WO2021115620A1 - A method and device for identifying a living organism - Google Patents

A method and device for identifying a living organism Download PDF

Info

Publication number
WO2021115620A1
WO2021115620A1 PCT/EP2019/085136 EP2019085136W WO2021115620A1 WO 2021115620 A1 WO2021115620 A1 WO 2021115620A1 EP 2019085136 W EP2019085136 W EP 2019085136W WO 2021115620 A1 WO2021115620 A1 WO 2021115620A1
Authority
WO
WIPO (PCT)
Prior art keywords
pfp
data
frequency profile
watch
user
Prior art date
Application number
PCT/EP2019/085136
Other languages
French (fr)
Inventor
Hans Willem Godfried VAN MOOSEL
Claudio Roberto Bocorny SALGADO
Original Assignee
Van Moosel Hans Willem Godfried
Salgado Claudio Roberto Bocorny
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Van Moosel Hans Willem Godfried, Salgado Claudio Roberto Bocorny filed Critical Van Moosel Hans Willem Godfried
Priority to PCT/EP2019/085136 priority Critical patent/WO2021115620A1/en
Publication of WO2021115620A1 publication Critical patent/WO2021115620A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules

Definitions

  • the personal frequency profile (PFP) generation device uniquely identifies a person via continuous analysis and creates a unique, personal key that can be used for secure digital signature sending.
  • the personal frequency profile (PFP) generation device consists of a wearable biometric sensing device (e.g. portable electronic device/apparatus) such as a watch, necklace or bracelet, that contains a variety of sensors and is able to detect and capture biometric, molecular and other data. This data is filtered before being compressed, encrypted and sent to an external server (remote server) for processing. Said processing calculates the unique personal frequency profile (PFP) of the person wearing said device.
  • the personal frequency profile (PFP) is sent back to said portable electronic device and is stored as a cryptographic identification key on a chip, uniquely identifying said person.
  • biometrics for user identification
  • biometrics for user identification
  • Facial recognition is also widely used on devices such as mobile phones.
  • These sensors work by recording (logging) the user's biometric data into a database (local or remote) and subsequently comparing the sensor reading with the stored information.
  • Iris recognition is widely used in airports and other secure facilities.
  • biometric identification is done by positive identification (comparison of the pattern read by the sensors with a pre-registered pattern and identification of similarity level between the two patterns).
  • biometric sensors to authorize trans actions on behalf of the user
  • biometrically-based information can be used as a means of authentication.
  • biometrical sources fingerprint, voice recognition, etc.
  • GMR Giant Magneto Resistance
  • Magnetic biosensors In magnetic biochips, SVs (Graham et al. 2003) or other GMR materials (Baselt et al. 1998, Edelstein et al. 1999, Miller et al. 2001) detect DNA or protein binding to capture molecules in a surface layer by measuring the stray field from superparamagnetic label particles.”
  • the GMR sensor relies on the presence of label particles to detect protein binding or molecules. These label particles are added to selected molecules to enable their detection by GMR sensors. This is a research lab application of a GMR sensor that does not describe its use as a means of biometric identification.
  • the personal frequency profile (“PFP”) generation device consists of a compact portable electronic device such as a watch that contains both optical sensors and one or more GMR (Giant Magneto Resistance or also called Giant Magneto Resistive) sensor(s) and is thereby able to detect and capture molecular data as well as data related to the Heart Rate Variability (HRV) and the nervous system (via the skin). While the molecular data is used to determine the PFP, the nervous system data is used to determine the emotional state of the user. One of the uses of HRV data is to determine that the user is wearing the watch and is generating life signs. The collected molecular data is sent to an external server (remote server) for processing and the server subsequently calculates the unique personal frequency profile of the person.
  • GMR Green Magneto Resistance
  • HRV Heart Rate Variability
  • This PFP is encrypted and sent back to the electronic device or watch where it is stored in a physically secure (hardened, tamper proof) memory in the form of a cryptographic identification key, uniquely identifying the person.
  • a physically secure (hardened, tamper proof) memory in the form of a cryptographic identification key, uniquely identifying the person.
  • Said PFP in the form of a cryptographic identification key can serve as a digital signature and can be used as secure identification means when for example authorizing electronic bank transactions.
  • the PFP is validated and confirmed once again.
  • the device consists of a set of sensors for use in a smart watch or another portable electronic device that is in close proximity to the skin, as well as a set of processes to collect, store, calculate and exchange data related to the measurement results of these sensors.
  • Said sensors are mounted on said device and are in semi-permanent close proximity to the skin (the GMR sensors can pick up the necessary signals from the user as long as they are within one centimeter of the skin. These specialized sensors capture signals emitted through the skin using a process similar to that used in electroencephalogram machines. Said sensors can be used in conjunction with commonly available sensors such as those for fingerprint readers, heart rate, blood pressure, blood-oxygen levels and temperature measurement to support the authentication process. However, the use of these additional sensors is not necessary for the described authentication process. By authentication is meant the process of identification and verification as will be described.
  • the main objective of the present invention is to create a highly secure personal identification device and method by generating a unique personal frequency profile that is based on a molecular analysis (derived from personal vibrational frequencies). This analysis generates a highly secure and personalized digital signature (the PFP) that is stored within the watch.
  • This secure, PFP key will prevent hackers from, among other things, harvesting bank passwords. It creates a secure system for using digital signatures in conjunction with banking systems and/or payment applications, protecting financial systems against fraud.
  • biometric identification means can provide some level of security, but they are increasingly compromised. Fingerprints can be copied and printed on biomimicry materials that can fool many fingerprint readers especially portable ones. Facial recognition is harder to forge but also not too difficult. Even iris recognition can be hacked with a copy. Another issue is that if the body part is present (attached to a body or not), that alone can be used without the consent of the user. Although these readers sometimes require the use of a passcode, that can be hacked with increasing ease in today’s rapidly evolving digital environment. Entering a passcode also requires extra activities on the part of the user and is a point of vulnerability as the user can be observed entering said code.
  • patent US9501735 describes creating a unique user profile from a range of biometric data which can include behavioral traits such as gait, device usage and location. It also mentions using biometric data related to several features like hand geometry, palm prints, DNA, iris scans, odor and so on. However, no mention is made of how the relevant data is acquired, nor of how said data is processed. While numerous sensors are mentioned it is not described which sensors are used to pick up specific biometric data.
  • Heart rate variability is more suitable as it can be continuously and cheaply monitored with small sensors, but it doesn’t offer a high enough level of security as the number of data points representing an HRV scan are limited. Even when combined with other forms of sensing such as behavior analysis to increase security, each component can still be compromised with a sophisticated enough attack, thereby rendering the whole system ultimately less secure.
  • the invention is intended to provide a highly secure and personalized means of identification, based on electromagnetic molecular analysis of a person.
  • biometric reading unique to the individual
  • a signature can be established that, through key derivation methods, can generate cryptographic keys tied to the user and the equipment.
  • PFP personal frequency profile
  • Method for user identification by frequency profile It has been identified in laboratory research that by measuring electromagnetic (EM) fields through an EEG or skin voltage variations, followed by analyzing the data collected in the frequency domain, it is possible to identify “artifacts” (amplitude peaks at certain frequencies and/or distance) which, seen as a set, are unique to each person. As many years have been spent studying this phenomenon in relation to the human organism, the reliability of the data is well demonstrated.
  • EM electromagnetic
  • PFP personal frequency profile
  • the electromagnetic fields are continuously read and compressed and sent to a processing server at predetermined time intervals (a few minutes).
  • An external server remote server
  • An external server is currently required due to the large amounts of data that need to be processed, though this will likely change as portable devices become ever more powerful.
  • Electromagnetic fields are detected using tuned GMR (Giant Magneto Resistance) sensors.
  • the tuning of the sensors can be achieved by structural, hardware or software means.
  • Using tuned GMR sensors reduces the amount of data that needs to be processed allowing the processing of the large amounts of data to be done faster and/or with less powerful processing means. It also makes it easier to send to an external server (remote server).
  • an algorithm During data processing, an algorithm generates a set of bytes (each set of variable length, at least 500 bytes) representing the identifiable patterns in the electromagnetic signal that are unique to the person wearing the e-watch.
  • identifiable pattern is meant a sequence of, for example, peaks and valleys in the frequency signal that are regularly repeated when observed in the time domain.
  • a group of such patterns builds up a profile. It is this unique profile that is referred to as the personal frequency profile (PFP).
  • PFP personal frequency profile
  • the number of sets and the size of each set will depend on how many are necessary to build up the patterns representing the individual’s unique profile (PFP).
  • GMR sensors can be adapted to be sensitive to these low power/high frequency signals. Due to the higher frequency ranges the amount of data that is present in a given time segment is extremely high.
  • the PFP is encrypted and sent back from the server to the e-watch.
  • the e-watch then continuously monitors and verifies real-time sensor data against the PFP. If more than 5 minutes pass without finding a subset of stored compatible artifacts representing the PFP, or if it finds incompatible artifacts (for example, a valley in the frequency analysis where a peak would be expected), it is considered an indication that someone else is using the e-watch (negative user ID).To ensure that the person is alive and wearing the e-watch, sensors continuously monitor the user's heart rate variability signal or other life sign biomarker.
  • the e-watch If the e-watch is removed from the user's wrist (for any reason), the absence of a life sign signal and the absence of skin proximity to the electromagnetic sensor will block the identification system. It will remain blocked for up to 5 minutes after the user puts the e-watch on their wrist again.
  • the e-watch identifies that the user is no longer the same (i.e. the e-watch was placed on another user's wrist), then the unique identification process for this new user must be performed, with the measurement and validation of their unique PFP over a longer period (up to four hours), as described above.
  • the greatest advantage of this invention is the extremely high level of passive security which is achieved by using a PFP that lends itself to the described two-step identification and verification process.
  • the first process step (identification) takes a long time as it measures a highly complex unique profile. Once that has been encoded the second process step takes much less time to verify that the PFP is continuously present in the individual being checked. Due to the highly complex nature of the PFP and the fact that it can only be generated by a living organism, trying to hack the process is not currently possible. That high level of identity security is likely to remain so for quite some time. Neither clones nor identical twins produce an identical PFP.
  • Another advantage of the invention is that it works for all living beings including animals. That means it works for individuals who are paralyzed (eg. quadriplegics), those that are missing limbs or eyes, those who cannot speak, babies, individuals that are sleeping or in a coma. No other means for the identification of living organisms demonstrates this level of security and the ability to work in such varied situations.
  • a further advantage is the robust nature of the tuned GMR sensors which will function in a range of hostile environments. This is important to allow them to function in diverse situations such as while a person is exercising, in a loud environment, in an environment with intense EM radiation, varying light conditions, extreme temperatures (within the ranges survivable by living organisms), acceleration and so on. They are unaffected by moisture (sweat), movement, vibration, temperature changes, lighting conditions, acoustic noise, gravity and other environmental conditions.
  • a method for identifying a living organism by measuring the electromagnetic field of said organism comprising: step (a) for collecting data measured by the sensors of a wearable biometric sensing device, followed by step (b) processing said data to generate a personal frequency profile (PFP), wherein step (c) said personal frequency profile (PFP) is stored in said wearable device, and in step (d) said personal frequency profile (PFP) is used for verification of identity of said living organism.
  • said personal frequency profile (PFP) generated in step (b) preferably comprises multiple time domain segments (TDS’s) wherein each time domain segment (TDS) corresponds to a unique pattern identified from data collected in step (a).
  • the verification step (d) comprises continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
  • said step (d) identifies a minimum number of time domain segments (TDS’s) in the continuously collected data that are part of the personal frequency profile (PFP) to verify the identity of said organism.
  • TDS time domain segments
  • step (d) verification of the identity of said living organism is considered positive, when in a predetermined period of time a minimum predetermined number of time domain segments (TDS’s) are identified in the continuously collected data and wherein said time domain segments (TDS’s) are part of the personal frequency profile (PFP) stored in said device in step (c) and wherein said data is measured by the sensors of said wearable biometric sensing device.
  • TDS time domain segments
  • processing of said data to generate a personal frequency profile (PFP) is performed in a remote server and wherein obtained personal frequency profile (PFP) is sent from said remote server to said wearable device to be stored in said device in step (c) above.
  • Remote server in the context of the present invention is any external server or server system or cloud based server or system configured to receive and process said data in order to generate personal frequency profile (PFP) and to send it to said device.
  • PFP personal frequency profile
  • said personal frequency profile comprises at least 300 time domain segments (TDS’s).
  • a wearable biometric sensing device for identifying a living organism by measuring the electromagnetic field of said organism.
  • Said device comprises a CPU, a power supply, data storage, tele-communication means, user display and interface means.
  • Said device is configured to continuously collect data by measuring the electromagnetic field emitted by said organism using at least one sensor mounted in close proximity to said organism.
  • said sensor is preferably a giant magneto resistance sensor (GMR).
  • GMR giant magneto resistance sensor
