CN117043769A - Access control for applications - Google Patents

Access control for applications Download PDF

Info

Publication number
CN117043769A
CN117043769A CN202280021106.2A CN202280021106A CN117043769A CN 117043769 A CN117043769 A CN 117043769A CN 202280021106 A CN202280021106 A CN 202280021106A CN 117043769 A CN117043769 A CN 117043769A
Authority
CN
China
Prior art keywords
application
access control
authentication means
phone
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202280021106.2A
Other languages
Chinese (zh)
Inventor
珍-伊夫·戈麦斯
杰罗姆·乔梅尔
杰罗姆·米沙隆
本杰明·布蒂农
卡米尔·杜波伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ai Seleju
Original Assignee
Ai Seleju
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ai Seleju filed Critical Ai Seleju
Priority claimed from PCT/EP2022/056693 external-priority patent/WO2022194864A1/en
Publication of CN117043769A publication Critical patent/CN117043769A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/13Sensors therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Image Input (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Measurement Of Length, Angles, Or The Like Using Electric Or Magnetic Means (AREA)
  • Telephone Function (AREA)

Abstract

The present disclosure relates to an electronic device (100) adapted to run at least one application (APP 1, APP2, APPn) with access control, wherein the number of authentication means implemented by access control is configurable according to a security level assigned to the application.

