WO2022137136A1 - Multi-factor authentication employing a wearable mobile device, and access-control systems - Google Patents
Multi-factor authentication employing a wearable mobile device, and access-control systems Download PDFInfo
- Publication number
- WO2022137136A1 WO2022137136A1 PCT/IB2021/062132 IB2021062132W WO2022137136A1 WO 2022137136 A1 WO2022137136 A1 WO 2022137136A1 IB 2021062132 W IB2021062132 W IB 2021062132W WO 2022137136 A1 WO2022137136 A1 WO 2022137136A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- access
- secure resource
- credential
- computer
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
Definitions
- This disclosure relates to the field of security systems used to control access to secure premises and computer systems. More specifically, the disclosure relates to systems for controlling access to secure premises, computer systems and applications available from such systems to operate on mobile devices.
- a method for providing user access to a secure resource comprising information or physical premises.
- a method includes receiving, at a first access-control system controlling access to a first secure resource, a first request from a user to access the first secure resource.
- the first request has a first user authentication credential.
- a second request is received, at a second access-control system (i) different from the first access-control system and (ii) controlling access to a second secure resource different from the first secure resource, from the user to access the second secure resource.
- the second request has a second user authentication credential different from the first user credential. Then it is determined whether to accord the user access to the second resource based on at least (a) the second user credential and (b) whether the first access-control system accorded the user access to the first secure resource based on the first user authentication credential.
- the second user credential comprises at least one biometric measurement.
- the at least one biometric measurement corresponds to a health condition of the user.
- the health condition comprises infection by a communicable disease.
- the first user credential is transmitted from a smartphone.
- the second user credential is transmitted from a user worn security device.
- the user worn security device comprises at least one biometric sensor.
- FIG. 1 shows a flow chart of an example embodiment of a method according to the present disclosure.
- a user communicates with a server, computer or computer system.
- the server, computer or computer system has resident on it, in any form of data storage medium, data and/or applications to be accessed only by particular authorized users.
- the server, computer or computer system may also control access, such as by operating electronic locks or gates, to a controlled access or otherwise secure facility.
- the communication between the user and the server, computer or computer system may be edge based, cloud based or otherwise, such as by a user terminal proximate entry point to a secure area.
- the user in a method according to the present disclosure will have in his possession a mobile device, such as a smartphone, to operate applications and/or to access data stored on the computer system, computer or server.
- the server, computer or computer system may return a session registration query.
- the user registers the mobile device for an authenticated session by responding to the session registration query.
- Such response may be made by using the mobile device to scan an optical identification code, such as a QR code, generated and displayed by the server, computer or computer system in response to the user communication.
- the mobile device By scanning the optical identification code, the mobile device will generate a signal in response, e.g., a pattern or code on the device’s display (which may be optically scanned by the server, computer or computer system), or by communicating a specific SMS text message or radio signal, which when communicated to the computer, computer system or server, temporarily authenticates the mobile device to an access session within the computer, computer system or server.
- a signal in response, e.g., a pattern or code on the device’s display (which may be optically scanned by the server, computer or computer system), or by communicating a specific SMS text message or radio signal, which when communicated to the computer, computer system or server, temporarily authenticates the mobile device to an access session within the computer, computer system or server.
- the foregoing device registration may be temporary.
- the server, computer or computer system operator may set a fixed time duration for the access session and/or close the registration when the access session on the server, computer or computer system is terminated by the user.
- the server, computer or computer system operator may also program the system (including the server and/or computer system) to terminate the access session registration after a predetermined timeout period in which no user input or commands are entered into the mobile device by the user.
- the mobile device may be further authenticated by entry into a data input field (whether on the mobile device or other session data entry facility) the user’s passwords, passcodes, user’s biometric information (e.g., fingerprint scan) or other multi-factor authentication methods already set up by the user with respect to the particular mobile device. Such authentication replaces the need for the computer system, computer or server to store user passwords or other authentication data for the particular user or any other user.
- Mobile device authentication can also be performed by linking the authentication method to the user’s employer site (company) login facility, a user Google (or social media) account login, a user Microsoft account login, linked or other third party mobile device authentication service.
- the purpose of the foregoing mobile device authentication is to identify the mobile device as belonging to the particular user, and thus authenticating the user without the need to store personal identification information concerning the user. Only the user would be expected to know the authentication code(s) or have the required biometric properties or information to satisfy any of the foregoing authentication methods.
- the authenticated mobile device can then be used to authenticate the optical identification (e.g., QR) code when such code is transmitted by the server, computer or computer system.
- the optical identification e.g., QR
- the wearable security device such as a key fob, wrist band, data card (e.g., photo ID card) on a lanyard, or other wearable security device issued by the system operator entity designated by the system operator.
- the wearable security device comprises a biometric sensor such as may be embedded in a wrist-worn band.
- the wearable security device may have an embedded radio frequency identification (RFID) tag and an embedded optical identification code such as a QR code.
- RFID radio frequency identification
- QR code embedded optical identification code
- the user presents the wearable security device to the authenticated mobile device to scan the optical identification code embedded in the wearable security device or to interrogate the RFID tag. This action authenticates the wearable security device, temporarily “pairing” it with the authenticated mobile device.
- the wearable security device can at that point be used temporarily to access a secure computer system, computer or server and/or a secure physical premises, whether using the mobile device or the wearable security device to gain physical access.
- This process may be performed by individually linking multiple devices using sensors and device authentication.
- the user To gain access to a secure premises or to privileged information, the user must have an active wearable security device and/or confirm the optical identification code or RFID tag on the wearable security device and the mobile device.
- the wearable security device may be one or more forms of a biometric sensing device sold under the trademark SYMP2PASS, which is a trademark registered in Canada of Idea Capital Inc., Edmonton, AB, Canada.
- SYMP2PASS sensor may comprise a radio frequency identification (RFID) tag with an identified, or embedded optical code such as a QR code to identify the specific wearable security device.
- RFID radio frequency identification
- the wearable security device may form part of a kit to perform an olfactory sensitivity test, wherein a scent strip is provided with the wearable security device.
- a questionnaire may be answered, for example by accessing an Internet site associated with the provider of the wearable security device to which a user responds. Answers to the questionnaire may then associate certain medical diagnoses, such as exposure to a contagious condition, based on the answers to the questionnaire.
- the wearable security device will have associated therewith medical information relevant to the particular user of the wearable security device without access to any personal medical information of such user.
- one or more biometric sensors may be associated with the wearable security device, such as, and without limitation, a blood oxygenation sensor, a temperature sensor, a cardiac pulse rate sensor, a sphygmomanometer and a respiration rate sensor.
- a blood oxygenation sensor such as, and without limitation, a blood oxygenation sensor, a temperature sensor, a cardiac pulse rate sensor, a sphygmomanometer and a respiration rate sensor.
- Such sensor(s) may have data stored on any form of electronic data storage medium associated with the wearable security device, which data when communicated to a computer or computer system operated by the provider of the wearable security device, may make one or more inferences about the health condition of the user, for example, infection by a communicable disease.
- Such inference(s) may be communicated to the computer, server or computer system that has authentication required access, or controls access to a secure facility described above.
- FIG. 1 An example embodiment of a method and system components used therewith according to the present disclosure are shown in FIG. 1.
- a wearable security device 20 such as a wristband has embedded information, e.g., concerning an amount of access to secure information that is available by the user having purchased or otherwise obtained access rights, as explained above.
- the embedded information may be interrogated and displayed to the user, for example, on a mobile device 30 such as a smartphone, having resident thereon an appropriate application or computer program.
- the user may attempt to gain access to the secure information such as at a terminal 40 provided by the system operator.
- the terminal 40 as explained above may be in communication with a server, computer or computer system or server whereon resides the secure information.
- the wearable security device 20 may be presented to the terminal 40 for validation, such as by reading an embedded optical identification code such as a QR code.
- the mobile device 30 may be paired with the secure computer system or server by the mobile device 30 scanning an optical identification (e.g., QR) code displayed by the terminal 40 in response to the user entering a request for access.
