Abstract: Video still frames with highest facial detection scores are matched and displayed to a security operator console with identity indicia retrieved upon a credential submission event from a physical access control system. An apparatus couples a security operator console to a surveillance camera at a physical access control portal. A video clip containing a frame with highest facial detection score of all frames captured in propinquity to the time of credential submission, is matched to and displayed with the identity indicia. Credentials from a group of people entering together are presented to a security officer console along with video clips simultaneously containing a plurality of faces or perspectives which may be accepted en masse or in part. Time shifting still frames to reconcile with credential submission time stamps concentrates content in a display console. The apparatus retrieves and presents identity indicia in conjunction with a face in the selected frame.

Abstract: A method of operation triggers an alert when cameras or sensors determine an action e.g. entry into or occupancy of a reserved region. The system transmits a caution to the pilgrim to present a credential or affirm proper attire and safety equipage upon entry into the penumbra of the reserved region. Within the penumbra, a pilgrim may preempt the access control challenge or alert by presenting his credential or by signally his intention to enter the reserved region. A process of the surveillance and security system includes recording all entries and occupancy of reserved areas but suppressing alarms and alerts on the condition that a credential bearer is within the geo-fenced region. A reserved area has both umbra and penumbra regions with various effects of entry, occupancy, and presentation of credentials. Receiving a presented credential causes alerts to be preempted in the penumbra and to be unfaulted in the umbra.

Abstract: Video still frames with highest facial detection scores are matched and displayed to a security operator console with identity indicia retrieved upon a credential submission event from a physical access control system. An apparatus couples a security operator console to a surveillance camera at a physical access control portal. A video clip containing a frame with highest facial detection score of all frames captured in propinquity to the time of credential submission, is matched to and displayed with the identity indicia. Credentials from a group of people entering together are presented to a security officer console along with video clips simultaneously containing a plurality of faces or perspectives which may be accepted en masse or in part. Time shifting still frames to reconcile with credential submission time stamps concentrates content in a display console. The apparatus retrieves and presents identity indicia in conjunction with a face in the selected frame.

Abstract: A physical access control system triggers an alert when cameras or sensors determine an action e.g. entry into or occupancy of a reserved region. The system may caution the pilgrim to present a credential or affirm proper attire and safety equipage upon entry into the penumbra of the reserved region. Within the penumbra, a pilgrim may preempt the access control challenge or alert by presenting his credential or by signally his intention to enter the reserved region. A surveillance and security system records all entries and occupancy of reserved areas but suppresses alarms and alerts on the condition that a credential bearer is within the geo-fenced region. A reserved area has both umbra and penumbra regions with various effects of entry, occupancy, and presentation of credentials. Alerts can be preempted in the penumbra and unfaulted in the umbra by presentation of a credential.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A personal electronic device enables access to and occupancy of a secure space by providing measures of behaviors, personal attributes, history of transactions and movements that are used to validate continuous authentication and authorization of the device's possessor. This addresses the vulnerability of a misplaced, lost, or stolen electronic credential. An anchor point is a physical measurement of personal physical identity such as voice recognition, fingerprint, iris scan, chemistry, or other biometric. Continuity from an anchor point is measured by GPS way points, financial transactions at familiar vendors, outgoing text messages or passphrases, gait analysis, heart rate, EKG rhythm, or transit time. A request for access is presented upon a challenge based on proximity to a portal location. A digital credential is used to encrypt two or more of the continuity milestones and an anchor point which can be matched against a previously stored or dynamically generated expected value.

Abstract: A mobile door knocker causes a portal to open for an authenticated user. A physical access control system actuates upon receiving a wireless request triggered by a pattern of indicia in the vicinity of a portal. A hand-held communication device transmits a portal access control signal when it recognizes a pattern of bursts in signal amplitude. A mobile device has a sensor package, communication circuits, and a processor. Upon determining proximity to a controlled portal, the sensor package enables a pattern recognition circuit. Upon receiving a success indicia from the pattern recognition circuit, the communication circuits authenticate with the controlled portal. A sensor package may be enabled by accelerations from tapping the device against a door, wall, or table. A pattern may be related to a number, or a sequence, or combination of slows, pauses, and quicks, or a curvilinear acceleration.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A door opens for an authenticated user by being tapped by a communication device. A physical access control system actuates upon receiving a wireless request triggered by a pattern of indicia in the vicinity of a portal. A hand-held communication device transmits a portal access control signal when it recognizes a pattern of bursts in signal amplitude. A mobile device has a sensor package, communication circuits, and a processor. Upon determining proximity to a controlled portal, the sensor package enables a pattern recognition circuit. Upon receiving a success indicia from the pattern recognition circuit, the communication circuits authenticate with the controlled portal, e.g. causing a door to open. A sensor package may be enabled by accelerations from bumping the device; tapping the device against a door, wall, or table. A pattern may be related to a number, or a sequence, or combination of slows, pauses, and quicks, or a single acceleration.

Abstract: A personal electronic device enables access to and occupancy of a secure space by providing measures of behaviors, personal attributes, history of transactions and movements that are used to validate continuous authentication and authorization of the device's possessor. This addresses the vulnerability of a misplaced, lost, or stolen electronic credential. An anchor point is a physical measurement of personal physical identity such as voice recognition, fingerprint, iris scan, chemistry, or other biometric. Continuity from an anchor point is measured by GPS way points, financial transactions at familiar vendors, outgoing text messages or passphrases, gait analysis, heart rate, EKG rhythm, or transit time. A request for access is presented upon a challenge based on proximity to a portal location. A digital credential is used to encrypt two or more of the continuity milestones and an anchor point which can be matched against a previously stored or dynamically generated expected value.

Abstract: A predictive physical access control and security intervention system includes a credential device, indicia sensors, portal actuators; and a data store of historic and predicted travel events, whereby out of norm behaviors trigger elevated security intervention processes. A system detects, identifies, and measures occupancy and transit patterns of identities within and through a spatial volume. A processor performs statistical calculations of dwell time, movement patterns, path vectors, frequency of entry or exit, and transmission of attribute assertions containing trusted information to subscribers. The method transforms radio signals emitted by personal communications and identity devices into metrics of human traffic patterns, behavior conducive to commercial and security interests, and provides identity attributes containing trusted information to identity service subscribers.

Abstract: A predictive physical access control and security intervention system includes a credential device, indicia sensors, portal actuators; and a data store of historic and predicted travel events, whereby out of norm behaviors trigger elevated security intervention processes. A system detects, identifies, and measures occupancy and transit patterns of identities within and through a spatial volume. A processor performs statistical calculations of dwell time, movement patterns, path vectors, frequency of entry or exit, and transmission of attribute assertions containing trusted information to subscribers. The method transforms radio signals emitted by personal communications and identity devices into metrics of human traffic patterns, behavior conducive to commercial and security interests, and provides identity attributes containing trusted information to identity service subscribers.

Abstract: A server is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A server is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types or physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types or physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types of physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: The present invention provides, in one aspect, a system and method for managing authentication tokens that operate across multiple types of physical resources binding the tokens to one or more external electronic Identity Providers; generating tokens; authenticating the tokens at multiple physical resources; managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things, simplify the process of granting user-generated credentials to persons connected to a given individual via the Identity Provider or an external social network, for example.

Abstract: A method for conducting commercial transactions is described. The method includes the steps of generating a data key in response to a request from a user and transmitting the data key to the user. The method also includes the step of transmitting the data key to a first remote location, in which the data key identifies a commercial transaction conducted by the user and also is stored at the first remote location. A system for conducting commercial transactions is described. The system includes a software program for generating a data key in response to a request from a user and a first hardware device for transmitting the data key to the user. The system also includes a second hardware device for transmitting the data key to a first remote location and a memory for storing the transmitted data key at the first remote location, in which the data key identifies a commercial transaction conducted by the user.