Description

Access control for applications
The present application claims priority from french patent applications 21/02767 and 21/02768, which are to be considered as part of this disclosure, insofar as allowed by law.
Technical Field
The present disclosure relates generally to electronic devices. The present disclosure more particularly relates to means and methods for controlling access by a user of an electronic device to one or more applications executed by the device.
Background
Electronic devices capable of executing one or more applications are known, such as smart cellular phones or smartphones, touch pads, networking watches, etc. Some of these applications may include access controls that, among other things, ensure that confidential or secret data (e.g., banking data of a user of the device) can only be accessed by a third party if the user is authorized.
Disclosure of Invention
In order to ensure optimal protection of confidential data of users of electronic devices, there is always a need to strengthen the means and methods for controlling access to applications executed by these devices.
One embodiment overcomes all or part of the disadvantages of known means and methods for controlling access to one or more applications executed by an electronic device.
One embodiment provides an electronic device adapted to execute at least one application comprising access control, wherein the number of authentication means implemented by the access control is settable according to a security level assigned to the application.
According to one embodiment, the authentication means comprises at least one biometric sensor.
According to one embodiment, the biometric sensor is a fingerprint sensor.
According to one embodiment, the fingerprint sensor is adapted to acquire fingerprints of a plurality of fingers (preferably from two to four fingers) simultaneously.
According to one embodiment, the fingers form part of the same hand.
According to one embodiment, the number of fingerprints simultaneously acquired by the fingerprint sensor is adjusted according to the security level assigned to the application.
According to one embodiment, the authentication means comprises an access code.
According to one embodiment, the authentication means comprises a geolocation system.
According to one embodiment, the authentication means comprises a peripheral device interacting with the device.
According to one embodiment, the setting of the number of authentication means implemented by the access control is performed by a user of the electronic device.
According to one embodiment, the setting of the number of authentication means implemented by the access control is performed by the developer of the application.
One embodiment provides a method comprising the step of setting a number of authentication means implemented by control of access to the application according to a security level assigned to the at least one application adapted to be executed by the electronic device.
One embodiment provides an electronic device comprising a fingerprint sensor adapted to acquire fingerprints of a plurality of fingers, preferably from two to four fingers, simultaneously.
According to one embodiment, the finger is selected from the fingers of both hands of the same user.
According to one embodiment, the number of fingerprints acquired simultaneously by the sensor is adjusted according to the security level assigned to the application executable by the device.
According to one embodiment, an application may access banking data of a device user.
According to one embodiment, the number of fingerprints acquired simultaneously by the sensor is further adjusted according to the transfer amount performed by the device.
According to one embodiment, the number of fingerprints acquired simultaneously by the sensor is settable.
According to one embodiment, the setting is performed by a user of the electronic device.
According to one embodiment, the setting is performed by a developer of the application.
One embodiment provides a method comprising the step of simultaneously acquiring fingerprints of a plurality of fingers (preferably from two to four fingers) by a fingerprint sensor of an electronic device.
Drawings
The above features and advantages and other features and advantages are described in detail in the remaining disclosure of the particular embodiments, which is set forth by way of illustration and not limitation with reference to the accompanying drawings, wherein:
FIG. 1 is a simplified partial top view of an example of an electronic device, as an example, with the embodiments and modes of implementation described being applicable to this type of electronic device;
FIG. 2 schematically illustrates steps of an embodiment mode of a method of parameterizing access control of an application;
fig. 3 schematically shows a variant of the step of fig. 2;
FIG. 4 schematically illustrates another step of an embodiment mode of a method of parameterizing access control of an application;
fig. 5 schematically shows, in block form, authentication means associated with an embodiment mode of the method of fig. 2 to 4;
fig. 6 schematically shows an embodiment mode of the authentication step;
FIG. 7 schematically illustrates another embodiment of the authentication step;
FIG. 8 schematically illustrates another embodiment of the authentication step; and
fig. 9 schematically shows another embodiment of the authentication step.
Detailed Description
Like features are designated by like reference numerals throughout the various figures. In particular, structural and/or functional features common in the various embodiments may have the same reference numerals and may be provided with the same structural, dimensional, and material properties.
For clarity, only the steps and elements that are helpful for understanding the embodiments have been illustrated and described in detail. In particular, the software implementation of the described access control method is not described in detail.
Unless otherwise indicated, when referring to two elements being connected together, this means that there is no direct connection of any intermediate element other than a conductor, and when referring to two elements being coupled together, this means that the two elements may be connected, or that they may be coupled via one or more other elements.
