GB2368951A - User authentication - Google Patents

User authentication Download PDF

Info

Publication number
GB2368951A
GB2368951A GB0030528A GB0030528A GB2368951A GB 2368951 A GB2368951 A GB 2368951A GB 0030528 A GB0030528 A GB 0030528A GB 0030528 A GB0030528 A GB 0030528A GB 2368951 A GB2368951 A GB 2368951A
Authority
GB
United Kingdom
Prior art keywords
user
station
identifier
parameter
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0030528A
Other versions
GB0030528D0 (en
GB2368951B (en
Inventor
Louis Christodoulides
Nicholas Bone
Pubudu Priyanjaya Chandrasiri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Ltd
Original Assignee
Vodafone Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Ltd filed Critical Vodafone Ltd
Publication of GB0030528D0 publication Critical patent/GB0030528D0/en
Publication of GB2368951A publication Critical patent/GB2368951A/en
Application granted granted Critical
Publication of GB2368951B publication Critical patent/GB2368951B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/21Individual registration on entry or exit involving the use of a pass having a variable access code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Abstract

An authentication system requires a user of e.g. a mobile telephone (10) to generate a signal e.g. a biometric measurement of a physical characteristic of the user e.g. fingerprint. This biometric measurement is transmitted, possibly as part of a digitally signed and encrypted message, to a remote service provider (11) where the biometric measurement is compared with a biometric template measurement of the same physical characteristic, stored for the person. The verification process produces an output which identifies the characteristic from which the biometric measurement was taken and which also gives the results of the comparison (e.g. score). A third party (12) receives this information, possibly as part of a digital certificate, and either authenticates the person or not, depending on the information. This could be used for remote transactions between the user and the third party (12).

