Abstract: Described are various embodiments of a digital user authentication device, the device comprising: a user authentication interface operable to receive as input unique user identification data required to execute a digital user authentication process; a distinct physiological sensor operable to interface with the user to acquire a physiological signal from the user to automatically confirm a live user presence during said authentication process; and a digital data processor and computer-readable memory operable to execute computer-readable instructions to invoke said user authentication process based on said unique user identification data while confirming said live user presence based on said physiological signal such that a successful user authentication is only concluded upon confirmation of said live user presence during said authentication process. Various authentication, access authorization and revocation systems and processes are also described.

Abstract: Described are various embodiments of a cryptographic process for portable devices, and user presence and/or access authorization systems and methods employing such protocols. In one embodiment, a digital user authentication system is described to comprise a wireless digital user authentication device (UAD) operable to authenticate the user and wirelessly communicate an authenticated identity thereof; and a network application operatively associated with a wireless access point and operable to authenticate the user presence. Upon the network application authenticating the user presence based, at least in part, on the authenticated identity, the UAD and the network application securely establish a short-term symmetric advertising (STSA) key. During a prescribed advertising lifetime of the STSA, the UAD periodically computes and advertises authentication codes encompassing the STSA key so to securely advertise the authenticated user presence.

Abstract: Described are various embodiments of a user activity-related monitoring system and method, and a user access authorization system and method employing same. In one embodiment, a system is provided for authenticating a user authorised to perform a designated activity in a designated environment. The system comprises a wireless digital user authentication device (UAD) operable to: wirelessly establish an authenticated access session at an access point within the designated environment for performing the designated activity; and acquire activity-related data during performance of the designated activity. The system further comprises a digital application operatively associated with the wireless digital UAD and operable to: digitally compare and evaluate compliance of the activity-related data with a digital authenticated activity template within a designated tolerance.

Abstract: Described are various embodiments of a system for monitoring a physical user presence during an authenticated user access session at an access point. In one embodiment, the system comprises a wireless digital user authentication device (UAD) operable to wirelessly establish the authenticated user access session, periodically communicate an authenticated presence code to actively maintain the session and acquire motion-related data during the session to capture a UAD departure motion representative of the user departing from the access point. The system further comprises a digital application operatively associated with the access point and operable to wirelessly establish the session with the UAD upon arrival at the access point, and periodically receive the authenticated presence code to maintain the authenticated user access session. The authenticated user session is terminated upon identifying the UAD departure motion from said the motion-related data.

Abstract: Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.

Abstract: The present invention is a biometric security system and method operable to authenticate one or more individuals using physiological signals. The method and system may comprise one of the following modes: instantaneous identity recognition (MR); or continuous identity recognition (CIR). The present invention may include a methodology and framework for biometric recognition using physiological signals and may utilize a machine learning utility. The machine learning utility may be presented and adapted to the needs of different application environments which constitute different application frameworks. The present invention may further incorporate a method and system for continuous authentication using physiological signals and a means of estimating relevant parameters.

Abstract: Embodiments are directed towards authenticating users using biometric devices. The biometric device may be arranged to capture one or more biometric feature of a user that may be wearing the biometric device such as biometric features that correspond to an electrocardiogram of the user. The user of the biometric device may be authenticated based on one or more biometric features, or a combination thereof. Authenticating the user of the biometric device, may include communicating information that includes biometric features to an authorized authentication device (AAD). When the user is authenticated, the biometric device may be preauthorized for the user. When the preauthorized biometric device senses at least one access point, an authorization signal may be provided to the access point. If the preauthorized biometric device is removed from the user, the biometric device is deauthorized, disabling access to access points by the user.

Abstract: Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.

Abstract: Embodiments are directed towards authenticating users using biometric devices. The biometric device may be arranged to capture one or more biometric feature of a user that may be wearing the biometric device such as biometric features that correspond to an electrocardiogram of the user. The user of the biometric device may be authenticated based on one or more biometric features, or a combination thereof. Authenticating the user of the biometric device, may include communicating information that includes biometric features to an authorized authentication device (AAD). When the user is authenticated, the biometric device may be preauthorized for the user. When the preauthorized biometric device senses at least one access point, an authorization signal may be provided to the access point. If the preauthorized biometric device is removed from the user, the biometric device is deauthorized, disabling access to access points by the user.

Abstract: Embodiments are directed towards communicating using a mobile device that performs actions including. A mobile device may be provisioned with an access point such that a provisioning key and a provisioning token for each of the provisioned access points may be stored on the mobile device. The mobile device may be determined to be in the presence of a provisioned access point based on the provisioning key and an advertising nonce. The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter. And, encrypted message packets that include a message and a message authentication tag may be communicated to the access point.

Abstract: Embodiments are directed towards authenticating users using biometric devices. The biometric device may be arranged to capture one or more biometric feature of a user that may be wearing the biometric device such as biometric features that correspond to an electrocardiogram of the user. The user of the biometric device may be authenticated based on one or more biometric features, or a combination thereof. Authenticating the user of the biometric device, may include communicating information that includes biometric features to an authorized authentication device (AAD). When the user is authenticated, the biometric device may be preauthorized for the user. When the preauthorized biometric device senses at least one access point, an authorization signal may be provided to the access point. If the preauthorized biometric device is removed from the user, the biometric device is deauthorized, disabling access to access points by the user.