CA2416202A1 - Method and apparatus for secure identity authentication with audible tones - Google Patents
Method and apparatus for secure identity authentication with audible tones Download PDFInfo
- Publication number
- CA2416202A1 CA2416202A1 CA002416202A CA2416202A CA2416202A1 CA 2416202 A1 CA2416202 A1 CA 2416202A1 CA 002416202 A CA002416202 A CA 002416202A CA 2416202 A CA2416202 A CA 2416202A CA 2416202 A1 CA2416202 A1 CA 2416202A1
- Authority
- CA
- Canada
- Prior art keywords
- cryptographic
- processor
- cryptographic signature
- person
- audible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3272—Short range or proximity payments by means of M-devices using an audio code
Abstract
Method and apparatus for allowing persons to securely identify themselves in electronic commerce and transactions involving other parties. A token stores or determines a set of cryptographic signatures and uses a sound component t o generate a unique audible tone representative of a cryptographic signature. The audible tone is conveyed to a party requesting authentication of the tok en holder, whereupon the party determines whether the information conveyed by t he audible tone exists in a database of identities.
Description
METHOD AND APPARATUS FOR SECURE IDENTITY
AUTHENTICATION WITH AUDIBLE TONES
BACKGROUND
I. Field of the Invention The present invention pertains generally to the field of electronic security, and more particularly to the authentication of individuals through audible tones.
II. Background Access to the Internet and usage of electronic data systems have grown steadily among the general public. Electronic commerce has been eagerly embraced by both consumers and businesses due to the relative ease with which one party can purchase or sell to another party without the inherent complications involved with running a "bricks and mortar" establishment.
However, with the introduction of a system of communication wherein face-to-face contact is eliminated or greatly reduced, opportunities for fraudulent activity have increased. A stolen credit card in the hands of a wrong-doer can eause damage to the credit rating of the named credit card holder and cause damage for the credit card issuer who must absorb the loss resulting from unauthorized purchases. In a worst-case scenario, a wrong-doer may actually purloin a party's identity in order to exploit the credit-worthiness and financial accounts of that party. Such an activity leaves the wronged party in the untenable position of defending himself or herself against any criminal activity perpetrated in his or her name, denying activities conducted at the businesses of deceived creditors, or re-establishing a new identity with the authorities.
In order to prevent unauthorized parties from intercepting private information, various encryption schemes have been developed so that private information transmitted between parties is concealed. However, the concealment of private information is only one aspect of the security needed to achieve a high level of consumer confidence in electronic commerce.
Another aspect is authentication.
Traditionally, signatures are placed on legal documents to identify the parties involved in the subject matter of the documents and to show that the parties are in formal agreement. With the advent of the electronic commerce, some type of electronic signature is necessary to formalize the identification of the parties and the agreement between them. The United States government recently enacted the "Electronic Signatures in Global and National Commerce Act", HR 114, 105 Cong. (2000), to give such electronic signatures the same force of law as a penned signature for certain legal contracts. However, the actual implementation of a secure electronic signature has been left unresolved by the U.S. government.
In the current state of the art, electronic authentication of an individual can be performed by:
1. Authentication through knowledge, i.e., a password or a personal identification number (PIN) entered into a machine;
2. Authentication through portable objects, i.e., a credit card, a police badge, a SecurID token, or a proximity card; or 3. Authentication through personal characteristics, i.e., a fingerprint, DNA, or a signature.
With the current reliance on electronic security measures, it is not uncommon for an individual to carry multiple objects or to remember multiple passwords. For example, an individual may perhaps need a PIN for an ATM machine, a password to log on to a computer at work, a password to access the Internet service provider at home, a proximity card to gain access to a secure building, and a garage door opener to gain entry into a house.
Authentication through knowledge is thus problematic for individuals who must remember multiple passwords or PINS, or for individuals with poor memories. It is highly recommended that people do not write down such information because it leaves a person vulnerable to the theft of the passwords and PINS.
Authentication through portable objects and personal characteristics can also be problematic for an average consumer because highly specialized input devices are required to retrieve the authentication information. For example, automatic teller machine (ATM) cards require an ATM, smartcards require a smartcard reader, a voice ID would require a voice encoder jdecoder, and a DNA sample would require a laboratory.
Hence, the current methods utilizing physical objects and personal characteristics are inadequate for a person who must be authenticated through a computer connection or across a telephone line. In addition, remembering passwords and carrying multiple physical objects can be too cumbersome. There is a present need to simplify the process of authenticating an individual to multiple entities.
SUMMARY
The present invention pertains to an apparatus that can be used by an individual to securely identify one's self to another party, wherein the apparatus comprises: a processor; a storage element coupled to the processor, wherein the storage element includes an instruction set executable by the processor for generating a cryptographic signature; and a sound component coupled to the processor, wherein the processor commands the sound component to generate an audible tone associated with the eryptographic signature.
In one aspect of an embodiment, multiple signatures using multiple cryptographic keys can be either stored or generated by the storage element and the processor.
In another aspect of an embodiment, the apparatus further comprises an input element for bi-directional data transfers with other electronic devices.
In another aspect of an embodiment, the apparatus further comprises a user interface that can be used to supply an activation code.
3o BRIEF DESCRIPTION OF THE DRAWINGS
The features, objects, and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify correspondingly throughout and wherein:
FIG. 1 is a block diagram of a physical implementation of an exemplary embodiment;
FIG. 2 is a block diagram of an authentication procedure between an individual and a database manager, wherein an exemplary embodiment is used to authenticate the identity of the individual; and FIG. 3 is a flow chart of an authentication method using the exemplary embodiment.