Description

AUTHENTICATION METHODS AND SYSTEMS The invention relates to authentication methods and systems. Authentication may be used to check the identification of a user by means of a unique identification parameter associated with the user. Examples of such parameters are physical (biometric) characteristics such as fingerprints, a photographic facial image, an iris scan, or voice print, behavioural characteristics such as a signature, a facial expression or a body movement, and artificially created parameters such as a PIN. A user identification parameter of this kind can be measured (in the case of a biometric or behavioural characteristic) or generated (in the case of an artificially created parameter such as a PIN) and then compared with a stored template or reference parameter for that user. Particularly in cases where a biometric or behavioural characteristic is involved, such a comparison or verification process may not produce an exact correlation between the user identification parameter and the stored reference parameter. Verification algorithms are known, involving, for example, statistical spread, that allow the probability that the measured parameter emanates from the same user as the template or reference parameter to be assessed as a"score".
If, following the verification process, it is decided that the user is authenticated as "genuine", this decision can be used to permit the occurrence of some future operation. For example, it may allow a door to be opened or it may allow a commercial transaction involving that user to take place.
In many cases, the generation of the user identification parameter, its comparison with the stored reference parameter, the user authentication, and the allowance of the subsequent action, all occur at the same location. However, this need not be the case: there may be instances where the user is remote from the location where
authentication is required. In that case, it may be a problem, to provide at the remote location both the means for generating the user identification parameter and the means for comparing this parameter with the stored reference parameter.
An example of this problem is where the user wishes to provide the user identification parameter from a mobile telephone.
According to the invention, there is provided a method of providing authentication in response to an authentication request by a user, comprising the steps of generating a user identification parameter at an originating station in response to an input by the user, generating an identifier at the originating station, securely transmitting the user identification parameter and the identifier to an intermediate station, using the identifier received at the intermediate station to access a particular one of a plurality of stored reference identification parameters at the intermediate station, comparing the particular reference parameter at the intermediate station with the user identification parameter received there to produce an output having a value dependent on the comparison, transmitting the output to a receiving station, and making an authentication decision whether the user corresponds to the identifier in dependence on the value of the output.
According to the invention, there is further provided a method of providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where the user is one of a plurality of users known to a service provider, in which the user generates a user identification parameter, the service provider compares the user identification parameter with a particular one of a plurality of reference parameters which it stores for the plurality of users to produce an output having a value dependent on the comparison, the service provider obtains from a Certification Authority a digital certificate for the said transaction, and the service provider transmits the said output with the digital
certificate to the third party which decides whether to comply with the user's authentication request. By separating the comparison or verification process from the generation of the user identification parameter, the originating station can be kept small and lightweight. The originating station may, for example, be a mobile device such as a mobile telephone or a personal digital assistant (PDA) or a laptop computer.
Furthermore, because at least part of the verification process is separated from the originating station, there is less risk that the system will be compromised by theft or misuse of the originating station.
Authentication methods and systems according to the invention will now be described, by way of example only, with reference to the accompanying drawing the sole Figure of which is a block diagram of the system.
The system includes a mobile telephone 10 at which is generated the user identification parameter in a manner to be explained in more detail and which forms an originating station, a service provider 11 for carrying out the verification process, again in a manner to be explained in detail, and which forms an intermediate station, and a third party 12 where final authentication takes place and which forms a receiving station.
The mobile telephone 10 includes a device 13 for measuring a user identification parameter such as by making a biometric measurement of a physical characteristic of the person. As illustrated in the Figure, the identification parameter is a fingerprint but it could be any other biometric or behavioural characteristic such as any of the examples given above. It could alternatively be an artificially generated parameter such as a PIN. The mobile telephone 10 need not itself make the
measurement or generate the identification parameter ; instead, it could simply receive the identification parameter from a dedicated device such as a reader.
The service provider 11 includes a database 14 which stores details of users associated with or subscribing to the service provider 11 together with a template or reference parameter for each user. The service provider 11 also includes a verifier 15 which is able to compare the identification parameter received from the mobile telephone 10 for a particular user with the reference identification parameter obtained for the same user from the database 14 and produced an output which indicates the degree of correlation ("score") between the identification parameter and the reference parameter. This output may also specify which type of identification parameter was used for the verification process.
The third party 12 receives the output from the service provider 11 and decides from this output, and from the value of the score in particular, whether the user who produced the identification parameter is the same user whose details are held by the service provider 11. There are three possible outcomes to this authentication process. The third party 12 may decide that the user is genuine, that the user is not genuine, or that the output from the service provider does not enable either determination to be made. The third party 12 produces a reply based on the authentication process as described in more detail below, which is transmitted to the mobile telephone 10. If the user is authenticated as genuine, the third party may then agree that some specific action takes place such as a financial transaction.
An example of the use of the system will now be described in relation to a desired purchase by a user of goods offered for sale by the third party 12.
When the user indicates a wish to enter into a transaction with the third party 12, the third party 12 requests authentication. On receiving this request, the user, in the system illustrated in the Figure, applies their finger to the device 13 on the mobile telephone 10 to produce a digital signal representing (in this example) a biometric measurement of the fingerprint, that is, the user identification parameter.
The service provider 11 can only carry out the verification process if it knows the purported identity of the user-because it must download the appropriate reference parameter from its database 14 in order to carry out the verification process; that is, the verification process involves a one-to-one comparison of an identification parameter and a reference parameter, and not a one-to-many comparison which would involve comparing the identification parameter with all the stored reference parameters. In other words, therefore, the user must provide some signal (an identifier) to the service provider which indicates the identity (or at least the purported identity) of the user and enables the service provider to download the appropriate reference parameter from the database. The identifier does not have to identify the user by name. For example, the signal identifier could be a password or could comprise the CLI (Calling Line Identifier) of the mobile telephone.
In this way, therefore, the mobile telephone 10 may generate a digitally signed message which (a) indicates the identity or the purported identity of the user, or of the mobile telephone and (b) incorporates the digital signal representing the user identification parameter. This message is encrypted and transmitted from the mobile telephone 10 to the service provider.
It is important that the message from the mobile telephone 10 to the service provider 11 is sent in a secure way. If the message could be intercepted in a way which permitted an unauthorised person to come into possession of the user's
identification parameter, the user's security would be compromised. Although, in principle, a biometric or behavioural identification parameter gives greater security than an artificially generated one such as a PIN, an artificially generated parameter can be changed if compromised, whereas this is not possible, or not easily possible, in the case of a biometric or behavioural identification parameter.
The message from the mobile telephone 10 to the service provider 11 will also include a transaction message which will indicate the nature of the transaction which the user wishes to carry out with the third party. This message is also encrypted.
