data from a wearable device requiring low power resources from the device.
[0014] A still further aim of the invention is to provide a system and method enabling a central unit to provide targeted services to a user after identification of said user.
[0015] According to one aspect, the invention relates to a method for detection and identification of a wearable device by a fixed service providing unit comprising the following steps:
-a fixed service providing unit scans a working area for reception of eventual network access point identification signals;
-at least one wearable device entering the working area acts as a network access point and emits a network access point identification signal;
-a fixed service providing unit receives network access point identification signal from the wearable device;
-the fixed service providing unit controls if network access point
identification signal is known and valid;
-if signal is known and valid, the fixed service providing unit provides a service to said wearable device or to wearable device user and/or another user.
[0016] Thanks to this method, no connection is established between the wearable device and the fixed service providing unit, thereby avoiding the risk of any unauthorized use such as phishing, spanning, etc.
[0017] It is already known to use a mobile device with Internet access, such as a smartphone, a tablet or the like, as a WLAN access point allowing other devices in the vicinity, such as laptops etc, to connect to the mobile device and have access to the Internet or to resources of the mobile device. On iphone™ smartphones, this function is called "share connection".
When the connection sharing is activated, the smartphone emits a network access point identification signal, such as a SSID signal, that will be received by other devices with a WLAN network card in the vicinity. The other devices can then select this SSID in the list of available access points, and establish a wireless connection with the smartphone in order to access the Internet or other resources.
[0018] In one aspect, the invention is based on an inversion of the roles of the access point and of the WLAN client. The user's mobile device works as an access point whose network identification (for example the SSID) is used as user's identification. This identification is received by a usually fixed service providing unit, such as a WLAN client that permanently scans the identification of available access points in the vicinity, to identify or authenticate the corresponding equipment.
[0019] In one embodiment, the fixed service providing unit provides a validation signal to the wearable device. The validation signal
advantageously comprises connection request for requesting establishment of a connection between said fixed service providing unit and said access point.
[0020] In one embodiment, the wearable device refuses the connection request received from the fixed service providing unit. Such a connection is not necessary to identify or authenticate the wearable device.
[0021] In a variant, after reception of such a request, the wearable device stops emission of the network access point identification signal in order to reduce the power consumption. In another variant, the wearable device emits network access point identification signal intermittently. In another variant, the wearable device changes its network access point identification in response to such a request, in order to build a dialogue between the wearable device and the fixed service providing unit without establishing a complete WLAN session that would compromise the security of the wearable device.
[0022] The network access point identification signal is advantageously a Service Set Identifier (SSID) signal. [0023] In a still further embodiment, the network access point
identification is changed in order to get different service from one or a plurality of fixed service providing unit(s).
[0024] In other variants, the network access point identification may be defined by the wearable device user or an authorized third party for a given application.
[0025] The network access point identification may for instance be a random number or other secret value.
[0026] Alternatively, the network access point identification can't be changed by the user's, to avoid manipulations or impersonation.
[0027] The network access point identification may be read from a smart card, such as a SIM card.
[0028] The network access point identification may correspond or depend on a number, such as an IMSI or MSISDN number, stored in a SIM card of the user's wearable device or a mobile phone number.
[0029] A program or an APP executed by the user's wearable device may be used to retrieve the network access point identification and use it, for example as a SSID.
[0030] The network access point identification may be different for different applications.
[0031 ] In a further embodiment, the access point identification may be changed during a dialogue between the fixed service providing unit and wearable device.
[0032] The method of the invention provides a user authentication of the identified wearable device before a targeted service is provided. The service may include access to physical or logical resources. The method may also be used to command a separate device or system such as a car (or a system in the car), the house (or a system in the house), at the office, etc.
[0033] Most preferably, said fixed service providing unit provides targeted services in relation to the network access point identification.
[0034] In a variant, the fixed service providing unit provides targeted services in relation to the distance between the network access point and the fixed service providing unit. For instance, in a store application, when the user is entering the working area, in this case corresponding to the store surface, the distance is substantially long (for example up to about 30 m for a SSID). The service providing unit then sends welcoming data to the user. Later, when the user is coming near the payment passage, payment data and/or instructions are sent to the user. In another application, related to safety, the system uses the various distances between the wearable devices and the fixed service providing unit to send messages or data related to the zone in which users are entering, such as safe area, restricted area, and strictly forbidden area.
[0035] The invention also relates to a detection and identification system for wearable devices comprising:
-a plurality of wearable devices provided with a network access point identification signal emitter;
-a fixed service providing unit, for receiving network access point identification signals, control if a received signal is valid, and in case of validity of the signal, provides a service to said wearable device or to wearable device user.
[0036] In an embodiment, the system further comprises a central network access point identification data base provided with data and/or instructions related to pre-identified users.
[0037] In a further embodiment, the system further comprises a central receptor, for receiving input signals from surrounding wearable devices located within a working area allowing network access point identification signals transmission and reception.
[0038] In a still further embodiment, the wearable device is a cellular telephone, a USB key, glasses, a wristband, or other light weight device well adaptable to be wearable by a user.
Short description of the Figures
[0039] The present invention will better understood with the detailed description of some possible embodiments illustrated by the figures in which:
Figure 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention;
Figure 2 illustrates optional complementary step of the method presented in figure 1 ;
Figure 3 illustrates a schematic diagram representing an example of a detection and identification system for wearable device according to the invention.
Detailed description
