HID's Gesture Credentials Patents

Author: Brian Rhodes, Published on Jul 10, 2013

Proximity style credentials carry a huge risk: they can be passively read by thieves, who take the stolen information and gain unlawful entry into access controlled buildings. HID Global, a major credential provider, has filed patents that keeps prox credentials locked tight until moving it in a specific way. Could this new authentication inject a dose of high security into a vulnerable EAC mainstay? We look at HID's "Gesture" patents in this note.

How it Works

*** ***** *********************** ******* *** **** '******* ********* **********' *******.*** ******* ****** "** **** ****** **** ********* **** ************* ***** ** *** **** moved ** * ********** *** ** *** ******". ***********, **** ** ** ****** ******* ********** **** **** ** physically ***** ** * ******** ******* ** ***** ** ******* it's *********** ** * ******.

*** ****** ********* ******* ******* ******** ******** ** ****** *****, describing ******* ********* *********:

*** *******, * ****** ******* ********* *** **** ** * door *** ***** *********** '**** **' * ********* ********** ** it *** ** ****, ** ** * *****-****** *********** ********* movement ** ********* **********. *** ****** **** ** ***** **** the **** ** **** **** ******** ******** *** *********, *** *** not '**** *********'. *******, ** ** **** ***** *** **** will **** **** ********** ** *** **** ******** *** ******** to **** * ********** ****.

"Snoop *****"

*** ******* ********* "*********" ******** ** **** ********* *********** ****** be ********* **** ** * ******* ******. *** * ************* on *** ******** *************, *** *** ***** *****:

MEMS ******* *********

********* ****************** * *********-***** ********** ****** **** ******* *** ********. *** key ******** ** *** ****, ** *** "************-********** ******" ********* **** ** * *****, ***** ******************. ** ** **** ********* **** ****** *** *********** ** the ****, *** ******** *** **** **** ******* ********** *********** until * ******** ******* ** ********.

*** ***** ***** ***** *** "******* *******" ****** **** ** an ******** ********** **********. *** ************ ******* *** ******* *** obvious, **** *** ********** **** ********* ******* **** ********* ***** in ***********/*** **** *****:

*** ****** ******** ********* *** ******** **** ** ****** **** to ** *** *** **** **********: 

******* **** ******* *** ************ ***** ***** *********** ********** ******* to ***** **** *** ********** ********, ************* ****** ** *************, reliability, *** ************** *** ** ****** ** * ***** ******* chip ** * ********** *** ****.

***** *** ***** ****** ** "******* ***********" **** *** **** established, *** ********** **** *** ****** ** *** *********** **** to ********** ****.

Supports ******** *******

***** *** *** *** ** ******** ******** "******* ********", *** technology ******* **** ** *********** ** ****, ******* ***** ** no ******** *********** ** ******* *******. ***** *** ********** ** 'unlocked' ** *********, ** ********** **** ******* ** *** **** way *** ** *** **** ******* ** ******** ****, ******, and ******/******* ***********.

**** ********* ***** ******* ******** ** ******** *******, *** ******* mitigate *** **** ** ****, ******, ** ******* ***********. "*********" adds * "********* *** ****" ************** ***** ** ******* ******-****** ***********, *** ****** ** unauthorised **** *** ********** *********** ** *** ** '******' *** credential, ** **** ****** ** *******.

Cards ****?

*** ****** ***** **** *** **** ******* '********** *****', *** describes *** ************ ** * ******* ** *****:

"** *** ** ***********, ** **** ****** *** ** *********** as * **** ** ** **/****** ****, ***** ****, ** tag, ******** *****, ******** ******* ********* (***), *** ***, *** the ****."

*** *** ******** ********* ** *** ****** **** ****** *****.  While ******** ******* *** ****** ** **** **** *** *****, we ********** ******** ** "******* ***********" ** ***** **** ********* support *********-***** ******.

Comments (8)

This is really interesting stuff! It would be neat if you could set different gestures for different times, such as "movement 1" from 6am-6pm and "movement 2" from 6pm-6am. I wonder why we don't see more being done with RFID. Does anyone have a collaborative sense of what current role RFID has with surveillance? Also, perhaps I missed it, but what is the level of fidelity for each specific gesture?

I wonder how well HID can preserve the form factor of current prox cards as they expand the electronics contained within. Current products are passive and are powered by parasitic coupling to a proximate field. A huge selling point to anybody who recalls access cards prior to this breakthrough. So can standard cards derive enough power from a reader's field to power up accelerometers too?

At this point, these patents address an idea and notional designs. Questions about actual performance and configurability are waiting for "gesture" products to hit the shelves. More than likely we are still years away from seeing this in use.

For reference, consider that NFC specifications were first published in 2004, yet it still hasn't made it to distribution availability as an EAC credential (9+ years later).

The issue of 'parasitic power' (resonant inductive field power) is interesting. The MEMS either is powered by the reader's resonant power, or it contains its own small power source. The actual credential is still energized by the reader, provided the MEMS gesture completes the circuit between the coil and the IC/Capacitor components.

I happened to be attending the ASIS national convention a number of years back (way back) when a gentleman from the UK sporting a brief case held it up next to a Darado (eventually bought out by HID) card at an exhibitor's booth, pushed a button and "recorded" the internal number. He then used it in some way (I’m getting this second hand) to unlock the exhibitor's prox reader equipped door, much to the amazement of the crowd gathered around.

The attendees (including myself) and exhibitors alike were all atwitter (not the social media which had not been invented at the time) about it. As the story goes, the UK guy was a police officer who was involved in an investigation where a participant in a pigeon race used this technology to mimic a prox credential worn by the pigeon to stop the timer as the pigeon returned to its origin; thus, winning the race.

Seriously, I did not make this stuff up; but I have not verified it either.

I claim IP on the following idea.

Methdology to assign a specific gesture or combination of gestures to allow swiping for entry with a silent alarm. This would be useful if being forced to open a door by thieves.

This concept could also be used to trigger a man trap (dual locking doors with enough distance between them to capture unauthorized persons) if the proper gesture was not applied by someone who had stolen the access card and did not know about the gestures or how to perform them correctly.

These same functions could also be applied to chip and pin applications. You may get the card and the pin but would have a difficult time getting the gesture correct if at all.

These gestures could be personalized to act as a sort of signature or PIN as well, much like the rotations of a combination lock.

@Dan P: The concept is interesting, but the engineering behind it seems to be the challenge. There also may be 'prior art' that essentially does the same thing.

If you get all that figured out, don't post it on IPVM first- call a patent attorney! :)

The entire concept of patenting credentials is so quaint. Other worlds (think IT...) matured to the point of using standards-based solutions to eliminate vendor lock-in. The notion of buying a patented access control solution is highly questionable if you're looking at a forward investment from a CIO's perspective (just like any other proprietary == bad design)

I agree to a certain extent, Rodney. However, HID owns such a disproportionate amount of market share in access credentials (even globally), the risk envelope is different than the IT market.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

'Secure Channel' OSDP Access Control Examined on Jun 21, 2018
Despite claiming to be better than Wiegand, OSDP's initial releases did not address the lack of encryption between reader and controller, leaving...
Most Wanted Improvements In Manufacturer Technical Support (Statistics) on Jun 21, 2018
5 key areas of improvement and 1 clear wanted support feature were voiced by 140+ integrator responses to: What improvement in manufacturer...
Last Chance - Save $50 - July 2018 IP Networking Course on Jun 20, 2018
Today, Thursday the 21st is the last chance to save $50 on registration. Register now and save. This is the only networking course designed...
GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
IFSEC Final Show Report on Jun 20, 2018
IPVM is live from London reporting on the IFSEC show. The Chinese have taken over the UK, centered on Hikvision, flanked by Dahua, Huawei and a...
Mobotix Releases 'Move' Into 21st Century on Jun 20, 2018
For years, Mobotix stood resolutely against, well, every other manufacturer, selling it as a virtue: MOBOTIX equipment is designed with no...
Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam on Jun 20, 2018
Cybersecurity startup VDOO has uncovered significant vulnerabilities in Axis cameras along with many others not yet disclosed. In this report, we...
Axis Guardian - Cloud VMS And Alarm Monitoring - Released on Jun 19, 2018
Axis has struggled to deliver a cloud-based managed service video platform. Video service providers have utilized AVHS for over a decade, and have...
IPVM Vulnerability Scanner Released on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact