WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Information management and security system    

Get related patents on CD
United States Patent5629981   
Link to this pagehttp://www.wikipatents.com/5629981.html
Inventor(s)Nerlikar; Virupax M. (Plano, TX)
AbstractA closed loop, (networked) information management and security system which provides a secure, end-to-end fully automated solution for controlling access, transmission, manipulation, and auditability of high value information comprising an RFID transponder badge 302 and an RF reader transceiver 315 which is associated with a host peripheral or a network. The RF reader transceiver 315 automatically identifies and verifies authorization of the RFID transponder badge holder via a "handshake" prior to allowing access to the host peripheral. The energy generated by the transmission of the interrogation signal from the RF reader means 315 provides a power source which is accumulated and then used to activate a transponder 304 response from the RFID transponder badge 302. The RF reader/transceiver 315 writes the access transaction on either the RFID transponder badge 302 and/or the host peripheral database or the network controller. Alternatively, the RF reader means 315 may be associated via network server with a LAN, WAN, or MAN. Optionally, an RFID badge 302a may be powered by an independent power source such as a flatpak battery 314.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Drawing from US Patent 5629981
Information management and security system - US Patent 5629981 Drawing
Information management and security system
Inventor     Nerlikar; Virupax M. (Plano, TX)
Owner/Assignee     Texas Instruments Incorporated (Dallas, TX)
Patent assignment
All assignments
Company News
Publication Date     May 13, 1997
Application Number     08/283,081
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     July 29, 1994
US Classification     713/168 340/5.81 340/10.31 340/10.32 340/10.34 340/10.41 340/10.42 340/10.51 380/243 380/270 705/75 713/155
Int'l Classification     H04L 009/00
Examiner     Cangialosi; Salvatore
Assistant Examiner    
Attorney/Law Firm     Matsil; Ira S. Kesterson; James C. , Donaldson; Richard L. ,
Address
Parent Case    
Priority Data    
USPTO Field of Search     380/23 380/24 380/25 340/825.34
Patent Tags     information management security
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5508692
Wolfram
340/5.26
Apr,1996
[0 after 0 votes]		5339073
Dodd
340/5.61
Aug,1994
[0 after 0 votes]
5319711
Servi
380/247
Jun,1994
[0 after 0 votes]		5310999
Claus
235/384
May,1994
[0 after 0 votes]
5153918
Tuai
713/182
Oct,1992
[0 after 0 votes]		5053774
Schuermann
340/10.34
Oct,1991
[0 after 0 votes]
4819267
Cargile
713/184
Apr,1989
[0 after 0 votes]		4783798
Leibholz
713/155
Nov,1988
[0 after 0 votes]
4691355
Wirstrom
713/159
Sep,1987
[0 after 0 votes]		4575621
Dreifus
235/380
Mar,1986
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. An information management and security system comprising:

a transponder having an identification code, said transponder including a charge storage element for storing energy received from an interrogation signal, said transponder subsequently using the stored energy to power the transmission of said identification code;

an transceiver to send said interrogation signal to said transponder and to receive said identification code from said transponder;

a first terminal device connected to and activated by said transceiver;

a host network element in communication with said transceiver, said host network element having authorized identification codes stored in memory, whereby said host network element compares the identification of said transponder with the authorized identification codes stored in memory; and

a second terminal device connected to said host network element for communicating with said first terminal device after said host network element has verified the authorized identification of said transponder.

2. An information management and security system as set forth in claim 1, wherein prior to allowing communication between said first terminal device and said second terminal device said transceiver interrogates said transponder which causes said transponder to respond by broadcasting identification signals so that said transceiver receives the identification signals and communicates the identification signals to said host network element which authenticates the authorization of said transponder by comparing the identification signals with said authorized identification codes stored in said memory of said host network element.

3. An information management and security system as set forth in claim 1, wherein said transponder comprises a Personal Computer card having an transponder, mass memory, and input/output data means.

4. An information management and security system as set forth in claim 3, wherein said mass memory of said transponder is application specific memory.

5. Information management and security system as set forth in claim 1 wherein said transponder comprises an RF transponder.

6. An information management and security system as set forth in claim 3, wherein said transponder further comprises a battery power source.

7. An information management and security system as set forth in claim 1, wherein said transceiver writes a record of the transaction on said transponder.

8. An information management and security system as set forth in claim 3, wherein said transponder further comprises encryption means to encrypt signals emitted from said transponder.

9. An information management and security system as set forth in claim 8, wherein said encryption means comprises a random number seeding.

