DE102022114118A1 - Procedure for user authentication for online applications - Google Patents

Abstract

The invention relates to a method for operating a computer system 1, consisting of a server 1.1 and at least one connected client 1.2, the client 1.2 comprising at least one output unit 2.1 and at least one input unit 2.2 for interaction with a user 4, and a recording unit 3 for creating an authentication feature that is transmitted to the server 1.1, - a work order is issued by a primary application on the output unit, which is processed by the user 4 using the input unit 2.2, so that a work result is available, - whereby via a secondary application, the detection unit 3 is controlled for the purpose of detecting an authentication feature and the work result and the authentication feature are transmitted to the server 1.1, the authentication feature being recorded during the processing of the work order at z points in time about which the user is kept ignorant, whereby the respective point in time is determined randomly.

Description

• - bestehend aus einem Server und mindestens einem verbundenen Client, wobei der Client eine Ausgabeeinheit und eine Eingabeeinheit zur Interaktion mit einem Nutzer umfasst, und eine Erfassungseinheit zur Erstellung eines Authentifizierungsmerkmals umfasst, das an den Server übermittelt wird,
• - wobei von einer primären Anwendung ein Arbeitsauftrag auf dem Client ausgeführt und über die Ausgabeneinheit angezeigt wird, der vom Nutzer mittels der Eingabeeinheit bearbeitet wird, sodass ein Arbeitsergebnis vorliegt,
• - wobei über eine sekundäre Anwendung die Ansteuerung der Erfassungseinheit zwecks Erfassung eines Authentifizierungsmerkmals erfolgt und das Arbeitsergebnis sowie das Authentifizierungsmerkmal an den Server übermittelt werden.

The invention relates to a method for operating a computer system for the purpose of user authentication,

• - consisting of a server and at least one connected client, the client comprising an output unit and an input unit for interaction with a user, and a capture unit for creating an authentication feature that is transmitted to the server,
• - a work order is executed by a primary application on the client and displayed via the output unit, which is processed by the user using the input unit, so that a work result is available,
• - The capture unit is controlled via a secondary application for the purpose of capturing an authentication feature and the work result and the authentication feature are transmitted to the server.

To start the primary application, it can be advantageous if the client accesses the primary application, which is designed as a web application, via a web browser. For this purpose, a work program is at least temporarily loaded from the server to the client, which is then executed on the client.

A server is a computer in a network, such as the Internet or intranet, that primarily provides services such as web applications. This also includes online applications for access by a client or an input computer.

A client is a computer in a network, e.g. Internet or intranet, that primarily uses server services. A client is therefore an Internet-enabled device or an Internet-enabled input computer that accesses the applications or programs provided by the server.

The capture unit is a recording device attached or connected to the client for capturing or creating at least one authentication feature.

The use of a web application on the client is referred to as an online application.

A web browser is a program through which the client accesses applications on the server.

In the following, all people who receive a work order from an inspector are referred to as users. These can include people applying for a job at a company, as well as students or schoolchildren. A user is therefore a person from whom an authentication feature is recorded for the purpose of identity control during the processing of a work order.

In the following, auditors are all people who, as part of an audit situation, assign a work order to be processed to one or more users and receive the result of the work order after the audit has been completed. These can include people who are involved in personnel selection as well as teachers. An examiner or a recruiter is therefore a person who further processes the work result and the at least one authentication feature for the purpose of evaluation.

The invention also relates to a program on a data carrier or as a web application for carrying out the method according to the invention and to an auditor computer program on a data carrier or as a web application for reading out and/or editing the report.

A continuously increasing demand from business and administration for online applications of various kinds can be observed. Since these online applications usually achieve lower levels of controllability compared to face-to-face formats with comparable content, special measures must be taken to ensure the authenticity of the users and, for example, to prevent attempts at deception.

The prevention of attempts at deception is particularly important in cases of examinations, e.g. B. relevant at colleges and universities. Furthermore, the area of “personnel selection in business” represents an area of application for web-based tools for recording applicants’ skills. These so-called online assessments or online tests for determining the suitability or analyzing potential of applicants or users are susceptible to attempts at deception. To counteract this, various so-called proctoring methods are offered.

There is already a procedure for running a video conference from the US 8,780,166 B2 known. In addition to the various participant systems, a server system is provided through which the video conference is recorded.

From the US 2017/0227995 A1 a method for user authentication is known. Authentication features are recorded at a fixed frequency of, for example, 50 Hz.

1. 1. Die Proctoring-Anwendung wird vom Nutzer vor Nutzung der Online-Anwendung separat gestartet. Über eine Webcam werden Lichtbild- oder Video-Aufnahmen angefertigt, die der Nutzer-Authentifizierung dienen. Anschließend beginnt der Nutzer mit der eigentlichen Anwendung.
2. 2. Während der Nutzung der Online-Anwendung erfolgt eine kontinuierliche Video-Aufnahme des Nutzers zur Authentifizierung. Diese wird ebenfalls von einer eigenen Proctoring-Anwendung vorgenommen.

So-called proctoring methods or proctoring applications are used to authenticate users in online applications. They are based on webcam recordings of the user before or while using the online application. The following technical solutions are common:

1. 1. The proctoring application is started separately by the user before using the online application. Photographs or videos are taken via a webcam to authenticate the user. The user then starts with the actual application.
2. 2. While using the online application, a continuous video recording of the user is made for authentication. This is also done by our own proctoring application.

In both cases, the proctoring application works independently of the actual online application from a software perspective. This results in a double software structure (primary application and proctoring application), double evaluation by the user (evaluation of the webcam recordings and the data stored by the primary application), higher data consumption and necessary computing power as well as larger amounts of data to be stored. This has a negative impact on the usability of the application, on the equal treatment of users with older hardware or poorer internet connections and on aspects of data protection and data security.

The invention is based on the object of designing and arranging a method for user authentication in online applications in such a way that the use of reduced computing and storage power as well as simplified handling are guaranteed.

The problem is solved according to the invention in that the authentication feature is detected during the processing of the work order at z points in time about which the user is kept unaware, the respective point in time being determined randomly. For this purpose, the server or the secondary application has a random generator or something similar. In the case of three or more points in time, the duration between two points in time varies. The times at which the authentication features are recorded are therefore based on a stochastic principle. This ensures that neither the user nor the user knows the time at which the respective authentication feature was recorded. Because the time of recording is randomly generated by the system, even the user is unable to give the user any information. Any assistant can therefore be considered as a user. It is also not possible to manually influence the respective time of recording.

The capture unit is a capture unit for biometric data, such as an image capture unit or a so-called webcam, a microphone, a fingerprint sensor or the like. The input unit is usually a keyboard for entering characters, a microphone for entering sounds or a so-called mouse for entering other commands. The time for recording the authentication feature is preferably within the working time that is available to create the work result or is required by the user. In this respect, a functional connection is provided between the specified point in time and the working time.

It can also be advantageous if the number z of times meets the following condition: 1 <= z <= f, with f = 60 per hour, or f = 30 per hour or f = 10 per hour. By recording one or a few authentication features at a few points in time during the execution of the work order, comprehensive and therefore sufficient authentication of the user is still guaranteed. Since the user does not know exactly when the capture will take place, he feels like he is in the same situation as if continuous capture were taking place. In addition, authentication by an examiner or recruiter can be carried out with a time delay and in a time-saving manner. In addition, the procedure allows the user to carry out the test at any time, without this time being dependent on a specific test date. In addition, the result of user authentication can be determined more quickly. The report file with the one authentication feature or with the few authentication features is very small. A manual check is possible in a short time.

It can be advantageous if a work program is provided which includes the primary application and the secondary application. Such an integral software solution simplifies the associated effort, especially with regard to transmission, encryption and application. Both the work result and the authentication feature are an incremental part of the work program. The secondary application is a so-called proctoring application.

The work program can also be retrieved from the server or loaded onto the client to run on the client. The same applies to the work order and/or the applications, i.e. the primary and secondary applications. These are retrieved from a server or loaded onto the client. This server does not have to be the same server to which the work product and authentication token are sent.

Furthermore, it can be advantageous if the secondary application causes an active status of the capture unit in relation to the capture unit for a period of time while the work order is being processed, which lasts longer than the capture of the authentication feature and the associated activation. The period of time over which the detection unit is activated is therefore longer than the period of time that it takes to activate the camera in order to cause the authentication feature to be detected. In this way, the user cannot determine at what point in time the authentication feature is recorded based on the activation status. In this respect, the time of recording remains unknown for the user. The secondary application can activate the capture unit accordingly for the entire processing time or cause the activation status, i.e. set the activation status that may be recognizable by the user to “active”. During this activation state, authentication credentials may be collected but are only partially processed by the secondary application.

In addition, it can be advantageous if the user's consent is obtained before the work order is processed so that the detection unit is activated at a later point in time that is unknown to him. Consent takes the form of an input request to the user by confirming that he agrees to control the capture unit for the purpose of capturing an authentication feature. This process step is preferably an incremental part of the work program.

It can also be advantageous if the user is informed about which type of recording unit is being controlled or used before the work order is processed. The user is thus informed about which biometric characteristic is being recorded.

It can be advantageous if the work program uses a test mode in which the capture unit is displayed via at least one output unit of the client, so that the user has the option of setting and aligning the capture unit in such a way that the capture unit actually has the corresponding biometric feature of the user can capture. The test mode should take place before the capture unit is activated in order to capture an authentication feature.