DETAILED DESCRIPTION OF THE EXEMPLARY
EMBODIMENTS
FIG. 1 is an exemplary embodiment of a device 5 comprising a processor 10, a storage element 20 coupled to the processor 10, and a sound component 30 coupled to the processor 10, wherein the storage element 20 is configured to store a set of cryptographic signatures and the processor 10 is configured to control the generation of audible tones from the sound component 30, wherein each audible tone is associated with a signature from the set of cryptographic signatures. As is readily apparent to one skilled in the art, the device 5 can be implemented in a small, portable size with the use of microprocessors, or application specific integrated circuits (ASICs), or any other logic capable of a control function. The storage element 20 can be any memory device, such as a random access memory (RAM), flash memory, or a disk storage medium. The sound component 30 can be implemented by any mechanical or electronic sound generation device, such as a speaker, along with an optional sound reception device, such as a microphone. The device 5, which will be referred to hereinafter as a "token," can be carried and activated by an individual whenever some form of identification must be provided to an entity requesting identity authentication.
One method for generating cryptographic signatures is public-key cryptography. In a public-key cryptography scheme, a user has both a private key and a public key for encrypting documents. The user encrypts a communication with the user's private key and sends the encrypted communication to a targeted party, who then decrypts the communication with the user's public key. The fact that the targeted party was able to decrypt the communication with the user's public key would be the electronic 5 signature that authenticates the communication as originating from the user.
It should be noted that the use of a public-key cryptography scheme is illustrative only and the exemplary embodiments may incorporate other signature-generating schemes.
It is an advantage in the exemplary embodiment that audible tones are generated to uniquely represent the cryptographic signatures stored on or generated by the token. Almost all desktop and laptop computers currently integrate microphones into the computer system and almost all desktop and laptop computers carry the capability to generate sounds. Hence, the exemplary embodiment can be advantageously implemented to operate with desktop and laptop computers running the appropriate software. Other electronic devices, including, but not limited to, personal data assistants (PDAs), mobile phones, and pagers can also be used with the exemplary embodiment with a proper I/O add-on or software upgrade. In addition, the exemplary embodiment can be used with any communication system that is capable of carrying audible tones. Examples include, but are not limited to telephone networks, building intercom systems, and radio communication networks. Hence, an individual can use the exemplary embodiment to identify himself or herself directly in a face-to-face transaction or indirectly through an acoustic communication medium.
FIG. 2 is a block diagram of a basic authentication system between an individual and a database manager, wherein a token is used to authenticate the identity of the individual in accordance with one embodiment. A first party 100 intends to access information protected by a database manager 103.
The first party 100 holds a token 101 up to a microphone (not shown) coupled to a computer 102, wherein the computer 102 is in communication with the database manager 103. The token 101 generates audible tones to the computer 102, which then transmits the tones, or the cryptographic signature represented by the tones, to the database manager 103. The database manager 103 verifies the first party's identity by retrieving authentication information from the database 104. The individual 100 can then proceed with a private transaction. In an alternative embodiment, the freshness of a signature can be ensured through a challenge/response procedure chosen by the database manager 103, wherein the signature is generated in response to a challenge from the database manager 103. In this embodiment, the sound component of the token 101 comprises a sound generation element and a sound reception element, so that the token 101 can detect audible tones from the speakers of the computer 102.
It is another advantage of the exemplary embodiment that a token can be programmed to carry multiple keys that would identify an individual to multiple entities. For example, a token can be programmed to generate an audible signature that would identify a token holder to a financial institution over a telephone line. The token can also be programmed to generate a second audible signature that would identify a token holder to a computer network over a microphone hooked up to a computer in the network. The same token can be programmed to generate a third audible signature to a proximity card reader in order to gain access to a secure building. In an aspect of the embodiment, the audible signatures would be generated in accordance with one or more cryptographic keys, wherein the private key portions of the cryptographic keys remain secret within the token, and the corresponding public key portions are used by any entity to verify the audible signatures. One method of generating electronic signatures using private keys and public keys is the Digital Signature Algorithm, promulgated in Federal Information Processing Standard Publication 186-1.
In another exemplary embodiment, the token can further comprise another form of input element, such as a parallel port, a serial port, or a universal serial bus, so that the token can interact with another party through a medium other than audible sound. Various authentication protocols exist in which both parties must exchange information in order to confirm the identity of the opposite party. For example, a token can be programmed with a public-key cryptographic scheme wherein an exchange of public keys must be made.
AUTHENTICATION WITH AUDIBLE TONES
BACKGROUND
I. Field of the Invention The present invention pertains generally to the field of electronic security, and more particularly to the authentication of individuals through audible tones.
II. Background Access to the Internet and usage of electronic data systems have grown steadily among the general public. Electronic commerce has been eagerly embraced by both consumers and businesses due to the relative ease with which one party can purchase or sell to another party without the inherent complications involved with running a "bricks and mortar" establishment.
However, with the introduction of a system of communication wherein face-to-face contact is eliminated or greatly reduced, opportunities for fraudulent activity have increased. A stolen credit card in the hands of a wrong-doer can eause damage to the credit rating of the named credit card holder and cause damage for the credit card issuer who must absorb the loss resulting from unauthorized purchases. In a worst-case scenario, a wrong-doer may actually purloin a party's identity in order to exploit the credit-worthiness and financial accounts of that party. Such an activity leaves the wronged party in the untenable position of defending himself or herself against any criminal activity perpetrated in his or her name, denying activities conducted at the businesses of deceived creditors, or re-establishing a new identity with the authorities.