10. An information management and security system as set forth in claim 9, wherein said encryption means further comprises an encryption chip.

11. An information management and security system as set forth in claim 8, wherein said encryption means further comprises an integrated encryption and packetization chip.

12. An information management and security system as set forth in claim 1, wherein said transponder stores unique biographical information of a user of said transponder in Read Only Memory.

13. An information management and security system as set forth in claim 1, wherein said transceiver connected to said first terminal device writes the transaction on said singular transponder.

14. An information management and security system as set forth in claim 1, wherein said transceiver connected to said first terminal device stores a record of the transaction in memory.

15. An information management and security system as set forth in claim 1, wherein said transceiver connected to said first terminal device writes the transaction on said host network element.

16. An information management and security system as set forth in claim 1, wherein a request for a transfer of data between said first terminal and said second terminal is automatically stamped with the location, date and time of the request and stored in memory in said transceiver.

17. An information management and security system as set forth in claim 1, wherein said host network element records the identification communicated by said transponder.

18. An information management and security system as set forth in claim 1, wherein said transponder communicates with an environmental sensor.

19. An information management and security system as set forth in claim 18, wherein said environmental sensor detects an environmental condition selected from the group consisting of humidity, temperature, ozone, oxygen, and smoke particles.

20. An information management and security system as set forth in claim 1, wherein said first terminal device is selected from the group consisting of printers, copiers, pagers, personal digital assistants, personal computers, dumb terminals, workstations, facsimile machines, telephones, cellular phones, Video Cassette Recorders, radios, electronic door mechanisms, mass memory storage devices, data storage devices, automated teller machines, or modems.

21. An information management and security system as set forth in claim 1, wherein said second terminal device is selected from the group consisting of printers, copiers, pagers, personal digital assistants, personal computers, dumb terminals, workstations, facsimile machines, telephones, cellular phones, Video Cassette Recorders, radios, electronic door mechanisms, mass memory storage devices, data storage devices, automated teller machines, or modems.

22. An information management and security system as set forth in claim 1, wherein said host network element is selected from the group consisting of network servers, network controllers, central office switches, or base relay stations.

23. An information management and security system as set forth in claim 20, wherein said second terminal device is selected from the group consisting of printers, copiers, pagers, personal digital assistants, personal computers, dumb terminals, workstations, facsimile machines, telephones, cellular phones, Video Cassette Recorders, radios, electronic door mechanisms, mass memory storage devices, data storage devices, automated teller machines, or modems.

24. Information management and security system as set forth in claim 1 wherein said transponder comprises an optical transponder.

25. Information management and security system as set forth in claim 1 wherein said transponder comprises an infrared transponder.

26. Information management and security system as set forth in claim 1 and further comprising a third terminal device connected to said host network element for communicating with said first terminal device after said host network element has verified the authorized identification of said RFID transponder.

27. An information management and security system comprising:

a first security badge including a transponder, a mass memory and an input/output circuit;

a first transceiver to wirelessly send and receive signals to and from said first transponder, said first transceiver to continuously transmit a broadcast signal until receiving a response from said first security badge and then, upon receipt of said response, said transceiver to receive a first authorization code from said first security badge and to store a record of the receipt of the authorization code;

a first terminal device connected to and activated by said first transceiver;

a second security badge including a transponder, a mass memory and an input/output device;

a second transceiver to send and receive signals to and from said second RFID transponder, said second transceiver to continuously transmit a broadcast signal until receiving a response from said second security badge and then, upon receipt of said response, said second transceiver to receive a second authorization code from said second security badge and to store a record of the receipt of the authorization code;

a second terminal device connected to and activated by said transceiver; and

a host network element in communication with said first transceiver and said second transceiver, said host network element to receive the first authorization code from the first transceiver and the second authorization code from the second transceiver and compare the first and second authorization codes with at least one host authorization code, said host network element to send a first verification code to the first transceiver upon verification of the first authorization code and to send a second verification code to the second transceiver upon verification of the second authorization code.

28. A method of securing access to a terminal device, said method comprising the steps of:

providing an authorized user with a security badge which includes a personal computer card, a read/write transponder, a mass memory and a input/output data circuit, said transponder electronically storing an identification code; and

associating a transceiver with said terminal device, said transceiver being operable to communicate with said terminal device;

wherein said authorized user gains access to said terminal device by:

(a) bringing said security badge within a selected distance of said transceiver, said security badge located so that it is not physically visible so that said transponder is not within line-of-sight with said transceiver;

(b) transmitting an interrogation signal from said transceiver;

(c) receiving said interrogation signal at said security badge and storing said interrogation signal within a charge storage device within said security badge;

(d) transmitting said identification code from said security badge to said transceiver wherein the transmitting is powered by energy derived from said charge storage device;

(e) receiving said identification code at said transceiver; and

(f) verifying said identification code; wherein steps (b)-(f) are performed without said transponder being physically visible.

