[0001] The present invention relates to systems and devices for detection and identification of a wearable device.

Related art

[0002] It is well known in the art to identify or authenticate a nomadic user with a wireless device such as, for example, a passive or active RFID element, a contactless smartcard, or a Bluetooth, NFC or WLAN enabled mobile equipment. The use of dedicated equipment, such as RFID tags or smartcards, is impractical since many users does not want to carry a plurality of dedicated devices for the sole purpose of being authenticated or identified with a particular service. Moreover, the range of many protocols, such as passive RFIDs, Bluetooth or NFC transmission protocols, is limited to near-range communication only.

[0003] On the other hand, authenticating a mobile equipment with a WLAN client requires first establishment of a WLAN session between the user's WLAN client and the access point managed by the service that needs to identify or authenticate the user. Many users don't want to establish such a session since it might compromise the security of their equipment, and waste power. The connection is usually not automatic, and requires user's manipulations. Moreover, establishing the WLAN session still does not allow for a user authentication or identification by the access point; additional steps, such as entering a user identification and/or password, access to a smart card in the user's equipment, or biometrical measures for example. Additionally, a WLAN connection can only be established if the signals received by the access point and by the user's equipment are strong enough, i.e. if they are at close range.

[0004] There is therefore a need for a new method for authenticating or identifying user's that avoid or mitigate the drawbacks of the above mentioned methods. [0005] In one aspect, there is a need for a method of user's

authentication or identification that doesn't require a dedicated

equipment.

[0006] In another aspect, there is need for a method of user's

authentication or identification with a larger range than most methods of the prior art.

[0007] In another aspect, there is need for a method of user's

authentication or identification that does not require any user's

manipulation.

[0008] In another aspect, there is need for a method of user's

authentication or identification that does not require establishment of a communication session.

[0009] In another aspect, there is need for a method of user's

authentication or identification that does not compromise the security or privacy of data in the user's equipment.

Summary of the invention

[0010] An aim of the invention is to provide a simple and efficient method and system to provide identification data to a central unit.

[0011 ] Another aim of the invention is to provide a simple and efficient method and system adapted to receive and transmit targeted input data to a centralized unit.

[0012] A further aim of the invention is to provide a system adapted to receive identification or authentication data from a wearable device, while protecting the device against possible intrusion. [0013] A further aim of the invention is to provide a system adapted to receive identification data from a wearable device requiring low power resources from the device.

[0014] A still further aim of the invention is to provide a system and method enabling a central unit to provide targeted services to a user after identification of said user.

[0015] According to one aspect, the invention relates to a method for detection and identification of a wearable device by a fixed service providing unit comprising the following steps:

-a fixed service providing unit scans a working area for reception of eventual network access point identification signals;

-at least one wearable device entering the working area acts as a network access point and emits a network access point identification signal;

-a fixed service providing unit receives network access point identification signal from the wearable device;

-the fixed service providing unit controls if network access point

identification signal is known and valid;

-if signal is known and valid, the fixed service providing unit provides a service to said wearable device or to wearable device user and/or another user.

[0016] Thanks to this method, no connection is established between the wearable device and the fixed service providing unit, thereby avoiding the risk of any unauthorized use such as phishing, spanning, etc.

[0017] It is already known to use a mobile device with Internet access, such as a smartphone, a tablet or the like, as a WLAN access point allowing other devices in the vicinity, such as laptops etc, to connect to the mobile device and have access to the Internet or to resources of the mobile device. On iphone™ smartphones, this function is called "share connection".

When the connection sharing is activated, the smartphone emits a network access point identification signal, such as a SSID signal, that will be received by other devices with a WLAN network card in the vicinity. The other devices can then select this SSID in the list of available access points, and establish a wireless connection with the smartphone in order to access the Internet or other resources.

[0018] In one aspect, the invention is based on an inversion of the roles of the access point and of the WLAN client. The user's mobile device works as an access point whose network identification (for example the SSID) is used as user's identification. This identification is received by a usually fixed service providing unit, such as a WLAN client that permanently scans the identification of available access points in the vicinity, to identify or authenticate the corresponding equipment.

[0019] In one embodiment, the fixed service providing unit provides a validation signal to the wearable device. The validation signal

advantageously comprises connection request for requesting establishment of a connection between said fixed service providing unit and said access point.

[0020] In one embodiment, the wearable device refuses the connection request received from the fixed service providing unit. Such a connection is not necessary to identify or authenticate the wearable device.

[0021] In a variant, after reception of such a request, the wearable device stops emission of the network access point identification signal in order to reduce the power consumption. In another variant, the wearable device emits network access point identification signal intermittently. In another variant, the wearable device changes its network access point identification in response to such a request, in order to build a dialogue between the wearable device and the fixed service providing unit without establishing a complete WLAN session that would compromise the security of the wearable device.