[0040] Figure 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention. At step 100, the Fixed Service Providing Unit (FSPU) 30 scans a working area 10 in order to detect any eventual wearable device 20 that would have entered into the area 10. As mentioned at step 1 10, the wearable device 20 is emitting a Network Access Point Identification Signal (NAPIS). The Network Access Point Identification is preferably specific to a single wearable device or a group of parent devices, sharing a common identity. An application executed by the user's wearable device retrieves the network access point identification, for example from a SIM card in the equipment. After detection, at step 120, the Fixed Service Providing Unit 30 receives the Network Access Point Identification Signal (NAPIS). To check whether the detected devices are valid and/or acceptable, the Fixed Service Providing Unit 30 controls if the signal is valid, for example whether it matches one identification in a list of previously defined authorised identifications, or if it corresponds to given safety or selection criteria (step 130). If the signal is accepted, the Fixed Service Providing Unit provides service and/or related data and/or operations, preferably with targeted data to said wearable device 20 (step 140). The services provided are customable according to the Network Access Point Identification data received.
[0041] Figure 2 illustrates examples of additional steps for the method of figure 1. At step 200, the Fixed Service Providing Unit 30 provides validation signal, such as a request for establishing a connection, to wearable device 20. The wearable device uses this signal in order to either stop emission of the Network Access Point Identification Signal (step 220) or to block any connection or instruction received from the Fixed Service Providing Unit (step 210).
[0042] Figure 3 shows an example of a detection and identification system for wearable devices according to the invention. The system comprises a Fixed Service Providing Unit (FSPU) 30 comprising a Network Access Point Identification Signal (NAPIS) receptor 34, a Network Access Point Identification Signal data base 31 , for storing a list of accepted Network Access Point Identifications, a processing unit 32 and instruction code or commands 33, providing all data and software instructions for the operation of the Fixed Service Providing Unit 30, a service providing unit 36 and the related service data base 35, for actually providing the services and or operations resulting from the detection of a given wearable device 20 into a corresponding working area 10. Different services may be provided depending on the detected Network Access Point Identification.
[0043] The method may comprise a step of user authentication of a wearable device previously identified with said network access point identification signal. The authentication may comprise providing a further proof of the identity of the wearable device, for example using a
challenge-reply method, knowledge of a secret such as a password, fingerprint or other biometric data, proof of possession of an object such as a smart card, etc. The requested service may be provided once this authentication is successful. The authentication may be based on replies provided by the wearable device through modifications of the network access point identification signal, and/or without establishing a WLAN or similar session.
[0044] In a preferable embodiment the authentication of a wearer of the wearable device will be based on biometric data; the Fixed Service Providing Unit (FSPU) 30 may include a database of biometric data of all persons that may wear wearable devices 20; in the database the biometric data of each person is associated with a Network Access Point Identification Signal of the wearable device 20 which that person wears. Any suitable biometric data may be used, such as finger print or facial images. In order to achieve authentication, the Fixed Service Providing Unit (FSPU) 30 receives the Network Access Point Identification Signals from one or more wearable devices 20 which are within a predefined area (e.g. a circular area with a diameter of 20-30m) around the Fixed Service Providing Unit (FSPU) 30; the Fixed Service Providing Unit (FSPU) 30 retrieves from the database the biometric data which is associated with each of the one or more received Network Access Point Identification Signals. The Fixed Service Providing Unit (FSPU) 30 thus preselects biometric data from the database based on the one or more received Network Access Point Identification Signals which it has received. The retrieved biometric data is compared with the corresponding physical characteristic of the person to be
authenticated and if one of the retrieved biometric data matches the corresponding physical characteristic of the person, the system can determine that the person is authentic. For example if the biometric data is a finger print then the Fixed Service Providing Unit (FSPU) 30 retrieves from the database one or more finger print data which associated with each of the one or more Network Access Point Identification Signals which it has received; the person to be authenticated will position their finger so that the Fixed Service Providing Unit (FSPU) 30 can read the physical finger print of the person; the read physical finger print is compared to each of the one or more finger print data which was retrieved from the database; if the physical finger print matches one of the one or more finger print data retrieved from the database, then the system can determine that the person is authentic. If the physical finger print does not match one of the one or more finger print data retrieved from the database then the system can detect that the person wearing the wearable device is not an
authorized user of that wearable device.
[0045] In some existing authorization techniques which are currently used in the field, the physical finger print of a person is compared to all of the finger prints stored in the database to determine if the physical finger print matches any one of the stored finger prints; if the physical finger print matches any of the finger prints in the database the system
determines that the person is authentic. A disadvantage of the existing authorization techniques is that many comparison operations are required since the physical finger print must be compared to all of the finger prints stored in the database. In contrast in the present invention the Fixed Service Providing Unit (FSPU) uses the received Network Access Point Identification Signals which it receives from one or more wearable devices, which are all located within a predefined area around the Fixed Service Providing Unit (FSPU), to pre-select from the database, finger prints which are associated with each of said one or more wearable device, to which the physical finger print of a person is to be compared to. Unlike the present invention, none of the existing authorization techniques which are currently used in the field make a pre-selection from stored biometric data based on wearable devices which have been detected as being present within a predefined area. Advantageously in the present invention a comparison of the physical finger print to only those pre-selected finger prints which are associated with those wearable devices which have been detected as being present within the predefined area, rather than to all of the stored finger prints in the database, is required to achieve
authentication. It will be understood that the present invention may use other techniques to pre-select from the database finger prints to which the physical finger print of a person is to be compared to. [0046] The system also comprises a plurality of wearable devices 20 that are adapted for detection/identification by the Fixed Service Providing Unit. Many examples of wearable device may be provided in accordance with the invention, such as smartphones, tablets, PDAs, USB keys, glasses,
wristbands, watches, etc.
[0047] The service provided by the fixed service providing unit to the user of one identified wearable devices might be diverse. Those services might comprise access to physical resources, for example unlocking a door or an object, or to logical resources, for example access to data or network resources with the wearable device or with another device. For example, the presence of a user at a particular location may be detected when a Network Access Point Identification Signal is received by a fixed service providing unit at this location. This presence might be used to provide access to a computer network, to physical places, or to other resources at the particular location.
[0048] Although the description relates mainly to the specific case of a WLAN, the method of the invention could also be used with other types of networks.
Reference numbers for System Working area
Wearable device
Network Access Point Identification Signal (NAPIS) emitter Fixed Service Providing Unit (FSPU)
Napis data
Processing unit
Instructions
Napis receptor
Service data
Service providing unit