29. The method of claim 28 wherein said terminal device comprises a computer.

30. The method of claim 28 and further comprising the step of storing said interrogation signal within a charge storage device within said transponder unit wherein said step of transmitting said identification code is powered by energy derived from said charge storage device.

31. A method of securely communicating information between two locations comprising:

requesting an information transfer from a first location to a second location;

interrogating a radio frequency identification (RFID) transponder at said second location from a radio frequency (RF) transceiver at said second location;

transmitting an identification code from said RFID transponder at said second location to said RF transceiver at the said second location;

transmitting said identification code from said second location to a third location, said third location remote from said first and second locations;

comparing the authorization of said identification code with authorized identification codes stored in memory at said third location;

communicating an authorization signal from said third location; and

transmitting the requested information in packets to said second location after the authorization is verified, each of the packets of information including a header, the information to be transferred and a footer wherein the header includes an identification number for a user at the first location, an identification number for a receiver at the second location, a date/time stamp and a location stamp.

32. A method of securely communicating information between two locations comprising:

requesting an information transfer from a first location to a second location;

interrogating a radio frequency identification ("RFID") transponder at said first location from a radio frequency ("RF") transceiver at said first location;

transmitting an identification code from said RFID transponder at said first location to said RF transceiver at said first location;

transmitting said identification code from said first location to a third location, said third location remote from said first and second locations;

comparing the authorization of said identification code with authorized identification codes stored in a memory at said third location;

communicating an authorization signal from said third location; and

transmitting the requested information in packets to said second location after the authorization is verified, each of the packets of information including a header, the information to be transferred and a footer wherein the header includes an identification number for a user at the first location, an identification number for a receiver at the second location, a date/time stamp and a location stamp.

33. A method according to claim 32, wherein the step of transmitting the requested information to said second location after the authorization is verified, comprises the steps of:

storing the information requested for transfer in memory;

interrogating a radio frequency identification ("RFID") transponder at said second location from a radio frequency ("RF") transceiver at said second location;

transmitting an identification code from said RFID transponder at said second location to said RF transceiver at said second location;

comparing the authorization of said identification code with authorized identification codes stored in memory; and

transmitting the requested information to said second location after the authorization of the identification code of the RFID transponder at the second location is verified.

34. A method according to claim 33, wherein the step of transmitting the requested information to said second location after the authorization of the identification code of the RFID transponder at the second location is verified, comprises the step of:

transmitting the requested information to a terminal device at said second location, said terminal device being in communication with said RF transceiver at said second location.

35. A method according to claim 33, wherein the method further comprises the steps of:

encrypting the information transmitted to said second location; and

decrypting the information received at said second location.

36. A method according to claim 32, wherein the step of comparing the authorization of said identification code with authorized identification codes stored in memory is performed by a host network element.

37. A method according to claim 32, wherein the step of comparing the authorization of said identification code with authorized identification codes stored in memory is performed by said RF transceiver.

38. A method according to claim 32, wherein the method further comprises the steps of:

encrypting the identification code transmitted from said RFID transponder; and

decrypting the identification code at said RF transceiver.

39. A method according to claim 33, wherein the method further comprises the step of:

recording the date and time of each request for information transfer.

40. A method according to claim 34, wherein the method further comprises the step of:

recording the location of each request for information transfer.

41. A method according to claim 33, wherein the method further comprises the step of:

recording the date and time of each information transfer from said first location to said second location is completed.

42. A method according to claim 33, wherein the method further comprises the step of:

recording the location of destination of each information transfer.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a complete, end-to-end, automatic transaction control/monitoring method for transmitting, under variable and high levels of security, high-value business, personal, or Federal/military information, on a real or near real-time basis.

2. Related Art

A "secure document" or "secure information" is any document media (paper, disc, voice, video, etc.) containing U.S. classified documents or information (i.e. "confidential," "secret," "top secret," etc.), business-sensitive, proprietary documents or information, highly personal documents or information, and any document or information where limited and fully controlled/auditable access is desired.