In order to prevent unauthorized parties from intercepting private information, various encryption schemes have been developed so that private information transmitted between parties is concealed. However, the concealment of private information is only one aspect of the security needed to achieve a high level of consumer confidence in electronic commerce.
Another aspect is authentication.
Traditionally, signatures are placed on legal documents to identify the parties involved in the subject matter of the documents and to show that the parties are in formal agreement. With the advent of the electronic commerce, some type of electronic signature is necessary to formalize the identification of the parties and the agreement between them. The United States government recently enacted the "Electronic Signatures in Global and National Commerce Act", HR 114, 105 Cong. (2000), to give such electronic signatures the same force of law as a penned signature for certain legal contracts. However, the actual implementation of a secure electronic signature has been left unresolved by the U.S. government.
In the current state of the art, electronic authentication of an individual can be performed by:
1. Authentication through knowledge, i.e., a password or a personal identification number (PIN) entered into a machine;
2. Authentication through portable objects, i.e., a credit card, a police badge, a SecurID token, or a proximity card; or 3. Authentication through personal characteristics, i.e., a fingerprint, DNA, or a signature.
With the current reliance on electronic security measures, it is not uncommon for an individual to carry multiple objects or to remember multiple passwords. For example, an individual may perhaps need a PIN for an ATM machine, a password to log on to a computer at work, a password to access the Internet service provider at home, a proximity card to gain access to a secure building, and a garage door opener to gain entry into a house.
Authentication through knowledge is thus problematic for individuals who must remember multiple passwords or PINS, or for individuals with poor memories. It is highly recommended that people do not write down such information because it leaves a person vulnerable to the theft of the passwords and PINS.
Authentication through portable objects and personal characteristics can also be problematic for an average consumer because highly specialized input devices are required to retrieve the authentication information. For example, automatic teller machine (ATM) cards require an ATM, smartcards require a smartcard reader, a voice ID would require a voice encoder jdecoder, and a DNA sample would require a laboratory.
Hence, the current methods utilizing physical objects and personal characteristics are inadequate for a person who must be authenticated through a computer connection or across a telephone line. In addition, remembering passwords and carrying multiple physical objects can be too cumbersome. There is a present need to simplify the process of authenticating an individual to multiple entities.
SUMMARY
The present invention pertains to an apparatus that can be used by an individual to securely identify one's self to another party, wherein the apparatus comprises: a processor; a storage element coupled to the processor, wherein the storage element includes an instruction set executable by the processor for generating a cryptographic signature; and a sound component coupled to the processor, wherein the processor commands the sound component to generate an audible tone associated with the eryptographic signature.
In one aspect of an embodiment, multiple signatures using multiple cryptographic keys can be either stored or generated by the storage element and the processor.
In another aspect of an embodiment, the apparatus further comprises an input element for bi-directional data transfers with other electronic devices.
In another aspect of an embodiment, the apparatus further comprises a user interface that can be used to supply an activation code.
3o BRIEF DESCRIPTION OF THE DRAWINGS
The features, objects, and advantages of the present invention will become more apparent from the detailed description set forth below when taken in conjunction with the drawings in which like reference characters identify correspondingly throughout and wherein:
FIG. 1 is a block diagram of a physical implementation of an exemplary embodiment;
FIG. 2 is a block diagram of an authentication procedure between an individual and a database manager, wherein an exemplary embodiment is used to authenticate the identity of the individual; and FIG. 3 is a flow chart of an authentication method using the exemplary embodiment.
DETAILED DESCRIPTION OF THE EXEMPLARY
EMBODIMENTS
FIG. 1 is an exemplary embodiment of a device 5 comprising a processor 10, a storage element 20 coupled to the processor 10, and a sound component 30 coupled to the processor 10, wherein the storage element 20 is configured to store a set of cryptographic signatures and the processor 10 is configured to control the generation of audible tones from the sound component 30, wherein each audible tone is associated with a signature from the set of cryptographic signatures. As is readily apparent to one skilled in the art, the device 5 can be implemented in a small, portable size with the use of microprocessors, or application specific integrated circuits (ASICs), or any other logic capable of a control function. The storage element 20 can be any memory device, such as a random access memory (RAM), flash memory, or a disk storage medium. The sound component 30 can be implemented by any mechanical or electronic sound generation device, such as a speaker, along with an optional sound reception device, such as a microphone. The device 5, which will be referred to hereinafter as a "token," can be carried and activated by an individual whenever some form of identification must be provided to an entity requesting identity authentication.
One method for generating cryptographic signatures is public-key cryptography. In a public-key cryptography scheme, a user has both a private key and a public key for encrypting documents. The user encrypts a communication with the user's private key and sends the encrypted communication to a targeted party, who then decrypts the communication with the user's public key. The fact that the targeted party was able to decrypt the communication with the user's public key would be the electronic 5 signature that authenticates the communication as originating from the user.
It should be noted that the use of a public-key cryptography scheme is illustrative only and the exemplary embodiments may incorporate other signature-generating schemes.
It is an advantage in the exemplary embodiment that audible tones are generated to uniquely represent the cryptographic signatures stored on or generated by the token. Almost all desktop and laptop computers currently integrate microphones into the computer system and almost all desktop and laptop computers carry the capability to generate sounds. Hence, the exemplary embodiment can be advantageously implemented to operate with desktop and laptop computers running the appropriate software. Other electronic devices, including, but not limited to, personal data assistants (PDAs), mobile phones, and pagers can also be used with the exemplary embodiment with a proper I/O add-on or software upgrade. In addition, the exemplary embodiment can be used with any communication system that is capable of carrying audible tones. Examples include, but are not limited to telephone networks, building intercom systems, and radio communication networks. Hence, an individual can use the exemplary embodiment to identify himself or herself directly in a face-to-face transaction or indirectly through an acoustic communication medium.