Claims

Claims
1 . Method for detection and identification of a wearable device by a fixed service providing unit comprising the following steps:
-a fixed service providing unit (30) scans a working area (10) for reception of eventual network access point identification signals;
-at least one wearable device (20) entering the working area (10) acts as a network access point and emits a network access point identification signal;
-the fixed service providing unit (30) receives the network access point identification signal from the wearable device (20);
-the fixed service providing unit (30) controls if network access point identification signal is known and valid;
-if the signal is known and/or valid, the fixed service providing unit (30) provides a service to said wearable device (20) or to wearable device user or another user.
2. The method of claim 1 in which fixed service providing unit (30) provides a request for establishment of a connection signal to said wearable device (20).
3. The method of claim 2 in which the wearable device (20) is programmed to refuse the establishment of a connection with the fixed service providing unit.
4. The method of any one of claims 2 to 3, in which the wearable device (20) stops emission of the network access point identification signal once a request for establishment of a connection has been received.
5. The method of any one of claims 1 to 4, in which the wearable device emits said network access point identification signal intermittently.
6. The method of any one of proceeding claims, in which the network access point identification signal is a Service Set Identifier (SSID) signal.
7. The method of any one of claims 1 to 6, in which the network access point identification is changed in order to get different service from fixed service providing unit (30).
8. The method of any of the claims 1 to 7, in which the access point identification is changed during a dialogue between the fixed service providing unit (30) and wearable device (20).
9. The method of any one of claims 1 to 8, comprising a user authentication of a wearable device previously identified with said network access point identification signal.
10. The method of any one of claims 1 to 9, in which said service includes access to physical or logical resources.
1 1 . The method of any one of preceding claims, in which said fixed service providing unit (30) provides targeted services in relation to the network access point identification.
12. The method of claim 1 1 , in which said targeted services depends on the distance between the fixed service providing unit and the related wearable device.
13. A detection and identification system for wearable devices comprising: -a plurality of wearable devices (20) each provided with a network access point identification signal emitter (21 );
-a fixed service providing unit (30), for receiving network access point identification signals, control if a received signal is valid, and in case of validity of the signal, provides a service to said wearable device or to wearable device user.
14. The system of claim 13, further comprising a central network access point identification data base (31 ) provided with data and/or instructions related to pre-identified users.
1 5. The system of claim 13 or 14, further comprising a receptor (34), for receiving input signals from surrounding wearable devices (20) located within a working area (10) allowing network access point identification signals transmission and reception.
16. A data carrier comprising program code to be executed by a processor in a wearable device for causing said wearable device to change a network access point identification, to emit said network access point identification, and to refuse all requests for connections to said network access point.
17. A data carrier comprising program code to be executed by a processor in a fixed service providing unit for causing said fixed service providing unit to scan network access point identifications received from various wearable devices, to compare the received network access point identifications with a list of previously defined network access point identifications, and to provide services to users corresponding to said matching network access point identifications.
18. The system of any one of claims 13 to 15, in which the wearable device (20) is a cellular telephone, or a USB key, or glasses, or a wristband.
PCT/EP2014/071312 2013-10-09 2014-10-06 Method and system for detection and identification of a wearable device WO2015052120A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH01726/13 2013-10-09
CH17262013 2013-10-09

Publications (1)

Publication Number Publication Date
WO2015052120A1 true WO2015052120A1 (en) 2015-04-16

Family

ID=51660495

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/071312 WO2015052120A1 (en) 2013-10-09 2014-10-06 Method and system for detection and identification of a wearable device

Country Status (1)

Country Link
WO (1) WO2015052120A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021028659A1 (en) * 2019-08-09 2021-02-18 Prevayl Limited Method, computer readable medium and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1653668A1 (en) * 2004-10-26 2006-05-03 Alcatel Alsthom Compagnie Generale D'electricite Restricted WLAN access for unknown wireless terminal
US20090210940A1 (en) * 2008-01-24 2009-08-20 Intermec Ip Corp. System and method of using rfid tag proximity to grant security access to a computer
EP2207389A1 (en) * 2005-10-05 2010-07-14 Qualcomm Incorporated Peer-to-peer communication in ad hoc wireless network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1653668A1 (en) * 2004-10-26 2006-05-03 Alcatel Alsthom Compagnie Generale D'electricite Restricted WLAN access for unknown wireless terminal
EP2207389A1 (en) * 2005-10-05 2010-07-14 Qualcomm Incorporated Peer-to-peer communication in ad hoc wireless network
US20090210940A1 (en) * 2008-01-24 2009-08-20 Intermec Ip Corp. System and method of using rfid tag proximity to grant security access to a computer

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021028659A1 (en) * 2019-08-09 2021-02-18 Prevayl Limited Method, computer readable medium and system

Similar Documents

Publication Publication Date Title
US12323467B2 (en) Personal device network for user identification and authentication
JP7467702B2 (en) Systems, methods and apparatus for access control
US9824248B2 (en) Proximity-based and user-based access control using wearable devices
US9391985B2 (en) Environment-based two-factor authentication without geo-location
KR101746797B1 (en) Wireless networkingenabled personal identification system
CN101315710B (en) Mobile based identification in security and asset management systems
US20240129708A1 (en) Authenticated health credential access methods and apparatus
KR101570601B1 (en) An access control method using the mobile device
US20200036709A1 (en) Secure biometric credential authorization methods and apparatus
CN101711471A (en) Security manager device and method for providing network authentication information
US20210352485A1 (en) Reader device with sensor streaming data and methods
US20200036708A1 (en) Biometric credential improvement methods and apparatus
WO2011157750A2 (en) A computer assembly comprising a computer operable only when receiving a signal from an operable, portable unit
KR101934785B1 (en) Entrance control system
US20170236110A1 (en) Methods and apparatus for non-contact radio frequency detection and automatic establishment of corresponding communication channel
JP6381478B2 (en) Biometric authentication system
JP5769843B1 (en) Admission management system
KR101437049B1 (en) Secure Digital system using Near Field Communication, pair system making a pair with the secure digital system, and providing method thereof
WO2015052120A1 (en) Method and system for detection and identification of a wearable device
KR101592897B1 (en) Secure Digital system using Near Field Communication, pair system making a pair with the secure digital system, and providing method thereof
KR101399543B1 (en) Secure Digital system using Near Field Communication, pair system making a pair with the secure digital system, and providing method thereof
KR102340398B1 (en) Apparatus, system, and control method for access control
CN119603684A (en) A software login method and device
GB2615208A (en) Access control system and method
GB2590356A (en) Access control system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14780869

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28.06.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14780869

Country of ref document: EP

Kind code of ref document: A1