[0022] The network access point identification signal is advantageously a Service Set Identifier (SSID) signal. [0023] In a still further embodiment, the network access point

identification is changed in order to get different service from one or a plurality of fixed service providing unit(s).

[0024] In other variants, the network access point identification may be defined by the wearable device user or an authorized third party for a given application.

[0025] The network access point identification may for instance be a random number or other secret value.

[0026] Alternatively, the network access point identification can't be changed by the user's, to avoid manipulations or impersonation.

[0027] The network access point identification may be read from a smart card, such as a SIM card.

[0028] The network access point identification may correspond or depend on a number, such as an IMSI or MSISDN number, stored in a SIM card of the user's wearable device or a mobile phone number.

[0029] A program or an APP executed by the user's wearable device may be used to retrieve the network access point identification and use it, for example as a SSID.

[0030] The network access point identification may be different for different applications.

[0031 ] In a further embodiment, the access point identification may be changed during a dialogue between the fixed service providing unit and wearable device.

[0032] The method of the invention provides a user authentication of the identified wearable device before a targeted service is provided. The service may include access to physical or logical resources. The method may also be used to command a separate device or system such as a car (or a system in the car), the house (or a system in the house), at the office, etc.

[0033] Most preferably, said fixed service providing unit provides targeted services in relation to the network access point identification.

[0034] In a variant, the fixed service providing unit provides targeted services in relation to the distance between the network access point and the fixed service providing unit. For instance, in a store application, when the user is entering the working area, in this case corresponding to the store surface, the distance is substantially long (for example up to about 30 m for a SSID). The service providing unit then sends welcoming data to the user. Later, when the user is coming near the payment passage, payment data and/or instructions are sent to the user. In another application, related to safety, the system uses the various distances between the wearable devices and the fixed service providing unit to send messages or data related to the zone in which users are entering, such as safe area, restricted area, and strictly forbidden area.

[0035] The invention also relates to a detection and identification system for wearable devices comprising:

-a plurality of wearable devices provided with a network access point identification signal emitter;

-a fixed service providing unit, for receiving network access point identification signals, control if a received signal is valid, and in case of validity of the signal, provides a service to said wearable device or to wearable device user.

[0036] In an embodiment, the system further comprises a central network access point identification data base provided with data and/or instructions related to pre-identified users.

[0037] In a further embodiment, the system further comprises a central receptor, for receiving input signals from surrounding wearable devices located within a working area allowing network access point identification signals transmission and reception.

[0038] In a still further embodiment, the wearable device is a cellular telephone, a USB key, glasses, a wristband, or other light weight device well adaptable to be wearable by a user.

Short description of the Figures

[0039] The present invention will better understood with the detailed description of some possible embodiments illustrated by the figures in which:

Figure 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention;

Figure 2 illustrates optional complementary step of the method presented in figure 1 ;

Figure 3 illustrates a schematic diagram representing an example of a detection and identification system for wearable device according to the invention.

Detailed description

[0040] Figure 1 illustrates the main steps of a method for detection and identification of a wearable device according to the invention. At step 100, the Fixed Service Providing Unit (FSPU) 30 scans a working area 10 in order to detect any eventual wearable device 20 that would have entered into the area 10. As mentioned at step 1 10, the wearable device 20 is emitting a Network Access Point Identification Signal (NAPIS). The Network Access Point Identification is preferably specific to a single wearable device or a group of parent devices, sharing a common identity. An application executed by the user's wearable device retrieves the network access point identification, for example from a SIM card in the equipment. After detection, at step 120, the Fixed Service Providing Unit 30 receives the Network Access Point Identification Signal (NAPIS). To check whether the detected devices are valid and/or acceptable, the Fixed Service Providing Unit 30 controls if the signal is valid, for example whether it matches one identification in a list of previously defined authorised identifications, or if it corresponds to given safety or selection criteria (step 130). If the signal is accepted, the Fixed Service Providing Unit provides service and/or related data and/or operations, preferably with targeted data to said wearable device 20 (step 140). The services provided are customable according to the Network Access Point Identification data received.

[0041] Figure 2 illustrates examples of additional steps for the method of figure 1. At step 200, the Fixed Service Providing Unit 30 provides validation signal, such as a request for establishing a connection, to wearable device 20. The wearable device uses this signal in order to either stop emission of the Network Access Point Identification Signal (step 220) or to block any connection or instruction received from the Fixed Service Providing Unit (step 210).

[0042] Figure 3 shows an example of a detection and identification system for wearable devices according to the invention. The system comprises a Fixed Service Providing Unit (FSPU) 30 comprising a Network Access Point Identification Signal (NAPIS) receptor 34, a Network Access Point Identification Signal data base 31 , for storing a list of accepted Network Access Point Identifications, a processing unit 32 and instruction code or commands 33, providing all data and software instructions for the operation of the Fixed Service Providing Unit 30, a service providing unit 36 and the related service data base 35, for actually providing the services and or operations resulting from the detection of a given wearable device 20 into a corresponding working area 10. Different services may be provided depending on the detected Network Access Point Identification.