In the following description, when referring to terms such as "front," "rear," "top," "bottom," "left," "right," etc., which define an absolute position, or relative positions such as the terms "above," "below," "upper" and "lower," etc., or terms such as the terms "horizontal," "vertical," etc., which define a direction, unless otherwise specified, refer to the orientation of the drawings.
Unless otherwise specified, the expressions "about", "approximately", "substantially" and "approximately" mean plus or minus 10%, preferably plus or minus 5%.
Fig. 1 is a simplified partial top view of one example of an electronic device 100, as an example, with the described embodiments and modes of implementation being applicable to this type of electronic device 100.
In the illustrated example, the electronic device 100 is a cellular telephone, such as a smart cellular telephone or smart phone, including a display screen 102, preferably a touch screen, on its front face. However, this example is not limiting, and embodiments and implementations of the present disclosure are more generally applicable to any electronic device that includes a touch screen, such as a touch pad, a networked watch, an activity tracker, and the like. For example, once the phone 100 is unlocked by the user, the screen 102 of the phone 100 can display a home screen that includes icons for launching applications executable by the phone 100. In the example shown in FIG. 1, screen 102 more precisely displays a number n of icons 104-1, 104-2, … 104-n. The number n is an integer, for example in the range of 3 to 30.
In this example, the icons 104-1, 104-2, … 104-n are distributed in a grid. Each icon 104-1, 104-2, … 104-n, for example, enables the execution of the application APP1, APP2, … APPn to be started or resumed. In the case where the screen 102 of the phone 100 is tactile, execution of each application APP1, APP2, … APPn is initiated or resumed, for example by a short press of the user's finger on the screen 102 on the corresponding icon 104-1, 104-2, … 104-n, typically for a duration of less than 1 second.
Applications APP1, APP2 … APPn may be installed on the phone 100, for example stored in a non-volatile memory (not shown) of the phone 100. As a variant, all or part of the applications APP1, APP2, … APPn are installed outside the phone 100, e.g. stored on a server or cloud.
In the example shown, screen 102 further displays icons 106 (MENU) that enable access to the setup MENU of phone 100. The setup menu enables, among other things, the user to modify options related to applications APP1, APP2, … APPn executable by the phone 100. For example, the setup menu also enables a user to configure and activate wireless communication functions of the phone 100 with a mobile phone network or other electronic device, to personalize an aspect of a graphical interface of system software executed by the phone 100, to adjust brightness and sound options, to parameterize an email account, to modify a power management profile, and so forth.
Among the applications APP1, APP2 … APPn executable by the phone 100, some applications include access control. Access control is particularly intended to determine the rights or privileges required by an application that one wishes to use the application. This makes it possible in particular to ensure that personal, confidential or secret data used by the application is only accessible to third parties with consent from the user of the telephone 100.
For example, access control is implemented before each launch or launch of an application. The access control may also be subsequently implemented one or more times by the application during its execution, for example when an operation of personal, confidential or secret data of the user using the telephone 100 is being performed.
For example, banking applications, such as payment applications and/or online banking, secure messaging applications, medical or health applications, electronic security applications, and the like, typically include access control. In the case of an online banking application, access control is performed, for example, at the initiation of the application, such as when a user initiates the application to query an account balance, and for each operation to add a beneficiary or transfer, such as for each contactless payment via telephone 100.
Fig. 2 schematically shows the steps of an embodiment mode of a method of parameterizing access control of an application, in the example shown application APP2.
In this example, screen 102 displays a menu 202 for parameterizing application APP2, menu 202 being represented in fig. 2 by a dialog box pointing to icon 104-2 of application APP2. In the example shown, menu 202 includes icons 204 (OPT 1) and 206 (OPT 2), such as to enable setting of various options for application APP2, uninstalling application APP2 from the memory of phone 100, moving icon 104-2 on the grid of the home screen, and so on.
According to one embodiment, the settings menu 202 of the application APP2 further comprises an icon 208 (SECU), via which icon 208 the user can access a menu for setting access control parameters of the application APP2. An example of such a menu will be described below in connection with fig. 4.
For example, where the screen 102 is tactile, the display of the setup menu 202 for each application APP1, APP2, … APPn results from a long press of the user's finger on the screen 102 over the corresponding icon 104-1, 104-2, … 104-n for a duration typically longer than 1 second.
Fig. 3 schematically shows a variant of the step of fig. 2.
In this variant, the screen 102 of the phone 100 displays a MENU 302 (SECU MENU) from which the user can access the access control parameters of each of the applications APP1, APP2 … APPn. The menu 302 is, for example, a submenu of the setup menu of the device 100 that is accessible by a short press on the screen 102 above the icon 106.
In the example shown, menu 302 includes icons 304-1, 304-2, … 304-n enabling a user to access a menu for setting access controls for applications executable by phone 100 (APP 1, APP2, … APPn, respectively). Each menu accessible from one of icons 304-1, 304-2, … -n is, for example, the same as the menu accessible from icon 208 of menu 202 associated with each icon 104-1, 104-2, … 104-n of the home screen, as discussed previously with respect to fig. 2.