  • said device is configured to send said collected data to a remote server and receive from said server a personal frequency profile (PFP) and store said personal frequency profile (PFP) in said device and to perform verification of said organism using said personal frequency profile (PFP) by continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
  • PFP personal frequency profile
  • said wearable device is in the form of a watch, bracelet, necklace, ring, collar, headset, eyewear, item of clothing, permanently implanted device, button, badge or comprised of multiple units in communication with each other.
  • FIG. 1 is a block diagram showing the three classes of components involved in the continuous identification process
  • FIG. 2 is a schematic diagram for explaining the interaction of the different components within the e-watch
  • FIG. 3 is a schematic representation of the PFP generation process
  • FIG. 4 is a schematic representation of the PFP verification process
  • FIG. 5 is a schematic representation of the 3rd party application registration process
  • FIG. 6 is a schematic representation of the 3rd party application transaction authorization process
  • FIG. 7 shows a schematic representation of the e-watch and some of its sensors
  • FIG. 8 shows an example of a frequency sample that represents a molecular structure present in a human body.
  • the focus of this application is the wearable device that in the example explained is an electronic smart watch referred to as the e-watch. As stated before, the application is not limited to a watch, but can be extended to other portable electronic devices.
  • the e-watch is a portable, wearable computing system, mounted on a watch, having all the standard smart watch features (tell the time, communicate with a mobile application on a cell phone and display notifications, weather forecast, etc..), standard optical sensors capable of measuring heart rate and a special purpose GMR (Giant Magneto Resistance) sensor set that is used to gather data to compute and check the unique PFP related to the user.
  • GMR Green Magneto Resistance
  • PFP personal frequency profile
  • the verification of the user ID is a pattern search algorithm, which requires few resources and can be done continuously inside the e-watch. Although this verification is one of various functions that take place within the e-watch independently of external systems, the e-watch is designed to function as part of a network such as outlined below.
  • the hardware/firmware component is the e-watch component, and it will perform the two most critical tasks of the process:
  • the software component in this step is an app that is present on the e-watch and cell phone or desktop that is required to trigger the process that leads to the initial calculation of the PFP.
  • NFC Near Field Communication
  • Server-side proprietary software that receives data from said e-watch ( box 1.2.1)
  • the server-side proprietary software is a piece of software that will analyze the incoming data from the said e-watch, devise a pattern that uniquely identifies the user (the PFP), and send back encrypted data to the application that communicates with the e-watch. All the data from four GMR sensors is read in a constant stream over a maximum period of four hours and sent to a server program which scans said data to determine where specific time domains exist that contain the same unique pattern (i.e with same peaks in same places) such as shown in fig. 8.
  • This program is an efficient pattern search algorithm. How long the time segment is, in which the unique pattern is repeated a given number of times, will vary for each pattern of frequency peaks and each individual.
  • TDS time domain segment
  • TDS time domain segments
  • the third class of components in the process is made up of third-party applications that communicate directly with the e-watch for the authentication of e.g. banking transactions.
  • the application that will use the e-watch as an authentication device be the one that is in direct communication with the e-watch to control the ID generation process. This way, there is no intermediary device in between the application and the e-watch that can pose a security vulnerability in the process.
  • the identification process happens in three phases: 1. The personal frequency profile generation; 2. The constant verification of the personal frequency profile; 3. The authorization to access or use cryptographic assets for transaction processing.
  • the PFP generation is a one-time process. It must be executed before the user can use the e-watch as an identification device, and it involves three components: the e-watch, a computer (or mobile phone) application communicating with the e-watch and an internet connection to the server application. It needs to collect sensor readings for between at least 5 minutes up to 4 hours depending on individuals and other variables.
  • the e-watch would be constantly verifying the user identity and allowing the access to the cryptographic data based on the positive identification of the user.
  • the e-watch Each time the e-watch is used to authenticate the user through some cryptographic process, it will check if the PFP is valid (based on the last 5 minutes readings on the sensors) and authorize or decline access. While it is five minutes in this example it could be much less with more advanced sensor and processing technology which will become available. PFP generation
  • FIG. 3 provides for a schematic representation of the PFP generation process.
  • the said process starts on a mobile phone or PC application, connected to the Internet (to communicate with the (remote/external) server) and connected to the e-watch using Bluetooth, WiFi or other short-range communication means.
  • the e-watch When the e-watch receives the “configure new user” command, it will prepare for a new user ID, deleting all the data from the previous user (if applicable) and generating a cryptographic key pair to secure the communications between the e-watch and the application between the e-watch and the server application.
  • the e-watch starts to read, collect and filter the raw data from the sensors. This process is repeated for a determined amount of time and all data is sent to the mobile or PC application.
  • the application will consolidate and compress the data and send it to the server.
  • the collected sensor data will consist of the tuned GMR sensor readings, filtering out all the frequencies that are not relevant for the pattern identification process that the server application will perform.
  • the server application will analyze the data and look for specific artifacts on the waveforms such as periodically repeated spike patterns in the time domain , the relative weight of some harmonics (standard means for analysis of frequency data) in the frequency analysis and the relative amplitude of some spikes related to the signal average and median.
  • the server extracts a pattern that uniquely identifies the user (the PFP), this pattern is ciphered, protected with the public key sent by the e-watch, and it is sent back to the application.
  • the application then sends the enciphered data to the e-watch that will decipher it and store the PFP.
  • the PFP will be stored in a ciphered form in the permanent storage of the e-watch, preventing attacks on the unprotected memory area.
  • the stored PFP is used in a key derivation process, generating a unique personal key pair that will identify the user for external applications. Since this key pair is derived from the e-watch’s keys and from the PFP (of which the patterns are unique to the user), the key pair is unique for this individual, using this e-watch and with a set of TDS’s generated on this particular process execution that is referred to as the user verification ID. Each time said user verification ID process is started, a new e-watch key pair is generated using random data such as date and time or the encrypted equipment serial number, together with the random set of TDS’s read in the five-minute verification period read from the person’s GMR data (in said five-minute period). This means that the entire process of creating a key pair takes place within the watch. PFP verification
  • FIG. 4 provides for a schematic representation of the PFP verification process.
  • the process of the PFP verification on the e-watch is continuous. As long as the e-watch is turned on, it will read the GMR sensors and analyze the data.
  • the PFP verification process checks the real-time GMR readings and verifies the patterns that were stored during the PFP generation process. If the pattern does not match the stored pattern sufficiently, the process will set an “Invalid User” flag, indicating that the user wearing the e-watch cannot be identified as the authorized user. So using the terminology of the previous paragraph, the algorithm is looking for a set of TDS’s (user verification ID) that can guarantee that the PFP has been confirmed.
  • TDS user verification ID
  • the e-watch When the “invalid user” flag is set, the e-watch will block the access to all cryptographic functions for any external (not inside the e-watch) application and will deny any authentication or transaction authorization attempt.
  • Removing the e-watch from the wrist (which is detectable by a change in the GMR readings or other life sign biosensor such as a dedicated HRV sensor), will immediately flag the user as “invalid”, preventing a stolen or lost e-watch from being used for authentication. If the “invalid user” flag is set, the e-watch will not stop the PFP verification process, but continues to look for GMR readings that can identify the valid user. After putting the e-watch back on, the process will verify the user’s unique PFP via the sensor readings and flag the user as “valid” again.
  • the life sign biosensor ensures that there is no hacking vulnerability during the five-minute (or less) window during which the user valid flag is active (box 4.8) pending the next verification cycle.
  • the GMR sensors can also function as life sign sensors it is possible to have other sensors perform this function such as optical (e.g. Infrared) diode sensors.
  • the user access authorization for external applications is done in two steps:
  • the e-watch will ensure that the user who is using the e-watch is the one who effectively registered on the application, but it will not have any control over whether the person is being coerced to make the transaction, for example. So, if the application owner requires higher levels of security, they can combine the e-watch authentication with other existing authentication schemes, panic codes and so on.
  • One such security measure that can make coercion more difficult is to monitor the emotional and physical state of the user. This feature is easily enabled as the user’s real time emotional and physical state can be determined using data read by the GMR sensors. This emotional and physical measuring process is well established and has been tested and verified over several decades by the Aquera company. If an emotional state related to being coerced or drugged is detected, then identity verification for certain applications (such as banking) can be disabled. It is also possible to send alerts to designated people or agencies that a hacking attempt is being made.
  • the registration of an external application to use the e-watch as a user authentication device, as depicted in FIG. 5, stores application specific data inside the e-watch, that can be retrieved by the application.
  • the e-watch For each registered application, the e-watch generates a Universal Unique Identifier (APP UUID as used by Apple, Microsoft and Android) which is a 128 bit number, that can be stored on the application database to be associated with the user identity.
  • APP UUID as used by Apple, Microsoft and Android
  • the application will receive a copy of the user's public key from the e-watch during the application registration process.
  • This public key can be used to verify digitally signed data received by the application from the e-watch, ensuring that, even if the UUID is leaked, it will not be possible to falsify the user/watch-pair identity.
  • HSM Hardware Security Module
  • FIG. 7 shows a representation of the e-watch and some of its sensors.
  • the PFP is derived from raw data collected by the four GMR sensors mounted on the back of the e-watch near the skin.
  • the GMR sensors do not require galvanic skin contact, they must be close to the skin (less than 1cm) to ensure that the EM signal picked up from the body is stronger than the EM signal from background noise.
  • This background noise is generated by all electrical devices and currents in the surrounding environment. Most environments in which there is human activity include high levels of background EM radiation.
  • the four GMR’s used for obtaining raw data for the personal frequency profile (PFP), are tuned to frequencies of specific chemical constructions in a time domain.
  • Tuning of the GMR sensors is done by structural, hardware and/or software to narrow down (filter) the raw data to that related to the specific chemical or molecular structure in a time domain to use for deriving the PFP.
  • Structural means can consist of manufacturing said sensor at the integrated circuit level using nanometer/micrometer manufacturing technology, sometimes referred to as an Application Specific Integrated Circuit. Also possible is manufacturing said sensor to be inherently sensitive to a specific frequency range due to its structural nature such as an antenna.
  • Hardware means can consist of dedicated component-based filter systems that work in conjunction with said sensor.
  • Software means can consist of a GMR sensor package that includes a programmable filter section. It is also possible to combine each of these means in various ways.
  • FIG. 8 is an example of a frequency sample that represents a molecular structure present in a human body. As can be seen it includes various peaks and valleys. These are referred to as artifacts. By analyzing a large enough sample of EM body emissions, it is possible to identify recurring patterns of these artifacts. In summary the frequencies that are picked up by the tuned GMR sensors are sampled at a very rapid rate of between 5ps and 50ns (5 pico seconds and 50 nano seconds) that allows the artifacts to be recorded that relate to specific molecular structures. A pattern search is then conducted on this large volume of data to determine the PFP.
  • PFP personal frequency profile
  • the research was also focused on identifying the presence of emotional and life-threatening chemical structures in a time domain which are general for all persons. That means that whenever that chemical structure is recognized by the e-watch it indicates the same emotional state or life-threatening situation, regardless of who is wearing the e-watch.
  • the ability of the e-watch to recognize both these general emotional structures as well as the unique Personal Frequency Profile (PFP) makes it very safe and stable to use in a secure transaction system.
  • PFP Personal Frequency Profile
  • This testing of the emotional state or the presence of a life-threatening situation adds an optional extra layer of security to the already highly secure authentication system.
  • the optional extra security layer indicates whether the person is being threatened or drugged or coerced, so that appropriate measures can be taken. All of these steps take place without the user having to perform any special actions like entering codes, presenting a finger or other body part, or speaking.
  • PFP personal frequency profile
  • life-threatening emotional status makes it impossible to mimic and is therefore the safest way to use it for the most secure data inscription processes.
  • the extra security layer described above can form the basis of an additional embodiment where the safety of an individual is passively monitored to give advanced warning of kidnapping, accidents and other life-threatening situations.
  • Another embodiment allows the e-watch or portable device to communicate directly with the server and do the whole PFP generation and verification process without additional intermediate devices.
  • Another embodiment allows for the use of less than four GMR sensors. This would be possible in the case of a software tunable GMR.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The present invention relates to a method and device for identifying a living organism by measuring the electromagnetic field of said organism. The method involves s step for collecting data measured by the sensors of a wearable biometric sensing device, followed by s step for processing said data to generate a personal frequency profile (PFP). Said personal frequency profile (PFP) is stored in said wearable device, and it is used for verification of the identity of said living organism. In the verification step data measured by the sensors of said wearable biometric sensing device is continuously collected and compared with the personal frequency profile (PFP).

