WO2011001026A1 - Authentication - Google Patents

Authentication Download PDF

Info

Publication number
WO2011001026A1
WO2011001026A1 PCT/FI2010/050551 FI2010050551W WO2011001026A1 WO 2011001026 A1 WO2011001026 A1 WO 2011001026A1 FI 2010050551 W FI2010050551 W FI 2010050551W WO 2011001026 A1 WO2011001026 A1 WO 2011001026A1
Authority
WO
WIPO (PCT)
Prior art keywords
behaviour
data
user
authentication
pattern
Prior art date
Application number
PCT/FI2010/050551
Other languages
French (fr)
Inventor
Markus Maanoja
Kim Tikkanen
Esko Kurvinen
Original Assignee
Elisa Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Elisa Oyj filed Critical Elisa Oyj
Publication of WO2011001026A1 publication Critical patent/WO2011001026A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention generally relates to authentication and arrangements of a telecommunications network related to it.
  • Authentication is a mechanism with which the identification of a user (a person, organisation or device) of the system, or, in communication, the identification of another party is ensured. Authentication aims to enable the identification of the user before using a service or a function.
  • authentication is based on something that
  • the user has (a key, a wristband, a SecurlD card etc.), or
  • biometric systems such as a fingerprint identifier, a DNA, voice or photographic sample.
  • Known authentication mechanisms are based on an ad-hoc situation where the user has to identify himself in the situation in question, using one or more of the above mentioned ways.
  • Strong authentication/identification usually means that at least two methods are used in parallel for authenticating (two-factor authentication (T-FA) or multifactor authentication). For instance, using a magnetic key and additionally entering a pin code may be required for opening a door.
  • T-FA two-factor authentication
  • multifactor authentication For instance, using a magnetic key and additionally entering a pin code may be required for opening a door.
  • a first aspect of the invention provides an authentication method comprising collecting behaviour data through a telecommunications network
  • a second aspect of the invention provides a device comprising a processor configured to control said device to
  • a third aspect of the invention provides a computer program comprising a computer executable program code which, when executed, controls a device to perform a method according to the first aspect or an embodiment related to it.
  • the computer program according to the third aspect may comprise program code which may be performed, for instance, by any of the following: a general use processor, a micro processor, an application-specific integrated circuit and a digital signal processor.
  • the computer program according to the third aspect may be stored on a computer readable medium. This kind of a medium may be, for instance, a diskette, a CDROM, a DVD, a memory stick or another magnetic or optical memory device.
  • a medium may be, for instance, a diskette, a CDROM, a DVD, a memory stick or another magnetic or optical memory device.
  • said real time behaviour data is compared with a predefined behaviour pattern of said user, and the user is determined to be identified if said real time behaviour data and said behaviour pattern substantially match with each other.
  • a method is initialised by collecting behaviour data of the user from a telecommunications network
  • At least one behaviour pattern is identified from said collected behaviour data to form said predefined behaviour pattern for said user.
  • said behaviour pattern is updated if said real time behaviour data and said behaviour pattern do not match with each other.
  • authentication by a predefined second method is required if said real time behaviour data and said behaviour pattern do not match with each other.
  • said real time behaviour data begins being collected in response to a predefined triggering condition.
  • the behaviour data comprises location data.
  • the behaviour data may comprise terminal user data, phone call and/or sent message data or other data available via or with help of the telecommunications network.
  • the behaviour data may comprise a time dimension, as well.
  • FIG. 1 presents a method according to an embodiment
  • Figs. 2 and 3 are maps illustrating an embodiment
  • Fig. 4 presents a device according to an embodiment
  • Fig. 5 presents a system according to an embodiment.
  • a technical solution is provided, in which user behaviour history is utilised in authenticating the user.
  • Behaviour history data used here is based on data which are naturally available through a telecommunications network operator or a telecommunications network. Behaviour data used here especially refers to behaviour in a telecommunications network or the way of using devices connected to a telecommunications network.
  • One concept is to follow user movements (place or location data) and other ways of using the telecommunications network, based on which the user may be individualised, and based on these the user may be authenticated. Thus the user may identify himself without actual actions in connection with authentication.
  • behaviour data collected in a corresponding way may be used, but here, based on the behaviour data, it is aspired to find features unique to a particular user, i.e. to individualise a particular user.
  • authentication may be made more user-friendly (the usability of authentication may be improved), because the number of procedures needed for authentication may be reduced or depending on the application, authentication may even be made automatic.
  • the safety of traditional authentication methods may be improved by adding authentication based on behaviour history to be used in parallel with them.
  • the behaviour history -based authentication according to some embodiments is also harder to break than conventional combination techniques, because
  • the number of technologies, keys or data sources used to authentication on a particular moment may change, the number may not necessarily be known to the user (or abuser) and there may be very many such data sources.
  • the authentication method is two-phased.
  • a first phase so-called teaching phase
  • data related to the behaviour of the user is collected for individualising that user and for identifying behaviour patterns characteristic of the user.
  • identification phase the actual authentication is performed, where behaviour data collected in the first phase and/or formed behaviour patterns are used to authenticate the user.
  • Fig. 1 presents a flow chart illustrating such a method.
  • behaviour data is collected relating to a particular user being in focus for a given teaching period.
  • the teaching period may be a particular period of time or it may be dynamically determined such that the teaching period continues so long that a sufficient amount of data has been collected.
  • the moment of the teaching period is typically known to the user being in focus but this is not necessary.
  • Behaviour data being collected may be, for instance:
  • - Location data Based on the location it is possible to identify places relevant or characteristic to the user, such as home, an often used train stop, workplace, a local grocery store, a kindergarten, a school etc. These may be identified on the basis that the user often visits them. It should be appreciated that the system need not know exactly what these places are but they may, for instance, be numbered or identified by another generic identifier. The user may, if he so desires, provide more accurate information of the places to the system. Routes to particular places, characteristic of the user, may be identified based on the location data.
  • - Data derived from the location data For instance, a vehicle being used, speed of motion etc. may be deduced from sequential location points.
  • Data on the use of a phone or another device connected to a network may be collected from the telecommunications network. For instance, data on phone calls made, listening to the music, applications and services used, payments made by the phone etc, may be collected from the telecommunications network.
  • Terminal motion and acceleration sensors may collect data and deliver it to the telecommunications network.
  • a bluetooth sensor may collect data and deliver it to the telecommunications network.
  • a time dimension may be attached to behaviour data i.e. behaviour on particular moments of time may be observed.
  • behaviour data being collected may be any type of behaviour data being collected.
  • - data already existing in the telecommunications network e.g. data of terminals connected in the network, phone calls made, phone calls being made etc.
  • - data which may be formed of data existing in the telecommunications network (e.g. location of a terminal may be calculated through parameters of the network), or
  • the behaviour data may be combined in a suitable way for identifying different behaviour patterns.
  • the behaviour pattern may comprise, for instance,
  • the phone call may even be to a particular number.
  • behaviour patterns concerning different persons need not utilise same data elements. Instead, data elements being used may be chosen based on the behaviour of the user in focus. One user may, for instance, regularly call a particular phone call on a particular time but it may not be possible to identify corresponding regularity in behaviour data of all persons.
  • phase 13 it is moved to an identification phase and real-time behaviour is collected.
  • real-time behaviour data refers to behaviour data related to the present (identification) situation or, of its essential parts, immediately preceding it.
  • collected real-time behaviour data is compared with one or earlier formed behaviour pattern, and in phase 15, authentication of the user is found successful or unsuccessful depending on the comparison in phase 14. If authentication of the user is found unsuccessful, the user may be provided with another, alternative way to identify himself.
  • behaviour patterns concerning the user in question are updated based on deviations observed in real-time behaviour data. This way behaviour patterns may adapt to changing circumstances (changed behaviour). Automatic adapting may, however, require that behaviour changes little by little. If behaviour changes considerably, the change probably does not fit within limits of acceptable deviation, and authentication of the user is not successful. Thereby, naturally the behaviour pattern cannot be updated, at least not automatically. In this case, an alternative way of identifying may be provided to the user, and if authentication with it is successful, the user may be provided with a chance to update his behaviour pattern to correspond with the changed behaviour.
  • Behaviour patterns may be updated or acceptable deviations related to the behaviour patterns may be changed responsive to incorrect authentication events. If, for instance, the user's front door is unlocked when the user drives past his home, it is likely that no one opens the door even though the door was unlocked. In that case it may be deduced that the authentication was incorrect and that the acceptable deviations related to the behaviour pattern are too great. On the basis of this, acceptable deviations may be automatically reduced.
  • Figs. 2 and 3 are maps illustrating an embodiment.
  • Fig. 2 illustrates location history of an example user during a teaching period.
  • the teaching period in this example is one week long.
  • Lines in the Fig. illustrate movements of the user.
  • areas 21 to 24 are characteristic of the user i.e. places where he goes (almost) daily.
  • the user's workplace (area 21 ) and home (area 22), a grocery store (area 23) and the kindergarten which the user's children attend to are located in these areas.
  • the system need not necessarily know which target is located in each area but places characteristic of each user may be e.g. numbered or identified by another generic identifier.
  • the user may, if he so desires, give information of the places to the system.
  • location history data comprises a number of combinations of location coordinates and a moment of time on a particular time. On the basis of these, for example on the basis of location history data presented in Fig. 2, such individualisation data as in the following may be formed, of which behaviour patterns used in authentication may be formed:
  • individualisation data does not need to include time dimension but also bare location data may be used for individualising (typical routes etc.).
  • other behaviour data which may be collected through the telecommunications network may be used for individualisation / behaviour patterns.
  • Fig. 3 presents an example of a route, on the basis of which the example user may be authenticated. Authentication is based on behaviour patterns formed on the basis of location history collected during the teaching period presented among others in Fig. 2.
  • the lock of the front door detects that the mobile phone of the user arrives in the vicinity of the lock. This may be implemented using e.g. Bluetooth, NFC (Near Field Communication) or infra-red technique.
  • the front door lock includes a functionality, which is in connection with the authentication service of the telecommunications operator, and requests for user authentication.
  • the service of the telecommunications operator checks the route along which the user has arrived home, and because the route corresponds to the behaviour pattern formed on the basis of the teaching period illustrated in Fig. 2, it states the user successfully authenticated.
  • the front door is unlocked (the lock may be e.g. an electronic lock which is controlled to unlock responsive to a successful authentication event).
  • authentication on the basis of the route work- kindergarten-home may be valid e.g. only on weekdays roughly from 4 pm to 5 pm when the user typically returns home from work.
  • the user authentication may be based on other behaviour patterns or unlocking the front door may require using another authentication method (the user may, for instance, have to enter a particular PIN code or use a physical key).
  • behaviour patterns may be used for user authentication, as well.
  • the user may, for instance, have a habit of going to work by car and using a fixed hands-free device. This may be taken as one behaviour pattern, with which the user's behaviour is compared. Thus the front door of his home does not necessarily unlock if the user does not use the hands-free device of his car or if the user exceptionally comes home from work by train.
  • authentication based on behaviour history is used for identifying the user in connection with different network services or electronic services.
  • the user accesses Facebook service in the internet merely by walking a particular route, taking a photo and shaking the phone. Thus the user need not enter a password to log into the service. It is however possible to require a password as well.
  • the user has to identify a user name or another identifier for the service, with which user name he wants to log into the service. Authentication based on behaviour history is then used for working out if that user has a right to log in with that user name i.e. if behaviour history of that user corresponds with the behaviour pattern associated with that user name.
  • behaviour data of the users is continuously collected such that user authentication can be executed anytime.
  • User may be, for instance, located all the time in which case the route of the user to a particular place may be worked out at any moment of time.
  • behaviour data (location data or other data) related to the user is begun being collected responsive to a predefined triggering condition.
  • the authentication method may be activated at particular times, in which case behaviour data (location data or other data) related to the user is being collected only when the authentication method has been activated.
  • the activation may be automatic, in which case the method is used, for instance, only on weekdays on a particular time of the day. In this case the triggering condition is a particular day/ time of the day. Activation may be manual as well.
  • the user may, for instance, activate the authentication system when leaving from work, if the authentication system is used for unlocking front doors of the house.
  • the triggering condition is receiving a command given by the user.
  • triggering conditions may be used, as well.
  • authentication based on behaviour history is supplemented with traditional identification methods. For instance, if the behaviour of the target differs from normal (for instance, the route home from work differs from usual), voice identification, replying to a short message with a particular pin code or remote identification (RFID/NFC technique) may be required before unlocking the front door or the door may have to be unlocked with a traditional key etc.
  • RFID/NFC technique remote identification
  • authentication based on behaviour history is applied on several different levels, such that different types of services require different level of individualisation and behaviour history data for authentication.
  • authentication based on behaviour history is used based on a behaviour pattern previously agreed. In this case, the teaching period mentioned in connection with Fig. 1 is not needed for identifying behaviour patterns.
  • the actual identification is performed in a corresponding way as in connection with Fig. 1.
  • a previously agreed behaviour pattern which the real-time behaviour, data of the user is compared with may comprise e.g. making a phone call to a particular number on a particular moment of time, a particular arrival route, taking a particular type of photograph on a particular moment of time etc.
  • the device 400 may be, for instance, a general use computer or server and it may be arranged to function e.g. as for an authentication server according to some embodiments of the invention.
  • the device 400 comprises a processor 401 for controlling the action of the device and a memory 402, which comprises a computer program/software 403.
  • Computer software 403 may comprise several instructions to the processor for controlling the device 400, such as an operating system and different applications. Additionally, the computer software 403 may comprise an application which comprises instructions for controlling the device 400, such that a functionality according to some embodiment of the invention is produced.
  • the processor 401 may be, for instance, a computer processor (central processing unit (CPU), a micro processor, a digital signal processor (DSP), a graphic processor, or corresponding. In the figure, there is presented one processor, but there may be several processors in the device.
  • CPU central processing unit
  • DSP digital signal processor
  • the memory may be, for instance, a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electronically erasable programmable read-only memory (EEPROM), a random-access memory (RAM), a flash memory, an optic or magnetic memory or corresponding.
  • ROM read-only memory
  • PROM programmable read-only memory
  • EPROM erasable programmable read-only memory
  • EEPROM electronically erasable programmable read-only memory
  • RAM random-access memory
  • flash memory an optic or magnetic memory or corresponding.
  • the device may have several memories.
  • the memory may be a part of the device 400 or it may a detached module joinable to the device 400.
  • the memory may be meant for only saving data or it may be used for processing data as well.
  • the device 400 comprises a communication interface module (COMM) 405, which provides an interface for communicating with other devices.
  • the interface may be, for instance, a fixed wired connection such as an Ethernet connection, or a wireless connection such as a WLAN, Bluetooth, GSM/GPRS, CDMA, WCDMA or LTE connection.
  • the communication interface module may be integrated in the device 400 or it may be a part of an adapter, a card or corresponding, which may be attached to the device 400.
  • the communication interface may support one or more communication technologies or the device may have several communication interface modules.
  • the device 400 may comprise a user interface module 406 (presented with dotted line), which may comprise, for instance, a display and a keyboard (not presented in the figure), which may be an integrated part of the device 400 or independent parts attachable to the device 400.
  • the user interface may not be necessary or the user interface may be implemented as a remote connection through the communication interface module 405.
  • the device 400 may comprise one or more databases 404.
  • the databases may include, for instance, billing data, location data, data needed for locating, user individualisation data, behaviour patterns related to particular users, behaviour data collected from the network, data needed for individualising users etc.
  • the device 400 may utilise or get these or other data from exterior databases.
  • the device 600 may comprise other elements as well.
  • Fig. 5 presents a system according to an embodiment.
  • the system comprises a telecommunications network 501 and two user devices 502 and 503 connected to it.
  • the system comprises a server 504 connected to the telecommunications network 501 , which server is configured to function as an authentication server which provides authentication service according to some embodiments of the invention.
  • the authentication server 504 is in connection to the location database 505 and subscriber database 506. It should be appreciated that the location database 505 and subscriber database 506 may be located in the same physical device or they may be a part of the authentication server 504.
  • the authentication server may be connected to other databases providing behaviour data, as well.
  • the system comprises a service 510, which utilises the authentication provided by the authentication server 504.
  • the authentication server 504 may be configured to use behaviour data collected from the telecommunications network 501 for authenticating users of the telecommunications network. Additionally, the authentication server 504 may be configured to form behaviour patterns on the basis of particular behaviour data of the users of the telecommunications network and to use the formed behaviour patterns in user authentication.
  • the system in Fig. 5 may naturally comprise other devices and elements, as well, than those presented in Fig.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Social Psychology (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An authentication method in which behaviour data is collected through a telecommunications network, and said behaviour data is used to authenticate users of the telecommunications network.

Description

AUTHENTICATION
The present invention generally relates to authentication and arrangements of a telecommunications network related to it.
Authentication is a mechanism with which the identification of a user (a person, organisation or device) of the system, or, in communication, the identification of another party is ensured. Authentication aims to enable the identification of the user before using a service or a function.
In practice, authentication is based on something that
- the user knows (a password, a PIN code),
- the user has (a key, a wristband, a SecurlD card etc.), or
- the user is / does (biometric systems such as a fingerprint identifier, a DNA, voice or photographic sample).
Known authentication mechanisms are based on an ad-hoc situation where the user has to identify himself in the situation in question, using one or more of the above mentioned ways.
Strong authentication/identification usually means that at least two methods are used in parallel for authenticating (two-factor authentication (T-FA) or multifactor authentication). For instance, using a magnetic key and additionally entering a pin code may be required for opening a door.
In the above mentioned authentication manners, a special and separated identification is required from the user in order for the user to gain access to a service or a function. In practice, the user must for instance:
- pick keys from his pocket and open the lock,
- send a text message,
- type a password or a PIN code, or
- press a finger onto an identifying device. The effectiveness of present authentication manners depends on how well individual authentication methods can be protected from outsiders, and on how easy or difficult it is for an outsider to break all simultaneously used authentication manners (for instance, to gain a pin code and a magnetic key).
Now a new approach to authentication is provided.
A first aspect of the invention provides an authentication method comprising collecting behaviour data through a telecommunications network, and
using said behaviour data to authenticate users of the telecommunications network.
A second aspect of the invention provides a device comprising a processor configured to control said device to
collect behaviour data through a telecommunications network, and to
use said behaviour data to authenticate users of the telecommunications network.
A third aspect of the invention provides a computer program comprising a computer executable program code which, when executed, controls a device to perform a method according to the first aspect or an embodiment related to it.
The computer program according to the third aspect may comprise program code which may be performed, for instance, by any of the following: a general use processor, a micro processor, an application-specific integrated circuit and a digital signal processor. The computer program according to the third aspect may be stored on a computer readable medium. This kind of a medium may be, for instance, a diskette, a CDROM, a DVD, a memory stick or another magnetic or optical memory device. In an embodiment,
real time behaviour data of a particular user is collected,
said real time behaviour data is compared with a predefined behaviour pattern of said user, and the user is determined to be identified if said real time behaviour data and said behaviour pattern substantially match with each other.
In an embodiment,
a method is initialised by collecting behaviour data of the user from a telecommunications network,
at least one behaviour pattern is identified from said collected behaviour data to form said predefined behaviour pattern for said user. In an embodiment, said behaviour pattern is updated if said real time behaviour data and said behaviour pattern do not match with each other.
In an embodiment, authentication by a predefined second method is required if said real time behaviour data and said behaviour pattern do not match with each other.
In an embodiment, said real time behaviour data begins being collected in response to a predefined triggering condition. In an embodiment, the behaviour data comprises location data. Additionally, or alternatively, the behaviour data may comprise terminal user data, phone call and/or sent message data or other data available via or with help of the telecommunications network. The behaviour data may comprise a time dimension, as well.
Different embodiments of the present invention have been described in connection with some aspects of the invention. Corresponding embodiments may also be applicable to other aspects and embodiments associated with them. The invention will now be described by way of example with reference to accompanying drawings, in which:
Fig. 1 presents a method according to an embodiment; Figs. 2 and 3 are maps illustrating an embodiment;
Fig. 4 presents a device according to an embodiment; and
Fig. 5 presents a system according to an embodiment. In some embodiments of the present invention, a technical solution is provided, in which user behaviour history is utilised in authenticating the user. Behaviour history data used here is based on data which are naturally available through a telecommunications network operator or a telecommunications network. Behaviour data used here especially refers to behaviour in a telecommunications network or the way of using devices connected to a telecommunications network. One concept is to follow user movements (place or location data) and other ways of using the telecommunications network, based on which the user may be individualised, and based on these the user may be authenticated. Thus the user may identify himself without actual actions in connection with authentication. In some embodiments, it suffices for identifying that the user iteratively behaves in his characteristic way, in a situation related to or preceding the identification. In some cases, the user does not even need to exactly know which behaviour habits are used for the authentication. Previously, it has been known to collect behaviour data from a telecommunications network. The aim of the collected behaviour data has, however, been to find a suitable control group for the user so that, for instance, targeted advertising may be provided to the user. In some embodiments of this invention, behaviour data collected in a corresponding way may be used, but here, based on the behaviour data, it is aspired to find features unique to a particular user, i.e. to individualise a particular user. Thus there is provided a new way to use behaviour data, which is available from a telecommunications network or which may be collected through or with help of a telecommunications network. With some embodiments, authentication may be made more user-friendly (the usability of authentication may be improved), because the number of procedures needed for authentication may be reduced or depending on the application, authentication may even be made automatic. In other embodiments, the safety of traditional authentication methods may be improved by adding authentication based on behaviour history to be used in parallel with them.
The behaviour history -based authentication according to some embodiments is also harder to break than conventional combination techniques, because
- It does not rely on single authentication technologies but on an analysis of the behaviour of the person being authenticated and possible exceptions occurring therein.
- The number of technologies, keys or data sources used to authentication on a particular moment may change, the number may not necessarily be known to the user (or abuser) and there may be very many such data sources.
In an embodiment, the authentication method is two-phased. In a first phase, so- called teaching phase, data related to the behaviour of the user is collected for individualising that user and for identifying behaviour patterns characteristic of the user. In a second phase, so-called identification phase, the actual authentication is performed, where behaviour data collected in the first phase and/or formed behaviour patterns are used to authenticate the user.
Fig. 1 presents a flow chart illustrating such a method. In a phase 11 , behaviour data is collected relating to a particular user being in focus for a given teaching period. The teaching period may be a particular period of time or it may be dynamically determined such that the teaching period continues so long that a sufficient amount of data has been collected. The moment of the teaching period is typically known to the user being in focus but this is not necessary.
Behaviour data being collected may be, for instance:
- Location data. Based on the location it is possible to identify places relevant or characteristic to the user, such as home, an often used train stop, workplace, a local grocery store, a kindergarten, a school etc. These may be identified on the basis that the user often visits them. It should be appreciated that the system need not know exactly what these places are but they may, for instance, be numbered or identified by another generic identifier. The user may, if he so desires, provide more accurate information of the places to the system. Routes to particular places, characteristic of the user, may be identified based on the location data.
- Data derived from the location data. For instance, a vehicle being used, speed of motion etc. may be deduced from sequential location points.
- Data on the use of a phone or another device connected to a network. For instance, data on phone calls made, listening to the music, applications and services used, payments made by the phone etc, may be collected from the telecommunications network.
- Data collected by phone sensors or other terminal sensors. For instance, terminal motion and acceleration sensors, a bluetooth sensor, a charger etc. may collect data and deliver it to the telecommunications network.
- User data of other personal or family-specific devices or applications. For instance, it is very unlikely that one person could use a phone, a desktop computer and a car simultaneously.
- Calendar etc. data which may provide indications of doings of the user.
- Data of time of events. A time dimension may be attached to behaviour data i.e. behaviour on particular moments of time may be observed.
Here, it should be appreciated that behaviour data being collected may be
- data already existing in the telecommunications network (e.g. data of terminals connected in the network, phone calls made, phone calls being made etc.), or
- data which may be formed of data existing in the telecommunications network (e.g. location of a terminal may be calculated through parameters of the network), or
- data which may be collected through the telecommunications network (e.g. terminals connected to the telecommunications network may send to the network, spontaneously or responsive to a request, data of the use of that terminal, such as use of a camera or a bluetooth headset,). Based on the collected behaviour data, at least one behaviour pattern is identified in phase 12, for individualising the user in focus. The behaviour data may be combined in a suitable way for identifying different behaviour patterns. The behaviour pattern may comprise, for instance,
- A phone call in a particular place on a particular time. The phone call may even be to a particular number.
- Taking a picture at a particular place.
- A particular route to a particular place on a particular time. It should be appreciated that behaviour patterns concerning different persons need not utilise same data elements. Instead, data elements being used may be chosen based on the behaviour of the user in focus. One user may, for instance, regularly call a particular phone call on a particular time but it may not be possible to identify corresponding regularity in behaviour data of all persons.
In phase 13, it is moved to an identification phase and real-time behaviour is collected. Here real-time behaviour data refers to behaviour data related to the present (identification) situation or, of its essential parts, immediately preceding it. Thus in phase 13, data of how a user behaves in an identification situation or how the user has behaved just before the identification situation. In phase 14, collected real-time behaviour data is compared with one or earlier formed behaviour pattern, and in phase 15, authentication of the user is found successful or unsuccessful depending on the comparison in phase 14. If authentication of the user is found unsuccessful, the user may be provided with another, alternative way to identify himself.
Particular deviation from the behaviour pattern may be acceptable in comparing real-time behaviour data and behaviour pattern, as to perceive normal variation in daily routines. Acceptable deviation may be application-specific and/or user- specific. Additionally, concerning some types of behaviour data, a greater deviation may be accepted than concerning other types. In an embodiment, behaviour patterns concerning the user in question are updated based on deviations observed in real-time behaviour data. This way behaviour patterns may adapt to changing circumstances (changed behaviour). Automatic adapting may, however, require that behaviour changes little by little. If behaviour changes considerably, the change probably does not fit within limits of acceptable deviation, and authentication of the user is not successful. Thereby, naturally the behaviour pattern cannot be updated, at least not automatically. In this case, an alternative way of identifying may be provided to the user, and if authentication with it is successful, the user may be provided with a chance to update his behaviour pattern to correspond with the changed behaviour.
Behaviour patterns may be updated or acceptable deviations related to the behaviour patterns may be changed responsive to incorrect authentication events. If, for instance, the user's front door is unlocked when the user drives past his home, it is likely that no one opens the door even though the door was unlocked. In that case it may be deduced that the authentication was incorrect and that the acceptable deviations related to the behaviour pattern are too great. On the basis of this, acceptable deviations may be automatically reduced. Figs. 2 and 3 are maps illustrating an embodiment.
Fig. 2 illustrates location history of an example user during a teaching period. The teaching period in this example is one week long. Lines in the Fig. illustrate movements of the user.
Based on the location history data presented in Fig., we can see that areas 21 to 24 are characteristic of the user i.e. places where he goes (almost) daily. The user's workplace (area 21 ) and home (area 22), a grocery store (area 23) and the kindergarten which the user's children attend to are located in these areas. The system need not necessarily know which target is located in each area but places characteristic of each user may be e.g. numbered or identified by another generic identifier. The user may, if he so desires, give information of the places to the system. In an example, location history data comprises a number of combinations of location coordinates and a moment of time on a particular time. On the basis of these, for example on the basis of location history data presented in Fig. 2, such individualisation data as in the following may be formed, of which behaviour patterns used in authentication may be formed:
- The user typically spends his night (from 10 pm to 7 am) in place 22.
- On weekday mornings (from 8 to 9 am), the user moves from place 22 to place 24 and continues after a while to place 21. In place 24 the user stays for maximum 15 minutes. Alternatively, the user may move directly from place 22 to place 21 at that time.
- On weekdays (from 9 am to 4 pm), the user typically stays in place 21.
- On weekday evenings around 4 to 5 pm, the user moves from place 21 through place 24 or through places 24 and 23 or directly to place 22. In place 24 the user stays for maximum 15 minutes. In place 23 the user typically stays for 15 to 30 minutes.
- On weekends and midweek holidays, the user typically does not go to place 21. It should be appreciated that individualisation data does not need to include time dimension but also bare location data may be used for individualising (typical routes etc.). Alternatively, or additionally, other behaviour data which may be collected through the telecommunications network may be used for individualisation / behaviour patterns.
Fig. 3 presents an example of a route, on the basis of which the example user may be authenticated. Authentication is based on behaviour patterns formed on the basis of location history collected during the teaching period presented among others in Fig. 2.
The user leaves his workplace 21 , stops in the kindergarten 24 and arrives home 22. At his home, the lock of the front door detects that the mobile phone of the user arrives in the vicinity of the lock. This may be implemented using e.g. Bluetooth, NFC (Near Field Communication) or infra-red technique. The front door lock includes a functionality, which is in connection with the authentication service of the telecommunications operator, and requests for user authentication. The service of the telecommunications operator checks the route along which the user has arrived home, and because the route corresponds to the behaviour pattern formed on the basis of the teaching period illustrated in Fig. 2, it states the user successfully authenticated. On the basis of this, the front door is unlocked (the lock may be e.g. an electronic lock which is controlled to unlock responsive to a successful authentication event).
Here, it should be appreciated that authentication on the basis of the route work- kindergarten-home may be valid e.g. only on weekdays roughly from 4 pm to 5 pm when the user typically returns home from work. In other times the user authentication may be based on other behaviour patterns or unlocking the front door may require using another authentication method (the user may, for instance, have to enter a particular PIN code or use a physical key).
In addition to the arrival route, other behaviour patterns may be used for user authentication, as well. The user may, for instance, have a habit of going to work by car and using a fixed hands-free device. This may be taken as one behaviour pattern, with which the user's behaviour is compared. Thus the front door of his home does not necessarily unlock if the user does not use the hands-free device of his car or if the user exceptionally comes home from work by train. In an embodiment, authentication based on behaviour history is used for identifying the user in connection with different network services or electronic services. In an example, the user accesses Facebook service in the internet merely by walking a particular route, taking a photo and shaking the phone. Thus the user need not enter a password to log into the service. It is however possible to require a password as well. Anyway the user has to identify a user name or another identifier for the service, with which user name he wants to log into the service. Authentication based on behaviour history is then used for working out if that user has a right to log in with that user name i.e. if behaviour history of that user corresponds with the behaviour pattern associated with that user name.
In an embodiment, behaviour data of the users is continuously collected such that user authentication can be executed anytime. User may be, for instance, located all the time in which case the route of the user to a particular place may be worked out at any moment of time. Alternatively, behaviour data (location data or other data) related to the user is begun being collected responsive to a predefined triggering condition. For instance, the authentication method may be activated at particular times, in which case behaviour data (location data or other data) related to the user is being collected only when the authentication method has been activated. The activation may be automatic, in which case the method is used, for instance, only on weekdays on a particular time of the day. In this case the triggering condition is a particular day/ time of the day. Activation may be manual as well. The user may, for instance, activate the authentication system when leaving from work, if the authentication system is used for unlocking front doors of the house. In this case the triggering condition is receiving a command given by the user. Naturally other triggering conditions may be used, as well. In an embodiment, authentication based on behaviour history is supplemented with traditional identification methods. For instance, if the behaviour of the target differs from normal (for instance, the route home from work differs from usual), voice identification, replying to a short message with a particular pin code or remote identification (RFID/NFC technique) may be required before unlocking the front door or the door may have to be unlocked with a traditional key etc. In other words, if authentication based on behaviour history does not succeed or only partly succeeds, additionally another way of identification is required. This way the reliability of identification methods which are already known can be improved. In an embodiment, authentication based on behaviour history is applied on several different levels, such that different types of services require different level of individualisation and behaviour history data for authentication. In an embodiment, authentication based on behaviour history is used based on a behaviour pattern previously agreed. In this case, the teaching period mentioned in connection with Fig. 1 is not needed for identifying behaviour patterns. Here as well, the actual identification is performed in a corresponding way as in connection with Fig. 1. A previously agreed behaviour pattern which the real-time behaviour, data of the user is compared with may comprise e.g. making a phone call to a particular number on a particular moment of time, a particular arrival route, taking a particular type of photograph on a particular moment of time etc. Fig. 4 presents an example of a device 400, which is suitable for implementing some embodiments of the invention. The device may be, for instance, a general use computer or server and it may be arranged to function e.g. as for an authentication server according to some embodiments of the invention. The device 400 comprises a processor 401 for controlling the action of the device and a memory 402, which comprises a computer program/software 403. Computer software 403 may comprise several instructions to the processor for controlling the device 400, such as an operating system and different applications. Additionally, the computer software 403 may comprise an application which comprises instructions for controlling the device 400, such that a functionality according to some embodiment of the invention is produced.
The processor 401 may be, for instance, a computer processor (central processing unit (CPU), a micro processor, a digital signal processor (DSP), a graphic processor, or corresponding. In the figure, there is presented one processor, but there may be several processors in the device.
The memory may be, for instance, a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electronically erasable programmable read-only memory (EEPROM), a random-access memory (RAM), a flash memory, an optic or magnetic memory or corresponding. The device may have several memories. The memory may be a part of the device 400 or it may a detached module joinable to the device 400. The memory may be meant for only saving data or it may be used for processing data as well.
Additionally, the device 400 comprises a communication interface module (COMM) 405, which provides an interface for communicating with other devices.,, The interface may be, for instance, a fixed wired connection such as an Ethernet connection, or a wireless connection such as a WLAN, Bluetooth, GSM/GPRS, CDMA, WCDMA or LTE connection. The communication interface module may be integrated in the device 400 or it may be a part of an adapter, a card or corresponding, which may be attached to the device 400. The communication interface may support one or more communication technologies or the device may have several communication interface modules.
For receiving an input from the user and for giving output to the user, the device 400 may comprise a user interface module 406 (presented with dotted line), which may comprise, for instance, a display and a keyboard (not presented in the figure), which may be an integrated part of the device 400 or independent parts attachable to the device 400. The user interface may not be necessary or the user interface may be implemented as a remote connection through the communication interface module 405.
The device 400 may comprise one or more databases 404. The databases may include, for instance, billing data, location data, data needed for locating, user individualisation data, behaviour patterns related to particular users, behaviour data collected from the network, data needed for individualising users etc. The device 400 may utilise or get these or other data from exterior databases.
In addition to the elements presented in Fig. 4, the device 600 may comprise other elements as well.
Fig. 5 presents a system according to an embodiment. The system comprises a telecommunications network 501 and two user devices 502 and 503 connected to it. Additionally, the system comprises a server 504 connected to the telecommunications network 501 , which server is configured to function as an authentication server which provides authentication service according to some embodiments of the invention. The authentication server 504 is in connection to the location database 505 and subscriber database 506. It should be appreciated that the location database 505 and subscriber database 506 may be located in the same physical device or they may be a part of the authentication server 504. The authentication server may be connected to other databases providing behaviour data, as well. Additionally, the system comprises a service 510, which utilises the authentication provided by the authentication server 504.
The authentication server 504 may be configured to use behaviour data collected from the telecommunications network 501 for authenticating users of the telecommunications network. Additionally, the authentication server 504 may be configured to form behaviour patterns on the basis of particular behaviour data of the users of the telecommunications network and to use the formed behaviour patterns in user authentication. The system in Fig. 5 may naturally comprise other devices and elements, as well, than those presented in Fig.
It should be appreciated that only one possible implementation is presented in Fig. 5 and that many other physical or logical arrangements are possible for implementing the functionality according to embodiments of the invention.
The foregoing description has provided non-limiting examples of some implementations and embodiments of the invention. It is however clear to a person skilled in the art that the invention is not restricted to details of the embodiments presented above, but that it can be implemented in other embodiments using equivalent means. For instance, it should be appreciated that in the presented methods, the order of individual method phases may be altered and that some phases may be repeated several times or completely left out. It should also be appreciated that in this document, the terms comprise and include are used as open-ended expressions with no intended exclusivity.
Furthermore, some features of the above-disclosed embodiments may be used to advantage without the corresponding use of other features. As such, the foregoing description shall be considered as merely illustrative of the principles of the present invention, and not in limitation thereof. Hence, the scope of the invention is only restricted by the appended patent claims.

Claims

Claims
1. An authentication method, characterised in that in the method
behaviour data is collected (13) through a telecommunications network, and said behaviour data is used (14, 15) to authenticate users of the telecommunications network.
2. A method according to claim 1 , characterised in that in the method
real time behaviour data related to a particular user is collected (13), said real time behaviour data is compared (14) with a predefined behaviour pattern of said particular user, and
the user is determined (15) to be identified, if said real time behaviour data and said behaviour pattern substantially match with each other.
3. A method according to claim 2, characterised in that in the method
the method is initialised by collecting (11) behaviour data of a particular user from the telecommunications network,
at least one behaviour pattern is identified (12) from said collected behaviour data for forming said predefined behaviour pattern for said particular user.
4. A method according to claim 2 or 3, characterised in that in the method said behaviour pattern is updated, if said real time behaviour data and said behaviour pattern do not match with each other.
5. A method according to any claim 2 to 4, characterised in that in the method
authentication is required by a predefined second method, if said real time behaviour data and behaviour pattern do not match with each other.
6. A method according to any claim 2 to 5, characterised in that in the method said real time behaviour data begins being collected in response to a predefined triggering condition.
7. A method according to any claim 1 to 6, characterised in that said behaviour data comprises location data.
8. A device (400, 504), characterised in that the device comprises a processor (401) configured to control said device to
collect behaviour data through the telecommunications network, and to use said behaviour data to authenticate users of the telecommunications network.
9. A device according to claim 8, characterised in that the device (400, 504) is controlled to
collect real time behaviour data related to a particular user,
compare said real time behaviour data with the predefined behaviour pattern of said particular user, and
determine the user identified, if said real time behaviour data and said behaviour pattern substantially match with each other.
10. A device according to claim 9, characterised in that the device (400, 504) is controlled to
initialise the authentication method by collecting behaviour data of a particular user from the telecommunications network,
identify at least one behaviour pattern from said collected behaviour data for forming a predefined behaviour pattern for said particular user.
11. A device according to claim 9 or 10, characterised in that the device (400, 504) is controlled to
update said behaviour pattern, if said real time behaviour data and said behaviour pattern do not match with each other.
12. A device according to any claim 9 to 11 , characterised in that the device (400, 504) is controlled to
require authentication by a predefined second method, if said real time behaviour data and said behaviour pattern do not match with each other.
13. A device according to any claim 9 to 12, characterised in that the device (400, 504) is controlled to
begin collecting said real time behaviour data responsive to a predefined triggering condition.
14. A device according to any claim 8 to 13, characterised in that said behaviour data comprises location data.
15. A computer program which comprises a computer executable program code, characterised in that during executing the program code controls the computer to execute a method according to any claim 1 to 7.
PCT/FI2010/050551 2009-06-29 2010-06-28 Authentication WO2011001026A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20095731 2009-06-29
FI20095731A FI20095731L (en) 2009-06-29 2009-06-29 AUTHENTICATION

Publications (1)

Publication Number Publication Date
WO2011001026A1 true WO2011001026A1 (en) 2011-01-06

Family

ID=40825436

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2010/050551 WO2011001026A1 (en) 2009-06-29 2010-06-28 Authentication

Country Status (2)