The menu for setting the access control of each application APP1, APP2, … APPn executable by the device 100 is preferably indifferently accessible by means of an embodiment of the steps of fig. 2 or by means of an embodiment of the steps of fig. 3. This provides more flexibility for the user to access the access control parameters. As a variant, the menu for setting the access control of each application APP1, APP2, … … APPn can only be accessed by means of the implementation of one or the other steps described in connection with fig. 2 and 3, respectively.
Fig. 4 schematically shows a further step of an embodiment mode of a method for parameterizing access control of an application APP2.
Fig. 4 shows more precisely an example of a menu 402 (APP 2-SECU PARAMS) for setting access control of the application APP2 displayed by the screen 102 of the phone 100. For example, menu 402 is accessible from icon 208 (FIG. 2) of menu 202 or icon 304-2 (FIG. 3) of menu 302 of application APP2, depending on the user's selection.
In the illustrated example, menu 402 includes a list of elements 404-1 (VERIF 1), 404-2 (VERIF 2), and 404-3 (VERIF 3). Each element 404-1, 404-2, 404-3 represents at least one authentication means associated with control of access to application APP2. In this example, each element 404-1, 404-2, 404-3 of the menu 402 includes a switch that enables activation or deactivation of the authentication means associated with that element. In the example shown in fig. 4, authentication means verify 1 and verify 2 are activated, and authentication means verify 3 is deactivated.
In this example, access control for application APP2 implements measures VERIF1 and VERIF2, but does not implement measure VERIF3. Thus, each time application APP2 applies access control, authentication means VERIF1 and VERIF2 are implemented. The order in which authentication means (VERIF 1 and VERIF2 in this example) are activated by access control may be set by a user, for example, by vertically moving elements 404-1 and 404-2 in the orientation of fig. 4, as indicated by the double-headed arrows in fig. 4. For example, in the orientation of FIG. 4, the authentication means corresponding to the element at the top of the list is implemented before the authentication means corresponding to the element at the bottom of the list.
For example, activation and deactivation of each authentication means by access control of application APP2 is conditioned on obtaining a pre-authorization. For example, any change in state of the switch of one of the elements 404-1, 404-2, 404-3 may be submitted to a previous authentication method, such as by typing in a personal code or biometric identification of the user of the phone 100. This enables to avoid activating or deactivating one or more authentication means without the user's knowledge. As a variant, deactivation or activation of the authentication means is submitted to a pre-authorization.
According to one embodiment, a settable number of authentication means are implemented for access control of application APP2. This number is selected, for example, by the user of the telephone 100. As a variant, this number may be determined by the developer of the application APP2, wherein in this case the user for example does not have the possibility to reduce or modify it.
The setting of the number of authentication means implemented by the access control of the application APP2 is preferably performed according to the security level assigned to the application APP2.
Typically, the security level assigned to each application is defined, for example, based on an estimate of the damage that personal data accessible to the application may cause to the user, as an unnecessary or occasional communication with one or more third parties may subsequently process such data by the one or more third parties. For example, any application that has access to confidential or secret data of a user (such as banking data, addresses, medical data, encrypted messages, private photos and/or videos, etc.) is considered to have a high level of security.
In the illustrated example, menu 402 includes another element 406 (+) that enables the user to add one or more additional authentication means for implementing access control to application APP2. Adding a new authentication means to the list may be submitted to pre-authorization in the same manner as the activation and/or deactivation of authentication means already present in the list of menu 402. If the application APP2 or one of the other applications of the phone 100 is not used or has not used a new authentication means, the addition of a new authentication means may also be accompanied by a parameterization step.
Although this is not shown in FIG. 4, it may be provided that the user and/or developer of application APP2 are able to delete at least one of elements 404-1, 404-2, and 404-3 from the list.
Although an embodiment mode of the method of parameterizing access control of application APP2 is described above in connection with fig. 2 to 4, this embodiment mode may be converted into parameterizing access control of all or part of the other applications executable by phone 100.
The user may preferably individually personalize the number of authentication means implemented by access control to each application executable by the phone 100. The advantage of this personalization of the number of authentication means is the fact that this enables the user to increase the number to enhance access control. For example, the user may also individually personalize the nature of the authentication means implemented by access control to each application. This enables, for example, the authentication means to be replaced by other more robust authentication means to enhance access control. User data accessible by applications APP1, APP2, … APPn of phone 100 thus benefit from enhanced protection.
Fig. 5 schematically shows, in block form, authentication means associated with an embodiment mode of the method of fig. 2 to 4.
In fig. 5, block 500 (CTRL) represents access control to an application, such as application APP2 of phone 100.
According to one embodiment, the access control 500 implements at least one biometric type authentication means 502 (BIO). Preferably, the biometric authentication means is selected from:
-FACE recognition sensor or system 504 (FACE);
-another IRIS recognition sensor or system 506 (IRIS);
-a further sensor or system 508 (PALM) for identifying the PALM;
-a further fingerprint recognition sensor or system 510 (FP);
-a further sensor or system 512 (vein) for identifying a vein network of a hand or a part of a hand; and
a further speech recognition sensor or system 514 (VOICE).