[0043] The method may comprise a step of user authentication of a wearable device previously identified with said network access point identification signal. The authentication may comprise providing a further proof of the identity of the wearable device, for example using a

challenge-reply method, knowledge of a secret such as a password, fingerprint or other biometric data, proof of possession of an object such as a smart card, etc. The requested service may be provided once this authentication is successful. The authentication may be based on replies provided by the wearable device through modifications of the network access point identification signal, and/or without establishing a WLAN or similar session.

[0044] In a preferable embodiment the authentication of a wearer of the wearable device will be based on biometric data; the Fixed Service Providing Unit (FSPU) 30 may include a database of biometric data of all persons that may wear wearable devices 20; in the database the biometric data of each person is associated with a Network Access Point Identification Signal of the wearable device 20 which that person wears. Any suitable biometric data may be used, such as finger print or facial images. In order to achieve authentication, the Fixed Service Providing Unit (FSPU) 30 receives the Network Access Point Identification Signals from one or more wearable devices 20 which are within a predefined area (e.g. a circular area with a diameter of 20-30m) around the Fixed Service Providing Unit (FSPU) 30; the Fixed Service Providing Unit (FSPU) 30 retrieves from the database the biometric data which is associated with each of the one or more received Network Access Point Identification Signals. The Fixed Service Providing Unit (FSPU) 30 thus preselects biometric data from the database based on the one or more received Network Access Point Identification Signals which it has received. The retrieved biometric data is compared with the corresponding physical characteristic of the person to be

authenticated and if one of the retrieved biometric data matches the corresponding physical characteristic of the person, the system can determine that the person is authentic. For example if the biometric data is a finger print then the Fixed Service Providing Unit (FSPU) 30 retrieves from the database one or more finger print data which associated with each of the one or more Network Access Point Identification Signals which it has received; the person to be authenticated will position their finger so that the Fixed Service Providing Unit (FSPU) 30 can read the physical finger print of the person; the read physical finger print is compared to each of the one or more finger print data which was retrieved from the database; if the physical finger print matches one of the one or more finger print data retrieved from the database, then the system can determine that the person is authentic. If the physical finger print does not match one of the one or more finger print data retrieved from the database then the system can detect that the person wearing the wearable device is not an

authorized user of that wearable device.

[0045] In some existing authorization techniques which are currently used in the field, the physical finger print of a person is compared to all of the finger prints stored in the database to determine if the physical finger print matches any one of the stored finger prints; if the physical finger print matches any of the finger prints in the database the system

determines that the person is authentic. A disadvantage of the existing authorization techniques is that many comparison operations are required since the physical finger print must be compared to all of the finger prints stored in the database. In contrast in the present invention the Fixed Service Providing Unit (FSPU) uses the received Network Access Point Identification Signals which it receives from one or more wearable devices, which are all located within a predefined area around the Fixed Service Providing Unit (FSPU), to pre-select from the database, finger prints which are associated with each of said one or more wearable device, to which the physical finger print of a person is to be compared to. Unlike the present invention, none of the existing authorization techniques which are currently used in the field make a pre-selection from stored biometric data based on wearable devices which have been detected as being present within a predefined area. Advantageously in the present invention a comparison of the physical finger print to only those pre-selected finger prints which are associated with those wearable devices which have been detected as being present within the predefined area, rather than to all of the stored finger prints in the database, is required to achieve

authentication. It will be understood that the present invention may use other techniques to pre-select from the database finger prints to which the physical finger print of a person is to be compared to. [0046] The system also comprises a plurality of wearable devices 20 that are adapted for detection/identification by the Fixed Service Providing Unit. Many examples of wearable device may be provided in accordance with the invention, such as smartphones, tablets, PDAs, USB keys, glasses,

wristbands, watches, etc.

[0047] The service provided by the fixed service providing unit to the user of one identified wearable devices might be diverse. Those services might comprise access to physical resources, for example unlocking a door or an object, or to logical resources, for example access to data or network resources with the wearable device or with another device. For example, the presence of a user at a particular location may be detected when a Network Access Point Identification Signal is received by a fixed service providing unit at this location. This presence might be used to provide access to a computer network, to physical places, or to other resources at the particular location.

[0048] Although the description relates mainly to the specific case of a WLAN, the method of the invention could also be used with other types of networks.

Reference numbers for System Working area

Wearable device

Network Access Point Identification Signal (NAPIS) emitter Fixed Service Providing Unit (FSPU)

Napis data

Processing unit

Instructions

Napis receptor

Service data

Service providing unit