It can advantageously be provided that the detection unit is activated while the work order is being processed. Regardless of any synchronization between the working time and the time of recording the authentication feature, it is advantageous to control the detection unit, i.e. the detection of an authentication feature, during the processing of the work order in order to ensure authentication within the working time. The control of the detection unit is both started and stopped during the processing time. This is accompanied by the fact that the time it takes to record an authentication feature is shorter than the working time. The primary application and the secondary application communicate with each other in the sense of a functional connection to determine the recording time.

It can be of particular importance for the present invention if the time for recording the authentication feature depends on the progress of processing the work order. In any case, the time is not transparent for the user, so that only he or she has to operate the client during the entire working time, i.e. the duration of the work order processing.

In connection with the design and arrangement according to the invention, it can be advantageous if the authentication feature is a biometric feature by which the user can be identified. A possible biometric feature is an image, a video sequence, an audio and/or voice recording, a fingerprint or other biometric data, such as just an image of the iris.

It can also be advantageous if the primary application is a test or examination. Other applications can also be considered where user authentication is necessary.

It can also be advantageous if the work result and the authentication feature are combined in a self-contained report file. The work result and the authentication feature are transmitted to the server. The summary is advantageously carried out by the server or the primary application. The summary can also be done through the work program. In this respect, the handling of the data to be processed is simplified with regard to storage and secure transmission. The progress of the work and the time at which the authentication feature was recorded are documented and possibly also partially synchronized. Separate report files for the authentication feature and the work result are also possible. In this case, the authentication feature could also be transmitted directly after capture.

Furthermore, it can be advantageous if at least one piece of information is created in the report file, which shows at what point in the processing of the work order the authentication feature was created. If a log file is created that records which input devices were used at what time, a comparison can be made to the time the authentication feature was recorded in order to check whether the user actually operated the client. Internal log files do not play a direct role in authentication by an auditor, such as a recruiter. Authentication is based primarily on the authentication features in the report file.

It can be advantageous if the user is authenticated using the authentication feature. In the case of an image with the live image, the comparison of the authentication feature can take place on site as part of a personal conversation or on the basis of the identity card or passport. Of course, automated comparison of stored biometric data with the corresponding authentication feature is also possible.

Finally, it can be beneficial to have the working program run in a web browser on the client. This is a standard procedure for applying a work program to a client, since online applications are usually accessed by clients via a web browser. The web browser on the client runs a work order as part of the primary application.

• 1 das Computersystem;
• 2 ein Flussdiagramm des Arbeitsprogrammes;
• 3 ein Flussdiagramm des Prüfer-Computerprogramms.

Further advantages and details of the invention are explained in the patent claims and in the description and shown in the figures. It shows:

• 1 the computer system;
• 2 a flowchart of the work program;
• 3 a flowchart of the auditor computer program.

According to 1 the computer system 1 has a server 1.1, a client 1.2 and a second client 1.2 '. The server 1.1 and the clients 1.2, 1.2' are connected to each other via a network 1.3. The network 1.3 can z. B. be the Internet. Data can be exchanged between the server 1.1 and the clients 1.2 via the network 1.3. The network 1.3 is used to at least temporarily load a work program from the server 1.1 to the client 1.2. A primary application is then played on client 1.2 via the working program.

The client 1.2 has two output units 2.1, namely a monitor 2.1 and a loudspeaker 2.1. In addition, the client 1.2 has two input units 2.2. The input units 2.2 are a keyboard 2.2 and a mouse 2.2. Furthermore, two detection units 3 are provided on the client 1.2. The detection units 3 are a webcam 3 and a microphone 3.

The working program that runs on client 1.2 runs a primary application and a secondary application. The primary application is a work order that is displayed on at least one of the output units 2.1, so that a user 4 has the opportunity to process this work order, with the user 4 processing the work order using at least one of the input units 2.2. Once the user 4 has finished processing the work order, a work result is available. While the work order is being processed, at least one authentication feature of the user 4 is recorded via at least one of the recording units 3. Creating at least one authentication credential is done through the secondary application. For example, the secondary application triggers the recording of a photo of the user 4 via the webcam 3 or the recording of a short video of the user 4. The time at which such an authentication feature is recorded is unknown to the user 4. If the work order is a test or an exam, it is possible in this way to ensure that the user 4 who is supposed to take the exam is actually the one who operates the client 1.2.

After processing, the work result and the at least one authentication feature are sent to server 1.1 in a common report file. An examiner or a recruiter 5 then has the opportunity to view and edit the report file using an examiner computer program that is installed on a second client 1.2' or on the server 1.1. The report file could also, for example, B. can be accessed via email. A 6.1 monitor and a 6.2 keyboard are available for this purpose.