Face recognition, iris recognition, and palm recognition sensors or systems 504, 506, and 508 include, for example, at least one image sensor located on the front of phone 100.
The sensors or systems 510 and 512 for identifying fingerprints and for identifying venous networks comprise, for example, at least one image sensor. The image sensor is located, for example, on the front side of the phone 100. According to one embodiment, the image sensor is integrated within or below the screen 102 of the phone 100. As a variant, the image sensor is located on the back of the phone 100 or on the side of the phone 100. The speech recognition sensor or system 514 includes, for example, at least one microphone of the telephone 100.
According to one embodiment, the fingerprint recognition sensor or system 510 may acquire the fingerprint of a single finger 510-1 (1F), or acquire the fingerprints of two fingers 510-2 (2F), three fingers 510-3 (3F), or four fingers 510-4 (4F) of the same hand, either sequentially or simultaneously. As a variant, although this is not shown in fig. 5, it may be provided for the sensor or system 510 to be able to acquire the fingerprints of five fingers of the same hand continuously or simultaneously.
The access control to application APP2 may further implement at least one digital authentication means 516 (NUM). The digital authentication means is selected, for example, from:
two-dimensional CODE 518 (2D CODE), for example a two-dimensional bar CODE of the type specified by the expression "flashcode", "datamatrix" or "QR CODE";
an unlocking scheme 520 (LOCK SCH), for example comprising a set of points displayed by the screen 102 of the phone 100, all or part of which are intended to be touched or connected according to a sequence generally predefined by the user; and
a secret or personal CODE 522 (PIN CODE), for example a numeric or alphanumeric CODE comprising at least four characters.
The code 518 is captured, for example, by an image sensor located on the back of the phone 100 and then processed by an algorithm executed by the microprocessor of the phone 100. As a variant, the code 518 may be taken by an image sensor located on the front of the phone 100, for example by a fingerprint sensor located inside or below the screen 102 of the phone 100.
Although not shown in fig. 5, another digital authentication means 516 may be provided, including reading a Near Field Communication (NFC) tag or NFC tag by the phone 100.
Access control to application APP2 may further implement at least one authentication means 524 (MISC) of another type. The authentication means is selected, for example, from:
a peripheral device 526 (EXT) external to the phone 100, such as another electronic device in communication with the phone 100; and
geographic positioning system 528 (GEO), such as a GPS communication module based on phone 100.
For example, when phone 100 is outside of at least one geographic perimeter, geolocation system 528 can prohibit access to certain applications or certain functions of applications. The perimeter is defined, for example, by a user. This advantageously enables, for example, access to the user's personal data to be prevented in the event that the telephone 100 is stolen.
For example, elements 404-1, 404-2, and 404-3 in the list of menu 402 of FIG. 4 correspond to one or more authentication means in means 504, 506, 508, 510, 512, 514, 518, 520, 522, 526, and 528, respectively, of FIG. 5.
In the case where the access control 500 is applied by an application having a high security level (e.g., an application capable of accessing banking data), a minimum number of authentication means, some authentication means, and/or some type of authentication means may be applied, for example, by a designer of the application.
Fig. 6 schematically shows an embodiment mode of the authentication step. Fig. 6 more accurately illustrates an example in which both authentication means are implemented simultaneously by access control to the application of the telephone 100.
In the example shown, the screen 102 of the phone 100 indicates to the user that both iris recognition, represented in fig. 6 by one eye displayed on the screen 102, and fingerprint recognition, represented in fig. 6 by two fingerprints 602 displayed on the screen, are required. The fingerprint sensor 510 is preferably located inside or below the screen 102 of the phone 100. In the example shown, in the orientation of fig. 6, sensor 510 occupies the lower portion of phone 100.
To perform the authentication step shown in fig. 6, for example, the user may hold phone 100 in his left hand with screen 102 facing them while placing two fingers, such as the index finger and middle finger of the right hand, on sensor 510.
The fact that iris recognition and fingerprint recognition are performed simultaneously advantageously enables to improve security of access control.
Fig. 7 schematically shows another embodiment of the authentication step.
According to this embodiment, during the authentication step, the user is required to place four fingers 702-1, 702-2, 702-3, and 702-4 of the same hand 704 (e.g., the index finger, middle finger, ring finger, and little finger of their right hand) on the screen 102 of the phone 100. The fingerprints of the four fingers 702-1, 702-2, 702-3 and 702-4 of the user's hand 704 are preferably acquired simultaneously by the sensor 510, preferably within a few milliseconds or tens of milliseconds.
According to one embodiment, the sensor 510 is located inside or below the screen 102. Further, the sensor 510 preferably occupies a surface area substantially equal to the surface area of the screen 102 of the phone 100. As a variant, the sensor 510 occupies a surface area that is about up to 30% less than the surface area of the screen 102 of the phone 100. Typically, in this case, the sensor 510 is adapted to simultaneously acquire fingerprints of a plurality of fingers (preferably from two to four fingers) selected from the fingers of the same hand of the user. As a variant, the finger with its fingerprint taken simultaneously by the sensor 510 is selected from the fingers of the user's hands. According to this variant, it is preferable to acquire the fingerprints of both thumbs of the user.