FIG. 2 is a block diagram of a basic authentication system between an individual and a database manager, wherein a token is used to authenticate the identity of the individual in accordance with one embodiment. A first party 100 intends to access information protected by a database manager 103.
The first party 100 holds a token 101 up to a microphone (not shown) coupled to a computer 102, wherein the computer 102 is in communication with the database manager 103. The token 101 generates audible tones to the computer 102, which then transmits the tones, or the cryptographic signature represented by the tones, to the database manager 103. The database manager 103 verifies the first party's identity by retrieving authentication information from the database 104. The individual 100 can then proceed with a private transaction. In an alternative embodiment, the freshness of a signature can be ensured through a challenge/response procedure chosen by the database manager 103, wherein the signature is generated in response to a challenge from the database manager 103. In this embodiment, the sound component of the token 101 comprises a sound generation element and a sound reception element, so that the token 101 can detect audible tones from the speakers of the computer 102.
It is another advantage of the exemplary embodiment that a token can be programmed to carry multiple keys that would identify an individual to multiple entities. For example, a token can be programmed to generate an audible signature that would identify a token holder to a financial institution over a telephone line. The token can also be programmed to generate a second audible signature that would identify a token holder to a computer network over a microphone hooked up to a computer in the network. The same token can be programmed to generate a third audible signature to a proximity card reader in order to gain access to a secure building. In an aspect of the embodiment, the audible signatures would be generated in accordance with one or more cryptographic keys, wherein the private key portions of the cryptographic keys remain secret within the token, and the corresponding public key portions are used by any entity to verify the audible signatures. One method of generating electronic signatures using private keys and public keys is the Digital Signature Algorithm, promulgated in Federal Information Processing Standard Publication 186-1.
In another exemplary embodiment, the token can further comprise another form of input element, such as a parallel port, a serial port, or a universal serial bus, so that the token can interact with another party through a medium other than audible sound. Various authentication protocols exist in which both parties must exchange information in order to confirm the identity of the opposite party. For example, a token can be programmed with a public-key cryptographic scheme wherein an exchange of public keys must be made.
Hence, the token can store predetermined cryptographic signatures in the storage element, or the token can generate cryptographic signatures in response to a signal from an external source.
In addition to various input elements, the exemplary embodiment may also include an output element for communicating with electronic devices more directly, rather than through sound generation. For example, the sound component will be engaged for authentication functions, but an output element can be engaged for data transfers, such as the backup of the cryptographic signatures onto a personal computer or the exchange of public key information.
In another embodiment, an activation requirement can be programmed into a token, so that another party may not use the token fraudulently or accidentally. In this embodiment, a user interface can be incorporated with the token so that an activation check can be performed. Hence, a token will not generate an authentication signature unless it receives confirmation as to the identify of its user. It should be noted that the token may generate audible tones as part of a protocol interaction even though the token may ultimately refuse to generate an audible authentication signature.
Confirmation can come in the form of a PIN entered into a keypad.
Alternatively, confirmation can be determined from a voice print, wherein the user interface is a microphone and the processor has sufficient processing ability to enable voice recognition. Voice recognition methods are well known in the art and will not be discussed in detail herein.
Another method to activate a token that has a microphone input would be to use a Dual Tone Multi-Frequency (DTMF) device to input the activation code. This method has the advantage of requiring little processing complexity and requiring an inexpensive and commonly available DTMF
sound generator (such as a telephone). Another implementation of the activation requirement is to have the sound component utter numbers in a sequential or non-sequential manner. Whenever a number in the PIN is uttered, the user presses the activation button to register the number with the processor.
In another implementation that can be used in conjunction with the activation requirement methods described above, each cryptographic g signature can be associated with its own activation requirement, so that the token may require a different activation check for each authentication request from separate entities. As an added security precaution, the token can be programmed to become inactive if too many attempts are made to input the activation code.
In another embodiment, the sound component of the token can be configured to generate encoded audible tones, wherein the encoding will increase the probability that the cryptographic message or signature will be delivered without error. Modulation techniques, including, but not limited to Dual Tone Multi-Frequency (DTMF) and Frequency Shift Keying (FSK), can be implemented in order to create a more distinguishable sound amidst loud background noises.
In another embodiment, the functionality of the sound component can be supplemented with an infrared port. Various laptop computer manufacturers, printer manufacturers, and PDA manufacturers have incorporated infrared ports into their equipment. An infrared port may be used advantageously in those circumstances where the use of a sound component would be awkward and undesirable, such as in a public place.
In another embodiment, the sound component can generate ultrasonic frequencies. Alternatively, the generation of ultrasonic frequencies can be made by an add-on device that works in conjunction with the exemplary embodiment. Such an add-on device would be connected to the exemplary embodiment through audible tones or through an output element.
FIG. 3 is a flowchart of an authentication method using a token holding a cryptographic signature. For illustrative purposes, the method is described in relation to a customer trying to access private bank records. However, it should be apparent to one skilled in the art that the method can be applied to any situation wherein a party is trying to access private information or establish access to a computer system or building. At step 300, a customer enters a banking web site using a personal computer. At step 310, the banking web site asks for the identity of the customer by sending a coded challenge to the personal computer, wherein the coded challenge is encoded using a public key of the customer. At step 320, the personal computer requests authentication from the customer. At step 330, the customer holds a token near the microphone and the speakers of the personal computer and presses an activation button. At step 340, a series of audio tones plays between the token and the personal computer. At step 350, the personal computer decodes the audio data and encodes a response to the web site using the coded challenge and the decoded audio data. At step 360, the web site verifies the digital signature on the response from the personal computer by using its own private key.
Once the banking web site has confirmed the identity of the customer, the customer can then access his or her account information.
In another example, a token can be used to authenticate the identity of an individual without the need of a personal computer. Most businesses have customer service departments that are accessible through the telephone. In many instances, customers who have accounts with a business are asked to provide a piece of "secure" information, such as the maiden name of the customer's mother, or the last four digits of a Social Security number, in order to establish the identity of the calling party. However, such "secure" methods are inadequate precautions when a close family member, personal friend, or other party has knowledge of the same information asked by the customer service representative. In one embodiment, a customer service representative can authenticate the identity of the customer through the transmission of audible tones over a telephone network. At the transmission end, a customer holds the token over the mouthpiece of a telephone and presses the activation button. At the receiving end, the customer service representative holds the ear piece of the telephone against a sound detection/deeoding device that compares the received audible tone to a database of tones. A positive match confirms the identity of the calling party.
It should be noted that the exemplary embodiments can be implemented whenever a database for storing information pertaining to the authentication process, as discussed above, exists at the receiving end. The processor of the exemplary embodiment can be configured to implement any one of the various cryptographic schemes that are presently available. Hence, the exemplary embodiment can be used to implement one cryptographic scheme with one party and another cryptographic scheme with another party.
The basic implementation of the exemplary embodiment can be performed without the need for a physical connection to an intermediary device because it can communicate with the separate parties through the almost universal communication medium of sound. , Thus, a novel and improved method and apparatus fox securely 5 identifying individuals through the use of audible tones have been described.
Those of skill in the art would understand that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. The various 10 illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether the functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans recognize the interchangeability of hardware and software under these circumstances, and how best to implement the described functionality for each particular application. As examples, the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented or performed with a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components such as, e.g., registers and FIFO, a processor executing a set of firmware instructions, any conventional programmable software module and a processor, or any combination thereof. The processor may advantageously be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, micro-controller, or state machine. The software module could reside in RAM memory, flash memory, ROM
memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. Those of skill would further appreciate that the data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description are advantageously represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
In addition to various input elements, the exemplary embodiment may also include an output element for communicating with electronic devices more directly, rather than through sound generation. For example, the sound component will be engaged for authentication functions, but an output element can be engaged for data transfers, such as the backup of the cryptographic signatures onto a personal computer or the exchange of public key information.
In another embodiment, an activation requirement can be programmed into a token, so that another party may not use the token fraudulently or accidentally. In this embodiment, a user interface can be incorporated with the token so that an activation check can be performed. Hence, a token will not generate an authentication signature unless it receives confirmation as to the identify of its user. It should be noted that the token may generate audible tones as part of a protocol interaction even though the token may ultimately refuse to generate an audible authentication signature.
Confirmation can come in the form of a PIN entered into a keypad.
Alternatively, confirmation can be determined from a voice print, wherein the user interface is a microphone and the processor has sufficient processing ability to enable voice recognition. Voice recognition methods are well known in the art and will not be discussed in detail herein.
Another method to activate a token that has a microphone input would be to use a Dual Tone Multi-Frequency (DTMF) device to input the activation code. This method has the advantage of requiring little processing complexity and requiring an inexpensive and commonly available DTMF
sound generator (such as a telephone). Another implementation of the activation requirement is to have the sound component utter numbers in a sequential or non-sequential manner. Whenever a number in the PIN is uttered, the user presses the activation button to register the number with the processor.
In another implementation that can be used in conjunction with the activation requirement methods described above, each cryptographic g signature can be associated with its own activation requirement, so that the token may require a different activation check for each authentication request from separate entities. As an added security precaution, the token can be programmed to become inactive if too many attempts are made to input the activation code.
In another embodiment, the sound component of the token can be configured to generate encoded audible tones, wherein the encoding will increase the probability that the cryptographic message or signature will be delivered without error. Modulation techniques, including, but not limited to Dual Tone Multi-Frequency (DTMF) and Frequency Shift Keying (FSK), can be implemented in order to create a more distinguishable sound amidst loud background noises.
In another embodiment, the functionality of the sound component can be supplemented with an infrared port. Various laptop computer manufacturers, printer manufacturers, and PDA manufacturers have incorporated infrared ports into their equipment. An infrared port may be used advantageously in those circumstances where the use of a sound component would be awkward and undesirable, such as in a public place.
In another embodiment, the sound component can generate ultrasonic frequencies. Alternatively, the generation of ultrasonic frequencies can be made by an add-on device that works in conjunction with the exemplary embodiment. Such an add-on device would be connected to the exemplary embodiment through audible tones or through an output element.
FIG. 3 is a flowchart of an authentication method using a token holding a cryptographic signature. For illustrative purposes, the method is described in relation to a customer trying to access private bank records. However, it should be apparent to one skilled in the art that the method can be applied to any situation wherein a party is trying to access private information or establish access to a computer system or building. At step 300, a customer enters a banking web site using a personal computer. At step 310, the banking web site asks for the identity of the customer by sending a coded challenge to the personal computer, wherein the coded challenge is encoded using a public key of the customer. At step 320, the personal computer requests authentication from the customer. At step 330, the customer holds a token near the microphone and the speakers of the personal computer and presses an activation button. At step 340, a series of audio tones plays between the token and the personal computer. At step 350, the personal computer decodes the audio data and encodes a response to the web site using the coded challenge and the decoded audio data. At step 360, the web site verifies the digital signature on the response from the personal computer by using its own private key.
