HID's Gesture Credentials Patents

By: Brian Rhodes, Published on Jul 10, 2013

Proximity style credentials carry a huge risk: they can be passively read by thieves, who take the stolen information and gain unlawful entry into access controlled buildings. HID Global, a major credential provider, has filed patents that keeps prox credentials locked tight until moving it in a specific way. Could this new authentication inject a dose of high security into a vulnerable EAC mainstay? We look at HID's "Gesture" patents in this note.

How it Works

*** ***** *********************** ******* *** **** 'gesture ********* **********' *******.*** ******* ****** "** **** ****** **** ********* data ************* ***** ** has **** ***** ** a ********** *** ** the ******". ***********, **** ** an ****** ******* ********** **** must ** ********** ***** in * ******** ******* in ***** ** ******* it's *********** ** * reader.

*** ****** ********* ******* example ******** ******** ** enable *****, ********** ******* potential *********:

*** *******, * ****** gesture ********* *** **** of * **** *** could *********** '**** **' a ********* ********** ** it *** ** ****, up ** * *****-****** combination ********* ******** ** different **********. *** ****** that ** ***** **** the **** ** **** only specific ******** *** *********, and *** *** '**** definable'. *******, ** ** also ***** *** **** will **** **** ********** on *** **** ******** are ******** ** **** a ********** ****.

"Snoop *****"

*** ******* ********* "*********" provides ** **** ********* credentials ****** ** ********* read ** * ******* attack. *** * ************* on *** ******** *************, see *** ***** *****:

MEMS ******* *********

********* ****************** * *********-***** ********** design **** ******* *** elements. *** *** ******** is *** ****, ** the "************-********** ******" ********* **** ** a *****, ***** ******************. ** ** **** mechanism **** ****** *** orientation ** *** ****, and ******** *** **** from ******* ********** *********** until * ******** ******* is ********.

*** ***** ***** ***** the "******* *******" ****** next ** ** ******** Multiclass **********. *** ************ between *** ******* *** obvious, **** *** ********** MEMS ********* ******* **** available ***** ** ***********/*** **** *****:

*** ****** ******** ********* the ******** **** ** adding **** ** ** low *** **** **********: 

******* **** ******* *** manufactured ***** ***** *********** techniques ******* ** ***** used *** ********** ********, unprecedented ****** ** *************, reliability, *** ************** *** be ****** ** * small ******* **** ** a ********** *** ****.

***** *** ***** ****** of "******* ***********" **** not **** ***********, *** technology **** *** ****** to *** *********** **** to ********** ****.

Supports ******** *******

***** *** *** *** to ******** ******** "******* products", *** ********** ******* only ** *********** ** work, ******* ***** ** no ******** *********** ** replace *******. ***** *** credential ** '********' ** gesturing, ** ********** **** readers ** *** **** way *** ** *** same ******* ** ******** Prox, ******, *** ******/******* credentials.

**** ********* ***** ******* security ** ******** *******, and ******* ******** *** risk ** ****, ******, or ******* ***********. "*********" adds * "********* *** ****" ************** ***** ** classic ******-****** ***********, *** unless ** ************ **** has ********** *********** ** how ** '******' *** credential, ** **** ****** be *******.

Cards ****?

*** ****** ***** **** not **** ******* '********** cards', *** ********* *** applications ** * ******* of *****:

"** *** ** ***********, an **** ****** *** be *********** ** * part ** ** **/****** card, ***** ****, ** tag, ******** *****, ******** Digital ********* (***), *** fob, *** *** ****."

*** *** ******** ********* in *** ****** **** device *****.  ***** ******** designs *** ****** ** fobs **** *** *****, we ********** ******** ** "gesture ***********" ** ***** that ********* ******* *********-***** tokens.

Comments (8)

This is really interesting stuff! It would be neat if you could set different gestures for different times, such as "movement 1" from 6am-6pm and "movement 2" from 6pm-6am. I wonder why we don't see more being done with RFID. Does anyone have a collaborative sense of what current role RFID has with surveillance? Also, perhaps I missed it, but what is the level of fidelity for each specific gesture?

I wonder how well HID can preserve the form factor of current prox cards as they expand the electronics contained within. Current products are passive and are powered by parasitic coupling to a proximate field. A huge selling point to anybody who recalls access cards prior to this breakthrough. So can standard cards derive enough power from a reader's field to power up accelerometers too?