According to one embodiment, the number of fingerprints simultaneously acquired by the sensor 510 is adjusted according to the security level of the application. For example, the sensor 510 is configured to simultaneously acquire two fingerprints for a first application having a low security level, while the sensor 510 is configured to simultaneously acquire four fingerprints for a second application having a high security level (e.g., a security level higher than the first application).
Furthermore, when an application is adapted to perform a transfer, for example, a contactless payment from one account to another account or a bank transfer, the number of fingerprints simultaneously acquired by the sensor 510 is preferably increased according to a desired transfer amount.
As an example:
for an amount less than the first money, for example 50, a fingerprint is required to verify the transfer;
for an amount between a first money and a second money larger than the first money, for example 100 degrees, two fingerprints are required to verify the transfer;
for an amount between the second money and a third money greater than the second money, e.g. 250 degrees, three fingerprints are required simultaneously to verify the transfer; and
for amounts greater than the third money, four fingerprints are required simultaneously to verify the transfer.
To indicate to the user the number of fingerprints to be taken, a plurality of finger-positioning areas are displayed, for example on the screen 102. In fig. 7, these areas are represented by dashed circles, it being understood that in practice, the screen 102 may display symbols or images other than the dashed circles. Preferably, the screen 102 displays the same number of areas as the number of fingerprints to be taken simultaneously by the sensor 510, to require the user to place a sufficient number of fingers on the screen 102. However, due to the fact that the sensor covers a large part of the screen 102 of the phone 100, the user is not constrained to place his or her finger over the dotted circle in order to correctly acquire his or her fingerprint. As a variation, screen 102 may display an image representing a hand and show a number of raised fingers corresponding to the number of fingerprints to be taken simultaneously by sensor 510.
The fact that the simultaneous acquisition of the fingerprints of the four fingers 702-1, 702-2, 702-3 and 702-4 of the same hand 704 of the user is provided advantageously enables to benefit from a more robust authentication means compared to the case of acquiring the fingerprints of a single finger of the hand 704 and compared to the case of successively acquiring a plurality of fingers of the hand. This enables enhanced access control for implementing such authentication means. Thus, user data accessible by applications APP1, APP2, … APPn of phone 100 benefit from enhanced protection.
Fig. 8 schematically shows another embodiment of the authentication step.
According to this embodiment, during the authentication step, the user is required to use a peripheral device 800, such as the networked wristwatch shown in fig. 8, to perform access control. A fingerprint sensor (not shown) is integrated into the display 802 of the watch 800, for example. The screen 102 of the phone 100 displays, for example, a graphic (APP 2-VERIF 1) including a graphic that requires the user to review the watch 800. Further, the screen 802 of the wristwatch 800 displays, for example, a symbol 804 showing a fingerprint to prompt the user to place a finger on the screen 802 of the wristwatch 800.
For example, the fingerprint taken by the watch 800 is compared to one or more reference fingerprints or minutiae previously recorded by the user. The reference fingerprint is stored, for example, in the memory of the watch 800 and then the comparison is performed independently of the phone 100. As a variant, one or more reference fingerprints are stored in the memory of the phone 100, and the fingerprint taken by the watch 800 is then transmitted to the phone 100, for example by means of secure wireless communication, to be compared with this or these reference fingerprints. If the fingerprint acquired by the watch 800 corresponds to one of the reference fingerprints stored in the watch 800 or the phone 100, access to the application is authorized, for example.
Although not shown, the networked wristwatch 800 may implement one or more of the authentication means listed with respect to fig. 5.
An advantage of this embodiment mode is that in the case of the point telephone 100 and the watch 800, access control requires aggregating multiple devices. In case the phone 100 alone or the watch 800 alone is lost or stolen, the user data accessible by the applications of the phone 100 are thus better protected.
Fig. 9 schematically shows another embodiment of the authentication step.
According to this embodiment mode, during the authentication step, the user is required to photograph the two-dimensional barcode 902 to verify the access control. In this example, bar code 902 is printed or etched on token 904. Screen 102 of phone 100 displays, for example, a graphic (APP 2-VERIF 2) that includes a graphic representation of bar code 902 that prompts the user to take token 904.
An advantage of this embodiment is the fact that in the case of a point telephone 100 and a token 904, access control requires aggregation of multiple objects. In the event that phone 100 alone or token 904 alone is lost or stolen, user data accessible by the applications of phone 100 is thus better protected.
Various embodiments and variations have been described. Those skilled in the art will appreciate that certain features of these various embodiments and variants can be combined and that other variants will occur to those skilled in the art. In particular, the described embodiments and implementations are not limited to the authentication means listed in the present disclosure.
Furthermore, for control of access to an application, a person skilled in the art is able to provide any combination of authentication means, either implemented consecutively or simultaneously, depending on e.g. the security level of the application. The possible combinations are not limited to those discussed in detail in this disclosure.
Finally, based on the functional indications given above, the actual implementation of the described embodiments and variants is within the competence of a person skilled in the art. In particular, based on the indications of the present disclosure, the implementation of different sensors and/or elements that participate in access control for each application is within the ability of those skilled in the art.