In a modification, a mobile telephone is not used to transmit the user's identification parameter (and the transaction message) to the service provider. For example, a suitable terminal (e. g. in a retail outlet) may be provided which measures or generates the user's identification parameter and then transmits it, together with the user identifier (e. g. a PIN input into the terminal by the user) to the service provider. The message could in such a case be transmitted along a hard-wired connection such as a fixed PSTN connection, in which case unauthorised interception is much more difficult and the need for encryption of the message is less or absent.
In response to receipt of the digitally signed message from the mobile telephone 10, the verifier 15 in the service provider 11 uses the identifier identifying the user or the user's telephone to download the reference parameter for that user from the database 14. The verifier then performs a comparison between the identification parameter received via the mobile telephone with this reference parameter, in order to produce an output indicating the degree of correlation between the compared parameters (the"score").
If the score is very low, the service provider 11 may then simply send a signal back to the mobile telephone 10 asking the user to carry out another measurement of the user identification parameter and to repeat the process, or the service provider may simply reject the user completely.
In a general case, though, the service provider incorporates the score into a message which is then transmitted to the third party 12. The message will not only include the score but other information concerning the verification process and the user. For example, the message can signify the particular type of biometric or other measurement used in the verification process, and may include such user information as (for example) the credit-worthiness of the user or the user's remaining credit amount) which the service provider 11 would store in its database 14. Details of the transaction (that is, from the transaction message sent by the requesting user) will also be included.
The message transmitted from the service provider 11 to the third party 12 can be transmitted in any suitably secure way which enables the third party 12 to satisfy itself that the message does indeed emanate from the service provider 11. For example, it could be incorporated into a digital certificate produced for that purpose (e. g. the message could be incorporated as an extension to the certificate).
However, instead it could be sent via an encrypted and authenticated channel or by a fixed tamper-proof connection.
On receiving the message from the service provider, the third party makes a determination, on the basis of the"score"received from the service provider, whether to regard the user as"genuine". If it determines that the user is genuine, it may then consider other data (e. g. the data received from the service provider concerning the user's credit worthiness) before making a final decision whether to permit the proposed transaction. If it decides to allow the transaction, it will then
signal this back to the mobile telephone 10 via the service provider 11. Instead, though, it may (as described above) reject the transaction completely or perhaps make a conditional rejection: it might permit part of the transaction (e. g. up to a reduced financial limit) or it might ask for the identification process to be repeated.
In principle, and as described, the system separates verification (carried out by the service provider 11) and authentication carried out by the third party 12.
However, the service provider 11 may itself carry out a"pre-authentication" process. For example, the service provider may be concerned about responsibility which it may have for any transaction message passed to the third party, particularly if this is a digitally signed message, and the service provider has already issued a long-lived certificate associating the signing key with a legitimate user. In such a case, therefore, it may wish to reserve the right to block the transmission of the transaction message unless it is reasonably convinced that the user is genuine. Thus, the service provider's pre-authentication process could require a lower level of certainty (of the user's genuineness), that is, a lower score, than the final authentication process carried out by the third party.
The system describes allows verification to take place remotely from the mobile telephone or other originating station. The originating station simply requires a device that can take the physical measurement necessary to produce the identification parameter. The service provider is well placed to carry out the verification process because it will normally store details of its subscribers on its database, and these details simply need to be amplified to include the relevant reference parameters for the different users. The correlation score produced by the verification process can be transmitted to the third party as part of the already predefined infra-structure of digital certificates and thus uses a standard format that
can be read by any normal implementation of digital certificate services, perhaps with some small modification. As indicated earlier, an advantage of the system and method described is that the verification process is not carried out at the originating station (such as the mobile telephone 10), but is instead carried out centrally by the service provider. This reduces the amount of processing which must be carried out at the originating station and also improves security. However, in the modification, part of the verification process may be carried out at the originating station. For example, in the case where the originating station is a GSM mobile telephone employing a SIM card which has significant data processing capabilities, part of the verification process may be carried out by the SIM card. Thus, for example, the SIM card would receive the measured identification parameter from the measurement device 13 (see the Figure) and would carry out a preliminary comparison with stored data representing a simplified version of, or some function of, the reference parameter.
Only if this initial verification process is satisfactorily completed (that is, the "score"exceeds a predetermined value) is the digitally signed and encrypted message, containing any intended transaction message and the user identification parameter, generated and transmitted to the service provider 11. In this case, also, the message would include the results of the preliminary verification process. The use of a preliminary verification process of this form, carried out at the originating station, serves to eliminate clearly faulty measurements of a user identification parameter, or clearly fraudulent users, at an early stage and reduces the transmission of unnecessary messages to the service provider and fraudulent transactions to the third party. Because only part of the verification process is carried out at the originating station, the security of the whole system would not be significantly compromised by (for example) theft of the mobile telephone or SIM card.
In such an arrangement, the verification process carried out at the service provider 11 can comprise such a process carried out with the remaining part, only, of the reference parameter. In this case, therefore, if the service provider's operations become compromised in some way only the part of the reference parameter which needs to be stored in the service provider's database will be compromised.
Instead, though, the complete verification process can be carried out at the service provider 11, that is, repeating the part carried out at the originating station.
In order to improve security, the service provider 11 may request a short-lived or temporary certificate from a Certification Authority (CA) shown at 16 in the Figure. The certificate issuance and expiry times are sufficiently close together so that only the particular transaction with the third party 12 which is currently being requested by the user at the originating station will be covered. The service provider obtains this short-term certification from the CA 16, attaches data representing the"score"resulting from the comparison process which it has carried out and transmits the certificate to the third party 12 which makes the final decision (acceptance or rejection) and responds accordingly in the manner explained.
The service provider 11 preferably includes (in an additional extension field of the certificate) a digest of the message from the mobile 10. This strengthens security by indicating that only one signed message can be validated by the certificate.
For further security, it is desirable that the whole transaction is time-stamped (e. g. to prevent the user attempting subsequently to resile from a transaction by denying that the mobile telephone 10 was in the user's possession at the time when the transaction was initiated. The use of the short term certificate, obtained from the CA 16 in the manner explained, provides such a time stamp. Moreover, because
the CA 16 is independent, the time stamp has independent authority (as compared with internal time-stamping generated by the service provider 11 or the third party 12). This may therefore enable the use of a separate, independent, time-stamping service to be avoided, with consequent cost serving.
The service provider could be arranged to store for each user a record of the "scores"produced for successive verifications for that user. Such a record could show a"pattern"of scores, and a sudden and substantial change in the pattern might indicate a potentially suspect user identification parameter.
The authentication need not be used for a commercial transaction, it could be used for any purpose. For example, it could be used to perform any remote function that requires authentication.
Although the above description implies a biometric or behavioural measurement, this need not be the case. Instead, the user identification parameter could be a signature or PIN, and these would of course be processed in the manner already explained.

Claims (63)

  1. CLAIMS 1. A method of providing authentication in response to an authentication request by a user, comprising the steps of generating a user identification parameter at an originating station in response to an input by the user, generating an identifier at the originating station, securely transmitting the user identification parameter and the identifier to an intermediate station, using the identifier received at the intermediate station to access a particular one of a plurality of stored reference identification parameters at the intermediate station, comparing the particular reference parameter at the intermediate station with the user identification parameter received there to produce an output having a value dependent on the comparison, transmitting the output to a receiving station, and making an authentication decision whether the user corresponds to the identifier in dependence on the value of the output.
  2. 2. A method according to claim 1, in which the user identification parameter is a biometric or behavioural parameter relating to the user.
  3. 3. A method according to claim 1, in which the user identification parameter is a signal generated by the user such as a PIN.
  4. 4. A method according to any preceding claim, in which the identifier is an identifier signal automatically generated at the originating station in response to the user's authentication request.
  5. 5. A method according to claim 4, in which the identifier is automatically generated by a smart card.
  6. 6. A method according to claim 4 or 5, in which the originating station is or includes a mobile telephone or telecommunications terminal unit and the identifier is generated thereby.
  7. 7. A method according to claim 6, in which the identifier is the calling line identifier of the mobile terminal.
  8. 8. A method according to claim any one of claims 1 to 3, in which the identifier is input by the user.
  9. 9. A method according to any preceding claim, including the step of carrying out a comparison at the originating station between the user identification parameter and a local reference parameter, and the step of blocking the transmission of the user identification parameter to the intermediate station unless the said comparison produces at least a predetermined degree of correlation.
  10. 10. A method according to claim 9, in which the local reference parameter is a function of the particular one of the stored reference identification parameters.
  11. 11. A method according to claim 9 or 10, in which the local reference parameter is stored on and accessed at the originating station from a smart card.
  12. 12. A method according to claim 11, in which the smart card is a SIM.
  13. 13. A method according to any preceding claim, in which the value of the output includes a score representing the degree of correlation between the user identification parameter and the stored reference parameter with which it is compared.
  14. 14. A method according to claim 13, in which the value of the output includes a record of the pattern of a plurality of the said scores corresponding to a plurality of comparisons with the same stored reference parameter.
  15. 15. A method according to claim 13 or 14, in which the output is provided to the receiving station only if the score exceeds a predetermined value.
  16. 16. A method according to claim 14, in which the output is provided to the receiving station only if the score is consistent with the said pattern.
  17. 17. A method according to any preceding claim, in which the user identification parameter is transmitted to the intermediate station in encrypted form.
  18. 18. A method according to any preceding claim, in which the output is transmitted to the receiving station in a manner which authenticates the intermediate station as the transmitter.
  19. 19. A method according to claim 18, in which the output is included in an extension to a digital certificate.
  20. 20. A method according to claim 19, in which the digital certificate has a lifetime sufficiently short to cover only a single comparison by the receiving station.
  21. 21. A method according to any preceding claim, in which the originating station is one of a plurality of originating stations, the intermediate station storing reference identification parameters for all of said plurality of originating stations.
  22. 22. A method of providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where a plurality of users are known to a service provider, in which the requesting user generates a user identification parameter, the service provider compares the user identification parameter with a particular one of a plurality of reference parameters which it stores for the plurality of known users to produce an output having a value dependent on the comparison, the service provider obtains from a Certification Authority a digital certificate for the said transaction, and the service provider transmits the said output with the digital certificate to the third party which decides whether to comply with the user's authentication request.
  23. 23. A method according to claim 22, in which the digital certificate certifies the time of the transaction.
  24. 24. A method according to claim 22 or 23, in which the digital certificate contains a digest of the transaction.
  25. 25. A method according to any one of claims 22 to 24, in which the digital certificate is a temporary certificate having a lifetime only sufficient for the said transaction.
  26. 26. A method according to any one of claims 22 to 25, in which the user identification parameter is generated by the requesting user at an originating station and transmitted to the service provider in a manner resistive to interception.
  27. 27. A method according to claim 26, in which the user identification parameter is transmitted to the service provider in encrypted form.
  28. 28. A method according to any one of claims 22 to 27, in which the user generates a transaction message for the third party which is first transmitted to the service provider in encrypted form.
  29. 29. A method according to claim 28, in which the transaction message is blocked by the service provider if the service provider is not satisfied that the requesting user is one of the known users.
  30. 30. A method according to any one of claims 26 to 29, in which the originating station is or includes a mobile telephone or telecommunications terminal.
  31. 31. A method according to any one of claims 22 to 30, in which the originating station transmits an identifier to the service provider which uses the identifier to access the particular one of the stored reference parameters.
  32. 32. A method according to any one of claims 22 to 31, in which the user identification parameter is a biometric or behavioural parameter obtained from the requesting user.
  33. 33. Apparatus for providing authentication in response to an authentication request by a user, comprising identification means for generating a user identification parameter at an originating station in response to an input by the user, means for generating an identifier at the originating station, transmitting means for securely transmitting the user identification parameter and the identifier to an intermediate station, means at the intermediate station responsive to the identifier received for accessing a particular one of a plurality of stored reference identification parameters at the intermediate station, comparing means for comparing the particular reference parameter at the intermediate station with the user identification parameter received there to produce an output having a value
    dependent on the comparison, means for transmitting the output to a receiving station, means for making an authentication decision whether the user corresponds to the identifier in dependence on the value of the output.
  34. 34. Apparatus according to claim 33, in which the user identification parameter is a biometric or behavioural parameter relating to the user.
  35. 35. Apparatus according to claim 33, in which the user identification parameter is a signal generated by the user such as a PIN.
  36. 36. Apparatus according to any one of claims 33 to 35, in which the identifier is an identifier signal automatically generated at the originating station in response to the user's authentication request.
  37. 37. Apparatus according to claim 36, in which the identifier signal is automatically generated by a smart card.
  38. 38. Apparatus according to claim 36 or 37, in which the originating station is or includes a mobile telephone or telecommunications terminal unit and the identifier is generated thereby.
  39. 39. Apparatus according to claim 38, in which the identifier is the calling line identifier of the mobile terminal.
  40. 40. Apparatus according to any one of claims 33 to 35, in which the identifier signal is input by the user.
  41. 41. Apparatus according to any one of claims 33 to 39, including means at the originating station for carrying out a comparison between the user identification
    parameter and a local reference parameter, and means for blocking the transmission of the user identification parameter to the intermediate station unless the said comparison produces at least a predetermined degree of correlation.
  42. 42. Apparatus according to claim 41, in which the local reference parameter is a function of the particular one of the stored reference identification parameters.
  43. 43. Apparatus according to claim 41 or 42, in which the local reference parameter is stored on and accessed at the originating station from a smart card.
  44. 44. Apparatus according to claim 43, in which the smart card is a SIM.