Once the banking web site has confirmed the identity of the customer, the customer can then access his or her account information.
In another example, a token can be used to authenticate the identity of an individual without the need of a personal computer. Most businesses have customer service departments that are accessible through the telephone. In many instances, customers who have accounts with a business are asked to provide a piece of "secure" information, such as the maiden name of the customer's mother, or the last four digits of a Social Security number, in order to establish the identity of the calling party. However, such "secure" methods are inadequate precautions when a close family member, personal friend, or other party has knowledge of the same information asked by the customer service representative. In one embodiment, a customer service representative can authenticate the identity of the customer through the transmission of audible tones over a telephone network. At the transmission end, a customer holds the token over the mouthpiece of a telephone and presses the activation button. At the receiving end, the customer service representative holds the ear piece of the telephone against a sound detection/deeoding device that compares the received audible tone to a database of tones. A positive match confirms the identity of the calling party.
It should be noted that the exemplary embodiments can be implemented whenever a database for storing information pertaining to the authentication process, as discussed above, exists at the receiving end. The processor of the exemplary embodiment can be configured to implement any one of the various cryptographic schemes that are presently available. Hence, the exemplary embodiment can be used to implement one cryptographic scheme with one party and another cryptographic scheme with another party.
The basic implementation of the exemplary embodiment can be performed without the need for a physical connection to an intermediary device because it can communicate with the separate parties through the almost universal communication medium of sound. , Thus, a novel and improved method and apparatus fox securely 5 identifying individuals through the use of audible tones have been described.
Those of skill in the art would understand that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. The various 10 illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether the functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans recognize the interchangeability of hardware and software under these circumstances, and how best to implement the described functionality for each particular application. As examples, the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented or performed with a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components such as, e.g., registers and FIFO, a processor executing a set of firmware instructions, any conventional programmable software module and a processor, or any combination thereof. The processor may advantageously be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, micro-controller, or state machine. The software module could reside in RAM memory, flash memory, ROM
memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. Those of skill would further appreciate that the data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description are advantageously represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Preferred embodiments of the present invention have thus been shown and described. It would be apparent to one of ordinary skill in the art, however, that numerous alterations may be made to the embodiments herein disclosed without departing from the spirit or scope of the invention.
Therefore, the present invention is not to be limited except in accordance with the following claims.
WHAT IS CLAIMED IS:
Therefore, the present invention is not to be limited except in accordance with the following claims.
WHAT IS CLAIMED IS:
Claims (22)
1. An apparatus for performing identity authentication of a person, comprising:
a processor;
a storage element coupled to the processor, wherein the storage element includes an instruction set executable by the processor for generating a cryptographic signature; and a sound component coupled to the processor, wherein the processor is configured to command the sound component to generate an audible tone associated with the cryptographic signature.
a processor;
a storage element coupled to the processor, wherein the storage element includes an instruction set executable by the processor for generating a cryptographic signature; and a sound component coupled to the processor, wherein the processor is configured to command the sound component to generate an audible tone associated with the cryptographic signature.
2. The apparatus of Claim 1, wherein the sound component comprises a sound generation element and a sound reception element, wherein the processor is configured to determine the cryptographic signature based on an external signal received from the sound reception element.
3. The apparatus of Claim 2, wherein the sound reception element is a microphone.
4. The apparatus of Claim 1, wherein the cryptographic signature is predetermined.
5. The apparatus of Claim 1, further comprising an input element coupled to the processor, wherein the input element is configured to facilitate data transfer.
6. The apparatus of Claim 2, wherein the external signal selects a key.
7. The apparatus of Claim 1, further comprising a user interface, wherein the person can optionally enter an activation check.
8. The apparatus of Claim 7, wherein the activation check is a voiceprint.
9. The apparatus of Claim 7, wherein the activation check is a personal identification number.
10. The apparatus of Claim 2, wherein the cryptographic signature is generated from one of a plurality of cryptographic keys and the audible tone is one of a plurality of audible tones, wherein each of the plurality of audible tones is associated with one of the plurality of cryptographic keys.
11. The apparatus of Claim 10, further comprising a user interface, wherein the person can optionally enter an activation check.
12. The apparatus of Claim 11, wherein the activation check is one of a plurality of activation checks, wherein each of the plurality of activation checks is associated with one of the plurality of cryptographic keys.
13. The apparatus of Claim 12, wherein the plurality of activation checks comprise a plurality of personal identification numbers.
14. The apparatus of Claim 12, wherein the plurality of activation checks comprise a plurality of voiceprints.
15. The apparatus of Claim 2, further comprising an output element coupled to the processor, wherein the output element is configured to facilitate data transfer.
16. The apparatus of Claim 15, wherein the output element is an infrared port.
17. The apparatus of Claim 2, wherein the sound component can transmit a plurality of tones at an ultrasonic frequency.
18. A method for performing identity authentication of a person, comprising:
storing a cryptographic signature on a portable unit; and generating an audible tone associated with the cryptographic signature, wherein the audible tone is offered to authenticate the identity of the person.
storing a cryptographic signature on a portable unit; and generating an audible tone associated with the cryptographic signature, wherein the audible tone is offered to authenticate the identity of the person.