If an individual wishes to send a secure document via telefacsimile, for example, the current method of sending such a secure document is to call the receiving end and somehow make sure by voice communication that the intended, authorized recipient is standing at the other end at the receiving telefacsimile. Once the identity and proximity to the receiving telefacsimile of the intended recipient (mainly, via voice familiarity) is verified, the sending individual sends the document. After sending, the intended recipient provides confirmation to the sending individuals that the document was printed and received.

The same limited security procedure is followed when printing information from an electronic database to a remote conventional printer or other terminal device.

Thus, current hardware and systems involve limited or no automation in handling such secure documents or information on both a local and network basis. The systems and procedures currently available are mainly "person(s)-in-the-loop" systems which require certain labor-intensive actions and a high degree of manual coordination to achieve a limited "secure" operation. The labor-intensive aspect of this coordination procedure greatly increases the duration and costs of transmission while it decreases productivity. Therefore, there is a need in the art to provide a method of transmitting secure documents in a way which does not require such labor-intensive manual assistance.

It is noted that some islands of automation are available, but no end-to-end automation, with full auditability and real-time or near real-time control. Current systems such as a secure telephone unit ("STU") or STU facsimile machines assure no illegal tapping or eavesdropping but do not guarantee that the caller, recipient, or group is positively identified or is an authorized user or recipient. The positive identification and verification of authorization is always performed manually. Thus, there is a need for end-to-end automation, with full auditability and real-time or near real-time control of the transmission of secure documents and information.

A similar problem occurs in handling secure documents and secure information relating to work for various Federal agencies, including, U.S. Department of Defense (DOD). Secure documents and information are often located in a special file cabinet fitted with a piece of securing hardware, e.g., a number lock or combination lock, which is approved by the DOD. Every time the file cabinet is entered, the entering individual must manually enter a myriad of information into a log such as: which document was used; who handled it; date; time; and what was done with the document (i.e. document was copied; document was sent to another individual at another site). The DOD requires auditing and notification at the end of each month of all the people who handled each secure document. At the very least, the DOD requirements compel manual compilation of all the logs which is extremely tedious and costly.

Therefore, there is a need in the art to provide a cost-effective automatic auditing and monitoring capability which also provides electronic time, date and place identification stamps.

Further, these specially secured file cabinets are often grouped in secure rooms that have doors secured by special locks. Upon entry into the room, an additional log must be maintained to provide notification and accounting to the DOD. This additional step also creates additional delay in effective work time and greatly increases costs.

Therefore, there is a need in the art to provide a cost-effective automatic room security which mechanizes the room access logs and thereby decreasing costs and increasing productivity.

Exacerbating the foregoing problems, in order to copy certain secret government documents, only certain "secure" or tempest class copiers may be used so that the copier OPC drum may be cleared after copying and cartridges may be disposed of by only authorized personnel. Before these copies are made, a log sheet must be completed providing the details of the copying of the document. This creates yet another labor-consuming delay that increases costs and decreases productivity. In fact, access logs and usage data are generally maintained manually for secure facilities, information handling equipment, and users.

Therefore, there is a need in the art to provide an automatic information management and security system which eliminates the time inefficiencies and waste associated with manual logging and tracking of copies of high-value, secret documents.

Underlying the entire system is the fact that it is up to the employees and security personnel to verify whether a particular individual has a secret clearance, badge code number, or some other indicia of authorization and identification. Therefore, to prevent improper access, manual or personal direct intervention is required to verify both authorization and need to know in order to prevent improper and unauthorized transfer of secure documents. The verification by employees diverts resources from productive activity. The verification by security personnel results in additional salary or expense overhead.

Therefore, there is a need in the art to provide a system which greatly reduces the need for manual intervention to prevent unauthorized transfer of secure, proprietary and personal documents.

On a related matter, when an individual's authorization is revoked and the individual gains unauthorized access to secure documents a security breach occurs. When this security breach is manually detected, it is impossible to inform all the employees and/or security personnel of the breach in a timely fashion in order to insure manual intervention. In a large company, timely notification and communication of the changing authorizations of employees is relatively impossible. This is because authorization has traditionally been carried in the form of a color-coded badge or the like. As a result, if the security of a document has been breached by use of an authorization which has been terminated or forged, an entire month or more could pass before the monthly DOD audit discovers the security breach.

Therefore, there is a need in the art to provide an automated system for continuously updating comprehensive information about the authorizations of individuals, and to prevent unauthorized access to secure documents at the time access is attempted (real-time control).