Claims (15)

1. An electronic device (100) adapted to execute at least one application (APP 1, APP2, APPn) comprising an access control (500), wherein the number of authentication means (504, 506, 508, 510, 512, 514, 518, 520, 522, 526, 528) implemented by said access control is settable according to a security level assigned to said application.
2. The apparatus of claim 1, wherein the authentication means comprises at least one biometric sensor (504, 506, 508, 510, 512, 514).
3. The device of claim 2, wherein the biometric sensor is a fingerprint sensor (510).
4. A device according to claim 3, wherein the fingerprint sensor (510) is adapted to acquire fingerprints of a plurality of fingers (702-1, 702-2, 702-3, 702-4), preferably from two to four fingers, simultaneously.
5. The device of claim 4, wherein the fingers (702-1, 702-2, 702-3, 702-4) form part of the same hand (704).
6. The device according to claim 4 or 5, wherein the number of fingerprints simultaneously acquired by the fingerprint sensor (510) is adjusted according to the security level assigned to the application (APP 1, APP2, APPn).
7. The device of any of claims 1 to 6, wherein the authentication means comprises an access code (518, 520, 522).
8. The apparatus of any of claims 1 to 7, wherein the authentication means comprises a geolocation system (528).
9. The device according to any one of claims 1 to 8, wherein the authentication means comprises a peripheral device (526; 800) interacting with the device (100).
10. The device of any of claims 1 to 9, wherein the setting of the number of authentication means (504, 506, 508, 510, 512, 514, 518, 520, 522, 526, 528) implemented by the access control is performed by a user of the electronic device (100).
11. The device according to any of claims 1 to 9, wherein the setting of the number of authentication means (504, 506, 508, 510, 512, 514, 518, 520, 522, 526, 528) implemented by the access control is performed by a developer of the application (APP 1, APP2, APPn).
12. A method comprising the step of setting the number of authentication means (504, 506, 508, 510, 512, 514, 518, 520, 522, 526, 528) implemented by access control (500) to at least one application (APP 1, APP2, APPn) adapted to be executed by an electronic device (100) according to a security level assigned to said application.
13. The method according to claim 12, wherein the authentication means comprises a fingerprint sensor (510) adapted to acquire fingerprints of a plurality of fingers (702-1, 702-2, 702-3, 702-4), preferably from two to four fingers, simultaneously.
14. The method of claim 13, wherein the fingers (702-1, 702-2, 702-3, 702-4) form part of the same hand (704).
15. The method according to claim 13 or 14, wherein the number of fingerprints simultaneously acquired by the fingerprint sensor (510) is adjusted according to the security level assigned to the application (APP 1, APP2, APPn).
CN202280021106.2A 2021-03-19 2022-03-15 Access control for applications Pending CN117043769A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
FRFR2102767 2021-03-19
FRFR2102768 2021-03-19
FR2102768A FR3120957A1 (en) 2021-03-19 2021-03-19 Multi-finger sensor
PCT/EP2022/056693 WO2022194864A1 (en) 2021-03-19 2022-03-15 Access control for applications

