Methods and systems configured to detect and guarantee identity for the purpose of data protection and access control
Abstract
A security system is provided that integrates physical and logical security controls for the protection of secured resources. The resources may include physical locations and/or computing resources such as databases containing personal information. In some embodiments, information is stored in separate, codependent databases such that by isolating the components of the databases from each other, a successful attack on one component is not sufficient to enable the access of content of the other components. In some embodiments, biometric information is automatically obtained as users approach an access location, and is ready for expedited verification of identity upon request by the user.
Claims
exact text as granted — not AI-modified1 . An identity validation system for positively confirming an identity and a physical location of an individual for securing access to one or more secured resources, the system comprising:
one or more location sensors for detecting locations of mobile devices within a physical location proximate to an access location for the one or more secured resources; one or more biometric information sensors for gathering biometric information from individuals within the physical location proximate to the access location; a biometric data store configured to store one or more biometric information data records; and at least one security management computing device configured to:
receive a notification from the one or more location sensors indicating that a mobile device is detected within the physical location and is approaching the access location;
in response to determining that the mobile device is enrolled with the identity validation system, retrieve a biometric information data record from the biometric data store associated with a user associated with the mobile device;
compare the biometric information data record to biometric information gathered by the one or more biometric information sensors; and
provide access to the one or more secured resources in response to determining that the biometric information data record matches biometric information gathered by the one or more biometric information sensors.
2 . The system of claim 1 , wherein the one or more secured resources include a secured physical location, wherein the system further comprises a physical access control device configured to selectively allow access to the secured physical location, wherein providing access to the one or more secured resources includes allowing passage through the physical access control device.
3 . The system of claim 2 , wherein the physical access control device is a door with an electronically controlled lock, a man trap, or a turnstile.
4 . The system of claim 1 , wherein the system further comprises a security interface computing device, and wherein providing access to the one or more secured resources includes presenting an indication to a security guard via the security interface computing device that the user is permitted access to the one or more secured resources.
5 . The system of claim 4 , wherein the security interface computing device presents an augmented reality view of at least a portion of the physical location proximate to the access location, and wherein the indication is presented in association with the user in the augmented reality view.
6 . The system of claim 5 , wherein indications of a lack of permission are presented in association with non-authenticated individuals in the augmented reality view.
7 . The system of claim 1 , further comprising one or more network access computing devices located within the access location, wherein the security management computing device is further configured to allow access to a network via the one or more network access computing devices while the user is determined to be within the access location.
8 . The system of claim 7 , wherein the security management computing device is further configured to monitor a location of the mobile device while within the access location, and to disable the one or more network access computing devices in response to determining that the user or the mobile device has left the access location.
9 . The system of claim 7 , further comprising:
a device unique identifier (UID) data store configured to store information organized according to an encrypted hash of a device identifier; and a profile data store configured to store non-biometric user data organized according to an encrypted hash of a profile identifier stored in the device UID data store; wherein the biometric data store is configured to store biometric user data organized according to an encrypted hash of a biometric identifier stored in the profile data store.
10 . The system of claim 9 , wherein the device UID data store, the profile data store, and the biometric data store are each physically separate from each other.
11 . The system of claim 9 , wherein allowing access to the network includes:
using the device UID data store to confirm that the device is allowed access to the system; using the profile data store and a profile identifier retrieved from the device UID data store to confirm that the user is allowed access to a requested network resource; and using the biometric data store and a biometric row identifier retrieved from the profile data store to confirm the user's identity.
12 . The system of claim 1 , wherein the one or more secured resources include a secured physical location, a secured network, a secured database, and a secured digital financial transaction.
13 . The system of claim 1 , wherein the one or more location sensors include one or more devices for monitoring and tracking a Wi-Fi signal, a Bluetooth signal, an Active Radio Frequency Identification (RFID) signal, a UHF-RFID signal, a passive RFID signal, a GPS signal, and a near-field communication signal.
14 . A method of positively confirming an identity and a physical location of an individual for securing access to one or more secured resources, the method comprising:
receiving, by a security management computing device, a notification from one or more location sensors, wherein the one or more location sensors are configured to detect locations of mobile devices within a physical location proximate to an access location for the one or more secured resources, and wherein the notification indicates that a mobile device is detected within the physical location and is approaching the access location; in response to determining that the mobile device is enrolled with a security system, retrieving, by the security management computing device, a biometric information data record from a biometric data store, wherein the biometric information data record is associated with a user associated with the mobile device; comparing, by the security management computing device, the biometric information data record to biometric information gathered by one or more biometric information sensors configured to gather biometric information from individuals within the physical location proximate to the access location; and providing, by the security management computing device, access to the one or more secured resources in response to determining that the biometric information data record matches biometric information gathered by the one or more biometric information sensors.
15 . The method of claim 14 , wherein the one or more secured resources include a secured physical location, and wherein providing access to the one or more secured resources includes allowing passage through a physical access control device configured to selectively allow access to the secured physical location.
16 . The method of claim 14 , wherein providing access to the one or more secured resources includes presenting an indication to a security guard via a security interface computing device that the user is permitted access to the one or more secured resources.
17 . The method of claim 14 , further comprising allowing access to a network via one or more network access computing devices located within the access location while the user is determined to be within the access location.
18 . The method of claim 17 , further comprising:
monitoring a location of the mobile device while within the access location; and disabling the one or more network access computing devices in response to determining that the user or the mobile device has left the access location.
19 . The method of claim 17 , wherein allowing access to the network includes:
using a device unique identifier (UID) data store to confirm that the device is allowed access to the system, wherein the device UID data store is configured to store information organized according to an encrypted hash of a device identifier; using a profile data store and a profile identifier retrieved from the device UID data store to confirm that the user is allowed access to a requested network resource, wherein the profile data store is configured to store non-biometric user data organized according to an encrypted hash of the profile identifier stored in the device UID data store; and using the biometric data store and a biometric row identifier retrieved from the profile data store to confirm the user's identity, wherein the biometric data store is configured to store biometric user data organized according to an encrypted hash of the biometric row identifier stored in the profile data store.
20 . The method of claim 14 , wherein the one or more secured resources include a secured physical location, a secured network, a secured database, and a secured digital financial transaction.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.