EP2353123A2 - Procédé d'authentification de personnes basée sur des exigences - Google Patents

Procédé d'authentification de personnes basée sur des exigences

Info

Publication number
EP2353123A2
EP2353123A2 EP09807493A EP09807493A EP2353123A2 EP 2353123 A2 EP2353123 A2 EP 2353123A2 EP 09807493 A EP09807493 A EP 09807493A EP 09807493 A EP09807493 A EP 09807493A EP 2353123 A2 EP2353123 A2 EP 2353123A2
Authority
EP
European Patent Office
Prior art keywords
authentication
request
personal
person
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09807493A
Other languages
German (de)
English (en)
Inventor
Friedrich Kisters
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HUMAN BIOS GmbH
Original Assignee
HUMAN BIOS GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HUMAN BIOS GmbH filed Critical HUMAN BIOS GmbH
Publication of EP2353123A2 publication Critical patent/EP2353123A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • the invention relates to a requirement-based personal identification method.
  • the service providing system can now manage or make available a plurality of different services, whereby also different demands on the quality or security of the authentication of a person are given. For example, accessing a news service usually requires a lower level of security than is required to access a financial transaction system. In known systems, a person had to go through a different authentication procedure for each access to a different service, whereby the individual authentication processes usually had to be carried out on different detection devices.
  • known authentication methods are generally based on a correct reproduction of a predefined personal identifier or on the correct execution of a predefined sequence of actions by the person to be authenticated. In any case, it is about the correct reproduction of a predetermined action, whereby a potential attacker can spy on these actions and thus gain access to the service delivery system in an abusive way.
  • Known methods are usually based on a so-called 3-factor authentication.
  • features are used for personal authentication, which are essentially in direct relation to the person.
  • the disadvantage here is that these features are sometimes quite easy to spy on and thus provide only a small degree of security in the identification of a person.
  • known methods are usually not flexible enough to use different personal identifiers to authenticate a person.
  • an abortion of the authentication process usually occurs.
  • the object of the invention is now to provide a method for the unique identification and authentication of a person, wherein the authentication is not limited to a single person-related feature and in particular the disadvantages of the prior art should be solved.
  • the object of the invention is achieved by the method steps according to claim 1.
  • the authentication control system receives an authentication request from a service delivery system.
  • the performance of the personal authentication or identification can be separated from the service provision; in particular, a service provisioning system can therefore cooperate with a plurality of authentication control systems, or an authentication control system can consist of several Service provisioning systems receive an authentication request.
  • a service provisioning system can therefore cooperate with a plurality of authentication control systems, or an authentication control system can consist of several Service provisioning systems receive an authentication request.
  • Another advantage is that only one authentication request is transmitted and thus the implementation of the personal identification or authentication is separate from the implementation of the service provision. In particular, it is thus possible for the individual systems involved to be formed separately.
  • the authentication request can now be configured so flexibly, for example, that not only is an authentication request transmitted as such, to which the authentication control system reacts, but that a request relating to the desired service is transmitted and thus the authentication control system based thereon, can activate a corresponding detection means.
  • the authentication request is analyzed and the required authentication level determined therefrom. Due to the advantageous logical or physical separation of the service provision of the person identification or authentication, an indication is possible by transmission of the authentication request, which degree of reliability the authentication to be performed must reach in order to grant the person access to the provided service.
  • a preferably universally designed authentication control system is therefore able to record different personal identifiers and thus to be able to ensure a different degree of authentication security by the method according to the invention.
  • security-critical uncritical services a simply trained personal identifier can be detected
  • security-critical services critical a personal identifier can be detected, which is extremely difficult to spy or falsify.
  • a corresponding detection means of a detection device is activated in order to acquire a personal identification corresponding at least to the required security level.
  • the detection device preferably comprises a plurality of detection means in order to be able to detect a plurality of different personal identifiers without another one
  • this integrated detection device has the very special advantage that it can be designed in a particularly secured manner and thus a high degree of tampering or manipulation security is achieved.
  • Another advantage is the self-sufficient implementation of the detection of a personal identifier by the authentication control system and in particular by the detection device.
  • the detected identifier is then compared with a corresponding reference feature stored in a memory unit, wherein the memory unit can be arranged in the detection device or in the authentication control system.
  • the comparison can now be designed such that, in addition to an exact comparison result, a degree of agreement is also determined, it being possible by means of appropriate parameterization to determine which degree of agreement is required for a correct comparison result.
  • the authentication control system Upon detection of a match, the authentication control system issues a release signal to the service delivery system, whereupon it makes the requested service accessible to the person.
  • a possible usage fee can be unambiguously and unmistakably assigned to a person. It can also be ensured by means of an appropriate authentication level that the person, when using the provided service, undertakes a legally binding act and this can be clearly documented.
  • a particular advantage of the method according to the invention lies in the fact that, in the case of an erroneous match, a further detection means of the detection device is activated and the method steps for detecting a person-related identifier as well as the comparison with a corresponding reference feature are repeated. At the Due to external influences, it may happen that the subsequent comparison fails, even though there is no attempt to tamper with it. In known methods, the authentication would be canceled in this case and the person would thus have no access to the requested service. With the method according to the invention, it is now possible in an advantageous manner to record another person-related feature, so as to perform the failed authentication again by re-authentication, in this case, however, with a security-related higher-value personal identifier.
  • Identifying an authentication level determines the minimum level of security that the acquired personal identifier must provide in order to use the service.
  • the method according to the invention it is now possible in an advantageous manner, for example, to record the security-related next higher-level personal identifier in order to be able to perform the authentication for the requested service. If necessary, the comparison operation in this case may require a lower degree of coverage, since only a failed comparison of a lower-security authentication level must be remedied.