Description

A METHOD AND DEVICE FOR IDENTIFYING A LIVING ORGANISM Technical Field
The personal frequency profile (PFP) generation device uniquely identifies a person via continuous analysis and creates a unique, personal key that can be used for secure digital signature sending.
The personal frequency profile (PFP) generation device consists of a wearable biometric sensing device (e.g. portable electronic device/apparatus) such as a watch, necklace or bracelet, that contains a variety of sensors and is able to detect and capture biometric, molecular and other data. This data is filtered before being compressed, encrypted and sent to an external server (remote server) for processing. Said processing calculates the unique personal frequency profile (PFP) of the person wearing said device. The personal frequency profile (PFP) is sent back to said portable electronic device and is stored as a cryptographic identification key on a chip, uniquely identifying said person.
Background Art
The current state of technology offers individual elements that can be used in conjunction with the present invention, but that alone fail to provide a means of highly secure personal identification. Below is an overview of different sensors and some respective, related applications.

Use of biometric sensors in portable devices fo r user identification
Several smartphone applications identify the user from the fingerprint or facial recognition and this form of identification is accepted by banks for certain financial transactions.

Use of biometric sensors for cryptographic key gener ation
Most cryptographic key generation schemes start from the use of a pseudo-random number generation mechanism from a seed (source of randomness) which can be, for example, reading the clock at the time of key generation, or digitizing a read value from any sensor. Thus, it is not difficult to imagine that a biometric sensor (such as for measuring heart rate, temperature or blood oxygen level) can be used as this source of randomness.

Use of biometric sensors to identify people
The most notable application of using biometrics for user identification is the use of fingerprints to access computers, cell phones, locks and other devices.
Facial recognition is also widely used on devices such as mobile phones.
These sensors work by recording (logging) the user's biometric data into a database (local or remote) and subsequently comparing the sensor reading with the stored information.
Iris recognition is widely used in airports and other secure facilities.
Almost all biometric identification is done by positive identification (comparison of the pattern read by the sensors with a pre-registered pattern and identification of similarity level between the two patterns).