  45. 45. Apparatus according to any one of claims 30 to 41, in which the value of the output includes a score representing the degree of correlation between the user identification parameter and the stored reference parameter with which it is compared.
  46. 46. Apparatus according to claim 45, in which the value of the output includes a record of the pattern of a plurality of the said scores corresponding to a plurality of comparisons with the same stored reference parameter.
  47. 47. Apparatus according to claim 45 or 46, in which the output is provided to the receiving station only if the score exceeds a predetermined value.
    48. Apparatus according to claim 46, in which the output is provided to the receiving station only if the score is consistent with the said pattern.
    49. Apparatus according to any one of claims 33 to 48, including means for transmitting the user identification parameter to the intermediate station in encrypted form.
    50. Apparatus according to any one of claims 33 to 49, in which the output is transmitted to the receiving station in a manner which authenticates the intermediate station as the transmitter.
    51. Apparatus according to claim 50, in which the output is included in an extension to a digital certificate.
    52. Apparatus according to claim 51, in which the digital certificate has a lifetime sufficiently short to cover only a single comparison by the receiving station.
    53. Apparatus according to any one of claims 33 to 52, in which the originating station is one of a plurality of originating stations, the intermediate station storing reference identification parameters for all of said plurality of originating stations.
    54. Apparatus for providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where a plurality of users are known to a service provider, including means responsive to the requesting user for generating a user identification parameter, means at the service provider for comparing the user identification, in which the output is provided to the receiving station only if the score exceeds a predetermined value.
  48. 48. Apparatus according to claim 46, in which the output is provided to the receiving station only if the score is consistent with the said pattern.
  49. 49. Apparatus according to any one of claims 33 to 48, including means for transmitting the user identification parameter to the intermediate station in encrypted form.
  50. 50. Apparatus according to any one of claims 33 to 49, in which the output is transmitted to the receiving station in a manner which authenticates the intermediate station as the transmitter.
  51. 51. Apparatus according to claim 50, in which the output is included in an extension to a digital certificate.
  52. 52. Apparatus according to claim 51, in which the digital certificate has a lifetime sufficiently short to cover only a single comparison by the receiving station.
  53. 53. Apparatus according to any one of claims 33 to 52, in which the originating station is one of a plurality of originating stations, the intermediate station storing reference identification parameters for all of said plurality of originating stations.
  54. 54. Apparatus for providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where a plurality of users are known to a service provider, including means responsive to the requesting user for generating a user identification parameter, means at the service provider for comparing the user identification parameter with a particular one of a plurality of reference parameters which it stores for the plurality of known users to produce an output having a value dependent on the comparison, means at the service provider for obtaining from a Certification Authority a digital certificate for the said transaction, transmitting means for transmitting the said output with
    the digital certificate from the service provider to the third party which decides whether to comply with the user's authentication request.
  55. 55. Apparatus according to claim 54, in which the digital certificate certifies the time of the transaction.
  56. 56. Apparatus according to claim 54 or 55, in which the digital certificate contains a digest of the transaction.
  57. 57. Apparatus according to any one of claims 54 to 56, in which the digital certificate is a temporary certificate having a lifetime only sufficient for the said transaction.
  58. 58. Apparatus according to any one of claims 54 to 57, in which the user identification parameter is generated by requesting user at an originating station and transmitted to the service provider in a manner resistive to interception.
  59. 59. Apparatus according to claim 58, in which the user identification parameter is transmitted to the service provider in encrypted form.
  60. 60. Apparatus according to any one of claims 54 to 59, in which the user generates a transaction message for the third party which is first transmitted to the service provider in encrypted form.
  61. 61. Apparatus according to claim 60, including means at the service provider for blocking the transaction message if the service provider is not satisfied that the requesting user is one of the known users.
  62. 62. A method of providing authentication in response to an authentication request by a user, substantially as described with reference to the accompanying drawing.
  63. 63. Apparatus for providing authentication in response to an authentication request by a user, substantially as described with reference to the accompanying drawing.
    63. Apparatus for providing authentication in response to an authentication request by a user, substantially as described with reference to the accompanying drawing.
    CLAIMS 1. A method of providing authentication in response to an authentication request by a user, comprising the steps of generating a user identification parameter at an originating station in response to an input by the user, generating an identifier at the originating station, securely transmitting the user identification parameter and the identifier to an intermediate station, using the identifier received at the intermediate station to access a particular one of a plurality of stored reference identification parameters at the intermediate station, comparing the particular reference parameter at the intermediate station with the user identification parameter received there to produce an output having a value dependent on the comparison, transmitting the output to a receiving station, and making an authentication decision whether the user corresponds to the identifier in dependence on the value of the output.
    2. A method according to claim 1, in which the user identification parameter is a biometric or behavioural parameter relating to the user.
    3. A method according to claim 1, in which the user identification parameter is a signal generated by the user such as a PIN.
    4. A method according to any preceding claim, in which the identifier is an identifier signal automatically generated at the originating station in response to the user's authentication request.
    5. A method according to claim 4, in which the identifier is automatically generated by a smart card. Amendments to the claims have been filed as follows
    6. A method according to claim 4 or 5, in which the originating station is or includes a mobile telephone or telecommunications terminal unit and the identifier is generated thereby.
    7. A method according to claim 6, in which the identifier is the calling line identifier of the mobile terminal.
    8. A method according to claim any one of claims 1 to 3, in which the identifier is input by the user.
    9. A method according to any preceding claim, including the step of carrying out a comparison at the originating station between the user identification parameter and a local reference parameter, and the step of blocking the transmission of the user identification parameter to the intermediate station unless the said comparison produces at least a predetermined degree of correlation.
    10. A method according to claim 9, in which the local reference parameter is a function of the particular one of the stored reference identification parameters.
    11. A method according to claim 9 or 10, in which the local reference parameter is stored on and accessed at the originating station from a smart card.
    12. A method according to claim 11, in which the smart card is a SIM.
    13. A method according to any preceding claim, in which the value of the output includes a score representing the degree of correlation between the user identification parameter and the stored reference parameter with which it is compared.
    14. A method according to claim 13, in which the value of the output includes a record of the pattern of a plurality of the said scores corresponding to a plurality of comparisons with the same stored reference parameter.
    15. A method according to claim 13 or 14, in which the output is provided to the receiving station only if the score exceeds a predetermined value.
    16. A method according to claim 14, in which the output is provided to the receiving station only if the score is consistent with the said pattern.
    17. A method according to any preceding claim, in which the user identification parameter is transmitted to the intermediate station in encrypted form.
    18. A method according to any preceding claim, in which the output is transmitted to the receiving station in a manner which authenticates the intermediate station as the transmitter.
    19. A method according to claim 18, in which the output is included in an extension to a digital certificate.
    20. A method according to claim 19, in which the digital certificate has a lifetime sufficiently short to cover only a single comparison by the receiving station.
    21. A method according to any preceding claim, in which the originating station is one of a plurality of originating stations, the intermediate station storing reference identification parameters for all of said plurality of originating stations.
    22. A method of providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where a plurality of users are known to a service provider, in which the requesting user generates a user identification parameter, the service provider compares the user identification parameter with a particular one of a plurality of reference parameters which it stores for the plurality of known users to produce an output having a value dependent on the comparison, the service provider obtains from a Certification Authority a digital certificate for the said transaction, and the service provider transmits the said output with the digital certificate to the third party which decides whether to comply with the user's authentication request.
    23. A method according to claim 22, in which the digital certificate certifies the time of the transaction.
    24. A method according to claim 22 or 23, in which the digital certificate contains a digest of the transaction.
    25. A method according to any one of claims 22 to 24, in which the digital certificate is a temporary certificate having a lifetime only sufficient for the said transaction.
    26. A method according to any one of claims 22 to 25, in which the user identification parameter is generated by the requesting user at an originating station and transmitted to the service provider in a manner resistive to interception.
    27. A method according to claim 26, in which the user identification parameter is transmitted to the service provider in encrypted form.
    28. A method according to any one of claims 22 to 27, in which the user generates a transaction message for the third party which is first transmitted to the service provider in encrypted form.
    29. A method according to claim 28, in which the transaction message is blocked by the service provider if the service provider is not satisfied that the requesting user is one of the known users.
    30. A method according to any one of claims 26 to 29, in which the originating station is or includes a mobile telephone or telecommunications terminal.
    31. A method according to any one of claims 22 to 30, in which the originating station transmits an identifier to the service provider which uses the identifier to access the particular one of the stored reference parameters.
    32. A method according to any one of claims 22 to 31, in which the user identification parameter is a biometric or behavioural parameter obtained from the requesting user.
    33. Apparatus for providing authentication in response to an authentication request by a user, comprising identification means for generating a user identification parameter at an originating station in response to an input by the user, means for generating an identifier at the originating station, transmitting means for securely transmitting the user identification parameter and the identifier to an intermediate station, means at the intermediate station responsive to the identifier received for accessing a particular one of a plurality of stored reference identification parameters at the intermediate station, comparing means for comparing the particular reference parameter at the intermediate station with the user identification parameter received there to produce an output having a value
    dependent on the comparison, means for transmitting the output to a receiving station, means for making an authentication decision whether the user corresponds to the identifier in dependence on the value of the output.
    34. Apparatus according to claim 33, in which the user identification parameter is a biometric or behavioural parameter relating to the user.
    35. Apparatus according to claim 33, in which the user identification parameter is a signal generated by the user such as a PIN.
    36. Apparatus according to any one of claims 33 to 35, in which the identifier is an identifier signal automatically generated at the originating station in response to the user's authentication request.
    37. Apparatus according to claim 36, in which the identifier signal is automatically generated by a smart card.
    38. Apparatus according to claim 36 or 37, in which the originating station is or includes a mobile telephone or telecommunications terminal unit and the identifier is generated thereby.
    39. Apparatus according to claim 38, in which the identifier is the calling line identifier of the mobile terminal.
    40. Apparatus according to any one of claims 33 to 35, in which the identifier signal is input by the user.
    41. Apparatus according to any one of claims 33 to 39, including means at the originating station for carrying out a comparison between the user identification
    parameter and a local reference parameter, and means for blocking the transmission of the user identification parameter to the intermediate station unless the said comparison produces at least a predetermined degree of correlation.
    42. Apparatus according to claim 41, in which the local reference parameter is a function of the particular one of the stored reference identification parameters.
    43. Apparatus according to claim 41 or 42, in which the local reference
    parameter is stored on and accessed at the originating station from a smart card.
    44. Apparatus according to claim 43, in which the smart card is a SIM. 45. Apparatus according to any one of claims 30 to 41, in which the value of the output includes a score representing the degree of correlation between the user identification parameter and the stored reference parameter with which it is compared.
    46. Apparatus according to claim 45, in which the value of the output includes a record of the pattern of a plurality of the said scores corresponding to a plurality of comparisons witt the same stored reference parameter.
    47. Apparatus according to claim 45 or 46, in which the output is provided to the receiving station only if the score exceeds a predetermined value.
    48. Apparatus according to claim 46, in which the output is provided to the receiving station only if the score is consistent with the said pattern. 49. Apparatus according to any one of claims 33 to 48, including means for transmitting the user identification parameter to the intermediate station in encrypted form.
    50. Apparatus according to any one of claims 33 to 49, in which the output is transmitted to the receiving station in a manner which authenticates the intermediate station as the transmitter.
    51. Apparatus according to claim 50, in which the output is included in an extension to a digital certificate.
    52. Apparatus according to claim 51, in which the digital certificate has a lifetime sufficiently short to cover only a single comparison by the receiving station.
    53. Apparatus according to any one of claims 33 to 52, in which the originating station is one of a plurality of originating stations, the intermediate station storing reference identification parameters for all of said plurality of originating stations.
    54. Apparatus for providing authentication in response to an authentication request by a user wishing to make a transaction with a third party where a plurality of users are known to a service provider, including means responsive to the requesting user for generating a user identification parameter, means at the service provider for comparing the user identification parameter with a particular one of a plurality of reference parameters which it stores for the plurality of known users to produce an output having a value dependent on the comparison, means at the service provider for obtaining from a Certification Authority a digital certificate for the said transaction, and transmitting means for transmitting the said output with the digital certificate from the service provider to the third party which decides whether to comply with the user's authentication request.
    55. Apparatus according to claim 54, in which the digital certificate certifies the time of the transaction.
    56. Apparatus according to claim 54 or 55, in which the digital certificate contains a digest of the transaction.
    57. Apparatus according to any one of claims 54 to 56, in which the digital certificate is a temporary certificate having a lifetime only sufficient for the said transaction.
    58. Apparatus according to any one of claims 54 to 57, in which the user identification parameter is generated by the requesting user at an originating station and transmitted to the service provider in a manner resistive to interception.
    59. Apparatus according to claim 58, in which the user identification parameter is transmitted to the service provider in encrypted form. 60. Apparatus according to any one of claims 54 to 59, in which the user generates a transaction message for the third party which is first transmitted to the service provider in encrypted form.
    61. Apparatus according to claim 60, including means at the service provider for blocking the transaction message if the service provider is not satisfied that the requesting user is one of the known users.
    62. A method of providing authentication in response to an authentication request by a user, substantially as described with reference to the accompanying drawing.
GB0030528A 2000-11-08 2000-12-14 Authentication methods and systems Expired - Fee Related GB2368951B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0027291.4A GB0027291D0 (en) 2000-11-08 2000-11-08 Biometric authentication

Publications (3)

Publication Number Publication Date
GB0030528D0 GB0030528D0 (en) 2001-01-31
GB2368951A true GB2368951A (en) 2002-05-15
GB2368951B GB2368951B (en) 2004-12-01

Family

ID=9902796

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0027291.4A Ceased GB0027291D0 (en) 2000-11-08 2000-11-08 Biometric authentication
GB0030528A Expired - Fee Related GB2368951B (en) 2000-11-08 2000-12-14 Authentication methods and systems

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0027291.4A Ceased GB0027291D0 (en) 2000-11-08 2000-11-08 Biometric authentication

Country Status (1)

Country Link
GB (2) GB0027291D0 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2864289A1 (en) * 2003-12-17 2005-06-24 Bouygues Telecom Sa Resource access controlling method, involves notifying comparison of biometric data and biometric references of user, to access terminal, by server that communicates simultaneously with terminal and access terminal
WO2005073889A1 (en) * 2004-01-28 2005-08-11 Saflink Corporation Electronic transaction verification system
WO2007129042A1 (en) * 2006-05-03 2007-11-15 Hussain Qusharat Identity verification system and method
EP1929696A2 (en) * 2005-09-30 2008-06-11 Dynasig Corporation Signature authentication
EP2065798A1 (en) * 2007-11-26 2009-06-03 BIOMETRY.com AG Method for performing secure online transactions with a mobile station and a mobile station
ITBO20090299A1 (en) * 2009-05-12 2010-11-13 Andrea Bazzani METHOD AND EQUIPMENT FOR MAKING PAYMENTS
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
WO2015093962A1 (en) * 2013-12-20 2015-06-25 Chiptec International Ltd. System, user device and method for an electronic transaction
GB2543117A (en) * 2012-02-21 2017-04-12 Bud Andrew Online pseudonym verification and identity validation
GB2544915A (en) * 2012-02-21 2017-05-31 Bud Andrew Online pseudonym verification and identity validation
WO2017176492A1 (en) * 2016-04-04 2017-10-12 Mastercard International Incorporated Systems and methods for paired device authentication
WO2018075227A1 (en) * 2016-10-20 2018-04-26 Google Inc. Offline user identification
US10397220B2 (en) 2015-04-30 2019-08-27 Google Llc Facial profile password to modify user account data for hands-free transactions
US10726407B2 (en) 2015-04-30 2020-07-28 Google Llc Identifying consumers in a transaction via facial recognition
US10733587B2 (en) 2015-04-30 2020-08-04 Google Llc Identifying consumers via facial recognition to provide services
US11030640B2 (en) 2017-05-31 2021-06-08 Google Llc Providing hands-free data for interactions

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544737A (en) * 2018-11-01 2019-03-29 深圳市靓工创新应用科技有限公司 User's passing method and system
CN110660145A (en) * 2019-09-05 2020-01-07 广东纬德信息科技有限公司 Lock control method, system, lock and storage medium based on mobile terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0501697A2 (en) * 1991-02-27 1992-09-02 AT&T Corp. Mediation of transactions by a communications system
EP0708547A2 (en) * 1994-09-22 1996-04-24 AT&T Corp. Cellular telephone as an authenticated transaction controller
EP0745961A2 (en) * 1995-05-31 1996-12-04 AT&T IPM Corp. Transaction authorization and alert system
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
US6125349A (en) * 1997-10-01 2000-09-26 At&T Corp. Method and apparatus using digital credentials and other electronic certificates for electronic transactions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0501697A2 (en) * 1991-02-27 1992-09-02 AT&T Corp. Mediation of transactions by a communications system
EP0708547A2 (en) * 1994-09-22 1996-04-24 AT&T Corp. Cellular telephone as an authenticated transaction controller
US5764789A (en) * 1994-11-28 1998-06-09 Smarttouch, Llc Tokenless biometric ATM access system
EP0745961A2 (en) * 1995-05-31 1996-12-04 AT&T IPM Corp. Transaction authorization and alert system
US6125349A (en) * 1997-10-01 2000-09-26 At&T Corp. Method and apparatus using digital credentials and other electronic certificates for electronic transactions