Publications (1)

Publication Number Publication Date
CN117043769A true CN117043769A (en) 2023-11-10

Family

ID=75746888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202280021106.2A Pending CN117043769A (en) 2021-03-19 2022-03-15 Access control for applications

Country Status (2)

Country Link
CN (1) CN117043769A (en)
FR (1) FR3120957A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105745669A (en) * 2013-11-04 2016-07-06 高通股份有限公司 User authentication biometrics in mobile devices
US10284551B2 (en) * 2016-06-01 2019-05-07 Paypal, Inc. Electronic mechanism to self-authenticate and automate actions
US10963877B2 (en) * 2017-07-11 2021-03-30 Mastercard International Incorporated Systems and methods for use in authenticating users in connection with network transactions

Also Published As

Publication number Publication date
FR3120957A1 (en) 2022-09-23

Similar Documents

Publication Publication Date Title
US11765163B2 (en) Implementation of biometric authentication
US8995960B2 (en) Mobile device authentication
US11170085B2 (en) Implementation of biometric authentication
US20220237274A1 (en) Implementation of biometric authentication
US20100138914A1 (en) System and method of providing biometric quick launch
EP3482331B1 (en) Obscuring data when gathering behavioral data
EP3252637B1 (en) Mobile terminal privacy protection method, protection apparatus, and mobile terminal
US20120291120A1 (en) Touchscreen password entry
EP3304407A1 (en) Limited-access functionality accessible at login screen
EP2634719B1 (en) System and method of providing biometric quick launch
CN109472122A (en) A kind of multimedia messages reminding method and system
CN109951598A (en) Display methods, device, computer equipment and the storage medium of application interface
US20140292635A1 (en) Expected user response
US11341221B2 (en) Electric device and control method thereof
CN117043769A (en) Access control for applications
EP3877878A1 (en) Device and method to control access to protected functionality of applications
US20240152591A1 (en) Access control for applications
EP2523137B1 (en) Touchscreen password entry
CN107592398A (en) A kind of intelligent information storage method and system
CN107563162A (en) A kind of concealed unlocking method and system
CN108449511A (en) A kind of presentation of information update method and system
FR3120956A1 (en) Application access control
CN108401072A (en) A kind of instant information processing method and system
CN110210186A (en) A kind of latent function starting method and system
CN108363916A (en) A kind of identification processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination