It’s not easy being a massive corporation, all they want to be able to do is track someone to tell what they are doing online and when, so that they can advertise to the individual, or only give them the games they purchased, or stop them downloading stuff that could harm the corporation – but how can they be sure who is actually logged on? Luckily, Sony has the answer: to store your biometric data online and use it to keep a constant eye on you.
Sony Computer Entertainment – that’s the PlayStation division of the Japanese tech giant – recently published a patent regarding the matter, which PlayStation LifeStyle has exclusively uncovered. The patent was originally filed this May, suggesting the scheme is a relatively new concept, and likely still in development.
First, the patent describes the ‘problem’ of being unable to trust that the people who log in to their devices are actually the main account holder, rather than someone who has just been given the device after it has been unlocked:
Consumer electronic devices are increasingly being used in conjunction with web-based applications. Such devices include personal computers, personal digital assistants, cellular phones, televisions and video game modules. Because of the near-ubiquity of such devices, there is a tremendous potential market for advertising of goods and services via these devices. However, most web-based advertising is largely unfocused due to a lack of information about the person who uses the device. Advertising could be more focused if it could be targeted to the specific interests of device users. Information about the users is typically obtained through some form of querying the device user. Typically, the user is asked to provide information when registering the device or when signing up for an online service. Information can also be obtained by monitoring device use. For example, an online game provider can monitor which games are accessed by a particular device registered to a known user. However, many consumer electronic devices, such as video game consoles, often have multiple users, e.g., members of the same family. These users may be different from the individual who registered the device. Unfortunately, currently existing technology only allows content providers to track the device and cannot distinguish among different users of a device.
In the prior art security systems for device such as personal computers have used biometric sensors such as fingerprint sensors as alternatives to entering a password. However, such security systems are not contingent on the identity of the user while the user is using the device. Instead, the user is only identified at when the user starts up the device. Once the device starts up, anyone can use the device. Such prior art security systems are, therefore, easily circumvented.
Thus, there is a need in the art, for methods and apparatus that overcome the above disadvantages.
So, how to combat this? Biometric data, and lots of it (emphasis added):
To overcome the above disadvantages, embodiments of the invention are directed to consumer devices and methods for operating consumer devices. According to embodiments of the invention a user of a consumer electronics device is uniquely identified using a metric that is contingent upon the user using the device normally. Content that depends on the user’s identity can be provided to or from the device. According to certain embodiments, a user may be uniquely identified using a biometric sensor to provide the metric. Examples of suitable biometric sensors include fingerprint sensors, hand sensors, face recognition systems, iris scanners retinal scanners, voice pattern analyzers, and DNA analyzers. The biometric sensor senses a user biometric during normal operation of the device by the user. In certain embodiments of the invention a user identification unit incorporated into a control module of the device.
A picture shows a few examples of the system in action:
Now the phone may look basic, but that’s normal for patent drawings. The parts of notes are all the shaded grey indents that are fingerprint scanners (how many fingers do they need?), and the cameras (329 and 336) that will be used for “facial, iris or retina recognition” and the microphone (328) for voice recognition.
The patent continues, explaining how the data could be used to create a profile about you and your gaming preferences:
In some embodiments of the present invention, a user profile may be generated… user behavior may be monitored and information gleaned from patterns of user behavior may become part of the profile. The profile can be used to tailor the operation of the device to a particular user… In the case of a video game console, the user profile may include information about particular types of games (e.g., racing games as opposed to combat-type games) that the user downloads. The user profile information may then be associated with the user ID at 106. For example, the user profile may contain a unique hash generated by the user ID sensor 206. Note that for purposes of providing content, such as pushing advertising to the identified user, it is not necessary to know the user’s name, address, phone number or other personal information. It is sufficient to associate patterns of the user’s online activity with the identified user.
It is common practice to register a consumer electronic device with the manufacturer for record keeping purposes. Such a registration step 105 may be performed at any time before during or after the user begins using the device 200. Such registration, typically involves associating a device ID with a particular owner of the device. In embodiments of the present invention, the ID for one or more users of the device 200 may be associated with the device ID at step 107.
Along with advertising, the ID can stop people using content that isn’t theirs, something that could stop PSN account sharing:
Embodiments of the invention can be used to prevent unauthorized sharing of online accounts. A biometric identifier, such as a fingerprint ID, that is generated during ordinary use of the online content allows the content server 602 to determine whether a user attempting to access an online account is the user associated with that account.
The system could also apparently end piracy, but it would presumably have to be widespread:
An additional problem associated with delivering content online is one of preventing illegal copying or distribution of downloaded content. The internet provides enormous opportunities for mass delivery of electronically generated content such as music, movies, literature, computer software, computer games and the like. However, the internet also presents equally enormous opportunities for unauthorized copying and distribution of such content. Currently, when a user downloads content purchased content it is difficult if not impossible to prevent unauthorized copying and distribution of that content. One technique for doing so is to “lock” the download to the user’s machine so that the downloaded content may only be accessed on that particular machine. However, if the user sells the machine, he cannot transfer the downloaded content that he has already paid for. By associating content with an authorized user, each download may be made unique so that only the authorized user (e.g., one who has paid for the content) will be able to access it. Such a technique may be used to prevent hacking or copying to steal music, software, video games or other copyrighted content.
This patent ties into another we exclusively covered that was for a PlayStation camera that could work out your every emotion, record what you say and how you feel, and send it all off to Sony.
In both cases, all the data – your personal conversations, your iris, your DNA – would be stored on one of Sony’s servers. And we all know how that can turn out.
Let’s just hope they keep your DNA hashed.