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8171288B2 (en) 1998-07-06 2012-05-01 Imprivata, Inc. System and method for authenticating users in a computer network
FR2864289A1 (en) * 2003-12-17 2005-06-24 Bouygues Telecom Sa Resource access controlling method, involves notifying comparison of biometric data and biometric references of user, to access terminal, by server that communicates simultaneously with terminal and access terminal
EP1564619A1 (en) * 2003-12-17 2005-08-17 Bouygues Telecom Biometric access control using a mobile telephone terminal
WO2005073889A1 (en) * 2004-01-28 2005-08-11 Saflink Corporation Electronic transaction verification system
EP1929696A2 (en) * 2005-09-30 2008-06-11 Dynasig Corporation Signature authentication
WO2007041462A3 (en) * 2005-09-30 2009-05-07 Dynasig Corp Signature authentication
EP1929696A4 (en) * 2005-09-30 2009-12-16 Dynasig Corp Signature authentication
WO2007129042A1 (en) * 2006-05-03 2007-11-15 Hussain Qusharat Identity verification system and method
EP2065798A1 (en) * 2007-11-26 2009-06-03 BIOMETRY.com AG Method for performing secure online transactions with a mobile station and a mobile station
ITBO20090299A1 (en) * 2009-05-12 2010-11-13 Andrea Bazzani METHOD AND EQUIPMENT FOR MAKING PAYMENTS
GB2543117B (en) * 2012-02-21 2017-06-14 Bud Andrew Online pseudonym verification and identity validation
US10133943B2 (en) 2012-02-21 2018-11-20 iProov Ltd. Online pseudonym verification and identity validation
GB2543117A (en) * 2012-02-21 2017-04-12 Bud Andrew Online pseudonym verification and identity validation
GB2544915A (en) * 2012-02-21 2017-05-31 Bud Andrew Online pseudonym verification and identity validation
GB2544915B (en) * 2012-02-21 2017-10-18 Iproov Ltd Online pseudonym verification and identity validation
WO2015093962A1 (en) * 2013-12-20 2015-06-25 Chiptec International Ltd. System, user device and method for an electronic transaction
EP4246404A3 (en) * 2013-12-20 2023-12-06 Chiptec International Ltd. System, user device and method for an electronic transaction
NL2011998C2 (en) * 2013-12-20 2015-06-26 Chiptec Internat Ltd SYSTEM, USER EQUIPMENT AND METHOD FOR AN ELECTRONIC TRANSACTION.
US10826898B2 (en) 2015-04-30 2020-11-03 Google Llc Facial profile password to modify user account data for hands free transactions
US10397220B2 (en) 2015-04-30 2019-08-27 Google Llc Facial profile password to modify user account data for hands-free transactions
US10726407B2 (en) 2015-04-30 2020-07-28 Google Llc Identifying consumers in a transaction via facial recognition
US10733587B2 (en) 2015-04-30 2020-08-04 Google Llc Identifying consumers via facial recognition to provide services
US11595382B2 (en) 2015-04-30 2023-02-28 Google Llc Facial profile password to modify user account data for hands free transactions
US11694175B2 (en) 2015-04-30 2023-07-04 Google Llc Identifying consumers in a transaction via facial recognition
US10127366B2 (en) 2016-04-04 2018-11-13 Mastercard International Incorporated Systems and methods for paired device authentication
WO2017176492A1 (en) * 2016-04-04 2017-10-12 Mastercard International Incorporated Systems and methods for paired device authentication
WO2018075227A1 (en) * 2016-10-20 2018-04-26 Google Inc. Offline user identification
US11062304B2 (en) 2016-10-20 2021-07-13 Google Llc Offline user identification
US11030640B2 (en) 2017-05-31 2021-06-08 Google Llc Providing hands-free data for interactions

Also Published As

Publication number Publication date
GB0030528D0 (en) 2001-01-31
GB0027291D0 (en) 2000-12-27
GB2368951B (en) 2004-12-01

Similar Documents

Publication Publication Date Title
CN110383757B (en) System and method for secure processing of electronic identities
KR100486062B1 (en) Biometric certificates
US7552333B2 (en) Trusted authentication digital signature (tads) system
CA2417770C (en) Trusted authentication digital signature (tads) system
KR101150241B1 (en) Method and system for authorizing a transaction using a dynamic authorization code
US6983368B2 (en) Linking public key of device to information during manufacture
US8397988B1 (en) Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
GB2368951A (en) User authentication
US20130246281A1 (en) Service providing system and unit device
US7000117B2 (en) Method and device for authenticating locally-stored program code
EP2065798A1 (en) Method for performing secure online transactions with a mobile station and a mobile station
US20240015150A1 (en) Authenticating devices via tokens and verification computing devices
WO2003007121A2 (en) Method and system for determining confidence in a digital transaction
GB2581315A (en) Secure data communication
CN104820814A (en) Second-generation ID card anti-counterfeiting verification system
KR101876672B1 (en) Digital signature method using block chain and system performing the same
US11153308B2 (en) Biometric data contextual processing
CN101443722A (en) Wireless telecommunication device with output control function and transaction authentication system using the same
US20090037744A1 (en) Biometric pin block
TWI688898B (en) Multi-factor dynamic quick response code authentication system and method
KR20050014052A (en) Mobile Devices and Method for Certificating Biometric Information by Using It
JP2019050014A (en) Account opening system, account opening method, and program
KR102243016B1 (en) Automatic service provision method using biometric information
US20240013198A1 (en) Validate digital ownerships in immutable databases via physical devices
US20230344827A1 (en) Multi-user biometric authentication

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20171214