- an optical identification e.g., QR
- the wearable security device 20 is validated for use with the mobile device 30 as explained above by validating the embedded identification code on the wearable security device 20.
- a sample display screen on the terminal 40 is shown on the right hand side of FIG. 1.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
- Mobile Radio Communication Systems (AREA)
- Selective Calling Equipment (AREA)
- Lock And Its Accessories (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3205932A CA3205932A1 (en) | 2020-12-21 | 2021-12-21 | Multi-factor authentication employing a wearable mobile device, and access-control systems |
AU2021405284A AU2021405284A1 (en) | 2020-12-21 | 2021-12-21 | Multi-factor authentication employing a wearable mobile device, and access-control systems |
EP21909678.1A EP4264579A1 (en) | 2020-12-21 | 2021-12-21 | Multi-factor authentication employing a wearable mobile device, and access-control systems |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202063128366P | 2020-12-21 | 2020-12-21 | |
US63/128,366 | 2020-12-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022137136A1 true WO2022137136A1 (en) | 2022-06-30 |
Family
ID=82157536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2021/062132 WO2022137136A1 (en) | 2020-12-21 | 2021-12-21 | Multi-factor authentication employing a wearable mobile device, and access-control systems |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP4264579A1 (en) |
AU (1) | AU2021405284A1 (en) |
CA (1) | CA3205932A1 (en) |
WO (1) | WO2022137136A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019159206A1 (en) * | 2018-02-15 | 2019-08-22 | Archimedetech Srl | Identity authentication process/method by sending and exchanging a temporary personal password among at least four electronic devices for recharges, payments, accesses and/or ids of the owner of a mobile device, such as a smartphone |
AU2020102011A4 (en) * | 2020-08-27 | 2020-10-08 | Varnavelias, Izabela MRS | A electronic biometric system |
-
2021
- 2021-12-21 WO PCT/IB2021/062132 patent/WO2022137136A1/en unknown
- 2021-12-21 EP EP21909678.1A patent/EP4264579A1/en active Pending
- 2021-12-21 CA CA3205932A patent/CA3205932A1/en active Pending
- 2021-12-21 AU AU2021405284A patent/AU2021405284A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019159206A1 (en) * | 2018-02-15 | 2019-08-22 | Archimedetech Srl | Identity authentication process/method by sending and exchanging a temporary personal password among at least four electronic devices for recharges, payments, accesses and/or ids of the owner of a mobile device, such as a smartphone |
AU2020102011A4 (en) * | 2020-08-27 | 2020-10-08 | Varnavelias, Izabela MRS | A electronic biometric system |
Also Published As
Publication number | Publication date |
---|---|
EP4264579A1 (en) | 2023-10-25 |
AU2021405284A1 (en) | 2023-07-06 |
CA3205932A1 (en) | 2022-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230134823A1 (en) | Proximity-Based System for Object Tracking | |
US11095640B1 (en) | Proximity-based system for automatic application or data access and item tracking | |
US11182792B2 (en) | Personal digital key initialization and registration for secure transactions | |
US20210334481A1 (en) | Proximity-Based System for Object Tracking an Automatic Application Initialization | |
RU2710889C1 (en) | Methods and systems for creation of identification cards, their verification and control | |
US9210165B2 (en) | Confidential information access via social networking web site | |
US10482225B1 (en) | Method of authorization dialog organizing | |
US9946860B1 (en) | Systems and methods for allowing administrative access | |
US20220301667A1 (en) | Computer system, method, and device for verifying an immunization status | |
WO2022137136A1 (en) | Multi-factor authentication employing a wearable mobile device, and access-control systems | |
Khatoon et al. | Integrating OAuth and aadhaar with e-health care system | |
US11863994B2 (en) | System and network for access control using mobile identification credential for sign-on authentication | |
Hamid | A Secured Clinic Booking System with Multi Factor Authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21909678 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3205932 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2021405284 Country of ref document: AU Date of ref document: 20211221 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021909678 Country of ref document: EP Effective date: 20230721 |