19. A method for performing identity authentication of a person, comprising:
generating a cryptographic signature on a portable unit; and generating an audible tone associated with the cryptographic signature, wherein the audible tone is offered to authenticate the identity of the person.
generating a cryptographic signature on a portable unit; and generating an audible tone associated with the cryptographic signature, wherein the audible tone is offered to authenticate the identity of the person.
20. The method of Claim 19, wherein the generation of the cryptographic signature comprises:
storing a private key of the person;
receiving a challenge, wherein the challenge includes a message coded with the public key of a second party; and forming a response to the challenge, wherein the response includes the challenge coded with the private key of the person.
storing a private key of the person;
receiving a challenge, wherein the challenge includes a message coded with the public key of a second party; and forming a response to the challenge, wherein the response includes the challenge coded with the private key of the person.
21. The method of Claim 19, wherein the cryptographic signature is one of a plurality of cryptographic signatures on the portable unit and the audible tone is one of a plurality of audible tones, wherein each of the plurality of audible tones corresponds to one of the plurality of cryptographic signatures.
22. The method of Claim 19, wherein the generating of a cryptographic signature follows the providing of an activation check code to the portable unit.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US61156900A | 2000-07-07 | 2000-07-07 | |
| US09/611,569 | 2000-07-07 | ||
| PCT/US2001/041049 WO2002005078A2 (en) | 2000-07-07 | 2001-06-18 | Method and apparatus for secure identity authentication with audible tones |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2416202A1 true CA2416202A1 (en) | 2002-01-17 |
Family
ID=24449543
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002416202A Abandoned CA2416202A1 (en) | 2000-07-07 | 2001-06-18 | Method and apparatus for secure identity authentication with audible tones |
Country Status (13)
| Country | Link |
|---|---|
| EP (1) | EP1356360A2 (en) |
| JP (1) | JP2004517376A (en) |
| KR (1) | KR20030022848A (en) |
| CN (1) | CN1708772A (en) |
| AU (1) | AU2001272018A1 (en) |
| BR (1) | BR0112239A (en) |
| CA (1) | CA2416202A1 (en) |
| IL (1) | IL153636A0 (en) |
| MX (1) | MXPA03000124A (en) |
| NO (1) | NO20030046L (en) |
| RU (1) | RU2003103604A (en) |
| TW (1) | TW513629B (en) |
| WO (1) | WO2002005078A2 (en) |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1333406A1 (en) * | 2002-02-04 | 2003-08-06 | Siemens Aktiengesellschaft | Ring tone authentication |
| US7966497B2 (en) * | 2002-02-15 | 2011-06-21 | Qualcomm Incorporated | System and method for acoustic two factor authentication |
| US7487362B2 (en) | 2002-02-15 | 2009-02-03 | Qualcomm, Inc. | Digital authentication over acoustic channel |
| US20030212549A1 (en) * | 2002-05-10 | 2003-11-13 | Jack Steentra | Wireless communication using sound |
| US7401224B2 (en) | 2002-05-15 | 2008-07-15 | Qualcomm Incorporated | System and method for managing sonic token verifiers |
| US7349481B2 (en) * | 2002-07-01 | 2008-03-25 | Qualcomm Incorporated | Communication using audible tones |
| AU2015200701B2 (en) * | 2010-01-12 | 2016-07-28 | Visa International Service Association | Anytime validation for verification tokens |
| CN102713922B (en) | 2010-01-12 | 2015-11-25 | 维萨国际服务协会 | For the method whenever confirmed to checking token |
| CN102971758A (en) | 2010-04-14 | 2013-03-13 | 诺基亚公司 | Method and apparatus for providing automated payment |
| CN201846343U (en) * | 2010-09-25 | 2011-05-25 | 北京天地融科技有限公司 | Electronic signature tool communicating with mobile phone through speech mode |
| KR101103525B1 (en) * | 2010-12-06 | 2012-01-09 | 엘지이노텍 주식회사 | Lighting device |
| KR101103524B1 (en) * | 2010-11-30 | 2012-01-09 | 엘지이노텍 주식회사 | Lighting device |
| US20120197806A1 (en) * | 2011-01-31 | 2012-08-02 | Jason Lester Hill | Sonic based digital networking |
| WO2013009255A1 (en) * | 2011-07-11 | 2013-01-17 | Show & Pay Ab | A security device and a method for supporting validation in a validation process for an end user interacting with a web site |
| WO2013055970A2 (en) * | 2011-10-11 | 2013-04-18 | Tangome, Inc. | Authenticating device users |
| CN102567881A (en) * | 2011-12-30 | 2012-07-11 | 深圳盒子支付信息技术有限公司 | Novel network payment system and method |
| US8826415B2 (en) * | 2012-09-04 | 2014-09-02 | Apple Inc. | Automated device access |
| US9460590B2 (en) | 2012-09-24 | 2016-10-04 | Wal-Mart Stores, Inc. | Determination of customer proximity to a register through use of sound and methods thereof |
| WO2014103072A1 (en) | 2012-12-28 | 2014-07-03 | 楽天株式会社 | Access control system, access control method, mobile terminal, method for controlling mobile terminal, recording medium on which program for controlling mobile terminal is recorded, and program for controlling mobile terminal |