At this point, these patents address an idea and notional designs. Questions about actual performance and configurability are waiting for "gesture" products to hit the shelves. More than likely we are still years away from seeing this in use.

For reference, consider that NFC specifications were first published in 2004, yet it still hasn't made it to distribution availability as an EAC credential (9+ years later).

The issue of 'parasitic power' (resonant inductive field power) is interesting. The MEMS either is powered by the reader's resonant power, or it contains its own small power source. The actual credential is still energized by the reader, provided the MEMS gesture completes the circuit between the coil and the IC/Capacitor components.

I happened to be attending the ASIS national convention a number of years back (way back) when a gentleman from the UK sporting a brief case held it up next to a Darado (eventually bought out by HID) card at an exhibitor's booth, pushed a button and "recorded" the internal number. He then used it in some way (I’m getting this second hand) to unlock the exhibitor's prox reader equipped door, much to the amazement of the crowd gathered around.

The attendees (including myself) and exhibitors alike were all atwitter (not the social media which had not been invented at the time) about it. As the story goes, the UK guy was a police officer who was involved in an investigation where a participant in a pigeon race used this technology to mimic a prox credential worn by the pigeon to stop the timer as the pigeon returned to its origin; thus, winning the race.

Seriously, I did not make this stuff up; but I have not verified it either.

I claim IP on the following idea.

Methdology to assign a specific gesture or combination of gestures to allow swiping for entry with a silent alarm. This would be useful if being forced to open a door by thieves.

This concept could also be used to trigger a man trap (dual locking doors with enough distance between them to capture unauthorized persons) if the proper gesture was not applied by someone who had stolen the access card and did not know about the gestures or how to perform them correctly.

These same functions could also be applied to chip and pin applications. You may get the card and the pin but would have a difficult time getting the gesture correct if at all.

These gestures could be personalized to act as a sort of signature or PIN as well, much like the rotations of a combination lock.

@Dan P: The concept is interesting, but the engineering behind it seems to be the challenge. There also may be 'prior art' that essentially does the same thing.

If you get all that figured out, don't post it on IPVM first- call a patent attorney! :)

The entire concept of patenting credentials is so quaint. Other worlds (think IT...) matured to the point of using standards-based solutions to eliminate vendor lock-in. The notion of buying a patented access control solution is highly questionable if you're looking at a forward investment from a CIO's perspective (just like any other proprietary == bad design)

I agree to a certain extent, Rodney. However, HID owns such a disproportionate amount of market share in access credentials (even globally), the risk envelope is different than the IT market.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Security Dealer 'Social Media Contractor' Program on Jun 25, 2019
A $20,000 video surveillance system can be yours for free if you are willing to post on social media about the security dealer. Good deal, bad...
Axis Live Privacy Shield Analytics Tested on Jun 25, 2019
Privacy is becoming a bigger factor in video surveillance, driven both by increased public awareness and by GDPR. Now, Axis has released Live...
Directory of 55 Video Surveillance Startups on Jun 25, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Hikvision ColorVu Camera Tested on Jun 24, 2019
Hikvision says their new ColorVu line captures "vivid chromatic images in darkness", with unconventional white light illuminations whereas most...
China Subway Facial Recognition System Examined on Jun 24, 2019
A China city of 6+ million people has installed facial recognition-enabled gates in subways, allowing commuters to enter stations by simply showing...
HID Mobile Tested on Jun 21, 2019
HID Global is one of the largest access brands, but their mobile access has had challenges. Indeed, the company has already restructured their...
Genetec Beats Milestone For IHS #1 on Jun 21, 2019
For years, Milestone has touted that they are the #1 VMS. Now, Genetec has beaten them in IHS rankings. But what is this? Even other manufacturers...
Risk of Amazon Alexa Guard: No Battery Or Cell Backup on Jun 20, 2019
Amazon positions its Alexa Guard Service as a "smart home security system" and says it can help you "keep your home safe". However, the...
Exacq Remote Cloud Access Tested on Jun 20, 2019
Remote cloud access has been missing from most VMSes (including Exacq and Milestone). Now, Exacq, after releasing Cloud Drive Storage earlier in...
Briefcam Buys Frost Award* on Jun 20, 2019
Frost 'awards' are well-known and widely disrespected. Now Briefcam is touting their win. The way it has worked for many years is that Frost...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact