EP2215607A1 - Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur - Google Patents

Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur

Info

Publication number
EP2215607A1
EP2215607A1 EP08847561A EP08847561A EP2215607A1 EP 2215607 A1 EP2215607 A1 EP 2215607A1 EP 08847561 A EP08847561 A EP 08847561A EP 08847561 A EP08847561 A EP 08847561A EP 2215607 A1 EP2215607 A1 EP 2215607A1
Authority
EP
European Patent Office
Prior art keywords
sensor
terminal
authentication method
authentication
colors
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08847561A
Other languages
German (de)
English (en)
Inventor
M. A. Matthias Von Tippelskirch
Frank Meissner
Steffen Miske
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ELEGATE GmbH
Original Assignee
ELEGATE GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from DE102007053736A external-priority patent/DE102007053736A1/de
Priority claimed from DE102008020792A external-priority patent/DE102008020792A1/de
Application filed by ELEGATE GmbH filed Critical ELEGATE GmbH
Publication of EP2215607A1 publication Critical patent/EP2215607A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/29Individual registration on entry or exit involving the use of a pass the pass containing active electronic elements, e.g. smartcards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/60Indexing scheme relating to groups G07C9/00174 - G07C9/00944
    • G07C2209/62Comprising means for indicating the status of the lock

Definitions

  • the invention relates to an authentication method and an arrangement for carrying out such an authentication method and a corresponding computer program and a corresponding computer-readable storage medium, which in particular a simple and very cost-effective method for authenticating people in the use of services using standard mobile terminals without technical extensions such as RFID (Radio Frequency Identification) upgrade or the like.
  • RFID Radio Frequency Identification
  • Mobile radio terminals have found widespread coverage. They are therefore ideally suited to form a standard for communicating changing access and usage information, provided that the user can use the system inexpensively and above all cost-effectively.
  • Standard functions in the sense of this description comprises in today's commercial mobile radio devices sound emitting and receiving components (transducers, speakers in general, and microphone), color displays, numeric keypads and the ability to load software in the non-volatile memory, from there to carry out and thus provide additional functionality.
  • NFC Near Field Communication, eg about 10 cm range at 13.56 MHz, 424 kbit / s, communication of active devices with each other and active devices with passive parts
  • RFID Radio Frequency IDentification, different values of 1 cm to several meters range, frequency ranges from LF, HF over UHF to microwave, only communication of active readers with passive tags).
  • the object of the present invention is therefore an authentication method and an arrangement for carrying out such an authentication method and a corresponding
  • a particular advantage of the invention is that for their implementation in a first embodiment of the invention only a conventional terminal with microphone and speakers, standard data processing equipment and a simple acoustic sensor for receiving sound waves are required.
  • an authentication code generates acoustic signals in the form of different sound wave compositions.
  • a second embodiment according to the invention provides that optical signals in the form of different colors are generated from the authentication code. To realize this second embodiment, only a conventional terminal with color display, standard data processing directions and a simple optical sensor to detect the different colors required.
  • both embodiments may be combined and implemented with a conventional microphone and speaker terminal, color display, standard data processing equipment, and simple acoustic and optical sensors for picking up sound waves or colors.
  • a preferred embodiment of the invention provides that both signal forms - acoustic and optical - are used simultaneously or successively in combination, preferably with the same terminal. All method steps, which will be described below for one of the two signal types, can therefore also be executed in combination for the other of the two signal types or for both signal types.
  • At least one authentication code is generated by a unit.
  • This unit may, for example, be a service provider, a service provider or another entity offering services.
  • the unit may also be at least one data processing device, by means of which the service provider, the service provider or the other entity providing services can automatically generate the at least one authentication code.
  • information about at least the at least one authentication code is made available to one or more users. If it is not a personal authentication code, as it is conceivable, for example, when accessing an event, information about the same authentication code can be made available to multiple users. Of course, in the case of personal authentication codes, only one user will gain access to the corresponding authentication code.
  • the unit for managing this data uses a central computer system which is part of the at least one data processing device and consists of one or more servers.
  • the central computer system preferably also, for example, manages, for example, the authentication codes and the usable services.
  • a user enters his data when logging in or when requesting a service via a web browser.
  • the unit preferably via the central computer system, advantageously provides a web page with a corresponding input mask.
  • the data entered by a user includes, for example, information identifying the user, such as personal data and a password, account information, the identifier by which the terminal can be reached, and / or the desired services.
  • the unit After a user has logged in and requested a service provided by the unit, for example, by transmitting the identifier of his terminal and the desired service to the unit, the unit generates an authentication code which the user uses to legitimize the call the performance is demonstrated.
  • the at least one authentication code and / or information about at least this at least one authentication code is automatically sent by the unit, for example using the central computer system, to the identifier indicated by the user.
  • special software which processes the authentication code and / or the information about at least the authentication code, generating data enabling the user's terminal to transmit sound waves of different frequency in chronological order via the loudspeaker output and / or display different colors in chronological order on the color display.
  • the authentication code itself is converted into a sequence of sound wave compositions (tones) in the frequency range of audible tones, but also in the infra and ultrasound range from a few tenths of a hertz to about a hundred kilohertz, which converted by the speaker output color sequence, which is output to the color display when the user has to legitimize himself to claim the desired service.
  • the legitimization takes place in that the special software converts the authentication code itself into a color sequence which is output on the color display.
  • the particular software may also process the information about the at least one authentication code alone or this information along with the transmitted authentication code to generate the sequence of sound wave compositions and / or the color sequence corresponding to the authentication code, which may be required by the speaker and / or the color display is issued.
  • the invention further comprises a sensor (acoustic sensor) for detecting the various sound wave compositions output by the loudspeaker and / or a sensor (optical sensor) for detecting the different colors output by the color display.
  • the acoustic sensor can be, for example, a simple microphone with a downstream storage or processing unit or a complex device such as a telephone with IP transmission technology ("IP telephone") which is well known from the telecommunications sector.
  • CCD Charge-Coupled Device
  • Such a color sensitive light detector is an integrated circuit which only displays the presence of light without further image information.
  • these sensors are preferably used by the service providers or service providers to legitimize the user who wants to use their services to verify.
  • the sensor or the sensors is connected via means for data exchange with at least one evaluation unit, which has access to the authentication codes generated by the unit.
  • the user positions the speaker and / or the color display of the terminal in the area that is detected by the sensor, and starts a program showing the output of the various sound wave compositions through the speaker and / or the output of the various colors on the color display executed in chronological order.
  • a specific sequence of different sound wave compositions and / or colors defines the authentication code.
  • Such a tone and / or color series, which defines an authentication code may also be referred to as a cycle.
  • the cycle is issued only once or several times in succession. It may further be provided that the sound wave compositions representing the authentication code and / or colors are output discreetly one after the other, or that the various sound wave compositions and / or colors flow smoothly into one another by gradual change.
  • the sensor detects the sound waves emitted via the loudspeaker and / or the colors shown on the color display and sends the corresponding signals to the at least one evaluation unit, which evaluates and decodes the signals.
  • the decoding results in a signal sequence which is compared with the authentication codes generated by the unit. If a corresponding authentication code is determined during this comparison, the user is deemed to be legitimized and the service is released.
  • the sound wave compositions and / or colors associated with the authentication code and the further data can be output directly in succession in one cycle or in separate cycles.
  • additional data may be, for example, data required by transactions, such as passwords or transaction numbers (TANs) for bank transfers.
  • An arrangement for carrying out an authentication method comprises at least one data processing device, at least one terminal equipped with a loudspeaker and / or a color display and at least one sensor for detecting sound wave compositions and / or at least one sensor for detecting colors.
  • the at least one data processing device comprises a central computer system, which consists of one or more computers.
  • the components of the arrangement are at least temporarily interconnected by means for data transmission.
  • the arrangement is further set up such that in the at least one data processing device, authentication codes and data describing useful services are stored.
  • the data describing the available services may be provided to the at least one data processing device by the respective service providers or Be made available to service operators.
  • An authentication code is preferably generated by a program installed on the at least one data processing device when a user requests a specific service provided.
  • the generation of authentication codes is linked to further actions. For example, it may be provided to generate an authentication code only when payment for the service has been confirmed or a requested identifier, such as a password or a TAN, has been entered correctly.
  • the arrangement according to the invention is connected via a communication link to an input device such as a PC, a notebook, mobile phone or other Internet-compatible data processing equipment.
  • an input device such as a PC, a notebook, mobile phone or other Internet-compatible data processing equipment.
  • the arrangement provides an internet page with a corresponding input mask, which can be operated via a browser which is displayed on a display of the internet-capable data processing device.
  • the latter is transmitted by the at least one data processing device to a terminal specified by the user. This can be done using a Short Massage Service (SMS) or by email.
  • SMS Short Massage Service
  • the authentication code or the information about the authentication code is processed by a special software installed on the user's terminal, whereby data is generated by this processing which causes that different sound wave compositions are sequentially output successively and / or on the color display of the terminal different colors in succession through the speaker of the terminal in time sequence.
  • These temporally successive sound wave compositions and / or color sequence represents at least the authentication code.
  • the authentication code is therefore in turn coded into a chronological sequence of sound wave compositions and / or colors.
  • the authentication code itself may be stored in a different form of representation in the various data processing devices involved in the authentication method according to the invention, for example in the form of ASCII (American Standard Code for Information Interchange) characters representing letters, numbers and / or special characters.
  • ASCII American Standard Code for Information Interchange
  • the processing of the authentication codes entered on the user's terminal or of the information about the authentication code can take place immediately after the data has been received on the terminal or only later after a corresponding user input.
  • each character represented as ASCII code ie all seven bits of the character, a single sound wave composition and / or a single color is assigned;
  • ASCII code or in general: each element of an authentication code
  • each of the seven bits of an ASCII code is assigned its own sound wave composition and / or own color, as is the use of packed data formats, such as binary stored numbers or packed BCD ( packed binary coded decimal), for digit information, in which case again the resulting byte codes sound wave compositions or colors can be assigned.
  • An important possible form of coding is also that not the codes or the individual elements of a code itself is assigned an acoustic wave composition and / or a color, but a distance between the individual elements of the code, for example between an element and its predecessor, into the Coding is received in order to achieve an even distribution or a change of the codes of the sound wave compositions and / or color codes even with consecutively consistent character codes (ACSII or packed formatting). Furthermore, in a preferred embodiment of the invention, it is provided that the at least one authentication code is coded in changes of the sound wave compositions and / or in changes of the colors in the temporal sequence.
  • Such coding on the basis of a relative frequency difference of the sound wave compositions and / or color difference has the advantage that in such a coding decoding errors that could arise due to differences in the representation of sound wave compositions on different speakers or by differences in the color representation of different color displays, in be avoided to a large extent.
  • a further embodiment provides an arrangement which is set up in such a way that the authentication code with which an identification or release takes place is formed using spoken words, word parts, word connections and / or sentences or generally from acoustic signals. These words, parts of words, phrases, sentences or acoustic signals are input to the device via means for inputting acoustic signals, for example microphone, and converted into the authentication code by means of data processing provided by the device.
  • This arrangement is particularly advantageous due to the omission of inputs via Keyboard or the like a previously common man-machine interface, which is complemented by the use of already built-in mobile devices devices for sound recording and low cost.
  • an authentication code can be established on a commercially available mobile device. In the applications considered so far, the authentication code comes exclusively from the central system.
  • the determination of authentication codes on the mobile radio device makes sense possible by the fact that according to this described method, no keystrokes or already existing or even predetermined data are used on the basis of which the authentication code is formed.
  • the user Upon request by a program on the mobile device, the user speaks a short phrase in the built-in microphone in the microphone.
  • the recorded sound waves are scanned in the mobile device, converted into computer-readable data and saved as a file.
  • the spoken words, the individual voice sound and the different environmental conditions make this data unique.
  • the authentication code is calculated.
  • the resulting authentication code or parts derived therefrom by cryptographic methods are transmitted to the central server.
  • the authentication code is used in the manner described above on the mobile device to trigger one of the actions described above. This arrangement is particularly advantageous in application systems that can be handled very easily by the user. This results in particularly secure, because unique and long enough authentication codes without keystrokes or other for less experienced users more cumbersome operations must be performed.
  • the arrangement according to the invention is used as follows.
  • the user positions for this the terminal is in the area detected by the sensor for detecting sound waves such that the sound waves emitted by the terminal can be detected by the sensor.
  • a terminal having (also) a speaker is placed in the area detected by the color detection sensor so that the colors on the color display of the terminal can be detected by the sensor. In this position, the output of the different sound wave compositions and / or the different colors in chronological order via the speaker and / or on the color display of the terminal.
  • the sound wave compositions and / or colors output by the color display are detected by the respective acoustic or optical sensor and transmitted to an evaluation unit connected to this sensor via means for data exchange, which evaluates the transmitted signals and decodes the various sound wave compositions output in chronological order. Positions and / or colors determines the authentication code.
  • the evaluation unit which evaluates the transmitted signals and restores the authentication code by decoding the different sound wave compositions and / or colors output in chronological order, has access to the authentication codes generated by the unit and stored in the central computer system.
  • the evaluation unit is part of the at least one data processing device or part of the central computer system, and the sensors for the detection of sound wave compositions and / or colors are connected via means for data exchange with the at least one data processing device or with the central computer system.
  • the evaluation unit thus has access to these authentication codes and compares the authentication code obtained by the decoding of the sequence of the sound wave compositions and / or the decoding of the color sequence with the authentication codes generated by the at least one data processing device and initiates the release of the requested performance if predetermined comparison criteria are fulfilled ,
  • the arrangement thus represents a system in which a terminal, preferably a mobile terminal, via the speaker or the display with
  • Receivers i. (Acoustic and / or optical) sensors, such as particular sound receivers or color sensors cooperates.
  • an authenticating identifier is passed from the mobile station to the receiving device. This identifier can contain both general, rarely changing information as well as a single use transaction number.
  • the transferable amount of data is variable because of the serialization of the information. It is not necessary to transfer a certain fixed and consistent amount of data if the amount of information does not require it, as is the case with 2D bar codes, for example, which must always be read completely, which implies a certain amount of data.
  • the amounts of data to be transmitted depend only on the amount of information actually transmitted.
  • the mobile station receives the information that is to be forwarded to the receiving device, in advance via standard services such as SMS or by data communication such as the establishment of a common Internet network connection (IP network or similar) via UMTS or GPRS or other GSM Services of mobile network operators.
  • standard services such as SMS or by data communication
  • IP network Internet network or similar
  • UMTS or GPRS or other GSM Services of mobile network operators IP network or similar
  • the system allows the transmission of the information from the mobile station to the receiving device without contact via frequency changes of sound wave compositions from the speaker of the mobile station and / or via color changes on the display of the mobile station.
  • the recording of the information can by special sensors, such as in the acoustic case, such as voice coil microphones with Downstream storage or processing units, or other suitable assemblies such as piezoelectric elements take place.
  • color-sensitive light detectors or other suitable components such as CCD lines or cameras can be used as sensors.
  • the color changes can be made over the entire surface or in certain geometric or other systematic arrangements.
  • a particular non-timed coding scheme of the sound wave assemblies and / or colors is used in conjunction with automatic threshold matching to enable secure data transmission from any mobile terminals in different environmental conditions.
  • An advantage of the system is the use of very inexpensive (sensor) or already available (built-in microphone or camera) receivers.
  • optical system is also applicable by generally available displays including parts of television screens, monitors in public facilities, computer monitors, etc. take over the representation of the information and mobile devices read this information, for example via a built-in camera.
  • the "acoustic" system is applicable by generally available sound sources including parts of TVs, speakers in public facilities, computers with connected sound devices, etc. take over the presentation of information and mobile devices read this information, for example via the built-in microphone.
  • a communication between two mobile terminals can be configured.
  • the principle can also be used by combining the aforementioned standard speakers, microphones and / or standard displays with special receivers.
  • the system is suitable, for example, for securing access to permanently used facilities, for example the service rooms of an organization or technical equipment such as computers, and for the access control for one-time events such as e.g. Theater performances or one-time access to technical services such as rental vehicles.
  • permanently used facilities for example the service rooms of an organization or technical equipment such as computers
  • one-time events such as e.g. Theater performances or one-time access to technical services such as rental vehicles.
  • An advantageous feature of the system is that the user must be present on the one hand close to the receiving device and on the other hand, the receiving unit is physically protected protected practice.
  • the system is realized by arranging several computers and communication devices.
  • a central server takes over the administration of the user and possibly transaction data.
  • the user deposits his data, including the telephone number of his mobile terminal and the desired services, via a web browser on the central server.
  • transaction-oriented services are designed.
  • the sending of codes is rare; Frequency and data for changing eg the codes are preferably determined only centrally.
  • Transaction services send the codes according to the situation, for example directly after a booking.
  • the user wants to use a received code, he must keep his mobile phone - even without a mobile network connection - ready to select the desired code menu-driven and keep the speaker in a few centimeters or the display a few millimeters away from the receiver.
  • the receiving device will perform the desired action.
  • the user has to identify himself at his mobile terminal by means of a PIN on the SIM card in order to use the mobile station. Any information in the memory of the mobile station or programs executed there can only be used by the user who has knowledge about the PIN of the SIM card used when switching on or at regular intervals.
  • the web registration for desired services can be as low-priced variant via the landline Internet o.a. while the business variant will choose the booking via mobile Internet connection.
  • An advantageous embodiment of the invention consists in the connection of the central server with many other, already existing or newly created services by the necessary data are taken by other providers and forwarded to the central server for processing. No duplicate user interaction is required here.
  • the system can be advantageously configured by using a very inexpensive sensor for the receiving devices.
  • the sensor opening can be made very practical (a few millimeters in diameter, covering by resistant sound-transmitting and / or translucent
  • An advantageous embodiment can be achieved for a variant of the system described by two mobile terminals via speakers and microphone or via display and often built-in cameras can communicate with each other.
  • This allows authentication codes and any other, this descriptive or supplementary or otherwise related information between two mobile devices without the aid of central services and computer exchange.
  • the mobile device becomes an identification card compared to other mobile devices, which manifests itself with the aid of the proposed method.
  • the two mobile devices function alternately as a terminal with speaker for the output of the authentication code and as an acoustic sensor, which is coupled to an evaluation unit (preferably integrated in the mobile device), for the evaluation and decoding of the authentication code.
  • the two mobile radio devices respectively function alternately as terminals with color display for displaying the authentication code and as an optical sensor.
  • the microphone and / or the camera of a mobile radio terminal can also be used to record processed information from other sound sources or displays. These can be, for example, promotion codes, booking codes, advertising or pricing information.
  • the invention provides a system for a universal access check to various services.
  • a central server is used for a central control of the user activities. At least the user data and information about available services or services are stored on the central server.
  • the central server interacts with the user's terminal on the one hand via standard mobile services such as SMS and on the other hand via a special, but very reasonably priced sensor (Receiving device) together.
  • the user's terminal communicates with the sensor in such a way that the terminal transmits sound information and / or color information to the corresponding acoustic or optical sensor. It proves to be advantageous if a terminal equipped with a loudspeaker and / or color display and with software execution options is used, since such a terminal then does not require any hardware extensions.
  • identification features of the mobile radio terminal are preferably transmitted to the sensor.
  • automatic access authorizations such as turnstiles or door openers can be controlled.
  • the system can also be used to register access to the central server connected to a data collection for any billing or even for a proof.
  • the system according to the invention can advantageously be extended to include microphones which are compulsorily integrated in the terminal and / or cameras which are advantageously integrated in the terminal in order to receive audio and / or visual output devices (loudspeakers or other audio sources or visual devices or other video sources), which are connected to the central server to be able to receive data.
  • audio and / or visual output devices latitude and longitude signals
  • These data can be general or special codes that can then be further processed in the terminal.
  • Another advantageous embodiment of the invention provides to summarize central server and sensor in a terminal, preferably in a mobile terminal, and a communication between this Execute terminal and a second terminal based on speakers and microphones and / or based on cameras and color displays, which are advantageously integrated respectively in each terminal.
  • at least one of the terminals comprises software for matching the data between the two mobile radio terminals regarding the settlement of payment, credit or debit values.
  • Another preferred embodiment of the invention provides to equip devices with an acoustic and / or optical sensor and a sound source, preferably a standard speaker, and / or a display, preferably a standard display, as input and output means. Otherwise, the device is preferably unattached. Furthermore, this device is according to the invention connected to the central server. The system according to this embodiment is further equipped with a software for operating the device via the central server, wherein the device is operated via the keyboard of the terminal as an input medium. The microphone or display of the terminal transmits the input data via different sound wave compositions and / or via different colors in chronological order to the acoustic or optical sensor of the device.
  • the device to be operated is a device in a physically secured environment or if the sound source, display and sensors of the device to be operated are in a physically secured environment.
  • a particular advantage is the use of the microphone of the terminal.
  • the terminal is equipped with a camera.
  • the microphone integrated in the terminal and / or the camera integrated in the terminal acts as information sink and a sound source or parts of the display of the device to be operated as an information source for the sound wave and / or color-supported data transmission according to the invention.
  • a further preferred embodiment of the invention provides for the method according to the invention also to be used without permanent server connection can, for example, by the central server is only temporarily connected to the sensor.
  • extended possibilities of cryptography are preferably used in order to achieve secure communication.
  • a computer program for carrying out the authentication method according to the invention makes it possible for a data processing device to carry out an authentication method after it has been loaded into the memory of the data processing device, wherein at least one data processing device interacts with at least one terminal and with at least one sensor at least temporarily via means for data transmission.
  • first information about the at least one authentication code is made available to at least one user, from the first information second information is created, which enables the terminal to output sound wave compositions in chronological order via the loudspeaker and / or display different colors in chronological order on the color display, an (acoustic) sensor for the detection of the different tones the temporal Sequence of the different sound wave compositions and / or an (optical) sensor for detecting the different colors detects the time sequence of the different colors, an evaluation unit connected to the acoustic and / or optical sensor having access to the at least one authentication code, the time sequence of various sound wave compositions and / or the different colors decoded and compared with the at least one authentication code, and depending on the comparison result, the use of services is released.
  • the computer program according to the invention is modular in construction, with individual modules being installed on different data processing devices.
  • Such computer programs can be made available for download (for a fee or free of charge, freely accessible or password-protected) in a data or communication network, for example.
  • the computer programs thus provided can then be utilized by a method in which a computer program according to claim 29 is downloaded from an electronic data network, such as from the Internet, to a data processing device connected to the data network.
  • a data processing device comprises at least a terminal and with at least one sensor at least temporarily interact via means for data transmission, and at least one authentication code is generated, first information about the at least one authentication code at least one user made available to be created from the first information second information, the terminal in make it possible to output sound wave compositions in chronological order via the loudspeaker and / or different colors in chronological order on the color display d to provide an (acoustic) sensor for detecting the different tones, the temporal sequence of the different sound wave compositions, and / or an (optical) sensor for detecting the different colors detects the temporal sequence of the different colors, an evaluation unit connected to the acoustic and / or optical sensor having access to the at least one authentication code, decoding the temporal sequence of the different sound
  • the sensors for the detection of sound waves or of color are particularly inexpensive, contain no moving parts and can adapt to the surroundings in a variety of ways, for example by sound-permeable or transparent materials from physical access by unauthorized users,
  • the exemplary system comprises a central server 101, a sensor 102 and a terminal 103 with color display 109.
  • a terminal 103 for example, a mobile station can be used.
  • the central server 101 takes over the administration of the user and possibly transaction data in this exemplary system.
  • the invention is described by the example of coding the authentication code in a color sequence, the invention is not limited to this exemplary embodiment.
  • the color display 109, the optical sensor 102, and the color sequential output color sequence can be replaced by a loudspeaker 109 ', an optical one Sensor 102 '(for example, a microphone) and the sound wave compositions, which are output in chronological order by the speaker to be replaced.
  • embodiments are contemplated that provide a combination of these features and encode authentication codes both as a color sequence and as a tone sequence. It can be provided that the authentication code is completely encoded both as a color sequence, as well as a tone sequence. Alternatively, it may be provided that the authentication code is encoded partly as a color sequence and partly as a tone sequence. Furthermore, the color sequence and tone sequence can be output for authentication at the same time or in succession.
  • a user logs on, for example, via a fixed network access 106 at the central server 101. He can do this by specifying various credentials, e.g. a desired service (for example, a ticket booking) and the telephone number of his terminal 103, with which he later wants to retrieve the service, transmitted via the fixed network connection 12 to the server.
  • a desired service for example, a ticket booking
  • the telephone number of his terminal 103 with which he later wants to retrieve the service
  • the central server 101 after receiving the credentials for a user, generates an authentication code with which the user can legitimize himself to claim the service.
  • GPRS General Packet Radio Service
  • the authentication code is available after transmission on the terminal 103, it is processed by a special software installed on the terminal 103. By the processing, the data for the output of the different color in time sequence (color sequence) are generated on the color display 109.
  • the coding of the authentication code into the color sequence is performed such that the authentication code is determined solely by the colors, ie the time duration for which a particular color appears on the color display 109 is meaningless for the coding / decoding.
  • it may also be provided to take into account the time duration of the representation of a color on the color display 109 for the coding of the authentication code.
  • the time duration for which a particular sound wave composition is output through the speaker may or may not be taken into account.
  • the output of the different colors it is provided in the exemplary embodiment to use the entire area of the color display 109.
  • a part of the color display 109 for example certain geometric patterns such as a circle, a rectangle or the like, can be provided as the output area.
  • several colors can be displayed simultaneously on the display, which can be used by increasing the simultaneously transmitted information to improve the transmission speed or by explicitly delineating patterns to improve the transmission security.
  • the number of oscillations may be increased. be used as a mixture of vibration numbers per defined frequency bands as a criterion.
  • Over modulation techniques overlays can be used to test and secure the transmission. Several discrete tones can be output at the same time, which in addition to the improvement of the transmission speed also explicitly patterns are created to improve the transmission reliability.
  • the user wants to use a service for which he has received the authentication code, he positions the color display 109 in front of the sensor 102 and starts the output of the authentication code.
  • the authentication code is visualized as a sequence of different colors on the color display 109 of the terminal 103 and via a line of sight 11 (in the case of the use of sound wave composition via a sound connection) the data stream of the color sequence is transmitted contactlessly from the color display 109 to the sensor 102.
  • the senor is connected to the central server 101 via a second communication link 107, for example via a cellular data connection, LAN, serial link or the like. Via this second communication connection 107, the sensor data are transmitted to the central server 101, where they are evaluated.
  • the evaluation in the embodiment includes automatic threshold matching and decoding of the sensor signals to recover the authentication code. Subsequently, the authentication code obtained by the evaluation is compared with other authentication codes stored on the central server 101.
  • the sensor 102 can also be equipped with its own evaluation unit and the evaluation can take place at the location of the sensor 102. In this case, all that is required is that the evaluation unit for checking the authentication code obtained by the evaluation has access to the authentication codes managed by the central server 101.
  • the tasks related to the evaluation and the comparison However, they may also be distributed differently between the evaluation unit and the central server 101.
  • the color sequence may include additional information in addition to the authentication code. It may be in this additional information, for example, passwords of the user, the IMEI code or the PIN of the terminal 103 or the like. act.
  • the decoded data, ie authentication code and possibly the additional information is then compared with the data managed by the central server 103, and if the comparison result is positive, the power requested by the user is released, for example a door opener 105 is activated to release an input.
  • the central management system comprises, in addition to the central server 101, further data processing devices 108, which are interconnected at least temporarily via means for data communication.
  • Terminal 103 is
  • terminal 103 is ID card, display of the
  • Computer access complex even remotely: on the display 104, preferably a standard display, a computer key part 1 is shown, preferably as a color sequence according to the invention, terminal 103 takes key part 1 by camera, calculates key code 2 using a certificate and sends key code preferably as a color sequence according to the invention back to the computer, which releases the access (also usable for further operations)
  • Wi-Fi hotspot terminal 103 is a badge
  • terminal 103 is a badge
  • terminal 103 is a badge
  • Terminal 103 is a passport confirmation card.
  • ID card as booking confirmation at vending machines Ticket systems for free but action-related uniquely accessible systems such as competitions for large fast food chains, where you participate once per action in draws by identifying yourself with the terminal 103 and the action ID available on the Internet at the counter. After the authentication or the
  • the terminal 103 can become an authenticating input medium for non-contact (remote) operation of devices.
  • the device to be operated receives as input means only a sensor 102 as an input device according to the described system; Mouse, keyboard, etc. are not required.
  • the device to be operated comprises a display 104, preferably a standard display. An operator will first log in with his authentication code.
  • the display 104 of the device to be operated can (a) generate an operator-readable representation or also a (b) machine-readable output in the form of a color sequence as described above.
  • the further inputs are made on the terminal 103, which then in the manner described transmits the data in the form of a color sequence to the device, which reads in the color sequence, for example via a color sensor.
  • a camera built in the terminal 103 can directly read out the information.
  • the software on the terminal 103 will then control further processing. In this way, safe operation of devices with standard components without mechanically moving or sensitive parts (touch-sensitive displays) are possible, even if they must be operated in sensitive environments (public space, security).
  • the sound transducer 104 'of the device to be operated may include a machine generate readable output in the form of a tone sequence.
  • operating instructions via a standard display that belongs to the device to be controlled, are displayed.
  • the terminal 103 is then manipulated via the standard keyboard so that the software can generate sequences of sound wave compositions as control information for the device to be controlled.
  • data from displays 104 may be received in the form of a color sequence of terminals 103 with a built-in camera.
  • These data include, for example, promotion codes, advertising data, order information.
  • the data can then be used by the user directly for ordering operations either at special access points via the described sensors 102 (preferably low-cost receivers) or by SMS dispatch, data communication or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne un procédé d'authentification et un système destiné à exécuter ce procédé d'authentification, ainsi qu'un programme informatique correspondant et un support correspondant de mémoire lisible par ordinateur, le système permettant en particulier d'exécuter une méthode simple et très économique d'authentification de personnes lors de l'utilisation de services à l'aide de terminaux mobiles standard, sans extension technique telle qu'un équipement RFID ou similaires. Dans ce but, l'invention propose d'utiliser dans le procédé d'authentification un terminal (103) équipé d'un haut-parleur (109') et/ou d'un écran en couleurs (109) et d'un logiciel spécial. Au moins un code d'authentification est généré dans le procédé d'authentification, des premières informations sont proposées à au moins un utilisateur par l'intermédiaire du ou des codes d'authentification et à partir des premières informations, des deuxièmes informations sont formées pour mettre le terminal (103) en mesure de présenter différentes tonalités et/ou différentes couleurs en succession temporelle par le haut-parleur (109') ou l'écran en couleurs (109). Une sonde (102, 102') de détection des différentes tonalités et/ou des différentes couleurs détecte la succession temporelle des différentes tonalités et/ou couleurs et une unité d'évaluation reliée à la sonde (102, 102') et qui a accès au code ou aux codes d'authentification décode la succession temporelle des différentes tonalités et/ou couleurs et compare le résultat du décodage avec le ou les codes d'authentification. L'utilisation des services est accordée en fonction du résultat de la comparaison.
EP08847561A 2007-11-07 2008-11-05 Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur Withdrawn EP2215607A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DE102007053736A DE102007053736A1 (de) 2007-11-07 2007-11-07 Authentifizierungsverfahren und Anordnung zur Durchführung eines solchen Authentifizierungsverfahrens sowie ein entsprechendes Computerprogramm und ein entsprechendes computerlesbares Speichermedium
DE102008011518 2008-02-25
DE102008020792A DE102008020792A1 (de) 2008-02-25 2008-04-22 Authentifizierungsverfahren und Anordnung zur Durchführung eines solchen Authentifizierungsverfahrens sowie ein entsprechendes Computerprogramm und ein entsprechendes computerlesbares Speichermedium
PCT/EP2008/065010 WO2009060004A1 (fr) 2007-11-07 2008-11-05 Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur

Publications (1)

Publication Number Publication Date
EP2215607A1 true EP2215607A1 (fr) 2010-08-11

Family

ID=42289195

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08847561A Withdrawn EP2215607A1 (fr) 2007-11-07 2008-11-05 Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur

Country Status (4)

Country Link
US (1) US20120025950A1 (fr)
EP (1) EP2215607A1 (fr)
AU (1) AU2008324213A1 (fr)
WO (1) WO2009060004A1 (fr)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011052893B4 (de) * 2011-08-22 2013-05-29 Toni Werner Vomweg Kommunikationssystem mit mehreren Mobilteilen
US8774781B1 (en) * 2011-11-01 2014-07-08 First Data Corporation Mobile payment and identity verification system
US8459560B1 (en) * 2011-11-29 2013-06-11 Intuit Inc. Converting digital wallet credential from displayed code into audio code
US20150174465A1 (en) * 2013-12-20 2015-06-25 Kiwi Golf, Llc Golf stroke information
US9369462B2 (en) 2014-08-05 2016-06-14 Dell Products L.P. Secure data entry via audio tones
US10074231B2 (en) 2015-06-09 2018-09-11 Stmicroelectronics S.R.L. Method for the activation of a payment card, corresponding system and computer program
US10423762B2 (en) 2015-11-04 2019-09-24 Screening Room Media, Inc. Detecting digital content misuse based on know violator usage clusters
CN107360201B (zh) * 2016-05-09 2023-09-08 许益刚 一种运用色彩信息于生物监测的系统及方法
US10452819B2 (en) 2017-03-20 2019-10-22 Screening Room Media, Inc. Digital credential system
US11336644B2 (en) * 2017-12-22 2022-05-17 Vmware, Inc. Generating sensor-based identifier
CN108510626B (zh) * 2018-02-23 2021-08-31 深圳同心科技有限公司 一种动态密码门禁管理方法及其管理系统
US11200770B2 (en) * 2019-04-02 2021-12-14 Rai Strategic Holdings, Inc. Functional control and age verification of electronic devices through visual communication
US11388596B2 (en) * 2019-09-03 2022-07-12 International Business Machines Corporation Secure transmittal of wireless local area network access codes
JP2022187268A (ja) * 2021-06-07 2022-12-19 東芝テック株式会社 情報処理システム、情報処理装置及びその制御プログラム

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU673983B2 (en) * 1992-01-09 1996-12-05 Ge Security, Inc. Secure entry system with radio communication
US5806040A (en) * 1994-01-04 1998-09-08 Itt Corporation Speed controlled telephone credit card verification system
DE19934981A1 (de) 1999-07-26 2001-02-01 Alcatel Sa Verfahren zur Abgabe einer Ware oder zum Erbringen einer Dienstleistung unter Einsatz eines Mobilfunk-Endgeräts, Mobilfunk-Endgerät zur Durchführung des Verfahrens und Einrichtung zur Abgabe einer Ware oder zum Erbringen einer Dienstleistung
JP3312335B2 (ja) * 1999-07-30 2002-08-05 株式会社コムスクエア 利用者認証方法、利用者認証システムおよび記録媒体
IL133584A (en) * 1999-12-19 2010-02-17 Enco Tone Ltd Method for the acoustic encodification of dynamic identification codes
DE10034275A1 (de) 2000-07-14 2002-01-31 Chris Holland Betriebsverfahren eines Mobilfunk-Endgerätes, Mobilfunk-Endgerät sowie Verfahren und Anordnung zur Erteilung und Kontrolle einer Zugangsberechtigung
JP2002032692A (ja) * 2000-07-17 2002-01-31 Pioneer Electronic Corp 情報サービス提供方法
US7185197B2 (en) * 2000-12-08 2007-02-27 Itt Manufacturing Enterprises, Inc. Method and apparatus to facilitate secure network communications with a voice responsive network interface device
DE10164574A1 (de) 2001-12-31 2004-04-01 Jens Voltersen Warenschleuse, Verfahren zum Öffnen und Schließen der Warenschleuse und Anordnung zur Einlagerung und/oder Übergabe einer Ware unter Verwendung der Warenschleuse sowie Verfahren zu deren Verwendung
JP2004280518A (ja) * 2003-03-17 2004-10-07 Sony Corp 色を用いた識別システム及び情報処理装置
KR100697416B1 (ko) * 2003-09-30 2007-03-20 교세라 가부시키가이샤 모바일 통신 단말기, 정보 제공 시스템 및 프로그램을기록한 컴퓨터 판독가능한 기록 매체
DE202004013762U1 (de) 2004-09-03 2004-11-11 Mega-Tel Ag/Sa Elektronisches Ticket
JP2006268689A (ja) * 2005-03-25 2006-10-05 Nec Corp 移動体通信ネットワークシステム、認証装置、Webサーバ及びこれらの駆動方法、駆動プログラム
ATE366488T1 (de) * 2005-05-13 2007-07-15 Research In Motion Ltd Vorrichtung und verfahren zur optischen übertragung mittels lcd optische sendern und empfängern
JP2007013502A (ja) * 2005-06-29 2007-01-18 Kyocera Corp デジタル放送受信装置および動作制御方法
JP2007050725A (ja) * 2005-08-16 2007-03-01 Mitsubishi Electric Corp 推進体盗難防止システム
US20070136133A1 (en) * 2005-12-12 2007-06-14 Yvonne Li Digital Signage Transaction and Delivery Methods
JP4492570B2 (ja) * 2006-03-23 2010-06-30 ヤマハ株式会社 電子音楽装置に対するサービス提供システム
US20070235519A1 (en) * 2006-04-05 2007-10-11 Samsung Electronics Co., Ltd. Multi-functional dongle for a portable terminal
US7535367B2 (en) * 2006-04-12 2009-05-19 Nitesh Ratnakar Airplane lavatory reservation system
US7552467B2 (en) * 2006-04-24 2009-06-23 Jeffrey Dean Lindsay Security systems for protecting an asset

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2009060004A1 *

Also Published As

Publication number Publication date
WO2009060004A1 (fr) 2009-05-14
US20120025950A1 (en) 2012-02-02
AU2008324213A1 (en) 2009-05-14
AU2008324213A2 (en) 2010-07-15

Similar Documents

Publication Publication Date Title
EP2215607A1 (fr) Procédé d'authentification et système en vue de l'exécution de ce procédé d'authentification, programme informatique correspondant et support correspondant de mémoire lisible par ordinateur
DE69734898T2 (de) Verfahren und system zur absicherung von fernsprech-anrufssteuerungseinrichtungen
EP2949094B1 (fr) Procédé d'authentification d'un usager vis-à-vis d'un distributeur automatique
EP0875871B1 (fr) Méthode et système d'authorisation dans des systèmes de transfert de données
DE69735166T2 (de) Verfahren und einrichtung zur sicherung der ferndienstleistungen der finanzinstitute
EP1254436B1 (fr) Procede de controle de l'identite d'un utilisateur
EP1783650B1 (fr) Procédé et système de communication destinés à comparer des données biométriques enregistrées à l'aide de capteurs biométriques avec des données de référence
DE112005003281B4 (de) Elektronisches Signatursicherheitssystem
DE60218057T2 (de) Sichere handhabung von gespeicherten wertdaten objekten
EP1379935B1 (fr) Procede d'authentification d'un utilisateur au cours de l'acces a un systeme base sur logiciel, par l'intermediaire d'un moyen d'acces
WO2006074864A1 (fr) Procede et systeme pour obtenir l'acces a un objet ou a un service
EP3215974B1 (fr) Procédé pour fournir un code d'accès à un appareil portable, et appareil portable
EP2140654B1 (fr) Dispositif multimédia et procédé de transmission de données par un dispositif multimédia
EP2512090B1 (fr) Procédé destiné à l'authentification d'un participant
WO2002037428A1 (fr) Dispositif de commande de fonctions au moyen de donnees biometriques
DE102007053736A1 (de) Authentifizierungsverfahren und Anordnung zur Durchführung eines solchen Authentifizierungsverfahrens sowie ein entsprechendes Computerprogramm und ein entsprechendes computerlesbares Speichermedium
EP1864196B1 (fr) Appareil de lecture a unite de cryptage integree
DE102008020792A1 (de) Authentifizierungsverfahren und Anordnung zur Durchführung eines solchen Authentifizierungsverfahrens sowie ein entsprechendes Computerprogramm und ein entsprechendes computerlesbares Speichermedium
DE202004016344U1 (de) Elektronisches Ticket
EP1915729B1 (fr) Dispositif, procede et systeme pour assurer une interaction avec un utilisateur et procede pour accueillir un utilisateur dans un groupe ferme d'utilisateurs
DE102007023003A1 (de) Verfahren zum mobilen Bezahlen sowie Computerprogrammprodukt
DE102005045887A1 (de) Entsperren von Mobilfunkkarten
DE10136848A1 (de) Mobiles Kommunikationsendgerät und Verfahren zum Erlangen einer Berechtigung
DE102010050195A1 (de) Lesegerät als elektronischer Ausweis
EP1163559A1 (fr) Procede et dispositif permettant de securiser l'acces a un dispositif de traitement de donnees

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20100603

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20140603