Transmission of secure information (documents, data, video, etc.) is even more of a concern, given the planned office integration/automation Systems and Architectures (SW/HW) of the future; a la the ones announced by the Microsoft Corporation ("Microsoft-At-Work", see FIG. 7), Adobe ("Acrobat" for Print Documents), Apple Computer ("OCE"), General Magic ("Magic Cap") etc. covering the emerging multi-media information management systems for office and home. For example, the Microsoft Corporation is working on a new project currently called "Microsoft at Work" which would allow a worker to write a report and, by tapping a key, have 20 copies of the report printed, copied, and collated on one machine, thereby eliminating the step of having an individual take the report from the printer and take it to a photocopy machine where 20 copies are made. See "Software Giant Aiming at the Office," New York Times, Jun. 8, 1993, p. C1. See also, Hardcopy Observer, published by Lyra Research: Vol. III, Number 7, "Microsoft at Work Office," pp. 31-39 (July 1993); Vol. IV, Number 2, "Microsoft-at-Work Software," p. 30 (February 1994); Vol. IV, Number 3, "Microsoft-at-Work For Home Entertainment (SEGA games)", p. 9 (March 1994). In essence, the systems of the future integrate paper and electronic mediums.

Therefore, there is a need in the art to provide an automated information management and security system which would be compatible with the present office technology, yet would be compatible with potential integrated office equipment, networks, and architectures of the future.

The present invention provides an information management and security system which overcomes the shortcomings of the known systems providing various advantages such as instantaneous, multiple secure access(es) and minimizing the total "life-cycle" costs of managing "secure" information (from inception to destruction) utilizing present technology while being also compatible with new technology contemplated for the future. Also provides for transaction database services such as archiving, historic usage trends, transaction reporting/abstracting (user-definable) services.

SUMMARY OF THE INVENTION

It is in view of the above problems that the present invention was developed. The invention is a closed loop information management and security system which provides a secure end-to-end and automated solution for controlling access, transmission, manipulation, auditability control of classified, mission-critical, high-value information managed by DOD, National Security Agency, other Federal Agencies, businesses, and individuals respectively.

The invention has both a generic core or kernel applicable to broad application domains, and a customization scheme (e.g., software, firmware) to support unique user-specific needs. In addition, the basic generic solution kernel of the present invention can be mapped onto existing MIS solutions for ease of upgrade or retrofit.

The present invention allows information management to be "transaction based." Each automatic information transaction is built around a sequence such as a positive caller and recipient handshake and identification ("ID"), information upgrade (write) record, configuration control (date, time, location and revision stamp), creation of a transaction summarizing "communication data stream" (e.g., ATM cell, frame) packet, destination ID, additional authentication (e.g., voice signature, biographical identification), send and receive date/time, location stamp, etc. The host computer, network server or network controller maintains this "transaction" log automatically and dynamically maintains information authorization, usage, movement, and an upgrade/change log and foils any unauthorized access or tampering and does any real-time reclassification or declassification as required. As such, this is a "transaction" based system that can be enhanced to add fault tolerance, redundancy, software-based access control algorithm creation, etc. to provide a flexible system.

Briefly, in its most generic sense, the present invention comprises a read/write type radio frequency identification ("RFID" Radio Frequency, InfraRed or optical) means (transponder) and a radio frequency (transceiver) reader ("RF reader") means which is associated with a host peripheral or terminal device wherein the RF reader means passively and automatically identifies and verifies authorization of the RFID means via a "handshake" prior to allowing access to the host peripheral or terminal device or an information network. Preferably, the RF reader means writes the complete transaction via a unique "packet") on the RFID means, and/or the host peripheral or terminal or a network server device. In this fashion, the history of all transactions may be stored on the RFID means and/or host peripheral or terminal device. The present invention may be provided commercially in a "securitization kit" to upgrade existing equipment and information-handling facilities.

In a second aspect of the present invention, the RF reader means is embedded, plugged-in, connected or associated with the host peripheral or terminal device. Once a transaction is completed the RF reader means may record and write the transaction on the RFID means, and/or the host peripheral or terminal device, and/or a server database connected or associated with the terminal device. Optionally, the RFID means may further include stored biological data in ROM such as digitized voice signature, retina scan, fingerprints, etc. and other analog sensors (temperature, humidity, pressure, etc.) as well as commercially available physical "position" sensors such as Global Positioning System ("GPS"), coastal navigation system (LORAN), or other satellite/magnetic based positioning system. As an added security feature the RFID means may include electronic hardware and/or software encryption means to statically and dynamically "encrypt" the authorized user identification code, information destination, transaction location, time/date, configuration control, and secondary biological user(s) identification.