Using biometric sensors to authorize trans actions on behalf of the user
There are also several applications, mainly in ATM equipment, of biometric sensors being used to allow the user to perform certain transactions. Mobile phone applications also already exhibit this kind of behavior with fingerprint reading and facial recognition.
The following paragraphs provide more context on already existing prior art related to the above methodologies.
It is known from US2018068098 that continuous user authentication can be done based on touch screen usage behavioral analysis. The method described in the above-mentioned patent falls short of identifying the user with 100% certainty; there is merely a strong indication that the actual user is the person requesting authentication. Hence, using this method in a secure environment where payment transactions are signed is not recommended due to the potential amount of false positives.
It is known from US5229764 that biometrically-based information can be used as a means of authentication. The aforementioned patent uses a variety of biometrical sources (fingerprint, voice recognition, etc.) in combination with each other in order to improve security.
It is known from US2007017136 that it is possible to have wearable devices with built in biometric sensors for identity verification. These sensors may identify specific data about the wearer.
It is known from WO0120538 that it is possible to identify a person using a biometric signature based on electric, magnetic or acoustic characteristics.
It is known from US9501735 to mount a Giant Magneto Resistance (GMR) sensor (see col. 21, par. 3) on a portable user monitoring device. It is also known to build up a unique user profile from various sensors (see col. 15, par. 1-6). It is not clear from the patent description what the specific purpose of the GMR sensor is. It is mentioned that that is just one type of magnetic sensor that can be used. There is no suggestion that this sensor is used for identification of an individual.
The use of GMR sensors in biosensing is known from the prior art - Handbook of Magnetic Materials; K.H.J. Buschow. Page 28, 1.6.4 Coehoorn, R. (2003). "Novel Magnetoelectronic Materials and Devices" (PDF). Giant magnetoresistance and magnetic interactions in exchange-biased spin-valves. Lecture Notes. Technische Universiteit Eindhoven.
“Stimulated by the research on MRAMs, the introduction of spin-valve GMR technology as a back-end process on top of Si-devices and circuitry is giving rise to various novel applications. Examples are:
Magnetic biosensors. In magnetic biochips, SVs (Graham et al. 2003) or other GMR materials (Baselt et al. 1998, Edelstein et al. 1999, Miller et al. 2001) detect DNA or protein binding to capture molecules in a surface layer by measuring the stray field from superparamagnetic label particles.”
As can be seen from this reference, the GMR sensor relies on the presence of label particles to detect protein binding or molecules. These label particles are added to selected molecules to enable their detection by GMR sensors. This is a research lab application of a GMR sensor that does not describe its use as a means of biometric identification.
Disclosure of Invention
The personal frequency profile (“PFP”) generation device consists of a compact portable electronic device such as a watch that contains both optical sensors and one or more GMR (Giant Magneto Resistance or also called Giant Magneto Resistive) sensor(s) and is thereby able to detect and capture molecular data as well as data related to the Heart Rate Variability (HRV) and the nervous system (via the skin). While the molecular data is used to determine the PFP, the nervous system data is used to determine the emotional state of the user. One of the uses of HRV data is to determine that the user is wearing the watch and is generating life signs. The collected molecular data is sent to an external server (remote server) for processing and the server subsequently calculates the unique personal frequency profile of the person. This PFP is encrypted and sent back to the electronic device or watch where it is stored in a physically secure (hardened, tamper proof) memory in the form of a cryptographic identification key, uniquely identifying the person. Once the PFP is sent back to the watch it is deleted from the server and any other devices involved in transmitting the data such as the user’s mobile phone or PC. Furthermore, the server is only used for calculation and does not know to whom the PFP is linked. This ensures that the information linking the identity of the user and their PFP never leaves the electronic device or watch.
Said PFP in the form of a cryptographic identification key can serve as a digital signature and can be used as secure identification means when for example authorizing electronic bank transactions.
Each time that the person removes the device or watch from his or her arm and puts it back on again, the PFP is validated and confirmed once again. In the time interval that the PFP has not yet been re-validated and confirmed, it is not possible to authorize a 3rd party transaction.That means that while the revalidation is taking place the device will not generate the required cryptographic key to sign the transaction, so the use of the key as a means of digital signature is temporarily prevented. Once revalidation is complete after about five minutes the key can again be generated for authorizing third party transactions or other secure applications.
The device consists of a set of sensors for use in a smart watch or another portable electronic device that is in close proximity to the skin, as well as a set of processes to collect, store, calculate and exchange data related to the measurement results of these sensors.
Said sensors are mounted on said device and are in semi-permanent close proximity to the skin (the GMR sensors can pick up the necessary signals from the user as long as they are within one centimeter of the skin. These specialized sensors capture signals emitted through the skin using a process similar to that used in electroencephalogram machines. Said sensors can be used in conjunction with commonly available sensors such as those for fingerprint readers, heart rate, blood pressure, blood-oxygen levels and temperature measurement to support the authentication process. However, the use of these additional sensors is not necessary for the described authentication process. By authentication is meant the process of identification and verification as will be described.
Signals read from the sensors are used in the following processes:
  • Monitoring of emotional conditions within a person as well as the verification of a person’s unique personal frequency profile (PFP);
  • Generating cryptographic identification keys;
  • Portable device / watch user identification;
  • Authorization of secure electronic transactions on behalf of the user.
The main objective of the present invention is to create a highly secure personal identification device and method by generating a unique personal frequency profile that is based on a molecular analysis (derived from personal vibrational frequencies). This analysis generates a highly secure and personalized digital signature (the PFP) that is stored within the watch. This secure, PFP key will prevent hackers from, among other things, harvesting bank passwords. It creates a secure system for using digital signatures in conjunction with banking systems and/or payment applications, protecting financial systems against fraud.
The use of a system that validates molecular data, will also be very useful in the development of safer personal recognition systems in e.g. identification of people at airports, businesses, schools, hospitals and any area where highly secure identification (ID) is required.
Technical Problem
Using the biometric identification means described by the prior art can provide some level of security, but they are increasingly compromised. Fingerprints can be copied and printed on biomimicry materials that can fool many fingerprint readers especially portable ones. Facial recognition is harder to forge but also not too difficult. Even iris recognition can be hacked with a copy. Another issue is that if the body part is present (attached to a body or not), that alone can be used without the consent of the user. Although these readers sometimes require the use of a passcode, that can be hacked with increasing ease in today’s rapidly evolving digital environment. Entering a passcode also requires extra activities on the part of the user and is a point of vulnerability as the user can be observed entering said code.
Other less common forms of identification present their own problems such as being too bulky (full body scanners) or too expensive and time consuming (direct chemical analysis of genetic material) or that only work when a subject is moving (gait analysis).
Every day thousands of credit cards are cloned and passwords are hacked. Billions of dollars are embezzled each year in fraudulent abuse of the financial system, causing damage to banks, citizens and governments. With the upcoming arrival of quantum computing, this global challenge will expand even further.
Using direct sensor reading as a key is not recommended as the values can be somewhat predictable, greatly reducing the search space for key attacks using dictionary or brute force.
More advanced forms of user identification are mentioned in patent US9501735 which describes creating a unique user profile from a range of biometric data which can include behavioral traits such as gait, device usage and location. It also mentions using biometric data related to several features like hand geometry, palm prints, DNA, iris scans, odor and so on. However, no mention is made of how the relevant data is acquired, nor of how said data is processed. While numerous sensors are mentioned it is not described which sensors are used to pick up specific biometric data.
Each of the prior art forms of biometric identification have problems, some of which have been covered above. Hand geometry requires pointing a camera at the hand. Hands are not always available, so continuous verification is not possible. Also, an extra action on the part of the user is required. A similar problem exists for iris scanning, behavioral traits (only works when certain behaviors are being performed by the user) and palm prints. Detecting odor or scent as a biometric presents its own problems. The sensors used to detect odor are still bulky and it is unlikely that financial institutions will be convinced of using odor until substantially more research has been done to prove its reliability and security against hacking. Another problem is the cost of some advanced identification means. While some methods such as real time DNA detection could theoretically provide secure identification solutions there are no known detecting devices that are cheaply produced and small enough for wearable applications.
A review of the prior art shows that existing solutions are either lacking in security because they can be hacked, or they are cumbersome in use such as chemical forensic analysis, or they are not suitable for continuous verification of the user. While continuous verification is described in US5229764, it relies on the user being active in using the device as the user’s patterns of use are analyzed. This type of continuous verification doesn’t work if the user is passive at the precise moment that ID verification is needed, such as when standing still in front of an Automated Teller Machine (ATM). Many forms of currently used biometric identification like fingerprint reading do not lend themselves to continuous verification. Heart rate variability (HRV) is more suitable as it can be continuously and cheaply monitored with small sensors, but it doesn’t offer a high enough level of security as the number of data points representing an HRV scan are limited. Even when combined with other forms of sensing such as behavior analysis to increase security, each component can still be compromised with a sophisticated enough attack, thereby rendering the whole system ultimately less secure.
Technical Solution
The invention is intended to provide a highly secure and personalized means of identification, based on electromagnetic molecular analysis of a person. Using the biometric reading (unique to the individual) and, for example, a unique equipment serial number, a signature can be established that, through key derivation methods, can generate cryptographic keys tied to the user and the equipment.
As the generation of the “PFP” (personal frequency profile) takes place within the system itself and is dependent on the molecular validation of the person wearing the smartwatch or other electronic device, no keys need to be sent out to any network. This molecular validation is done by analyzing the electromagnetic field of the user. The key with the digital signature will always be verified by the analysis of the electromagnetic sensor data, thus validating the true personal identity in each banking transaction.
It is a mechanism similar to a user’s fingerprint authentication on the mobile phone, but with one significant advantage: so far nobody has been able to forge someone else's electromagnetic frequency profile, while fingerprints can be forged for most low to medium cost devices.
Method for user identification by frequency profile:
It has been identified in laboratory research that by measuring electromagnetic (EM) fields through an EEG or skin voltage variations, followed by analyzing the data collected in the frequency domain, it is possible to identify “artifacts” (amplitude peaks at certain frequencies and/or distance) which, seen as a set, are unique to each person. As many years have been spent studying this phenomenon in relation to the human organism, the reliability of the data is well demonstrated.
To initially observe and record this personal frequency profile, henceforth referred to as “PFP”, it is necessary to analyze the electromagnetic signals of a person over a period of time (from five minutes to a few hours). This is one of the reasons for mounting this identification process on a device that is worn by the person for long periods, such as a watch or bracelet. In the following paragraphs we will refer to the usage of a watch, henceforth referred to as the e-watch, but the device and method are not limited to watches alone and can be applied to any form of wearable or portable device. Such a wearable device could be in the form of a watch (e-watch), wristwatch, bracelet, necklace, ring, collar, headset, eyewear, item of clothing, permanently implanted device, button, badge or comprised of multiple units in communication with each other.
Thus, to perform the initial identification of a person’s unique PFP, the electromagnetic fields are continuously read and compressed and sent to a processing server at predetermined time intervals (a few minutes). An external server (remote server) is currently required due to the large amounts of data that need to be processed, though this will likely change as portable devices become ever more powerful.
Electromagnetic fields are detected using tuned GMR (Giant Magneto Resistance) sensors. The tuning of the sensors can be achieved by structural, hardware or software means. Using tuned GMR sensors reduces the amount of data that needs to be processed allowing the processing of the large amounts of data to be done faster and/or with less powerful processing means. It also makes it easier to send to an external server (remote server).
During data processing, an algorithm generates a set of bytes (each set of variable length, at least 500 bytes) representing the identifiable patterns in the electromagnetic signal that are unique to the person wearing the e-watch. By identifiable pattern is meant a sequence of, for example, peaks and valleys in the frequency signal that are regularly repeated when observed in the time domain. A group of such patterns builds up a profile. It is this unique profile that is referred to as the personal frequency profile (PFP). The number of sets and the size of each set will depend on how many are necessary to build up the patterns representing the individual’s unique profile (PFP).
Within a living organism many frequencies are generated. Some of the more known ones include brainwaves. Apart from brainwaves there are also frequencies present in the body at much lower amplitudes or power and at much higher frequency ranges. GMR sensors can be adapted to be sensitive to these low power/high frequency signals. Due to the higher frequency ranges the amount of data that is present in a given time segment is extremely high.
Once the PFP is calculated, it is encrypted and sent back from the server to the e-watch. The e-watch then continuously monitors and verifies real-time sensor data against the PFP. If more than 5 minutes pass without finding a subset of stored compatible artifacts representing the PFP, or if it finds incompatible artifacts (for example, a valley in the frequency analysis where a peak would be expected), it is considered an indication that someone else is using the e-watch (negative user ID).To ensure that the person is alive and wearing the e-watch, sensors continuously monitor the user's heart rate variability signal or other life sign biomarker. If the e-watch is removed from the user's wrist (for any reason), the absence of a life sign signal and the absence of skin proximity to the electromagnetic sensor will block the identification system. It will remain blocked for up to 5 minutes after the user puts the e-watch on their wrist again.
If the e-watch identifies that the user is no longer the same (i.e. the e-watch was placed on another user's wrist), then the unique identification process for this new user must be performed, with the measurement and validation of their unique PFP over a longer period (up to four hours), as described above.
Advantageous Effects
The greatest advantage of this invention is the extremely high level of passive security which is achieved by using a PFP that lends itself to the described two-step identification and verification process. The first process step (identification) takes a long time as it measures a highly complex unique profile. Once that has been encoded the second process step takes much less time to verify that the PFP is continuously present in the individual being checked. Due to the highly complex nature of the PFP and the fact that it can only be generated by a living organism, trying to hack the process is not currently possible. That high level of identity security is likely to remain so for quite some time. Neither clones nor identical twins produce an identical PFP.
Another advantage of the invention is that it works for all living beings including animals. That means it works for individuals who are paralyzed (eg. quadriplegics), those that are missing limbs or eyes, those who cannot speak, babies, individuals that are sleeping or in a coma. No other means for the identification of living organisms demonstrates this level of security and the ability to work in such varied situations.
A further advantage is the robust nature of the tuned GMR sensors which will function in a range of hostile environments. This is important to allow them to function in diverse situations such as while a person is exercising, in a loud environment, in an environment with intense EM radiation, varying light conditions, extreme temperatures (within the ranges survivable by living organisms), acceleration and so on. They are unaffected by moisture (sweat), movement, vibration, temperature changes, lighting conditions, acoustic noise, gravity and other environmental conditions.
According to the first aspect of the invention there is provided a method for identifying a living organism by measuring the electromagnetic field of said organism. Said method comprising:
step (a) for collecting data measured by the sensors of a wearable biometric sensing device,
followed by step (b) processing said data to generate a personal frequency profile (PFP),
wherein step (c) said personal frequency profile (PFP) is stored in said wearable device, and
in step (d) said personal frequency profile (PFP) is used for verification of identity of said living organism.
In some embodiments, said personal frequency profile (PFP) generated in step (b) preferably comprises multiple time domain segments (TDS’s) wherein each time domain segment (TDS) corresponds to a unique pattern identified from data collected in step (a).
In some embodiments the verification step (d) comprises continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
In some embodiments said step (d) identifies a minimum number of time domain segments (TDS’s) in the continuously collected data that are part of the personal frequency profile (PFP) to verify the identity of said organism.
In some embodiments in step (d) verification of the identity of said living organism is considered positive, when in a predetermined period of time a minimum predetermined number of time domain segments (TDS’s) are identified in the continuously collected data and wherein said time domain segments (TDS’s) are part of the personal frequency profile (PFP) stored in said device in step (c) and wherein said data is measured by the sensors of said wearable biometric sensing device.
In some embodiments in said step (b) processing of said data to generate a personal frequency profile (PFP) is performed in a remote server and wherein obtained personal frequency profile (PFP) is sent from said remote server to said wearable device to be stored in said device in step (c) above.
Remote server in the context of the present invention is any external server or server system or cloud based server or system configured to receive and process said data in order to generate personal frequency profile (PFP) and to send it to said device.
Preferably said personal frequency profile (PFP) comprises at least 300 time domain segments (TDS’s).
In still yet another aspect there is provided a wearable biometric sensing device for identifying a living organism by measuring the electromagnetic field of said organism. Said device comprises a CPU, a power supply, data storage, tele-communication means, user display and interface means.
Said device is configured to continuously collect data by measuring the electromagnetic field emitted by said organism using at least one sensor mounted in close proximity to said organism.
In some embodiments said sensor is preferably a giant magneto resistance sensor (GMR).
In some embodiments said device is configured to send said collected data to a remote server and receive from said server a personal frequency profile (PFP) and store said personal frequency profile (PFP) in said device and to perform verification of said organism using said personal frequency profile (PFP) by continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
In some embodiments said wearable device is in the form of a watch, bracelet, necklace, ring, collar, headset, eyewear, item of clothing, permanently implanted device, button, badge or comprised of multiple units in communication with each other.
Brief Description of Drawings
The invention is described in the following with reference to the accompanying drawings, in which
FIG. 1 is a block diagram showing the three classes of components involved in the continuous identification process;
FIG. 2 is a schematic diagram for explaining the interaction of the different components within the e-watch;
FIG. 3 is a schematic representation of the PFP generation process;
FIG. 4 is a schematic representation of the PFP verification process;
FIG. 5 is a schematic representation of the 3rd party application registration process;
FIG. 6 is a schematic representation of the 3rd party application transaction authorization process;
FIG. 7 shows a schematic representation of the e-watch and some of its sensors;
FIG. 8 shows an example of a frequency sample that represents a molecular structure present in a human body.
Best Mode for Carrying Out the Invention

Background and components
The focus of this application is the wearable device that in the example explained is an electronic smart watch referred to as the e-watch. As stated before, the application is not limited to a watch, but can be extended to other portable electronic devices.
The e-watch is a portable, wearable computing system, mounted on a watch, having all the standard smart watch features (tell the time, communicate with a mobile application on a cell phone and display notifications, weather forecast, etc..), standard optical sensors capable of measuring heart rate and a special purpose GMR (Giant Magneto Resistance) sensor set that is used to gather data to compute and check the unique PFP related to the user.
The generation of the personal frequency profile (PFP) is not only a computing-intensive process, but it must also deal with a high volume of collected data. At present, it would take too long to generate inside a portable and battery powered device like a watch. While other portable devices can be used, such as a bracelet, pendent, smart clothing or other wearable, the description will refer to an electronic smart watch (e-watch). This reference does not limit the scope of the invention and is one example of a suitable portable device. This part of the process is therefore done on a server application, using a communication protocol that allows a software application on the e-watch (and on a mobile phone or a computer) to direct the user ID generation and communicate with the server.
Whilst the generation of the PFP requires interaction with a server application, the verification of the user ID is a pattern search algorithm, which requires few resources and can be done continuously inside the e-watch. Although this verification is one of various functions that take place within the e-watch independently of external systems, the e-watch is designed to function as part of a network such as outlined below.
There are three classes of components involved in the continuous identification process (see FIG. 1):
  • Hardware/firmware and software components in the watch and used by the end user (boxes starting with 1.1.);
  • Server-side proprietary software that receives data from said watch (box 1.2.1);
  • Third party applications using standard protocols for the use of said watch in authentication and payment processes (boxes starting with 1.3.).
These three classes of components will usually make use of the internet represented by box 1.4.1 although this could also be a proprietary secure communication system.

Hardware/firmware and software components in the watch and used by the end user (boxes starting with 1.1.)
The hardware/firmware component is the e-watch component, and it will perform the two most critical tasks of the process:
  • collect the biometric data (the GMR readings, the white noise diodes readings and the optical sensors readings) and filter the sensor readings to get only the desired data;
  • constantly monitor the sensor readings and check the user identity against a server-side computed pattern (the PFP), to check if the user that is using the e-watch is in fact the authorized user.
The software component in this step is an app that is present on the e-watch and cell phone or desktop that is required to trigger the process that leads to the initial calculation of the PFP.
Although Near Field Communication (NFC) is referred to in FIG. 1 between 1.1.1 and 1.3.2 this could be any short-range secure communication means.

Server-side proprietary software that receives data from said e-watch ( box 1.2.1)
The server-side proprietary software is a piece of software that will analyze the incoming data from the said e-watch, devise a pattern that uniquely identifies the user (the PFP), and send back encrypted data to the application that communicates with the e-watch. All the data from four GMR sensors is read in a constant stream over a maximum period of four hours and sent to a server program which scans said data to determine where specific time domains exist that contain the same unique pattern (i.e with same peaks in same places) such as shown in fig. 8. This program is an efficient pattern search algorithm. How long the time segment is, in which the unique pattern is repeated a given number of times, will vary for each pattern of frequency peaks and each individual. This combination of a unique pattern of peaks (and valleys) that is repeated a number of times in a given time segment is called a time domain segment (TDS). The unique pattern of peaks and valleys may resemble the graph in figure 8 that represents a sequence of several patterns relating to molecular structure.
By measuring hundreds of thousands of such molecular structure sequences it is possible for the pattern search algorithm analyzing this bulk data to extract a number of these time domain segments (TDS’s) that occur during up to four hours. So each TDS must meet criteria for uniqueness (i.e. never seen with any other person) and number of occurrences during up to four hours (high enough that it is likely to be seen in a period of five minutes). In general there will be hundreds of TDS’s that meet the criteria. It is considered that 300-700 (three to seven hundred) TDS’s is enough to reliably establish the unique identity of the individual wearing the e-watch. During a five minute period only 50-100 (fifty to one hundred) of these TDS’s must be measured (recognized), to have an extremely high level of certainty that said individual has been verified. Which of the 300-700 TDS’s occur during a five minute measure is random and it is therefore extremely unlikely that the same combination of TDS’s will be repeated in a subsequent five minute measuring segment.
The fact that no two five-minute verification periods should ever generate the same selection of TDS’s can be used to detect attempts at hacking. The combination of TDS’s measured in a five-minute measuring period can be compared to the combinations that occur in subsequent measuring periods. If a match is found then that is an indication of a hacking attempt as this matching series of TDS’s would not occur unless a copy was being inserted.

Third party applications using standard protocols for the use of said e-watch in authentication and payment processes (boxes starting with 1.3.)
The third class of components in the process is made up of third-party applications that communicate directly with the e-watch for the authentication of e.g. banking transactions.
From a security point of view, it is advisable that the application that will use the e-watch as an authentication device be the one that is in direct communication with the e-watch to control the ID generation process. This way, there is no intermediary device in between the application and the e-watch that can pose a security vulnerability in the process.

Identification p rocess
Summary
The identification process happens in three phases:
1. The personal frequency profile generation;
2. The constant verification of the personal frequency profile;
3. The authorization to access or use cryptographic assets for transaction processing.
The PFP generation is a one-time process. It must be executed before the user can use the e-watch as an identification device, and it involves three components: the e-watch, a computer (or mobile phone) application communicating with the e-watch and an internet connection to the server application. It needs to collect sensor readings for between at least 5 minutes up to 4 hours depending on individuals and other variables.
When an e-watch is sold/given to another user, this process must be repeated for the new user, and will invalidate all data from the previous owner.
Once the PFP is generated, the e-watch would be constantly verifying the user identity and allowing the access to the cryptographic data based on the positive identification of the user.
Each time the e-watch is used to authenticate the user through some cryptographic process, it will check if the PFP is valid (based on the last 5 minutes readings on the sensors) and authorize or decline access. While it is five minutes in this example it could be much less with more advanced sensor and processing technology which will become available.

PFP generation
FIG. 3 provides for a schematic representation of the PFP generation process. The said process starts on a mobile phone or PC application, connected to the Internet (to communicate with the (remote/external) server) and connected to the e-watch using Bluetooth, WiFi or other short-range communication means.
When the e-watch receives the “configure new user” command, it will prepare for a new user ID, deleting all the data from the previous user (if applicable) and generating a cryptographic key pair to secure the communications between the e-watch and the application between the e-watch and the server application.
Once the key pair has been generated, the e-watch starts to read, collect and filter the raw data from the sensors. This process is repeated for a determined amount of time and all data is sent to the mobile or PC application. The application will consolidate and compress the data and send it to the server. The collected sensor data will consist of the tuned GMR sensor readings, filtering out all the frequencies that are not relevant for the pattern identification process that the server application will perform.
The server application will analyze the data and look for specific artifacts on the waveforms such as periodically repeated spike patterns in the time domain , the relative weight of some harmonics (standard means for analysis of frequency data) in the frequency analysis and the relative amplitude of some spikes related to the signal average and median.
Once the server extracts a pattern that uniquely identifies the user (the PFP), this pattern is ciphered, protected with the public key sent by the e-watch, and it is sent back to the application. The application then sends the enciphered data to the e-watch that will decipher it and store the PFP. The PFP will be stored in a ciphered form in the permanent storage of the e-watch, preventing attacks on the unprotected memory area.
Along with the e-watch’s public key, the stored PFP is used in a key derivation process, generating a unique personal key pair that will identify the user for external applications. Since this key pair is derived from the e-watch’s keys and from the PFP (of which the patterns are unique to the user), the key pair is unique for this individual, using this e-watch and with a set of TDS’s generated on this particular process execution that is referred to as the user verification ID. Each time said user verification ID process is started, a new e-watch key pair is generated using random data such as date and time or the encrypted equipment serial number, together with the random set of TDS’s read in the five-minute verification period read from the person’s GMR data (in said five-minute period). This means that the entire process of creating a key pair takes place within the watch.

PFP verification
FIG. 4 provides for a schematic representation of the PFP verification process. The process of the PFP verification on the e-watch is continuous. As long as the e-watch is turned on, it will read the GMR sensors and analyze the data. The PFP verification process checks the real-time GMR readings and verifies the patterns that were stored during the PFP generation process. If the pattern does not match the stored pattern sufficiently, the process will set an “Invalid User” flag, indicating that the user wearing the e-watch cannot be identified as the authorized user. So using the terminology of the previous paragraph, the algorithm is looking for a set of TDS’s (user verification ID) that can guarantee that the PFP has been confirmed.
When the “invalid user” flag is set, the e-watch will block the access to all cryptographic functions for any external (not inside the e-watch) application and will deny any authentication or transaction authorization attempt.
Removing the e-watch from the wrist (which is detectable by a change in the GMR readings or other life sign biosensor such as a dedicated HRV sensor), will immediately flag the user as “invalid”, preventing a stolen or lost e-watch from being used for authentication. If the “invalid user” flag is set, the e-watch will not stop the PFP verification process, but continues to look for GMR readings that can identify the valid user. After putting the e-watch back on, the process will verify the user’s unique PFP via the sensor readings and flag the user as “valid” again.
Using this process, it is not required to verify the user’s unique PFP at the exact time of the transaction, as the “valid” or “invalid” status already indicates if the user is positively identified or not, and if they are wearing the e-watch.
The life sign biosensor ensures that there is no hacking vulnerability during the five-minute (or less) window during which the user valid flag is active (box 4.8) pending the next verification cycle. Although the GMR sensors can also function as life sign sensors it is possible to have other sensors perform this function such as optical (e.g. Infrared) diode sensors.

Authorization for external applications
The user access authorization for external applications is done in two steps:
  • The application must create a user entry in its own directory for the e-watch user, associating the user’s public key with the relevant user data that is required for the application itself. This event takes place when the user registers to use the e-watch with this particular application (for example, associating a user and their e-watch with a bank account or credit card number). This association is referred to as a ‘user/watch-pair’. The above process is depicted in FIG. 5.
  • The application can communicate with the e-watch (WiFi, Bluetooth, NFC, or any other short-range communication protocol) to ask for user authentication, sending a data package that will be signed by the user’s private key and that can be verified by the application itself. This event takes place when the user is using the e-watch to authorize a transaction within the application, as depicted in FIG. 6.
It is up to the application owner to establish any additional security measures if needed: the e-watch will ensure that the user who is using the e-watch is the one who effectively registered on the application, but it will not have any control over whether the person is being coerced to make the transaction, for example. So, if the application owner requires higher levels of security, they can combine the e-watch authentication with other existing authentication schemes, panic codes and so on. One such security measure that can make coercion more difficult is to monitor the emotional and physical state of the user. This feature is easily enabled as the user’s real time emotional and physical state can be determined using data read by the GMR sensors. This emotional and physical measuring process is well established and has been tested and verified over several decades by the Aquera company. If an emotional state related to being coerced or drugged is detected, then identity verification for certain applications (such as banking) can be disabled. It is also possible to send alerts to designated people or agencies that a hacking attempt is being made.
The registration of an external application to use the e-watch as a user authentication device, as depicted in FIG. 5, stores application specific data inside the e-watch, that can be retrieved by the application.
For each registered application, the e-watch generates a Universal Unique Identifier (APP UUID as used by Apple, Microsoft and Android) which is a 128 bit number, that can be stored on the application database to be associated with the user identity.
Alongside the UUID, the application will receive a copy of the user's public key from the e-watch during the application registration process. This public key can be used to verify digitally signed data received by the application from the e-watch, ensuring that, even if the UUID is leaked, it will not be possible to falsify the user/watch-pair identity.

Device description
In order to be used for secure purposes, like the authorization of financial transactions, there are sensitive pieces of data that must be protected inside the e-watch by storing and processing said data on a Hardware Security Module (HSM). The HSM consists of a processor and memory that are encapsulated in a tamper resistant casing, with a single input/output bus and a limited protocol that only allows for specific function calls. FIG. 2 shows how these components interact inside the e-watch.
FIG. 7 shows a representation of the e-watch and some of its sensors. The PFP is derived from raw data collected by the four GMR sensors mounted on the back of the e-watch near the skin. Although the GMR sensors do not require galvanic skin contact, they must be close to the skin (less than 1cm) to ensure that the EM signal picked up from the body is stronger than the EM signal from background noise. This background noise is generated by all electrical devices and currents in the surrounding environment. Most environments in which there is human activity include high levels of background EM radiation.
The four GMR’s used for obtaining raw data for the personal frequency profile (PFP), are tuned to frequencies of specific chemical constructions in a time domain.
Tuning of the GMR sensors is done by structural, hardware and/or software to narrow down (filter) the raw data to that related to the specific chemical or molecular structure in a time domain to use for deriving the PFP. Structural means can consist of manufacturing said sensor at the integrated circuit level using nanometer/micrometer manufacturing technology, sometimes referred to as an Application Specific Integrated Circuit. Also possible is manufacturing said sensor to be inherently sensitive to a specific frequency range due to its structural nature such as an antenna. Hardware means can consist of dedicated component-based filter systems that work in conjunction with said sensor. Software means can consist of a GMR sensor package that includes a programmable filter section. It is also possible to combine each of these means in various ways.
Referring to FIG. 8 is an example of a frequency sample that represents a molecular structure present in a human body. As can be seen it includes various peaks and valleys. These are referred to as artifacts. By analyzing a large enough sample of EM body emissions, it is possible to identify recurring patterns of these artifacts. In summary the frequencies that are picked up by the tuned GMR sensors are sampled at a very rapid rate of between 5ps and 50ns (5 pico seconds and 50 nano seconds) that allows the artifacts to be recorded that relate to specific molecular structures. A pattern search is then conducted on this large volume of data to determine the PFP. As the volume of data from four sensors measuring at high sampling rates over several hours is extensive it must be compressed before sending to the (remote/external) server. The combination of being able to measure such low power EM signals at high sampling rates and derive from that, molecular based information that is uniquely related to the individual, forms the core of the invention.
Research has indicated that the unique personal frequency profile (PFP) is stable and secure. This stability is not surprising as the PFP is related to the presence of molecular structures within the body that show very little change due to aging or environmental factors. Also, there is some flexibility built into the pattern recognition. This flexibility operates in a similar way to facial recognition that can still recognize a face that ages or has different expressions.
The research was also focused on identifying the presence of emotional and life-threatening chemical structures in a time domain which are general for all persons. That means that whenever that chemical structure is recognized by the e-watch it indicates the same emotional state or life-threatening situation, regardless of who is wearing the e-watch. The ability of the e-watch to recognize both these general emotional structures as well as the unique Personal Frequency Profile (PFP) makes it very safe and stable to use in a secure transaction system.
This testing of the emotional state or the presence of a life-threatening situation adds an optional extra layer of security to the already highly secure authentication system. First the PFP of the person wearing the e-watch must be present. Then the life sign signal indicating that the watch has not been removed and the person is living must be present. The optional extra security layer indicates whether the person is being threatened or drugged or coerced, so that appropriate measures can be taken. All of these steps take place without the user having to perform any special actions like entering codes, presenting a finger or other body part, or speaking.
The personal frequency profile (PFP) and the life-threatening emotional status makes it impossible to mimic and is therefore the safest way to use it for the most secure data inscription processes.
The extra security layer described above can form the basis of an additional embodiment where the safety of an individual is passively monitored to give advanced warning of kidnapping, accidents and other life-threatening situations.
A further embodiment foresees the use of the invention to track patients (including babies) in hospitals. This is useful as it is more secure than just applying a passive bracelet and can be integrated into the data infrastructure of a hospital or clinic.
Another embodiment foresees the adaptation of the invention for tracking and identifying pets. This would involve a simplified collar or tag with communication circuitry built in. As it can sense heightened stress levels the pet tracking device can alert owners if the pet is in trouble.
Another embodiment allows the e-watch or portable device to communicate directly with the server and do the whole PFP generation and verification process without additional intermediate devices.
Another embodiment allows for the use of less than four GMR sensors. This would be possible in the case of a software tunable GMR.

Claims (11)

  1. A method for identifying a living organism by measuring the electromagnetic field of said organism characterized by
    step (a) collecting data measured by the sensors of a wearable biometric sensing device,
    followed by step (b) processing said data to generate a personal frequency profile (PFP),
    wherein step (c) said personal frequency profile (PFP) is stored in said wearable device, and
    in step (d) said personal frequency profile (PFP) is used for verification of identity of said living organism.
  2. Method according to claim 1, wherein said personal frequency profile (PFP) generated in step (b) comprises multiple time domain segments (TDS’s) wherein each time domain segment (TDS) corresponds to a unique pattern identified from data collected in step (a).
  3. Method according to claim 1 or 2, wherein verification step (d) comprises continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
  4. Method according to claim 1 or 2, wherein step (d) identifies a minimum number of time domain segments (TDS’s) in the continuously collected data that are part of the personal frequency profile (PFP) to verify the identity of said organism.
  5. Method according to any preceding claim, wherein in step (d) verification of the identity of said living organism is considered positive, when in a predetermined period of time a minimum predetermined number of time domain segments (TDS’s) are identified in the continuously collected data and wherein said time domain segments (TDS’s) are part of the personal frequency profile (PFP) stored in said device in step (c) and wherein said data is measured by the sensors of said wearable biometric sensing device.
  6. Method according to any of the preceding claims, wherein in said step (b) processing said data to generate a personal frequency profile (PFP) is performed in a remote server and wherein obtained personal frequency profile (PFP) is sent from said remote server to said wearable device to be stored in said device in step (c) above.
  7. Method according to any preceding claim 2 to 6, where said personal frequency profile (PFP) comprises at least 300 time domain segments (TDS’s).
  8. A wearable biometric sensing device for identifying a living organism by measuring the electromagnetic field of said organism, comprising a CPU, a power supply, data storage, tele-communication means, user display and interface means, characterized in that said device is configured to continuously collect data by measuring the electromagnetic field emitted by said organism using at least one sensor mounted in close proximity to said organism.
  9. Device according to claim 8, wherein said sensor is a giant magneto resistance sensor (GMR).
  10. Device according to any preceding claim 8 or 9, wherein said device is configured to send said collected data to a remote server and receive from said server a personal frequency profile (PFP) and store said personal frequency profile (PFP) in said device and to perform verification of said organism using said personal frequency profile (PFP) by continuously collecting data measured by the sensors of said wearable biometric sensing device and comparing said data with the personal frequency profile (PFP).
  11. Device according to any preceding claim 8, 9 or 10, wherein said wearable device is in the form of a watch, bracelet, necklace, ring, collar, headset, eyewear, item of clothing, permanently implanted device, button, badge or comprised of multiple units in communication with each other.
PCT/EP2019/085136 2019-12-13 2019-12-13 A method and device for identifying a living organism WO2021115620A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/085136 WO2021115620A1 (en) 2019-12-13 2019-12-13 A method and device for identifying a living organism

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/085136 WO2021115620A1 (en) 2019-12-13 2019-12-13 A method and device for identifying a living organism

Publications (1)

Publication Number Publication Date
WO2021115620A1 true WO2021115620A1 (en) 2021-06-17

Family

ID=69063732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2019/085136 WO2021115620A1 (en) 2019-12-13 2019-12-13 A method and device for identifying a living organism

Country Status (1)

Country Link
WO (1) WO2021115620A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
WO2001020538A2 (en) 1999-09-15 2001-03-22 Quid Technologies Llc Biometric recognition utilizing unique energy characteristics of an individual organism
US20070017136A1 (en) 2002-03-18 2007-01-25 Mosher Walter W Jr Enhanced identification applicance for verifying and authenticating the bearer through biometric data
US20140246501A1 (en) * 2013-03-04 2014-09-04 Hello Inc. Wearable Device Made with Silicone Rubber and Electronic Components
WO2016162823A1 (en) * 2015-04-08 2016-10-13 Visa International Service Association Method and system for associating a user with a wearable device
US20180068098A1 (en) 2015-03-29 2018-03-08 Securedtouch Ltd. Continuous User Authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5229764A (en) 1991-06-20 1993-07-20 Matchett Noel D Continuous biometric authentication matrix
WO2001020538A2 (en) 1999-09-15 2001-03-22 Quid Technologies Llc Biometric recognition utilizing unique energy characteristics of an individual organism
US20070017136A1 (en) 2002-03-18 2007-01-25 Mosher Walter W Jr Enhanced identification applicance for verifying and authenticating the bearer through biometric data
US20140246501A1 (en) * 2013-03-04 2014-09-04 Hello Inc. Wearable Device Made with Silicone Rubber and Electronic Components
US9501735B2 (en) 2013-03-04 2016-11-22 Hello Inc. Wearable device made with silicone rubber and electronic components
US20180068098A1 (en) 2015-03-29 2018-03-08 Securedtouch Ltd. Continuous User Authentication
WO2016162823A1 (en) * 2015-04-08 2016-10-13 Visa International Service Association Method and system for associating a user with a wearable device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CHUGH VINIT KUMAR ET AL: "Analysis of a GMR-based plethysmograph transducer and its utility for real-time Blood Pressure measurement", 2017 39TH ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY (EMBC), IEEE, 11 July 2017 (2017-07-11), pages 1704 - 1707, XP033152379, DOI: 10.1109/EMBC.2017.8037170 *
FEI WANG ET AL: "Continuous User Authentication by Contactless Wireless Sensing", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 4 December 2018 (2018-12-04), XP080988969 *
KALYAN KUBERA ET AL: "Non-invasive heart rate monitoring system using giant magneto resistance sensor", 2016 38TH ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY (EMBC), IEEE, 16 August 2016 (2016-08-16), pages 4873 - 4876, XP032980258, DOI: 10.1109/EMBC.2016.7591819 *

Similar Documents

Publication Publication Date Title
US11720656B2 (en) Live user authentication device, system and method
Mason et al. An investigation of biometric authentication in the healthcare environment
RU2558617C2 (en) Secured personal data handling and management system
Vacca Biometric technologies and verification systems
Wayman et al. An introduction to biometric authentication systems
JP5039103B2 (en) A method of biometric-based authentication in wireless communication for access control
US20080005578A1 (en) System and method for traceless biometric identification
US20190172280A1 (en) In vivo identity and security application implant and method
Singh et al. Biometric identification system: security and privacy concern
CN105554026A (en) Electronic record information security management system
JP2005502944A (en) Apparatus and method for recognizing at least one individual, apparatus and system for monitoring access, and corresponding use
Anu et al. A smart door access system using finger print biometric system
Rejman-Greene Biometrics—real identities for a virtual world
WO2021115620A1 (en) A method and device for identifying a living organism
Lee et al. New approach for detecting leakage of internal information; using emotional recognition technology
Abdulkader et al. Authentication systems: Principles and threats
JP2006011614A (en) Finger ring equipped with fingerprint recognition function, finger print recognition device and information processing system using them
Sabater Biometrics as password alternative
Bleumer Biometric authentication and multilateral security
WO2024004084A1 (en) Information processing device, wearable device, information processing method, and recording medium
Lu et al. Iris recognition on low computational power mobile devices
Uchenna et al. Overview of technologies and fingerprint scanner used for biometric capturing
Cimato et al. Biometrics and privacy
RU2817264C2 (en) Method of protecting electronic multifunctional mobile device from unauthorized access
Hortai Possibilities of dynamic biometrics for authentication and the circumstances for using dynamic biometric signature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19829476

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19829476

Country of ref document: EP

Kind code of ref document: A1