According to flowchart 2 To carry out the procedure for operating the computer system 1, the user 4 is first asked to load the work program from the server 1.1 to the client 1.2. The working program is then played on the client 1.2. It can be played in a web browser.

The work program or the primary application or the secondary application asks the user 4 for consent to create the at least one authentication feature. In addition, the user 4 can be informed about which capture unit 3 is used to create the authentication feature. In addition, a test mode can be provided, by means of which the user 4 can ensure that the corresponding detection unit 3 can actually detect the corresponding biometric feature of him. Is e.g. B. the webcam 3 is selected as the detection unit 3, the user 4 can test or ensure that the webcam 3 is aimed at him and thus takes a photo or a short video of him.

The work program launches a primary and a secondary application. The primary application can be a test or an exam. The secondary application can typically be a proctoring application.

After starting the primary application, the work order is represented on at least one output unit 2.1. The primary application then records the user input at the input unit 2.2. In this way, the user 4 can process the work order so that a work result is available at the end. At the same time, the secondary application, i.e. the proctoring application, starts. The secondary application controls the at least one relevant capture unit 3 in order to capture an authentication feature of the user 4. The time at which the authentication feature is recorded is randomly selected by the secondary application or can already be predetermined in the secondary application. It is therefore conceivable that an authentication feature is created at a certain point in time after the start of processing the work order or at a certain point in the processing of the work order. However, the detection unit 3 remains active throughout the entire time, so that the actual storage of the authentication feature remains unnoticed. Subsequently, the secondary application will create at least one authentication feature during the processing of the work order by the user. It may also be the case that multiple authentication credentials are created at different times.

After a work result is available and the processing of the work order has been completed, the work result and the at least one authentication feature are transmitted to the server 1.1. The authentication feature can also be transmitted directly after capture. The work result and the authentication feature are summarized in a closed report file. In addition, the work program and thus the primary application and the secondary application are terminated.

According to the exemplary embodiment 3 the report file is output on the server 1.1 using an auditor computer program in such a way that it can be evaluated by the auditor 5. In this step, the user 4 is authenticated using the authentication feature. Such authentication can also be done via the auditor's computer program.

According to the flowchart according to the exemplary embodiment 4 An authentication feature is created in the form of a recording. Starting the primary application is linked to the consent of the user 4 to run the secondary application. The report file is created by server 1.1.

Reference symbol list

1

Computer system

1.1

server

1.2

Client

1.2'

second client

1.3

network, internet

2.1

Output unit, monitor, speakers

2.2

Input unit, keyboard, mouse

3

Acquisition unit, webcam, microphone

4

User

5

Examiners, recruiters

6.1

Output unit, monitor

6.2

Input unit, keyboard

QUOTES INCLUDED IN THE DESCRIPTION

This list of documents listed by the applicant was generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• US 8780166 B2 [0013]
• US 20170227995 A1 [0014]

Claims (10)

Method for operating a computer system (1), - consisting of a server (1.1) and at least one connected client (1.2), the client (1.2) having at least one output unit (2.1) and at least one input unit (2.2) for interaction with a user (4), and a capture unit (3) for creating an authentication feature that is transmitted to the server (1.1), - a work order being carried out by a primary application on the client (1.2) and displayed via the output unit (2.1). which is processed by the user (4) using the input unit (2.2), so that a work result is available, - the detection unit (3) is controlled via a secondary application for the purpose of recording an authentication feature and the work result and the authentication feature are sent to the server (1.1) are transmitted, characterized in that the authentication feature is recorded during the processing of the work order at z points in time about which the user (4) is kept unaware, the respective point in time being determined randomly. Procedure according to Claim 1 , characterized in that the number z of times meets the following condition: $$1<=\text{e.g}<=\text{f},$$

with f = 60 per hour, or f = 30 per hour or f = 10 per hour. Procedure according to Claim 1 or 2 , characterized in that a work program is provided which includes the primary application and the secondary application. Method according to one of the preceding claims, characterized in that the secondary application causes an active status of the capture unit (3) with respect to the capture unit (3) for a period of time during the processing of the work order, which lasts longer than the capture of the authentication feature and thus associated activation. Method according to one of the preceding claims, characterized in that the time for recording the authentication feature depends on the progress of processing the work order. Method according to one of the preceding claims, characterized in that the authentication feature is a biometric feature by which the user (4) can be identified. Method according to one of the preceding claims, characterized in that a test or an examination is used as the primary application. Method according to one of the preceding claims, characterized in that the work result and the authentication feature are combined in a self-contained report file, at least one piece of information being created in the report file which shows at what point in the processing of the work order the authentication feature was created became. Program on a data carrier or as a web application to carry out the procedure in accordance with Claims 1 until 8th . Auditor computer program on a data carrier or as a web application for reading and/or editing the report in accordance with Claim 9 .

Images