In a third aspect of the invention the RFID means may be coupled with an independent power source such as a battery.

The RFID means may comprise an integrated ID, memory storage, and a communications device such as a Personal Computer card ("PC card") which conforms to standards promulgated by the Personal Computer Memory Card International Association ("PCMCIA") having an RF transponder, mass memory, 2-way communication port(s) and input/output data means. Optionally, the RFID means has encryption device (Integrated Circuit) means to encrypt the output data. In addition, the RFID has unique biographical information patterns in Read Only Memory (ROM) for "static" information and "dynamic" position, time, place, date information.

In one preferred embodiment, the RFID means is electronically similar to the "bullet" or flat-pack card disclosed in U.S. Pat. No. 5,053,774 to Schuermann et al., which is hereby incorporated by reference in its entirety.

The RF reader means is preferably an RFID reader module which comprises a plug-in PC card having a communication antenna, an RF module, a control module, and input/out data means. Optionally, the RFID reader means comprise data packetization means, encryption means and bus control means.

The invention provides an advantage by minimizing overall life-cycle-cost to manage high value information from its inception to the end of its usefulness. The invention also provides an advantage by allowing real-time, dynamic classification of information in case of a security breach or authorization changes (levels, users, time, place, etc.).

Because the present invention is transaction-based, the invention also has important applications in "pay-per-use", intelligent electrophotographic toner/development printer cartridges, and ink-jet and thermal transfer cassettes suitable for use in existing and emerging monochrome and color hard copy printing devices such as printers and copiers as well as information transmission/input devices such as telephones, pagers, facsimile machines or telecopiers, modems, scanners, etc.

The unique system elements required to facilitate a pay-per-use type transaction record are a transponder, or reader, and external mass memory for transaction data storage in a peripheral network server and/or "pluggable" Integrated Circuit ("IC") cards commonly referred to in the industry as flash cards or Personal Computer cards ("PC cards") which conform to standards promulgated by the Personal Computer Memory Card International Association ("PCMCIA").

Further features and advantages of the present invention, as well as the structure and operation of various embodiments of the present invention, are described in detail below with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and form a part of the specification, illustrate the embodiments of the present invention and together with the description, serve to explain the principles of the invention. In the drawings:

FIG. 1 illustrates a system architecture and partition block diagram of the present invention;

FIG. 2 illustrates a typical secure transaction sequence in accordance with the present invention;

FIG. 3a illustrates in greater detail a passive, user "read/write" type RFID badge suitable for the user segment of the information management and security system;

FIG. 3b illustrates an "active" user RFID badge of FIG. 3a and a battery to enhance speed and range of the ID device and the transaction;

FIG. 3c illustrates a reader "transceiver" module of the present invention;

FIG. 4 illustrates one transaction packetization scheme suitable for use in said information management and security system; and

FIGS. 5A and 5B illustrate a general hardware layout in a specific high-value printing cartridge refurbishment application of said information management and security system.

FIG. 6 illustrates a specific application of said information management and security system utilizing technology from the cellular communications industry.

FIG. 7 illustrates a planned computer based system which allows electronic signal interaction between various network devices.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to the accompanying drawings in which like reference numbers indicate like elements, FIG. 1 and FIG. 2 illustrate one general system block diagram for the present invention while FIGS. 3a, 3b, and 3c depict certain hardware elements which may be used in the present invention.

To provide an overview, in its most generic sense, the present invention comprises an RFID means and a radio frequency reader ("RF reader") means which associated with a terminal device or other equipment such as a lock mechanism, wherein said RF reader means automatically interrogates said RFID means which responds by broadcasting identification so that said RF reader means identifies and verifies authorization of the RFID means and either stores a record of the transaction or communicates a record of the transaction to a server database prior to allowing access to the terminal device or other equipment.

The present invention may be viewed from a transaction standpoint. Each transaction is enabled by the hardware comprising an intelligent identification means, a reader means, and network host hardware. The transaction is also enabled by transaction management software that defines initial handshakes, sequences and packetization scheme(s) for identification and authentication. Further, each transaction will carry a date and time stamp and optionally carry a location stamp which provides auditability and traceability. These stamps may be dynamically and automatically created inside each reader module.

Accordingly, the present invention comprises three segments: a user segment, an equipment or facility segment, and a multi-user or site network segment.

The user segment is comprised of individuals wishing to send and receive information such as secure documents. For the user segment, the p