EP1356360A2 - Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles - Google Patents

Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles

Info

Publication number
EP1356360A2
EP1356360A2 EP01951085A EP01951085A EP1356360A2 EP 1356360 A2 EP1356360 A2 EP 1356360A2 EP 01951085 A EP01951085 A EP 01951085A EP 01951085 A EP01951085 A EP 01951085A EP 1356360 A2 EP1356360 A2 EP 1356360A2
Authority
EP
European Patent Office
Prior art keywords
cryptographic
processor
cryptographic signature
person
audible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01951085A
Other languages
German (de)
English (en)
Inventor
Gregory Rose
Franklin P. Antonio
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of EP1356360A2 publication Critical patent/EP1356360A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3272Short range or proximity payments by means of M-devices using an audio code

Definitions

  • the present invention pertains generally to the field of electronic security, and more particularly to the authentication of individuals through audible tones.
  • electronic authentication of an individual can be performed by: 1. Authentication through knowledge, i.e., a password or a personal identification number (PIN) entered into a machine;
  • an individual may perhaps need a PIN for an ATM machine, a password to log on to a computer at work, a password to access the Internet service provider at home, a proximity card to gain access to a secure building, and a garage door opener to gain entry into a house.
  • ATM automatic teller machine
  • smartcards require a smartcard reader
  • voice ID would require a voice encoder /decoder
  • DNA sample would require a laboratory.
  • the present invention pertains to an apparatus that can be used by an individual to securely identify one's self to another party, wherein the apparatus comprises: a processor; a storage element coupled to the processor, wherein the storage element includes an instruction set executable by the processor for generating a cryptographic signature; and a sound component coupled to the processor, wherein the processor commands the sound component to generate an audible tone associated with the cryptographic signature.
  • multiple signatures using multiple cryptographic keys can be either stored or generated by the storage element and the processor.
  • the apparatus further comprises an input element for bi-directional data transfers with other electronic devices.
  • the apparatus further comprises a user interface that can be used to supply an activation code.
  • FIG. 1 is a block diagram of a physical implementation of an exemplary embodiment
  • FIG. 2 is a block diagram of an authentication procedure between an individual and a database manager, wherein an exemplary embodiment is used to authenticate the identity of the individual;
  • FIG. 3 is a flow chart of an authentication method using the exemplary embodiment.
  • FIG. 1 is an exemplary embodiment of a device 5 comprising a processor 10, a storage element 20 coupled to the processor 10, and a sound component 30 coupled to the processor 10, wherein the storage element 20 is configured to store a set of cryptographic signatures and the processor 10 is configured to control the generation of audible tones from the sound component 30, wherein each audible tone is associated with a signature from the set of cryptographic signatures.
  • the device 5 can be implemented in a small, portable size with the use of microprocessors, or application specific integrated circuits (ASICs), or any other logic capable of a control function.
  • the storage element 20 can be any memory device, such as a random access memory (RAM), flash memory, or a disk storage medium.
  • the sound component 30 can be implemented by any mechanical or electronic sound generation device, such as a speaker, along with an optional sound reception device, such as a microphone.
  • the device 5, which will be referred to hereinafter as a "token,” can be carried and activated by an individual whenever some form of identification must be provided to an entity requesting identity authentication.
  • One method for generating cryptographic signatures is public-key cryptography.
  • a public-key cryptography scheme a user has both a private key and a public key for encrypting documents. The user encrypts a communication with the user's private key and sends the encrypted communication to a targeted party, who then decrypts the communication with the user's public key. The fact that the targeted party was able to decrypt the communication with the user's public key would be the electronic signature that authenticates the communication as originating from the user.
  • a public-key cryptography scheme is illustrative only and the exemplary embodiments may incorporate other signature-generating schemes.
  • audible tones are generated to uniquely represent the cryptographic signatures stored on or generated by the token.
  • desktop and laptop computers currently integrate microphones into the computer system and almost all desktop and laptop computers carry the capability to generate sounds.
  • the exemplary embodiment can be advantageously implemented to operate with desktop and laptop computers running the appropriate software.
  • Other electronic devices including, but not limited to, personal data assistants (PDAs), mobile phones, and pagers can also be used with the exemplary embodiment with a proper I/O add-on or software upgrade.
  • the exemplary embodiment can be used with any communication system that is capable of carrying audible tones. Examples include, but are not limited to telephone networks, building intercom systems, and radio communication networks.
  • FIG. 2 is a block diagram of a basic authentication system between an individual and a database manager, wherein a token is used to authenticate the identity of the individual in accordance with one embodiment.
  • a first party 100 intends to access information protected by a database manager 103.
  • the first party 100 holds a token 101 up to a microphone (not shown) coupled to a computer 102, wherein the computer 102 is in communication with the database manager 103.
  • the token 101 generates audible tones to the computer 102, which then transmits the tones, or the cryptographic signature represented by the tones, to the database manager 103.
  • the database manager 103 verifies the first party's identity by retrieving authentication information from the database 104.
  • the individual 100 can then proceed with a private transaction.
  • the freshness of a signature can be ensured through a challenge/response procedure chosen by the database manager 103, wherein the signature is generated in response to a challenge from the database manager 103.
  • the sound component of the token 101 comprises a sound generation element and a sound reception element, so that the token 101 can detect audible tones from the speakers of the computer 102.
  • a token can be programmed to carry multiple keys that would identify an individual to multiple entities.
  • a token can be programmed to generate an audible signature that would identify a token holder to a financial institution over a telephone line.
  • the token can also be programmed to generate a second audible signature that would identify a token holder to a computer network over a microphone hooked up to a computer in the network.
  • the same token can be programmed to generate a third audible signature to a proximity card reader in order to gain access to a secure building.
  • the audible signatures would be generated in accordance with one or more cryptographic keys, wherein the private key portions of the cryptographic keys remain secret within the token, and the corresponding public key portions are used by any entity to verify the audible signatures.
  • One method of generating electronic signatures using private keys and public keys is the Digital Signature Algorithm, promulgated in Federal Information Processing Standard Publication 186-1.
  • the token can further comprise another form of input element, such as a parallel port, a serial port, or a universal serial bus, so that the token can interact with another party through a medium other than audible sound.
  • Various authentication protocols exist in which both parties must exchange information in order to confirm the identity of the opposite party.
  • a token can be programmed with a public-key cryptographic scheme wherein an exchange of public keys must be made.
  • the token can store predetermined cryptographic signatures in the storage element, or the token can generate cryptographic signatures in response to a signal from an external source.
  • the exemplary embodiment may also include an output element for communicating with electronic devices more directly, rather than through sound generation.
  • the sound component will be engaged for authentication functions, but an output element can be engaged for data transfers, such as the backup of the cryptographic signatures onto a personal computer or the exchange of public key information.
  • an activation requirement can be programmed into a token, so that another party may not use the token fraudulently or accidentally.
  • a user interface can be incorporated with the token so that an activation check can be performed.
  • a token will not generate an authentication signature unless it receives confirmation as to the identify of its user.
  • Confirmation can come in the form of a PIN entered into a keypad.
  • confirmation can be determined from a voice print, wherein the user interface is a microphone and the processor has sufficient processing ability to enable voice recognition. Voice recognition methods are well known in the art and will not be discussed in detail herein.
  • Another method to activate a token that has a microphone input would be to use a Dual Tone Multi-Frequency (DTMF) device to input the activation code.
  • DTMF Dual Tone Multi-Frequency
  • This method has the advantage of requiring little processing complexity and requiring an inexpensive and commonly available DTMF sound generator (such as a telephone).
  • Another implementation of the activation requirement is to have the sound component utter numbers in a sequential or non-sequential manner. Whenever a number in the PIN is uttered, the user presses the activation button to register the number with the processor.
  • each cryptographic signature can be associated with its own activation requirement, so that the token may require a different activation check for each authentication request from separate entities.
