HID's Gesture Credentials Patents

By: Brian Rhodes, Published on Jul 10, 2013

Proximity style credentials carry a huge risk: they can be passively read by thieves, who take the stolen information and gain unlawful entry into access controlled buildings. HID Global, a major credential provider, has filed patents that keeps prox credentials locked tight until moving it in a specific way. Could this new authentication inject a dose of high security into a vulnerable EAC mainstay? We look at HID's "Gesture" patents in this note.

How it Works

HID filed two different patents that address the same 'gesture protected credential' concept. The patents detail "an RFID device that restricts data transmissions until it has been moved in a particular way by the holder". Essentially, this is an access control credential that must be physically moved in a specific pattern in order to release it's information to a reader.

The patent abstracts provide example gestures required to enable reads, describing several potential functions:

For example, a single gesture mimicking the turn of a door key could potentially 'turn on' a proximity credential so it can be read, up to a three-factor combination requiring movement in different dimensions. One aspect that is clear from the list is that only specific gestures are supported, and are not 'user definable'. However, it is also clear the user will have some discretion on how many gestures are required to make a credential work.

"Snoop Proof"

The biggest advantage "gesturing" provides is that proximity credentials cannot be passively read in a cloning attack. For a demonstration on the snooping vulnerability, see the video below:

MEMS Enables Gesturing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

The patent description details a proximity-style credential design with several new elements. The key addition is the MEMS, or the "MicroElectro-Mechanical System" component that is a small, solid state accelerometer. It is this mechanism that senses the orientation of the card, and prevents the coil from sending credential information until a specific pattern is followed.

The image below shows the "gesture concept" design next to an existing Multiclass credential. The similarities between the designs are obvious, with the additional MEMS component fitting into available space in standard ISO/IEC card sizes:

The patent abstract describes the relative cost of adding MEMS to be low and mass producible: 

Because MEMS devices are manufactured using batch fabrication techniques similar to those used for integrated circuits, unprecedented levels of functionality, reliability, and sophistication can be placed on a small silicon chip at a relatively low cost.

While the exact prices of "Gesture Credentials" have not been established, the technology does not appear to add significant cost to credential BOMs.

Supports Existing Readers

While HID has yet to formally announce "gesture products", the technology depends only on credentials to work, meaning there is no apparent requirement to replace readers. After the credential is 'unlocked' by gesturing, it interfaces with readers in the same way and in the same formats as existing Prox, iClass, and MiFARE/DESfire credentials.

This potential could enhance security of existing systems, and greatly mitigate the risk of lost, stolen, or snooped credentials. "Gesturing" adds a "Something You Know" authentication layer to classic single-factor credentials, and unless an unauthorised user has privileged information on how to 'unlock' the credential, it will likely be useless.

Cards Only?

The patent scope does not only address 'credential cards', but describes the applications in a variety of forms:

"As can be appreciated, an RFID device can be implemented as a part of an ID/access card, smart card, RF tag, cellular phone, Personal Digital Assistant (PDA), key fob, and the like."

HID has patented gesturing in all common RFID device forms.  While notional designs for phones or fobs were not given, we anticipate examples of "gesture credentials" in forms that currently support proximity-style tokens.

1 report cite this report:

HID 'Twist and Go' Access Control on Sep 30, 2014
Credential giant HID Global is making it easier to use cell phones as credentials. Instead of pushing buttons to turn on an app, users need only to...
Comments (8) : Members only. Login. or Join.

Related Reports

Breaking Into A Facility Using Canned Air Tested on Jan 28, 2020
Access control is supposed to make doors more secure, but a $5 can of compressed air may defeat it. With no special training, intruders can...
Delayed Egress Access Control Tutorial on Feb 04, 2020
Delayed Egress marks one of the few times locking people into a building is legal. With so much of access control driven by life safety codes, and...
Multipoint Door Lock Tutorial on Jan 23, 2020
Despite widespread use, locked doors are notoriously weak at stopping entry, and thousands can be misspent on locks that leave doors quite...
Vehicle Gate Access Control Guide on Mar 19, 2020
Vehicle gate access control demands integrating various systems to keep unauthorized cars out. Everything from high voltage electrical, to...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used that can help zero-in and discover potential Coronavirus hotspots in a...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
Facial Recognition 101 on Mar 18, 2020
Facial recognition interest, use and fear is increasing. This guide aims to teach you the fundamentals of facial recognition. Inside we...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and activities in Xinjiang, hiding them, amidst US human rights abuse...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...

Most Recent Industry Reports

Remove Dahua and Hikvision Equipment "Immediately" Or Else Banned From US Government Contracts on Jul 10, 2020
The US government has directed contractors to remove covered equipment, such as Dahua, Hikvision, and Huawei Hisilicon products, "immediately." If...
ZeroEyes Presents Firearm Detection Video Analytics on Jul 09, 2020
ZeroEyes presented its Firearm detection Video Analytics system at the May 2020 IPVM Startups show. A 30-minute video from ZeroEyes...
Directory of 162 "Fever" Camera Suppliers on Jul 09, 2020
This directory provides a list of "Fever" scanning thermal camera providers to help you see and research what options are available. There are...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding amidst the pandemic. Clinton Electronics has added this capability to their...
These Florida Real Estate Agents Are Now Selling "SafeCheck USA" Temperature Detectors on Jul 09, 2020
The "Kakon Brothers", William and Nathan, are self-described "south Florida Power Agents specializing in Luxury Real Estate" who "have closed over...
Avigilon ACC Cloud Tested on Jul 08, 2020
Avigilon merged Blue and ACC, adding VSaaS features to its on-premise VMS, offering remote video and health monitoring that was previously limited...
Hikvision's India Dominance Faces Threat on Jul 08, 2020
While Hikvision has become a dominant video surveillance provider in India, recent tension between the governments of India and the PRC is...
The US Fight Over Facial Recognition Explained on Jul 08, 2020
The controversy around facial recognition has grown significantly in 2020, with Congress members and activists speaking out against it while video...
Sperry West / Alibaba Tablet Temperature Measurement Tested on Jul 07, 2020
In April, we ordered a ~$500 temperature tablet from Alibaba. We set it to the side while doing 18 other temperature screening tests but, after...
Facial Recognition: Weak Sales, Anti Regulation, No Favorite, Says Security Integrators on Jul 07, 2020
While facial recognition has gained greater prominence, a new IPVM study of security systems integrators shows weak sales, opposition to...