  • at least one other security-equivalent identifier is detected.
  • an error flag signal is output as an alarm signal in the case of possibly repeated repeated erroneous matching.
  • This alarm signal can, for example, activate an alarm output device that is communicatively connected to the authentication control system and / or to the detection device, and thus alert possibly existing security guards to the abuse attempt.
  • a security code can be transmitted at the same time, which directly influences the specification of the authentication level.
  • a manipulation attempt to achieve an authentication could be, for example, that the authentication control system is manipulated and thus, for example, a higher level of security authentication level is replaced by a lower level.
  • a required authentication level can now be predefined from the service provisioning system in order thus to bypass the determination step by the authentication control system.
  • it is thus also possible to carry out unpredictable security checks for example by transmitting a security code of a security-related highly prioritized authentication request together with a low-priority authentication request in order to sample the identity or authenticity of the requesting person at a high level of security to check.
  • Random security checks also detect such manipulation attempts.
  • a random number generator can influence this security code in such a way that an authentication request is transmitted, as it were unpredictably, and thus defines an authentication level that is significantly above that required for the requested service.
  • the random number generator may, for example, also take into account the statistics of the past authentication processes and, in the case of a person with an increased number of faulty authentication attempts, require a more frequent higher level of authentication with regard to security.
  • a personal identifier is recorded, which is then to be compared with a reference feature.
  • the authentication control system can be designed such that a personal The identifier is stored in a storage medium only for the duration of the authentication process, in particular for the duration of the comparison process, and is subsequently deleted immediately.
  • a reference sentence of a person-related feature is transmitted with the authentication request and is thus available for the comparison.
  • this training also has the further advantage that the authentication control system does not receive a personal reference identifier until the person first wishes to identify with this specific authentication control system.
  • this has the particular advantage that the reference features are transmitted only at the time of the authentication to be performed and thus the risk is substantially reduced deposited reference features could possibly be spied on.
  • the security hierarchy profile can be adapted to the authentication control system and, for example, in an environment in which there is a greater risk of manipulation of the authentication control system, the hierarchy profile to be adjusted accordingly, so that in principle a higher level of authentication is determined.
  • This design has the further advantage that this security hierarchy model can be individually adapted and thus, for example, an individual security hierarchy profile can be used for each authentication request.
  • this security hierarchy profile can be managed, for example, by the person himself and thus an individualized authentication process can be created.
  • the security hierarchy profile establishes an association between the detection means of the detection device and the authentication level.
  • the authentication level basically determines which security-related requirement is placed on the authentication to be carried out, that is to say which minimum level of security with regard to a clear identification or authentication of a person must ensure the detected personal identifier.
  • the authentication control system can be designed in such a way that the information transmitted by the service providing system is temporarily stored only for the duration of the authentication process and is then irretrievably deleted. Thus, an attacker can not access any security-critical information.
  • a further advantage is a development according to which the authentication control system controls the functionality of the detection device, since in turn a further increase of the manipulation security is achieved.
  • the detection device with the detection means is usually the first point of attack for a manipulation attempt, since this device is open as the last link in the chain for performing the personal authentication and access by unauthorized persons. If the control of the functionality of the detection device is now controlled by the authentication control system, it is considerably more difficult for potential attackers to manipulate the comparison operation subsequent to the detection of the personal identification. It is also with this training possible to use standardized and thus universally applicable detection devices, since the concrete procedure statement is transmitted only with the authentication request and then executed by the authentication control system.
  • an alphanumeric identifier could be entered as a personal identifier.
  • Such an alphanumeric identifier can be, for example, a combination of numbers, a so-called PIN code, which can be input via a standardized and thus widely used and cost-effective input means, for example by means of an alphanumeric keyboard.
  • an input device is known which has a plurality of selection keys and a number pad.
  • An extended functionality, and thus an increased level of security for example, offers an input device in which letters can also be entered in addition to numbers, as a result of which, for example, a so-called passphrase can also be entered.
  • a personal identification which is retrieved from the memory of the person and entered via the input means, in particular, the risk that a potential attacker observes the person in the input and thus spied on the personal identifier.
  • a significant increase in the security of authentication is achieved if a biometric feature is detected as a personal identifier, since biometric features are clearly attributable to a person and in particular can only be manipulated extremely difficult. Also, the risk of direct manipulation is significantly reduced in the detection, since together with the biometric feature, for example, vital signs can be detected and thus an extremely high authentication security is given.
  • the personal identifier is a sequence of actions in which the means of detection is operated by the person to be authenticated. For example, an operator action may be to enter an alphanumeric identifier in a particular predetermined sequence of each type. A further operator action could be, for example, that deliberately one or more type input errors occur, which are remedied by operating a deletion or correction function.
  • a person can this person consciously make one or no error at specified locations of the identifier, this deliberate misoperation being registered as a unique personal identifier, but not only carrying out an authentication of a person, but also triggering an alarm action, for example, since the person acts as a result of this deliberate misbehavior - on triggered.
  • a deliberate incorrect operation of the detection means can be detected and interpreted as a personal identifier, for example by a confirmation function is triggered before the complete input of the alphanumeric identifier.
  • a person can initiate actions without a potential attacker thereby interpreting this seemingly accidental incorrect operation as a person-related identifier.
  • a temporal sequence of the operator actions is detected when the personal identification.
  • a person can enter the individual types in a specific chronological order. For example, at a certain point a longer pause between the input can be provided or it can be provided that the identifier must be specified within a certain maximum period of time. In the event of a threat, the person can deliberately not adhere to the specified time schedule in order to perform a seemingly successful authentication but trigger a corresponding alarm action in the background. Also, an attacker who has spied on a personal identifier will usually not recognize the underlying time sequences and thus a manipulation attempt would fail.
  • a multiplicity of possible authentication processes can thus be carried out or initiated with a personal identifier, in combination with a plurality of different operator actions and / or different time sequences.
  • a personal identifier in combination with a plurality of different operator actions and / or different time sequences.
  • the authentication control system to initiate an automatic callback to a mobile communication device, which must be answered by the person to be authenticated in a well-defined manner. If the answering of the inquiry does not take place in the defined manner, for example because the person does not accept the callback, the authentication can apparently be carried out successfully, however, in the background a corresponding alarm action triggered.
  • the detection device By means of a position determination by the mobile communication device, this can lead to a localization of the person concerned by the authentication device, so that the person can be targeted for assistance.
  • the detection device also has a short-range communication device, so that for successful authentication of the user with the mobile communication device, which has a corresponding communication counterpart, must be within a well defined and especially small distance.
  • the personal identifiers described so far were all based on a conscious action by the person to be authenticated.
  • the detection device by means of an input-output device issues a personalized request and detects the reaction of the person on it.
  • Such reactions can hardly be manipulated, since these are based on an unconscious reaction model of the person, which can not be spied on by a potential attacker, since this would usually already falsify the reaction model.
  • the capturing device may issue a prompt and offer several choices. Regardless of the currently presented prompt, the person will intuitively respond to a specific class of prompts at once, which is a high level of authentication in terms of security.
  • the presented prompt is preferably selected from a supply of a plurality of possible different prompts.
  • a significant increase in the security of authentication is obtained when the security hierarchy model is transmitted from an authentication system to the authentication control system, since thus a separation of the authentication from the provision of a service to be used is achieved.
  • the authentication system can be arranged, for example, within a highly secure area, while for a service provisioning system generally lower security requirements are required.
  • access to the authentication control system can be achieved by manipulating a service provisioning system in order to misuse it in another one To gain access to another, for example higher-security service provisioning system.
  • the security hierarchy profile is created in a training phase, wherein personal identifiers are recorded as reference features and stored in a storage means .
  • this storage means will be arranged in the authentication system, whereby an arrangement in the service providing system is also possible.
  • the detection of personal identifiers in a training phase has the further advantage that the detection device used for this purpose can be arranged in a security environment particularly protected environment or further a corresponding legal environment can be created in order to form the detected identifiers legally binding.
  • this authentication can be carried out by means of an identification document which is submitted to a legal authority, such as a notary, who checks the document for validity by means of a control device, for example a passport reader, and then records personal identifications and deposits them legally binding in a storage means ,
  • a legal authority such as a notary
  • a control device for example a passport reader
  • the thus detected reference features can now be deposited in the production of the authentication control system in this, but it is also possible to deposit them in an external memory module, which is arranged integrated with the authentication control system.
  • the reference features can be transmitted via a communication link to the authentication control system.
  • a conscious behavioral pattern is detected as a personal reference feature, in which a specific sequence of operator actions is detected at the detection device.
  • a conscious behavioral pattern for example, it is possible to specify the identifier in the specified order, but it is also possible to enter the identifier in the reverse or different manner and specify, for example, by a deliberate incorrect input to be able to trigger a specific behavior.
  • a security-relevant weak personal identifier with a conscious behavioral pattern as a personal identifier, a substantial increase in authentication security can be achieved.
  • conditional functions of the authentication control system can therefore also be defined in order to be able to trigger safeguards in the event of an abuse attempt.
  • an unconscious behavior pattern can be detected as a personal reference feature, in which the person is presented with a plurality of choices by means of an input and output device and the selection made in each case is recorded.
  • the options are preferably selected from a supply of simple situational feature descriptions and presented to the user, for example on a display device and detects the reaction by means of a keyboard or an input means. The choice is made such that a clear and unambiguous selection is ensured.
  • a reaction profile is created from the selected selection results, since the reaction of the user to a selection option can be determined on the basis of this reaction profile if this option is presented to the user during the later authentication for the use of a service.
  • an unconscious behavior pattern can not essentially be manipulated so that a particularly high level of security can be achieved when acquiring an unconscious behavior pattern as a personal identifier.
  • Such a development is also of particular advantage in that a potential attacker can not essentially capture such a reaction profile by spying.
  • reference features are stored in the memory unit of the authentication control system, which has the advantage that it can be operated without connection to a central authentication system and thus can carry out a completely independent and reliable personal authentication.
  • This development is particularly advantageous if, for example, a reliable personal authentication is required for a so-called single-user system, in which the service provision system and the personal authentication system are located in one place and no communicative Connection with a remote system is required.
  • so-called "stand alone" - systems can be formed, which provide sufficient access protection, for example, by appropriate mechanical security or protective measures and offer a high degree of authentication security due to the high security against manipulation.
  • Another advantage is a further development, according to which an authentication request is generated after the expiration of a timer on the service providing system or on the authentication control system, since a renewed authentication can thus be triggered in a targeted manner.
  • a user can make use of the service provided, in particular until the logoff from the service providing system or the authentication control system.
  • the risk of manipulation by unauthorized third parties increases.
  • the degree of reliable authenticity of the logged-in user, plotted over the useful life drops sharply, in most cases even nonlinearly.
  • the claimed authentication request can now be transmitted by the service provision system and thus corresponds to a request as it is obtained for the initial authentication according to the inventive method steps.
  • the authentication request can also originate from the authentication control system itself, but the processing of the request is the same as if it had arrived from the service providing system.
  • a renewed authentication request by the authentication control system has the advantage that this system can take into account the locally prevailing security environment and, for example, in a non-secure environment, allows only a short validity period of the authentication without this being specifically stored on the service provisioning system would.
  • an image of the person can also be recorded.
  • an optical visual comparison is possible, in particular unambiguous or characteristic features can be determined by means of known image analysis methods from the acquired image. Images after an internationally recognized standard, for example according to the ICAO (International Civil Aviation Organization), can be clearly analyzed analytically and thus compared with a high reliability factor with a reference feature.
  • ICAO International Civil Aviation Organization
  • Another factor to increase the security of authentication is obtained when the captured image is transmitted to a mobile Ltdunikationsvorrichrung.
  • a group of individuals can be defined individually for each user whose members are willing to perform a visual visual authentication of a person and to confirm the authenticity of the same.
  • Automated authentication systems carry out the authentication of a person according to strictly defined rules; an individual evaluation of the environment or the situation is omitted.
  • a human weighting factor is now introduced, in particular an assessment of the situation is possible in which the Authentif ⁇ kationsanfrage takes place. For example, a person may be forced to authenticate and thus possibly enter a correct personal identification.
  • the image is transmitted by means of a data service such as.
  • MMS to a mobile communication device, whereupon the recipient can recognize that the person is threatened and thus subsequently can trigger measures to protect the threatened person.
  • the inclusion of a personal network achieves a significant increase in authentication security, since every person in this network, as an authenticating entity as well as an entity to be authenticated, strives for high security and thus pays particular attention to a reliable implementation of authentication. For example, such an authentication method can be handled or charged via a bonus system.
  • FIG. 1 shows the method according to the invention with reference to an exemplary device
  • FIG. 2 shows a flow chart of the method according to the invention
  • Fig. 3 shows another possible system for carrying out the method according to the invention.
  • This device comprises at least one authentication control system 1, which is communicatively connected to a detection device 2, and wherein the detection device 2 has a plurality of detection means 3.
  • the authentication control system 1 is connected to at least one service provisioning system 5 via a communication network 4, optionally an authentication system 6 is present, which is communicatively connected to the authentication control system 1 and / or the service provisioning system 5.
  • the method according to the invention is used to ensure, for a requested service of a service provider, that the user who requested the service is uniquely and unmistakably authenticated and identified.
  • an individually definable authentication of a person with regard to the detection reliability is possible.
  • this is important because the service may be a financial transaction, for example, or includes legally binding transactions. The user will therefore initiate a corresponding procedure at the service provider, whereby this service request is not the subject of the invention and therefore will not be explained further here.
  • such a service request could be triggered by the fact that a user on a request device, which may be, for example, part or addition of the capture device 2, carries out a control action which is transmitted to a service provisioning system 5 and triggers the corresponding operations there.
  • the first step should always be to work with the highest possible level of security. Since personal characteristics to achieve this level of security are complex and difficult to detect under certain circumstances, it is of particular advantage if the characteristics to be recorded are matched to the required security level of the requested service and thus uncritical for safety
  • the method according to the invention now offers the possibility of being able to provide integrated different authentication levels and a correction of defects in the event of an incorrect comparison check.
  • an authentication request 7 is transmitted to the authentication control system 1 by a service provisioning system 5.
  • the authentication control system 1 determines a required authentication level 9.
  • This authentication level determines what level of detection security the personal identification to be acquired must have in order to be able to use the requested service.
  • the authentication stage 9 thus determines which detection means 3 of the detection device 2 must be activated in the next method step according to the invention in order to detect a personal identifier.
  • a personal identifier can be detected, for example, as an alphanumeric identifier, which is entered via an alphanumeric input means 10, for example a keyboard.
  • biometric features can be detected, for example, an image of the person's face or an image of the iris can be detected by means of an optical image capture device 11; with a so-called fingerprint scanner 12, the finger minutiae can also be detected.
  • the detection device 2 can also have an audiovisual input-output device 13 in order, for example, to be able to detect an unconscious and / or a conscious user behavior as a personal identifier.
  • the detected user-related identifier is compared with one or more corresponding reference features, wherein this corresponding reference feature 14 can be arranged in a memory means 15 of the authentication control system 1.
  • the reference feature 14 can also be arranged in a memory means 16 of the authentication system 6, this design having the advantage that the authentication system 6 can be designed to be particularly secure or specially protected and thus offers a very high security against manipulation.
  • the arrangement of the reference features 14 in the storage means 15 of the authentication control system 1 has the advantage that the authentication control system can perform the comparison of the detected identifier with the reference feature itself and thus the authentication or identification of a person without additional systems is possible.
  • the essential difference of the method according to the invention over known methods now lies in the further steps that are performed when the comparison of the detected identifier with the corresponding reference feature fails.
  • the authentication would be aborted and the user denied access to the service providing system 5. Therefore, to be able to authenticate again, the user would have to initiate a renewed service request 7.
  • the method according to the invention has the particular advantage that, in the event of a faulty comparison, a further detection means 3 of the detection device 2 is automatically activated in order to repeat the corresponding method steps according to the invention and in particular to detect a further person-related identifier. Since an authentication level 9 has been determined from the transmitted authentication request 7, the required reliability of the detected personal identifier is thus also established.
  • the method according to the invention can now, in particular, repeat a personal identification number as often as higher authentication levels are available. If the comparison of a personal identification with a stored reference feature repeatedly fails, the authentication control system 1 issues an error identification signal as an alarm signal.
  • This alarm signal can be transmitted to the service provision system 5, for example, but it is also possible to transmit to the authentication system 6 or an optionally present alarm control system.
  • This alarm signal can now be evaluated in such a way that the currently running personal authentication is aborted and, for example, an alarm is given to a security control device, which triggers corresponding security measures, for example, a corresponding security personnel are alerted.
  • the alarm signal can also be evaluated in such a way that the authentication request was apparently successful and thus a potential attacker is misled to the effect that the latter is of the opinion that the manipulation attempt was successful, while in the background corresponding alarm or security measures to be hit.
  • An authentication request 7 is transmitted to the authentication control system 1 by a service provisioning system 5.
  • This authentication request 7 comprises, for example, an identifier of the requesting service providing system 5 and, in particular, identifies an identifier which makes it possible to determine the corresponding authentication stage 9.
  • the authentication request 7 is analyzed or prepared in such a way that, for example, the corresponding authentication stage 9 is determined by comparison with a stored security hierarchy profile 20.
  • the authentication request 7 will preferably be non-specific and thus, for example, only transmit a genetic service description or security request.
  • the concrete implementation of the required security level of the authentication request 7 is preferably done by the authentication control system 1 in particular the relationship is established, which personal identifier must be detected by the detection device 2 in order to at least reach the specified by the security hierarchy profile 20 authentication level ,
  • a detection means 3 of the detection device 2 is activated in the next method step 21, wherein the authentication step determines which detection means has to be activated in order to be able to detect a person-related feature of the corresponding security level or reliability.
  • the activated detection means 3 of the detection device 2 detects in a further method step 22 a personal identifier, which is compared in a subsequent comparison step 23 with a stored, corresponding reference feature 24.
  • the reference feature 24, but in particular a plurality of reference features, is stored in a storage means, which is preferably arranged in the authentication control system 1. However, the memory with the reference features can also be arranged with an external authentication system.
  • This reference feature 24 provides a
  • a so-called release signal 17 is transmitted to the requesting service providing system, whereupon the latter can provide the desired service on the basis of the identified identity and authenticity of the person. If the comparison fails, ie the personal identifier does not match the reference feature 25, it is now possible to initiate a renewed authentication pass compared with known methods using the method according to the invention. For this purpose, it is determined in a comparison operation 26 whether the ascertained authentication permits a renewed passage of the authentication steps. If, for example, a security-related high authentication level has been determined, a faulty comparison, for example, can not be remedied by a higher-level authentication level.
  • the authentication key can be determined by an allocation table in which an association is established between a service providing system or a class of service provisioning systems and a corresponding authentication stage.
  • an authentication level for example A to E
  • several options can now be defined which on the one hand define the requirements for the detection of the personal identifier and, on the other hand, the behavior of the method according to the invention in the case of an unsuccessful comparison of the detected identifier with the stored reference feature. For example, it may be determined by which detection means of the detection device are required to achieve a specific level of authentication. Thus, for example, a personal identification with a specific detection means can be detected and thereby meets the required security requirements. However, it is also possible that, for example, one or more detection means can be combined with a safety-related lower detection reliability so as to achieve the required detection reliability. As already mentioned above, a security-related higher-value personal identifier can also be detected so as to ensure the required authentication level.
  • the security hierarchy profile 20 can also be determined via the security hierarchy profile 20 how exactly the correspondence of the personal identifier with the reference feature must be carried out during the comparison 23 or which degree of matching must at least be achieved. It can also be determined via the security hierarchy profile 20 which detection means of the detection device is permitted for which authentication level and for which authentication level a renewed authentication is permitted.
  • the method according to the invention thus represents an extension of the known 3-factor authentication methods.
  • These methods use or use, for example, the following feature classes as a person-related identifier:
  • a characteristic of the person physical characteristics such as voice, fingerprint, iris, palm, face; What I know: A feature that only the person knows: a code / password and / or passphrase; personal information and preferences;
  • Known methods for authenticating a person are usually based on the verification of a feature by comparison with a stored reference feature. In the case of a faulty comparison, the authentication process is usually repeated, whereby the authentication process is aborted in the event of a new faulty comparison, and thus the user is denied access to the requested service. Furthermore, the detection devices for carrying out the known authentication methods are usually designed to be able to detect only one feature or a feature class; an exchange or change of features or feature classes is for the most part not possible.
  • a new feature class as used in the method according to the invention is characterized by a conscious behavior of the person in the presentation or input of a feature.
  • conscious action may be to make pauses and breaks in the capture process, or to make deliberate misses, or to change the order of input, for example, by using a skip function in the capture process Input of the identifier.
  • PIN personal identification code
  • a person is threatened, this can, for example, enter the identifier without error, which can be clearly recognized as an alarm signal by the authentication control system on the basis of the stored security hierarchy profile.
  • This conscious behavior in the acquisition of a personal identifier extends the achievable security levels of the known three factors or feature classes for the authentication of a person Person quite considerably.
  • the detection of a conscious behavior has the very special advantage that such a personal identifier is essentially not spied on by a potential attacker, since such behavior or action is difficult to distinguish from a normal behavior of a person.
  • a potential attacker would interpret a misentry as coincidental and thus not recognize that this seemingly random misentry is part of a personal identifier.
  • several types of misspells could be activated by the user, so that each would be valid in the authentication process and could be entered by the user in a different or a combination.
  • the user himself can specify, for example via a configuration tool, which types of personal identifiers are grouped as a selection option at the detection device (2).
  • the user can specify an association between one or more service provisioning systems and such an authentication group, so that, for example, several such groups are presented to the user during authentication, whereby only one is valid or permitted for authentication on the requested service.
  • an initial login profile already another personal identifier can be formed, since the user can, for example, deliberately select the wrong group in the event of a threat and thus can again trigger alarm or security measures.
  • the method according to the invention offers a further feature class with which an unconscious behavior of the person for the authentication of the same can be used. While the features of the known three classes can be spied on and, if necessary, reproduced, and this is also possible under very specific circumstances for the fourth class, this is hardly possible with unconscious behavior, since such a behavioral pattern is very specific to each person and thus would already be falsified by a spy attempt. Such an unconscious behavioral pattern can be determined in a training phase by detecting the reaction or the behavior of the person on a multiplicity of standardized, in particular psychological foundations, questions or selection options.
  • a class of personal identifications may also consist of using the type of the selected authentication class, controlled for example by the security hierarchy profile, as a personal identifier.
  • an incorrect authentication class or authentication level can be specified by the authentication control system for the service requested by the user, for example, in which a security-relevant low-value identifier is to be detected for the request of a financial transaction service.
  • this person would have to abort the authentication process and trigger it again, or refuse the specified authentication class and request a new, in particular safety-grade, higher-grade class.
  • an additional hierarchy level can be introduced with a user grouping, whereby a user can optionally allocate or log off from a group.
  • a grouping can now be designed such that specific features are stored for each group that are known to the individual user.
  • the grouping is preferably carried out in such a way that the individual group members essentially know each other and thus also have knowledge of person-specific details that are in any case not available to a potential attacker.
  • a group-related identifier could be that the authenticating user must specify the identifier of a mobile communication device of a user of the group.
  • the method according to the invention now offers a significant increase in the individually adaptable security level in the authentication of a person, in particular with regard to the possibility of triggering actions, without having to specify a multiplicity of different personal identifiers.
  • a potential attacker usually has quite easily to spy on these identifiers and thus to gain access to a variety of different services.
  • the very essential advantage of the method according to the invention lies in the fact that the authentication of a person can be carried out by detecting personal identifiers that are essentially not spied on by a potential attacker. Furthermore, an endangered person has the opportunity to consciously make a wrong selection or input, without this being apparent to an attacker, so as to initiate security measures if necessary.
  • the authentication based on the detection of personal identifiers is designed so flexible that the required security level of authentication is not only possible through the detection of a personal identifier provided, but also higher-security ge and / or more safety-related lower-value personal identifiers can be used. To circumvent the authentication method according to the invention, therefore, a potential attacker would have to spy on a plurality of different identifiers, which is extremely unlikely and usually stands in no relation to the achievable benefit or the risk of detection of the manipulation attempt.
  • this method enables different secure authentications within the same environment, for example in an establishment with a POS device (point of sale).
  • POS device point of sale
  • the collection of a low-security personal identifier suffices.
  • the collection of a security-related high-quality personal identifier may be required.
  • the rules for such a determination of the security levels can be stored on the service providing system and / or on the authentication control system.
  • these security levels can be combined with other rule according to the invention, further, a random number generators may be present, with the optional Sampling in which a user with a higher security level must authenticate himself than would be required for the requested service. It can therefore happen that the same user has to follow two different authentication processes when processing the same transaction in the same establishment.
  • Fig. 3 shows another possible device for carrying out the method according to the invention.
  • the authentication control system and the authentication system are integrated into an authentication control system 28, which thus comprises all essential safety-critical devices for carrying out the method according to the invention.
  • no security-relevant data such as, for example, reference features are stored on the detection device 2 and that, furthermore, the comparison check can be carried out in a particularly secure authentication control system 28.
  • the detection device 2 has a communication interface 29, via which a communication connection with the authentication control system 28 can be established.
  • control instructions stored by the authentication control system 28 are transmitted to the acquisition device 2 and temporarily stored there in an execution module 31 and from this for controlling the detection means of the detection device 2 are executed.
  • the execution module 31 may be designed such that it carries out a signature check of the transmitted control instructions 30, as a result of which a deliberate manipulation of the detection apparatus is prevented as far as possible by introducing an incorrectly signed control instruction.
  • this training has the advantage that technically very simple and thus cost-effective detection devices 2 can be used, since the control of the process, as well as the performance of the comparison operation of the detected personal identifier with stored reference features 14 is performed by a central authentication control system 28 and thus the detection device no essential safety-critical and manipulatable components.
  • the authentication request is transmitted in this training by the service providing system 5 to the authentication control system 28. This leads then the method steps according to the invention and transmitted on successful authentication of the person a release signal to the requesting service providing system. 5
  • FIG. 3 shows a further embodiment of the requirement-based personal identification method which is possibly independent of itself, again using the same reference numerals or component designations for the same parts as in the preceding FIGS. 1 and 2. To avoid unnecessary repetition, reference is made to the detailed description in the preceding figures.
  • FIGS. 1 to 3 can form the subject of independent solutions according to the invention.
  • the relevant tasks and solutions according to the invention can be found in the detailed descriptions of these figures.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Lock And Its Accessories (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé d'identification de personne basé sur des demandes. Un système de contrôle d'authentification (1) reçoit d'un système de fourniture de services (5) une demande d'authentification (7) qui est analysée et détermine à partir de là le niveau d'authentification (9) requis. Après activation (21) d'un moyen de saisie (3) d'un dispositif de saisie (2), un signe distinctif relatif à la personne est saisi (22) et comparé (23) à une caractéristique de référence (14) correspondante stockée dans une unité de mémoire (15, 16). En cas de comparaison concordante, un signal d'autorisation (17) est transmis au système de fourniture de services (5), en cas de comparaison déficiente (25), un autre moyen de saisie (3) du dispositif de saisie (2) est activé et les étapes correspondantes du procédé sont répétées.
EP09807493A 2008-12-02 2009-12-01 Procédé d'authentification de personnes basée sur des exigences Withdrawn EP2353123A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ATA1868/2008A AT507759B1 (de) 2008-12-02 2008-12-02 Anforderungsbasiertes personenidentifikationsverfahren
PCT/EP2009/008533 WO2010075921A2 (fr) 2008-12-02 2009-12-01 Procédé d'identification de personne basé sur des demandes

Publications (1)

Publication Number Publication Date
EP2353123A2 true EP2353123A2 (fr) 2011-08-10

Family

ID=42061186

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09807493A Withdrawn EP2353123A2 (fr) 2008-12-02 2009-12-01 Procédé d'authentification de personnes basée sur des exigences

Country Status (4)

Country Link
US (1) US20110247058A1 (fr)
EP (1) EP2353123A2 (fr)
AT (1) AT507759B1 (fr)
WO (1) WO2010075921A2 (fr)

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9734496B2 (en) 2009-05-29 2017-08-15 Paypal, Inc. Trusted remote attestation agent (TRAA)
US9489503B2 (en) * 2009-12-21 2016-11-08 Paypal, Inc. Behavioral stochastic authentication (BSA)
US8869248B2 (en) * 2010-08-16 2014-10-21 Blackberry Limited Communication system providing wireless authentication for private data access and related methods
WO2012023930A1 (fr) 2010-08-17 2012-02-23 Empire Technology Development Llc Commande de dispositif d'affichage à distance
US11593800B2 (en) 2012-03-07 2023-02-28 Early Warning Services, Llc System and method for transferring funds
US10970688B2 (en) 2012-03-07 2021-04-06 Early Warning Services, Llc System and method for transferring funds
US10318936B2 (en) 2012-03-07 2019-06-11 Early Warning Services, Llc System and method for transferring funds
US10078821B2 (en) 2012-03-07 2018-09-18 Early Warning Services, Llc System and method for securely registering a recipient to a computer-implemented funds transfer payment network
US10395247B2 (en) 2012-03-07 2019-08-27 Early Warning Services, Llc Systems and methods for facilitating a secure transaction at a non-financial institution system
US10395223B2 (en) 2012-03-07 2019-08-27 Early Warning Services, Llc System and method for transferring funds
US8819855B2 (en) 2012-09-10 2014-08-26 Mdi Security, Llc System and method for deploying handheld devices to secure an area
US20150026330A1 (en) * 2013-07-16 2015-01-22 Cellco Partnership D/B/A Verizon Wireless Generating unique identifiers for mobile devices
US10282802B2 (en) * 2013-08-27 2019-05-07 Morphotrust Usa, Llc Digital identification document
DE102014004347A1 (de) * 2014-03-27 2015-10-15 Friedrich Kisters Authentifikationsverfahren und Authentifikationssystem
DE102014004349A1 (de) 2014-03-27 2015-10-15 Friedrich Kisters Authentifikationssystem
US9306930B2 (en) 2014-05-19 2016-04-05 Bank Of America Corporation Service channel authentication processing hub
US9836594B2 (en) 2014-05-19 2017-12-05 Bank Of America Corporation Service channel authentication token
DE102014007976A1 (de) 2014-06-04 2015-12-31 Friedrich Kisters Sicherheitsvorrichtung und Authentifizierungsverfahren mit dynamischen Sicherheitsmerkmalen
US10878387B2 (en) 2015-03-23 2020-12-29 Early Warning Services, Llc Real-time determination of funds availability for checks and ACH items
US10748127B2 (en) 2015-03-23 2020-08-18 Early Warning Services, Llc Payment real-time funds availability
US10769606B2 (en) 2015-03-23 2020-09-08 Early Warning Services, Llc Payment real-time funds availability
US10839359B2 (en) 2015-03-23 2020-11-17 Early Warning Services, Llc Payment real-time funds availability
US10832246B2 (en) 2015-03-23 2020-11-10 Early Warning Services, Llc Payment real-time funds availability
US11386410B2 (en) 2015-07-21 2022-07-12 Early Warning Services, Llc Secure transactions with offline device
US11157884B2 (en) 2015-07-21 2021-10-26 Early Warning Services, Llc Secure transactions with offline device
US10956888B2 (en) 2015-07-21 2021-03-23 Early Warning Services, Llc Secure real-time transactions
US11151523B2 (en) 2015-07-21 2021-10-19 Early Warning Services, Llc Secure transactions with offline device
US11062290B2 (en) 2015-07-21 2021-07-13 Early Warning Services, Llc Secure real-time transactions
US11037121B2 (en) 2015-07-21 2021-06-15 Early Warning Services, Llc Secure real-time transactions
US11151522B2 (en) 2015-07-21 2021-10-19 Early Warning Services, Llc Secure transactions with offline device
US10438175B2 (en) 2015-07-21 2019-10-08 Early Warning Services, Llc Secure real-time payment transactions
US10970695B2 (en) 2015-07-21 2021-04-06 Early Warning Services, Llc Secure real-time transactions
US10963856B2 (en) 2015-07-21 2021-03-30 Early Warning Services, Llc Secure real-time transactions
US11037122B2 (en) 2015-07-21 2021-06-15 Early Warning Services, Llc Secure real-time transactions
US11151567B2 (en) 2016-09-19 2021-10-19 Early Warning Services, Llc Authentication and fraud prevention in provisioning a mobile wallet
DE102017126353A1 (de) * 2017-11-10 2019-05-16 Bundesdruckerei Gmbh Authentifizierungssystem zur authentifizierung einer person, verfahren zur authentifizierung und computerprogrammprodukt
CN111160137B (zh) * 2019-12-12 2021-03-12 天目爱视(北京)科技有限公司 一种基于生物3d信息的智能业务处理设备
DE102021206152A1 (de) 2021-06-16 2022-12-22 Volkswagen Aktiengesellschaft Verfahren zur Authentifizierung eines Nutzers eines Fahrzeugs und Fahrzeug

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038639A2 (fr) * 2002-10-21 2004-05-06 Sprint Communications Company, L.P. Verification de l'identite et de la presence continue d'utilisateurs d'ordinateur
US20080209222A1 (en) * 2007-02-27 2008-08-28 International Business Machines Corporation Method of creating password schemes for devices

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088450A (en) * 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US6256737B1 (en) * 1999-03-09 2001-07-03 Bionetrix Systems Corporation System, method and computer program product for allowing access to enterprise resources using biometric devices
EP1132797A3 (fr) * 2000-03-08 2005-11-23 Aurora Wireless Technologies, Ltd. Identification securisée d'utilisateur dans un système de transaction en ligne
US7430520B1 (en) * 2000-08-11 2008-09-30 Affinion Net Patents, Inc. System and method for determining the level of a authentication required for redeeming a customer's award credits
WO2002033541A2 (fr) * 2000-10-16 2002-04-25 Tangis Corporation Determination dynamique d'interfaces utilisateur informatiques appropriees
US6614348B2 (en) * 2001-03-23 2003-09-02 International Business Machines Corporation System and method for monitoring behavior patterns
US7623970B2 (en) * 2001-04-17 2009-11-24 Panasonic Corporation Personal authentication method and device
DE10163814A1 (de) * 2001-12-22 2003-07-03 Philips Intellectual Property Verfahren und Einrichtung zur Nutzeridentifizierung
US20060053296A1 (en) * 2002-05-24 2006-03-09 Axel Busboom Method for authenticating a user to a service of a service provider
JP4111810B2 (ja) * 2002-11-28 2008-07-02 富士通株式会社 個人認証端末、個人認証方法及びコンピュータプログラム
US20060026108A1 (en) * 2004-07-30 2006-02-02 Paul Wilson Voice/data financial transaction monitoring methods and systems
US7194763B2 (en) * 2004-08-02 2007-03-20 Cisco Technology, Inc. Method and apparatus for determining authentication capabilities
CN101375546B (zh) * 2005-04-29 2012-09-26 甲骨文国际公司 用于欺骗监控、检测和分层用户鉴权的系统和方法
US20080028453A1 (en) * 2006-03-30 2008-01-31 Thinh Nguyen Identity and access management framework
US7552467B2 (en) * 2006-04-24 2009-06-23 Jeffrey Dean Lindsay Security systems for protecting an asset
US8255318B2 (en) * 2007-10-18 2012-08-28 First Data Corporation Applicant authentication
US8627410B2 (en) * 2007-12-19 2014-01-07 Verizon Patent And Licensing Inc. Dynamic radius
US8497836B2 (en) * 2008-05-06 2013-07-30 Cisco Technology, Inc. Identifying user by measuring pressure of button presses on user input device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004038639A2 (fr) * 2002-10-21 2004-05-06 Sprint Communications Company, L.P. Verification de l'identite et de la presence continue d'utilisateurs d'ordinateur
US20080209222A1 (en) * 2007-02-27 2008-08-28 International Business Machines Corporation Method of creating password schemes for devices

Also Published As

Publication number Publication date
AT507759B1 (de) 2013-02-15
WO2010075921A2 (fr) 2010-07-08
WO2010075921A3 (fr) 2010-10-21
AT507759A1 (de) 2010-07-15
US20110247058A1 (en) 2011-10-06

Similar Documents

Publication Publication Date Title
EP2353123A2 (fr) Procédé d'authentification de personnes basée sur des exigences
DE102007033812B4 (de) Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes
DE60223129T2 (de) Verfahren und system zur sicherung eines rechnernetzwerks und persönliches identifikationsgerät, das für die steuerung des netzwerkkomponentenzugangs verwendet wird
AT506619B1 (de) Verfahren zur zeitweisen personalisierung einer kommunikationseinrichtung
EP1573689A1 (fr) Procede permettant d'executer une transaction electronique securisee a l'aide d'un support de donnees portable
WO2000043960A1 (fr) Procede et systeme de protection contre la fraude en cas de reconnaissance biometrique de personnes
DE102011078018A1 (de) System zum Ausführen von Fernfunktionen eines Kraftfahrzeugs
EP3963485B1 (fr) Authentification d'un utilisateur
EP1424659A1 (fr) Appareil électronique et procédé pour l'authentification d'un utilisateur de cet appareil
EP1697820B1 (fr) Procede pour activer un acces a un systeme informatique ou a un programme
DE202009011994U1 (de) Automatisierte Ausgabe von Waren
EP3367281A1 (fr) Procédé de vérification de l'identité d'un utilisateur
EP1525731B1 (fr) Identification d'un utilisateur d'un terminal mobile et generation d'une autorisation d'action
EP2996299B1 (fr) Procédé et système d'autorisation d'une action sur un système auto-commandé
EP2364491A1 (fr) Caractéristique d'identification
EP3657750B1 (fr) Procédé d'authentification des lunettes intelligentes dans un réseau de données
WO2007036341A1 (fr) Deblocage de cartes de telephonie mobile
EP3723339B1 (fr) Libération sécurisée d'une fonction protégée
DE102009014919A1 (de) Verfahren und Vorrichtung zum Authentifizieren eines Benutzers
DE102022114588A1 (de) Verfahren und System zur Authentifizierung einer Person
DE102022106241A1 (de) Kontaktlose Identifizierung und Authentifizierung einer Person
EP4283625A1 (fr) Authentification de personnes pour régler au moins une pompe à perfusion
EP3407234A1 (fr) Dispositif et procédé de vérification d'une identité d'une personne
DE102004049428A1 (de) Verfahren und Anordnung zur selbsttätigen Identifizierung und Authentifizierung der Nutzer von elektronischen Einrichtungen mit Hilfe von bei der Nutzung entstehenden oder bereits vorhandenen nutzeridentifizierenden und -authentifizierenden Informationen
EP2645670A1 (fr) Mise à disposition d'attributs d'identité d'un utilisateur

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110603

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/20 20060101AFI20111107BHEP

Ipc: H04L 29/06 20060101ALI20111107BHEP

Ipc: G07C 9/00 20060101ALI20111107BHEP

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20140909

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20150120