  • the token can be programmed to become inactive if too many attempts are made to input the activation code.
  • the sound component of the token can be configured to generate encoded audible tones, wherein the encoding will increase the probability that the cryptographic message or signature will be delivered without error.
  • Modulation techniques including, but not limited to Dual Tone Multi-Frequency (DTMF) and Frequency Shift Keying (FSK), can be implemented in order to create a more distinguishable sound amidst loud background noises.
  • the functionality of the sound component can be supplemented with an infrared port.
  • an infrared port may be used advantageously in those circumstances where the use of a sound component would be awkward and undesirable, such as in a public place.
  • the sound component can generate ultrasonic frequencies.
  • the generation of ultrasonic frequencies can be made by an add-on device that works in conjunction with the exemplary embodiment.
  • Such an add-on device would be connected to the exemplary embodiment through audible tones or through an output element.
  • FIG. 3 is a flowchart of an authentication method using a token holding a cryptographic signature.
  • the method is described in relation to a customer trying to access private bank records. However, it should be apparent to one skilled in the art that the method can be applied to any situation wherein a party is trying to access private information or establish access to a computer system or building.
  • a customer enters a banking web site using a personal computer.
  • the banking web site asks for the identity of the customer by sending a coded challenge to the personal computer, wherein the coded challenge is encoded using a public key of the customer.
  • the personal computer requests authentication from the customer.
  • the customer holds a token near the microphone and the speakers of the personal computer and presses an activation button.
  • a series of audio tones plays between the token and the personal computer.
  • the personal computer decodes the audio data and encodes a response to the web site using the coded challenge and the decoded audio data.
  • the web site verifies the digital signature on the response from the personal computer by using its own private key.
  • a token can be used to authenticate the identity of an individual without the need of a personal computer.
  • Most businesses have customer service departments that are accessible through the telephone.
  • customers who have accounts with a business are asked to provide a piece of "secure" information, such as the maiden name of the customer's mother, or the last four digits of a Social Security number, in order to establish the identity of the calling party.
  • "secure" methods are inadequate precautions when a close family member, personal friend, or other party has knowledge of the same information asked by the customer service representative.
  • a customer service representative can authenticate the identity of the customer through the transmission of audible tones over a telephone network.
  • a customer holds the token over the mouthpiece of a telephone and presses the activation button.
  • the customer service representative holds the ear piece of the telephone against a sound detection/ decoding device that compares the received audible tone to a database of tones. A positive match confirms the identity of the calling party.
  • the exemplary embodiments can be implemented whenever a database for storing information pertaining to the authentication process, as discussed above, exists at the receiving end.
  • the processor of the exemplary embodiment can be configured to implement any one of the various cryptographic schemes that are presently available.
  • the exemplary embodiment can be used to implement one cryptographic scheme with one party and another cryptographic scheme with another party.
  • the basic implementation of the exemplary embodiment can be performed without the need for a physical connection to an intermediary device because it can communicate with the separate parties through the almost universal communication medium of sound.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processor may advantageously be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, micro-controller, or state machine.
  • the software module could reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé et un appareil qui permettent à des personnes de s'identifier de façon sûre lors de transactions commerciales électroniques dans lesquelles interviennent d'autres parties. Un jeton stocke ou détermine un ensemble de signatures cryptographiques et utilise une composante sonore pour générer une tonalité audible unique représentative d'une signature cryptographique. La tonalité audible est transmise à une partie qui demande l'authentification du détenteur du jeton, après quoi la partie détermine si les informations transmises par la tonalité audible existent dans une base de données d'identités.
EP01951085A 2000-07-07 2001-06-18 Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles Withdrawn EP1356360A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US61156900A 2000-07-07 2000-07-07
US611569 2000-07-07
PCT/US2001/041049 WO2002005078A2 (fr) 2000-07-07 2001-06-18 Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles

Publications (1)

Publication Number Publication Date
EP1356360A2 true EP1356360A2 (fr) 2003-10-29

Family

ID=24449543

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01951085A Withdrawn EP1356360A2 (fr) 2000-07-07 2001-06-18 Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles

Country Status (13)

Country Link
EP (1) EP1356360A2 (fr)
JP (1) JP2004517376A (fr)
KR (1) KR20030022848A (fr)
CN (1) CN1708772A (fr)
AU (1) AU2001272018A1 (fr)
BR (1) BR0112239A (fr)
CA (1) CA2416202A1 (fr)
IL (1) IL153636A0 (fr)
MX (1) MXPA03000124A (fr)
NO (1) NO20030046L (fr)
RU (1) RU2003103604A (fr)
TW (1) TW513629B (fr)
WO (1) WO2002005078A2 (fr)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1333406A1 (fr) * 2002-02-04 2003-08-06 Siemens Aktiengesellschaft Authentification avec une tonalité d'appel
US7966497B2 (en) * 2002-02-15 2011-06-21 Qualcomm Incorporated System and method for acoustic two factor authentication
US7487362B2 (en) 2002-02-15 2009-02-03 Qualcomm, Inc. Digital authentication over acoustic channel
US20030212549A1 (en) * 2002-05-10 2003-11-13 Jack Steentra Wireless communication using sound
US7401224B2 (en) 2002-05-15 2008-07-15 Qualcomm Incorporated System and method for managing sonic token verifiers
US7349481B2 (en) * 2002-07-01 2008-03-25 Qualcomm Incorporated Communication using audible tones
AU2011205391B2 (en) 2010-01-12 2014-11-20 Visa International Service Association Anytime validation for verification tokens
AU2015200701B2 (en) * 2010-01-12 2016-07-28 Visa International Service Association Anytime validation for verification tokens
CN102971758A (zh) 2010-04-14 2013-03-13 诺基亚公司 用于提供自动化支付的方法和装置
CN201846343U (zh) * 2010-09-25 2011-05-25 北京天地融科技有限公司 以语音方式与手机通信的电子签名工具
KR101103525B1 (ko) * 2010-12-06 2012-01-09 엘지이노텍 주식회사 조명 장치
KR101103524B1 (ko) * 2010-11-30 2012-01-09 엘지이노텍 주식회사 조명 장치
US20120197806A1 (en) * 2011-01-31 2012-08-02 Jason Lester Hill Sonic based digital networking
WO2013009255A1 (fr) * 2011-07-11 2013-01-17 Show & Pay Ab Dispositif de sécurité et procédé de support de validation dans un processus de validation pour un utilisateur final interagissant avec un site internet
US8682297B2 (en) 2011-10-11 2014-03-25 Tangome, Inc. Seamlessly authenticating device users
CN102567881A (zh) * 2011-12-30 2012-07-11 深圳盒子支付信息技术有限公司 新型网络支付系统和方法
US8826415B2 (en) * 2012-09-04 2014-09-02 Apple Inc. Automated device access
US9460590B2 (en) 2012-09-24 2016-10-04 Wal-Mart Stores, Inc. Determination of customer proximity to a register through use of sound and methods thereof
WO2014103072A1 (fr) * 2012-12-28 2014-07-03 楽天株式会社 Système de contrôle d'accès, procédé de contrôle d'accès, terminal mobile, procédé de commande de terminal mobile, support d'enregistrement sur lequel le programme de commande de terminal mobile est enregistré, et programme de commande de terminal mobile
CN103220599A (zh) * 2013-03-22 2013-07-24 福州欣联达电子科技有限公司 便携式设备耳麦接口与串行通讯接口转换方法及转换器
GB2520307A (en) * 2013-11-15 2015-05-20 Robert Culyer Barcode authentication method
CN104112307B (zh) * 2014-06-24 2016-11-16 福建歌航电子信息科技有限公司 利用声波进行开锁的电子锁及其开锁方法
CN104463587A (zh) * 2014-09-24 2015-03-25 冯林 支付认证系统
US9344892B1 (en) 2016-01-19 2016-05-17 Fmr Llc Mobile device authentication and call routing using dual-tone multi-frequency signaling
CN105700448B (zh) * 2016-01-29 2018-06-08 中国联合网络通信集团有限公司 远程监控方法和远程监控系统
CN105809790B (zh) * 2016-03-10 2018-04-10 上海斐讯数据通信技术有限公司 一种声波锁系统及自动解锁的方法
JP6644153B2 (ja) * 2016-09-02 2020-02-12 シャープ株式会社 応答装置およびその制御方法、ならびに制御プログラム
CN106981111A (zh) * 2017-03-22 2017-07-25 福建农林大学 一种利用非对称加密算法加密声波数据的电子开关锁及其开锁方法
CN108040186B (zh) * 2017-11-15 2021-02-09 维沃移动通信有限公司 一种dtmf信号的发送方法及移动终端

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL64675A0 (en) * 1981-12-30 1982-03-31 Greenberg Avigdor Data verification system
FR2640835B1 (fr) * 1988-12-07 1994-06-24 France Etat Dispositif d'authentification pour serveur interactif
US5583933A (en) * 1994-08-05 1996-12-10 Mark; Andrew R. Method and apparatus for the secure communication of data
FR2753860B1 (fr) * 1996-09-25 1998-11-06 Procede et systeme pour securiser les prestations de services a distance des organismes financiers
AU5997299A (en) * 1998-10-02 2000-04-26 Comsense Technologies Ltd. Card for interaction with a computer
WO2001011575A1 (fr) * 1999-08-09 2001-02-15 Wow Company S.A. Dispositif de certification portatif a couplage acoustique

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0205078A2 *

Also Published As

Publication number Publication date
WO2002005078A2 (fr) 2002-01-17
NO20030046D0 (no) 2003-01-06
AU2001272018A1 (en) 2002-01-21
JP2004517376A (ja) 2004-06-10
RU2003103604A (ru) 2004-06-10
NO20030046L (no) 2003-02-21
BR0112239A (pt) 2006-05-02
IL153636A0 (en) 2003-07-06
CN1708772A (zh) 2005-12-14
CA2416202A1 (fr) 2002-01-17
MXPA03000124A (es) 2003-09-22
KR20030022848A (ko) 2003-03-17
WO2002005078A3 (fr) 2003-08-21
TW513629B (en) 2002-12-11

Similar Documents

Publication Publication Date Title
WO2002005078A2 (fr) Procede et appareil permettant une validation d'identite sure a l'aide de tonalites audibles
US9231944B2 (en) Method and apparatus for the secure authentication of a web site
JP4680505B2 (ja) 簡易音声認証方法および装置
US8755501B2 (en) Acoustic encoding of dynamic identification codes
US8943583B2 (en) System and method for managing sonic token verifiers
EP2339550A1 (fr) Carte de crédit/débit à mot de passe unique
US20030159050A1 (en) System and method for acoustic two factor authentication
JP2004519874A (ja) 信頼された認証デジタル署名(tads)システム
US7836308B2 (en) Apparatus and method for multiple function authentication device
JP3925613B2 (ja) 個人認証システムおよび個人認証方法
JP2001298779A (ja) 携帯情報端末およびこれを用いたサービスシステム
KR20030025962A (ko) 사운드기반의 보안카드를 이용한 사용자 인증방법
JP2002288623A (ja) Icカードシステム
KR20020073717A (ko) 지문인식과 스마트 카드를 이용한 오프라인상의 본인 인증시스템 및 방법
GB2498326A (en) Secure identity authentication method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030102

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20060509