Country Link
FI (1) FI20095731L (en)
WO (1) WO2011001026A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9161253B2 (en) 2011-10-03 2015-10-13 Mediatel Inc. QoS verification and throughput measurement for minimization of drive test
EP2933981A1 (en) * 2014-04-17 2015-10-21 Comptel OYJ Method and system of user authentication
CN106507308A (en) * 2016-11-29 2017-03-15 中国银联股份有限公司 A kind of identity identifying method and device
CN106961409A (en) * 2016-01-08 2017-07-18 阿里巴巴集团控股有限公司 A kind of abnormal operation Activity recognition method and device
DE102017204626A1 (en) 2017-03-20 2018-09-20 Bundesdruckerei Gmbh Method and system for behavior-based authentication of a user
EP3471002A1 (en) * 2017-10-16 2019-04-17 Bundesdruckerei GmbH Behaviour-based authentication taking into account environmental parameters
US10477345B2 (en) 2016-10-03 2019-11-12 J2B2, Llc Systems and methods for identifying parties based on coordinating identifiers
US10581985B2 (en) 2016-10-03 2020-03-03 J2B2, Llc Systems and methods for providing coordinating identifiers over a network
US10601931B2 (en) 2016-10-03 2020-03-24 J2B2, Llc Systems and methods for delivering information and using coordinating identifiers
JP7014898B2 (en) 2018-02-05 2022-02-01 北京智明星通科技股▲ふん▼有限公司 ID authentication method, device, server and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067853A1 (en) * 2005-09-20 2007-03-22 International Business Machines Corporation Method and system for adaptive identity analysis, behavioral comparison, compliance, and application protection using usage information
EP1841166A1 (en) * 2006-03-28 2007-10-03 British Telecommunications Public Limited Company Subject identification
WO2008016746A2 (en) * 2006-08-02 2008-02-07 Motorola, Inc. Identity verification using location over time information
US20080209543A1 (en) * 2007-02-23 2008-08-28 Aaron Jeffrey A Methods, systems, and products for identity verification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070067853A1 (en) * 2005-09-20 2007-03-22 International Business Machines Corporation Method and system for adaptive identity analysis, behavioral comparison, compliance, and application protection using usage information
EP1841166A1 (en) * 2006-03-28 2007-10-03 British Telecommunications Public Limited Company Subject identification
WO2008016746A2 (en) * 2006-08-02 2008-02-07 Motorola, Inc. Identity verification using location over time information
US20080209543A1 (en) * 2007-02-23 2008-08-28 Aaron Jeffrey A Methods, systems, and products for identity verification

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9161253B2 (en) 2011-10-03 2015-10-13 Mediatel Inc. QoS verification and throughput measurement for minimization of drive test
US10771471B2 (en) 2014-04-17 2020-09-08 Comptel Oyj Method and system for user authentication
EP2933981A1 (en) * 2014-04-17 2015-10-21 Comptel OYJ Method and system of user authentication
WO2015158874A1 (en) * 2014-04-17 2015-10-22 Comptel Oyj Method and system for user authentication
CN106797371B (en) * 2014-04-17 2021-05-25 康普特尔公开有限公司 Method and system for user authentication
CN106797371A (en) * 2014-04-17 2017-05-31 康普特尔公开有限公司 For the method and system of user authentication
CN106961409B (en) * 2016-01-08 2020-12-04 阿里巴巴集团控股有限公司 Abnormal operation behavior identification method and device
CN106961409A (en) * 2016-01-08 2017-07-18 阿里巴巴集团控股有限公司 A kind of abnormal operation Activity recognition method and device
US10477345B2 (en) 2016-10-03 2019-11-12 J2B2, Llc Systems and methods for identifying parties based on coordinating identifiers
US10581985B2 (en) 2016-10-03 2020-03-03 J2B2, Llc Systems and methods for providing coordinating identifiers over a network
US10601931B2 (en) 2016-10-03 2020-03-24 J2B2, Llc Systems and methods for delivering information and using coordinating identifiers
US11070943B2 (en) 2016-10-03 2021-07-20 J2B2, Llc Systems and methods for identifying parties based on coordinating identifiers
CN106507308A (en) * 2016-11-29 2017-03-15 中国银联股份有限公司 A kind of identity identifying method and device
DE102017204626A1 (en) 2017-03-20 2018-09-20 Bundesdruckerei Gmbh Method and system for behavior-based authentication of a user
EP3471002A1 (en) * 2017-10-16 2019-04-17 Bundesdruckerei GmbH Behaviour-based authentication taking into account environmental parameters
JP7014898B2 (en) 2018-02-05 2022-02-01 北京智明星通科技股▲ふん▼有限公司 ID authentication method, device, server and computer readable medium
US11429698B2 (en) 2018-02-05 2022-08-30 Beijing Elex Technology Co., Ltd. Method and apparatus for identity authentication, server and computer readable medium

Also Published As

Publication number Publication date
FI20095731A0 (en) 2009-06-29
FI20095731L (en) 2010-12-30

Similar Documents

Publication Publication Date Title
WO2011001026A1 (en) Authentication
EP3053148B1 (en) Access control using portable electronic devices
US9977884B2 (en) Authentication server for a probability-based user authentication system and method
CN104796857B (en) Location-based security system for portable electronic device
CN110178179B (en) Voice signature for authenticating to electronic device users
KR101552587B1 (en) Location-based access control for portable electronic device
US20070092114A1 (en) Method, communication system and remote server for comparing biometric data recorded with biometric sensors with reference data
JP4799496B2 (en) Personal authentication method
KR101852599B1 (en) An entrance control system and method using an mobile device
WO2017180381A1 (en) Capturing personal user intent when interacting with multiple access controls
WO2017180454A1 (en) Capturing communication user intent when interacting with multiple access controls
EP2515500A1 (en) Method and mobile station for sequential biometric authentication
WO2017180388A1 (en) Capturing behavioral user intent when interacting with multiple access controls
CN112580019A (en) Authentication through multiple pathways based on device functionality and user requests
WO2013088867A1 (en) Authentication method, authentication device, and authentication program
WO2017122123A1 (en) Method and system for reporting location information and time information of an employee
CN111508107A (en) Intelligent door lock control method and device, computer equipment and storage medium
US10402212B2 (en) Method and system for making available an assistance suggestion for a user of a motor vehicle
JP5469718B2 (en) Information processing apparatus and method
CN111717740B (en) Elevator intelligent management method, system, intelligent terminal and storage medium
JP2007087334A (en) Visitor authentication method, visitor authentication system, and program
US20190281068A1 (en) Method for providing an access device for a personal data source
EP3584123B1 (en) Vehicle authentication device and vehicle control system
JP2006134081A (en) Entry management system, entry control terminal and entry management method
US11557159B2 (en) Information processing apparatus, information processing system, information processing method, and non-transitory storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10793668

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10793668

Country of ref document: EP

Kind code of ref document: A1