| CN103220599A (en) * | 2013-03-22 | 2013-07-24 | 福州欣联达电子科技有限公司 | Converting method and converter for portable device headset interface and serial communication interface |
| GB2520307A (en) * | 2013-11-15 | 2015-05-20 | Robert Culyer | Barcode authentication method |
| CN104112307B (en) * | 2014-06-24 | 2016-11-16 | 福建歌航电子信息科技有限公司 | Sound wave is utilized to carry out electronic lock and the method for unlocking thereof unblanked |
| CN104463587A (en) * | 2014-09-24 | 2015-03-25 | 冯林 | Payment authentication system |
| US9344892B1 (en) | 2016-01-19 | 2016-05-17 | Fmr Llc | Mobile device authentication and call routing using dual-tone multi-frequency signaling |
| CN105700448B (en) * | 2016-01-29 | 2018-06-08 | 中国联合网络通信集团有限公司 | Long-distance monitoring method and remote monitoring system |
| CN105809790B (en) * | 2016-03-10 | 2018-04-10 | 上海斐讯数据通信技术有限公司 | A kind of method of sound wave lock system and automatic unlocking |
| WO2018042798A1 (en) * | 2016-09-02 | 2018-03-08 | シャープ株式会社 | Response device, control method therefor, and control program therefor |
| CN106981111A (en) * | 2017-03-22 | 2017-07-25 | 福建农林大学 | A kind of utilization rivest, shamir, adelman encrypts the electronic switch lock and its method for unlocking of sonic data |
| CN108040186B (en) * | 2017-11-15 | 2021-02-09 | 维沃移动通信有限公司 | DTMF signal sending method and mobile terminal |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IL64675A0 (en) * | 1981-12-30 | 1982-03-31 | Greenberg Avigdor | Data verification system |
| FR2640835B1 (en) * | 1988-12-07 | 1994-06-24 | France Etat | AUTHENTICATION DEVICE FOR INTERACTIVE SERVER |
| US5583933A (en) * | 1994-08-05 | 1996-12-10 | Mark; Andrew R. | Method and apparatus for the secure communication of data |
| FR2753860B1 (en) * | 1996-09-25 | 1998-11-06 | METHOD AND SYSTEM FOR SECURING REMOTE SERVICES PROVIDED BY FINANCIAL ORGANIZATIONS | |
| WO2000021020A2 (en) * | 1998-10-02 | 2000-04-13 | Comsense Technologies, Ltd. | Card for interaction with a computer |
| WO2001011575A1 (en) * | 1999-08-09 | 2001-02-15 | Wow Company S.A. | Portable certification device with acoustic coupling |
-
2001
- 2001-06-18 CA CA002416202A patent/CA2416202A1/en not_active Abandoned
- 2001-06-18 WO PCT/US2001/041049 patent/WO2002005078A2/en not_active Application Discontinuation
- 2001-06-18 CN CNA018124151A patent/CN1708772A/en active Pending
- 2001-06-18 RU RU2003103604/09A patent/RU2003103604A/en not_active Application Discontinuation
- 2001-06-18 BR BRPI0112239-8A patent/BR0112239A/en not_active IP Right Cessation
- 2001-06-18 MX MXPA03000124A patent/MXPA03000124A/en unknown
- 2001-06-18 EP EP01951085A patent/EP1356360A2/en not_active Withdrawn
- 2001-06-18 AU AU2001272018A patent/AU2001272018A1/en not_active Abandoned
- 2001-06-18 KR KR10-2003-7000153A patent/KR20030022848A/en not_active Application Discontinuation
- 2001-06-18 IL IL15363601A patent/IL153636A0/en unknown
- 2001-06-18 JP JP2002509874A patent/JP2004517376A/en active Pending
- 2001-07-06 TW TW090116596A patent/TW513629B/en not_active IP Right Cessation
-
2003
- 2003-01-06 NO NO20030046A patent/NO20030046L/en not_active Application Discontinuation
Also Published As
| Publication number | Publication date |
|---|---|
| TW513629B (en) | 2002-12-11 |
| AU2001272018A1 (en) | 2002-01-21 |
| NO20030046L (en) | 2003-02-21 |
| RU2003103604A (en) | 2004-06-10 |
| WO2002005078A2 (en) | 2002-01-17 |
| IL153636A0 (en) | 2003-07-06 |
| EP1356360A2 (en) | 2003-10-29 |
| WO2002005078A3 (en) | 2003-08-21 |
| JP2004517376A (en) | 2004-06-10 |
| MXPA03000124A (en) | 2003-09-22 |
| BR0112239A (en) | 2006-05-02 |
| CN1708772A (en) | 2005-12-14 |
| KR20030022848A (en) | 2003-03-17 |
| NO20030046D0 (en) | 2003-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2416202A1 (en) | Method and apparatus for secure identity authentication with audible tones | |
| US9231944B2 (en) | Method and apparatus for the secure authentication of a web site | |
| JP4680505B2 (en) | Simple voice authentication method and apparatus | |
| US8755501B2 (en) | Acoustic encoding of dynamic identification codes | |
| US8943583B2 (en) | System and method for managing sonic token verifiers | |
| US7966497B2 (en) | System and method for acoustic two factor authentication | |
| JP2004519874A (en) | Trusted Authentication Digital Signature (TADS) System | |
| US7836308B2 (en) | Apparatus and method for multiple function authentication device | |
| JP3925613B2 (en) | Personal authentication system and personal authentication method | |
| JP2001298779A (en) | Mobile information terminal and service system using it | |
| KR20030025962A (en) | Method for authenticating user using security card based on sound | |
| JP2002288623A (en) | Ic card system | |
| KR19980019231A (en) | AUTHENTICATION SYSTEM FOR REMOTE BANKING SERVICE USING COMPUTER COMMUNICATION NETWORK |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |