HID's Gesture Credentials Patents

By: Brian Rhodes, Published on Jul 10, 2013

Proximity style credentials carry a huge risk: they can be passively read by thieves, who take the stolen information and gain unlawful entry into access controlled buildings. HID Global, a major credential provider, has filed patents that keeps prox credentials locked tight until moving it in a specific way. Could this new authentication inject a dose of high security into a vulnerable EAC mainstay? We look at HID's "Gesture" patents in this note.

How it Works

HID filed two different patents that address the same 'gesture protected credential' concept. The patents detail "an RFID device that restricts data transmissions until it has been moved in a particular way by the holder". Essentially, this is an access control credential that must be physically moved in a specific pattern in order to release it's information to a reader.

The patent abstracts provide example gestures required to enable reads, describing several potential functions:

For example, a single gesture mimicking the turn of a door key could potentially 'turn on' a proximity credential so it can be read, up to a three-factor combination requiring movement in different dimensions. One aspect that is clear from the list is that only specific gestures are supported, and are not 'user definable'. However, it is also clear the user will have some discretion on how many gestures are required to make a credential work.

"Snoop Proof"

The biggest advantage "gesturing" provides is that proximity credentials cannot be passively read in a cloning attack. For a demonstration on the snooping vulnerability, see the video below:

MEMS Enables Gesturing

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

The patent description details a proximity-style credential design with several new elements. The key addition is the MEMS, or the "MicroElectro-Mechanical System" component that is a small, solid state accelerometer. It is this mechanism that senses the orientation of the card, and prevents the coil from sending credential information until a specific pattern is followed.

The image below shows the "gesture concept" design next to an existing Multiclass credential. The similarities between the designs are obvious, with the additional MEMS component fitting into available space in standard ISO/IEC card sizes:

The patent abstract describes the relative cost of adding MEMS to be low and mass producible: 

Because MEMS devices are manufactured using batch fabrication techniques similar to those used for integrated circuits, unprecedented levels of functionality, reliability, and sophistication can be placed on a small silicon chip at a relatively low cost.

While the exact prices of "Gesture Credentials" have not been established, the technology does not appear to add significant cost to credential BOMs.

Supports Existing Readers

While HID has yet to formally announce "gesture products", the technology depends only on credentials to work, meaning there is no apparent requirement to replace readers. After the credential is 'unlocked' by gesturing, it interfaces with readers in the same way and in the same formats as existing Prox, iClass, and MiFARE/DESfire credentials.

This potential could enhance security of existing systems, and greatly mitigate the risk of lost, stolen, or snooped credentials. "Gesturing" adds a "Something You Know" authentication layer to classic single-factor credentials, and unless an unauthorised user has privileged information on how to 'unlock' the credential, it will likely be useless.

Cards Only?

The patent scope does not only address 'credential cards', but describes the applications in a variety of forms:

"As can be appreciated, an RFID device can be implemented as a part of an ID/access card, smart card, RF tag, cellular phone, Personal Digital Assistant (PDA), key fob, and the like."

HID has patented gesturing in all common RFID device forms.  While notional designs for phones or fobs were not given, we anticipate examples of "gesture credentials" in forms that currently support proximity-style tokens.

1 report cite this report:

HID 'Twist and Go' Access Control on Sep 30, 2014
Credential giant HID Global is making it easier to use cell phones as credentials. Instead of pushing buttons to turn on an app, users need only to...
Comments (8) : Members only. Login. or Join.

Related Reports

HID Releases Lower-Cost Signo Readers on Mar 06, 2020
HID Global is releasing a new line of readers called Signo they claim read farther, are mobile-ready, and automatically adjust for better reads on...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
Access Credential Form Factor Tutorial on Feb 10, 2020
Deciding which access control credential to use and distribute, including form factor, can be a difficult task. Knowing the limitations and...
Vehicle & Long Range Access Reader Tutorial on Jan 21, 2020
One of the classic challenges for access control are parking lots and garages, where the user's credential is far from the reader. With modern...
Directory of Access Reader Manufacturers on Nov 27, 2019
Credential Readers are one of the most visible and noticeable parts of access systems, but installers often stick with only the brand they always...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
Nortek Blue Pass Mobile Access Reader Tested on Jul 11, 2019
Nortek claims BluePass mobile readers are a 'more secure and easy to use approach to access', but our testing uncovered security problems and...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
Startup GateKeeper Aims For Unified Physical / Logical Access Token on Apr 04, 2019
This startup's product claims to 'Kill the Password' you use to keep your computers safe. They have already released their Gatekeeper Halberd...

Most Recent Industry Reports

USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and branding itself as a "COVID 19 - AI BASED NON CONTACT THERMAL...
JCI Coronavirus Cuts on Mar 31, 2020
JCI has made coronavirus cuts, the company told employees in an email that IPVM has reviewed. Inside this note, we examine the cuts made, the...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door operators to fight the spread of coronavirus. This delivers...
Video Surveillance Business 101 on Mar 30, 2020
This report explains the fundamental elements of the video surveillance business for those new to the industry. This is part of our Video...
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection systems being marketed for coronavirus, as an explosion of such devices...
Worsen: Integrators Hit Even Harder By Coronavirus on Mar 30, 2020
Integrator's problems have worsened over the past 2 weeks, according to new IPVM survey results. Inside this report, we share statistics and...
Pivot3 Mass Layoffs on Mar 27, 2020
Pivot3 has conducted mass layoffs, the culmination of grand hopes, a quarter of a billion dollars in VC funding, and multiple failures to gain...
Athena CEO Criticizes 'Deplorable' 'Nitpicking', IPVM Refutes on Mar 27, 2020
UPDATE: NBC News Report Cites IPVM On Coronavirus 'Fever Detection' Cameras Athena Security's CEO Lisa Falzone has strongly objected to IPVM's...
Hikvision Admits Sanctions Harming Its Financial Performance on Mar 27, 2020
While Hikvision initially downplayed being sanctioned for human rights abuses, the company is now admitting a significant impact in a new PRC...