EP3563327A1 - Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone - Google Patents
Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphoneInfo
- Publication number
- EP3563327A1 EP3563327A1 EP17842338.0A EP17842338A EP3563327A1 EP 3563327 A1 EP3563327 A1 EP 3563327A1 EP 17842338 A EP17842338 A EP 17842338A EP 3563327 A1 EP3563327 A1 EP 3563327A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- electronic device
- smartphone
- mobile
- user
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/308—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using the Internet of Things
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/321—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3226—Use of secure elements separate from M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
Definitions
- the present invention refers to a process/method for achieving a high security and strong identity authentication system about the legitimate owner of a smartphone, tablet or other mobile device with which an accessory element such as a passive TAG or smart device is coupled.
- the system can be used to make recharges of a financial instrument, for payments in mobility or remotely, for access to private property or to places or things with prior authorization of access and/or for identifications of the owner of the mobile device for bureaucratic formalities, and it employs a software application (APP), which provides for sending and exchanging a temporary enabling random code, which can be used only once, between at least three electronic devices.
- APP software application
- the invention relates to a process/method for obtaining a safety system comprising a smartphone, tablet or other mobile device, an accessory element, such as a passive TAG and/or a smart device (with an electronic circuit, a battery and a specific firmware), another electronic device, such as a POS or an electronic lock or a Desktop PC, and a software application (APP), which manages the procedure to make extremely safe the recharging of a financial instrument and/or the payments in mobility or remotely, the access to private property or to places or things with prior authorization of access (e.g.
- the process is able to allow users of smartphones, tablets or other mobile device to certify their identity in total security in order to recharge their financial instrument and/or to make payments in mobility or remotely, to access to private properties or to places or things with prior authorization of access and/or to identify the owner of the mobile device for bureaucratic formalities, by using a temporary random authorization code which is univocally associated with the owner of the smartphone, tablet or other mobile device to which an accessory, such as a passive TAG or a smart device (also previously associated with the smartphone's owner), is coupled; said random authorization code is exchanged with a third electronic device, which is used for recharging a financial instrument, for making payments in mobility or remotely, for accessing to private property or to places or things with pre-authorization and/or for identifying the owner of the mobile device for bureaucratic formalities.
- a temporary random authorization code which is univocally associated with the owner of the smartphone, tablet or other mobile device to which an accessory, such as a passive TAG or a smart device (also previously associated with the smartphone
- QR CODEs which are sent online from a server
- biometric data of the user such as the heartbeat, which are acquired with sensors placed on bracelets and/or smart watches (such as iWatch®, Gear®, etc.) connected to the smartphone, tablet and/or other mobile device; said systems, however, are not totally reliable and secure, as online transmissions can be stolen by hackers while biometric data may be unreliable and/or falsified with photos and images.
- APP social software applications
- messenger applications the so-called “peer-to-peer” applications
- peer-to-peer applications for handling limited money amounts and data entry for authenticating the owner of the mobile device (for example a digital signature), as well as the entry of different codes or PINs for security are also requested.
- APP software applications
- all of said software applications (APP) store and track on the smartphone, tablet or other mobile device the sensitive data of the current account and/or of the credit or debit card used by the owner of the smartphone, tablet or other mobile device.
- APP software applications
- An object of the present invention is therefore to obviate the above- mentioned technical drawbacks and, in particular, to provide a method for obtaining a security and strong authentication system for the owner of a smartphone, tablet or other mobile device and to make totally safe the recharging of a financial instrument, the mobile or remotely payments, the access to private properties or to places or things with prior authorization and/or the identification of the owner of the mobile device for bureaucratic formalities; basically, the invention provides for a system comprising at least three electronic devices (a first electronic device, such as a smartphone, tablet or other mobile device together with a software application or APP, a second electronic device or accessory, such as a passive TAG or smart device, which is previously associated with the owner of the smartphone, tablet or other mobile device, and a third electronic device, such as a POS, an electronic lock or a Desktop PC or another specific device), which is configured to send and exchange a temporary enabling random code, to be used once, among the above mentioned three electronic devices.
- a first electronic device such as a
- a further object of the present invention is to allow the owner of the smartphone, tablet or other mobile device to recharge its own financial instrument and/or to carry out mobile or remotely payments and/or an access to private properties or places or things with a pre-authorization and/or an identification of the owner of said mobile device for bureaucratic formalities.
- an identification code (ID) of the smartphone or other mobile device and an identification code (ID) of the accessory such as the passive TAG or smart device, which are originally associated with the owner of the smartphone or other mobile device;
- a unique code including the identification data of the owner of the smartphone or other mobile device (for example, the owner's tax code and/or the encrypted data referring to a financial instrument or to an access system and/or other personal data of the smartphone's owner);
- a temporary random code which can be created by an algorithm, by a random typing of numbers on the keyboard and/or on the screen of the smartphone or mobile device or through a code generated by biometric data detected by the smartphone or mobile device, in order to create a "complete" temporary random code which is composed of the above mentioned codes.
- Said "complete" temporary random code is stored on the smartphone, tablet or other mobile device and then sent and stored on the accessory, such as the passive TAG or smart device, and then verified by the POS, the electronic lock, the PC or other specific device.
- the steps performed by the method according to the present invention are performed exclusively by the electronic device configured to recharge the financial instrument and/or to make mobile or remotely payments and/or accesses to private properties or to places or things of which the owner has a prior authorization and/or identifications of the owner of the mobile device for bureaucratic formalities, so that it is practically impossible, by third parties, to acquire by fraud, said "complete" temporary authorization code.
- the financial institution and/or other institution which manages accesses and/or personal identifications will receive "ex post" information referring to the activity carried out, thus ensuring an
- the system performing the above method includes:
- an identification code e.g. an ID code of the mobile device
- a software application provided by third parties is configured to manage communications between the mobile device, a second electronic device or accessory, such as a passive TAG or smart device, and a third electronic device, such as a POS or an electronic lock or a Desktop PC or other specific device;
- a second electronic device or accessory such as a passive TAG or smart device, which is inserted into an element for personal use of the owner of said smartphone, tablet or other mobile device and which is previously associated with the owner of the smartphone or other mobile device, where an identification code (for example, the ID of the passive TAG or smart device) is permanently stored, and/or the identifying data of a user and owner of the mobile device, the data referring to a financial instrument or access system and other personal data of said user and owner of the mobile device are permanently stored and encrypted, as well as a complete random enabling code is temporarily stored;
- an identification code for example, the ID of the passive TAG or smart device
- a third electronic device such as a POS or an electronic lock or a desktop PC or other device, which has a firmware (electronic circuits, chips to manage multiple technologies and/or data transmission protocols, battery and operating software) configured to communicate with said accessory (the passive TAG or smart device) and with the mobile device;
- a firmware electronic circuits, chips to manage multiple technologies and/or data transmission protocols, battery and operating software
- APP software application running on the smartphone, tablet or other mobile device, for managing the method.
- the user and owner of a mobile device is able to receive from a financial institution and/or from a manufacturer or supplier of electronic locks and/or from a public or private institution both the passive TAG or smart device, which is already associated with the owner of the smartphone, tablet or other mobile device, and the software application (APP) for managing the method according to the present invention; said software application (APP) allows to obtain a strong authentication of the owner of the mobile device, so as to carry out recharging of a financial instrument, mobile or remotely payments, accesses to properties, places or things with prior authorization of access and/or identifications of the owner of said mobile device for bureaucratic formalities.
- the present invention allows to increase the safety of the above operations by implementing different operating modes.
- the data exchange among three different electronic devices takes place using one or more technologies and/or data transmission protocols (for example, radio frequency or Bluetooth); furthermore, a complete enabling temporary random code can be provided only with the presence both of the mobile device and of the passive TAG or smart device, in order to carry out a recharging of a financial instrument, a mobile or remotely payment, an access to properties or to places or things with prior authorization and/or an identification of the owner of the mobile device for bureaucratic formalities.
- technologies and/or data transmission protocols for example, radio frequency or Bluetooth
- the system of the present invention After having completed the authentication phase, the system of the present invention performs the normal operations such as acquiring the encrypted information relating to the financial instrument and/or to the access codes and/or the sensitive data of the person owning the mobile device, thus completing the recharging activities of the financial instrument, the payment activities, the access activities and/or the identification activities of said owner of the mobile device for bureaucratic formalities.
- the complete temporary enabling random code is therefore always different and usable only once, because a part of said code is generated, for example, either by means of an algorithm and/or by means of a random typing on the keyboard and/or on the screen of the mobile device (said typing being transformed into a code) and/or by means of a code generated by biometric information acquired from the mobile device or from the smart device; the owner of the mobile device is thus guaranteed regarding the impossibility that third parties may use, in case of theft with systems such as digital scanners or "sniffers", said temporary complete enabling random code during the subsequent activities of recharging a financial instrument, paying in mobility or remotely, accessing to private properties or to places or things with prior authorization or identifying the owner of the mobile device for bureaucratic formalities.
- Figure 1 shows a first preliminary step, carried out by those who must grant a financial instrument or access or certification of personal identity, according to which the ID of the element such as a passive TAG or smart device is written on said passive TAG or smart device and the encrypted identifying data of a user and owner of the mobile device, as well as data referring to a financial instrument or access system and other personal data of the user and owner of the mobile device are written on said passive TAG or smart device;
- Figure 1 also shows a second phase according to which the passive TAG or smart device and a software application (APP) are delivered to the user who requested them, according to the present invention;
- APP software application
- FIGS. 2A, 2B, 2C, 2D and 2E show further steps according to which the user and owner of the mobile device (e.g. a smartphone), who has the passive TAG or smart device which is already associated with the owner of the smartphone, is preparing to certify his/her identity and then to perform a charging and/or a payment in mobility or remotely (by using a Desktop PC instead of a POS) or to make an access or an identification;
- Figures 2D and 2E also show the type and the flow of data sent and exchanged among the three electronic devices, according to the invention;
- Figures 3A, 3B, 3C and 3D show the steps of the method according to which the user and owner of the mobile device (e.g. a smartphone), who has got the smart device (already associated), is preparing to certify his/her identity and therefore to perform a recharging and/or a mobile or remotely payment operation (using a Desktop PC instead of a POS) or to make an access or an identification;
- Figures 3C and 3D also show the type of a first flow of data which are sent and exchanged between the three electronic devices, according to the present invention;
- Figures 4A, 4B, 4C and 4D show the steps of the method according to which the user and owner of the mobile device (e.g. a smartphone), who has got the smart device (already associated), is preparing to certify his/her identity and therefore to perform a recharging and/or a mobile or remotely payment operation (using a Desktop PC instead of a POS) or to make an access or an identification;
- Figures 4C and 4D also show the type and flow of data sent and exchanged between the three electronic devices, according to the invention.
- the claimed method is able to perform the following steps:
- the user starts the software application (APP) on a first mobile electronic device (e.g. the user's smartphone) and said APP reads and acquires the identification data of the user and owner of the mobile electronic device (for example, the user's fiscal code) together with other identification codes (for example, codes relating to a financial instrument or to an electronic lock), which are stored on a second electronic device (an accessory, such as a passive TAG, an electronic bracelet or a smart device) previously associated to the user;
- a first mobile electronic device e.g. the user's smartphone
- said APP reads and acquires the identification data of the user and owner of the mobile electronic device (for example, the user's fiscal code) together with other identification codes (for example, codes relating to a financial instrument or to an electronic lock), which are stored on a second electronic device (an accessory, such as a passive TAG, an electronic bracelet or a smart device) previously associated to the user;
- the first mobile electronic device produces a temporary random code (partial password) in different ways, such as, for example, by means of an algorithm, by means of a random typing of alphanumeric characters on the keyboard and/or on the screen of the smartphone or through a series of alphanumeric characters generated from biometric information detected by the smartphone (such as heartbeats, user steps, etc.);
- the smartphone is able to join the data and identification codes referred to in point a) with the temporary random code (partial password) so as to obtain, univocally, a complete enabling temporary random code (personal password);
- the smartphone sends the same complete enabling temporary random code (personal password) to a third electronic device (such as an electronic lock, a POS or a PC);
- a third electronic device such as an electronic lock, a POS or a PC
- said third electronic device is able to verify that said complete enabling code is equal both within the first electronic device (smartphone) and within the second electronic device (passive TAG or smart device); practically, the third electronic device asks for the personal password to the passive TAG or smart device and compares the personal passwords received from the smartphone and from the second electronic device to verify that said personal passwords are the same.
- a data exchange takes place between the first mobile electronic device (the user's smartphone), the second electronic device (an electronic bracelet or a smart device) and the third electronic device (electronic lock, POS or PC Desktop), so that the second electronic device, where the identification data of the smartphone's owner or user (for example, the user's fiscal code together with the smartphone's identification data) and the financial instrument data or the electronic lock code or other data identifying said second electronic device are stored, is configured to generate a partial password (temporary random code), which can be created in different ways (by means of an algorithm or by means of a random generation of alphanumeric data on the screen of the second electronic device which is converted into a code or by means of a code produced by biometric information of the user detected by the second electronic device, such as the user's steps or his/her heartbeat).
- a partial password temporary random code
- Said partial password (temporary random code) is then combined, by the second electronic device, with the identification data of the smartphone's user, thus univocally creating a personal password (complete enabling temporary random code), which is stored on the second electronic device and sent to the smartphone; the smartphone stores said personal password by deleting any previously stored personal passwords.
- said personal password is sent to the third electronic device (electronic lock, POS or PC Desktop) and the third electronic device is activated for exchanging data between the same third electronic device and the second electronic device; therefore, the third electronic device will ask for the personal password to the second electronic device and will compare the two personal passwords (complete enabling temporary random code) coming from the smartphone and from the second electronic device so as to verify if said personal passwords are equal. If said personal passwords are equal, the identity is verified and the activities are permitted, while in case of failure of matching between the two personal passwords coming from the smartphone and from the second electronic device, the identity is not verified and the activities will be denied.
- the third electronic device electronic lock, POS or PC Desktop
- data exchange between the first mobile electronic device (smartphone), the second electronic device (electronic bracelet or smart device) and the third electronic device (electronic lock, POS or PC Desktop) occurs, first of all, thanks to the smartphone which is able to generate a partial password (first temporary random code), said partial password being sent from the smartphone to the second electronic device; similarly, the second electronic device generates its own partial password (second temporary random code).
- Said partial passwords can be produced in different ways, such as, for example, by means of an algorithm, by means of a random typing (transformed into code) of alphanumeric characters on the smartphone keyboard or screen or starting from biometric information detected by the smartphone or by the second electronic device (such as the user's steps or the user's heartbeat).
- Both the two partial passwords are combined, by means of said smartphone and second electronic device, to their identification codes and to the user's identification data (such as the user's fiscal code and the financial instrument data or the electronic lock codes or other identification data of the second electronic device), in such a way that both said smartphone and said second electronic device are able to create, univocally and autonomously, a personal password (complete enabling temporary random code), which is stored both in the smartphone and in the second electronic device in place of any other personal passwords previously stored on said smartphone and on said second electronic device.
- a personal password complete enabling temporary random code
- the smartphone sends the personal password to the third electronic device (electronic lock, POS or PC Desktop) and requests the activation of said third electronic device for a data exchange between the third electronic device and the second electronic device so as to verify the data equality.
- the third electronic device electronic lock, POS or PC Desktop
- the third electronic device asks for the personal password to the second electronic device and compares the two personal passwords (complete enabling temporary random codes) coming from the smartphone and coming from the second electronic device so as to verify if said passwords are equal; if yes, the identity will be verified and the activities allowed, while in case of failure of equality between the two personal passwords coming from the smartphone and coming from the second electronic device, the identity will not be verified and the activities will be denied.
- the process and/or method for obtaining a high security authentication system for identifying the legitimate owner of a smartphone, tablet or other mobile electronic device which can be used, according to the present invention, for recharging a financial instrument, for mobile or remotely payments, for accesses to private properties or places or things with prior authorization and/or for identifying the user or owner of the mobile electronic device for bureaucratic formalities, makes use of an offline procedure (without using remote servers) in order to verify a plurality of codes, which are exchanged among at least three electronic devices, and is performed by means of a software application (APP), which manages the perfect correspondence (identity) between two complete enabling temporary random codes, which are respectively associated to a first electronic device (smartphone, tablet, etc.) and to a second electronic device (passive TAG, electronic bracelet or smart device) which is provided to the user or owner of the smartphone, tablet, etc.; said codes can only be used once and are exchanged among the first mobile electronic device (smartphone, tablet, etc.),
- APP software application
- the user and owner (1) of a first mobile electronic device requires and/or receives to/from a financial institution (100), to/from a manufacturer or supplier (300) of electronic locks (350) or to/from a public or private identification institution (700), a software application or APP (11 , 51 , 71 ) and an accessory (130), such as a passive TAG or an electronic bracelet or a smart device, which is already associated with the smartphone's owner (10) and which can also be inserted into an object for personal use (500), where destination fields have been created to store information and/or data, of which a first destination field (101 A, 301 A, 701 A) is used for storing an identification code of said accessory (130) and a second destination field (110, 310, 710) is used to store encrypted data of the user (1) and
- a first mobile electronic device such as a smartphone (10), a tablet or other similar electronic devices
- a financial institution 100
- a manufacturer or supplier 300
- electronic locks 350
- a public or private identification institution 700
- the user (1) after having installed the software application or APP (11 , 51 , 71) on the smartphone (10) and taking the accessory (130), which can also be inserted in an object for personal use (500), in order to carry out a mobile or remotely recharging or payment operation (22) (by using a POS (250) or a PC Desktop (750)) or an access (62) to private properties or places or things with a prior authorization (by means of an electronic lock (350)) or a personally identification (82) for bureaucratic formalities or other purposes (by means of a PC (750)), is able to use his/her smartphone (10) to read and acquire (12) his/her identification data (110, 310, 710), which are constituted for example by the fiscal code, together with the data of the financial instrument or the codes of the electronic lock or the identification data, which are stored in the accessory (130) already associated to the user (1 ); said user (1 ) checks, validates and accepts all said data directly on the smartphone (10) and the set of said data constitutes a first identification
- a temporary random code or partial password (102) is created (13) and stored on said smartphone (10); the temporary random code or partial password (102) is associated, through the APP (11 , 51 , 71) of the smartphone (10), with the first identification code; the temporary random code (102) can be created in different ways, such as, for example, through an algorithm, by random typing of alphanumeric characters on the keyboard and/or on the smartphone screen (10) or starting from biometric information of the user (1) that are detected by the smartphone (10), such as a certain number of the user's (1) steps or his/her heartbeats.
- the association between the temporary random code (102) and the first identification code uniquely produces (14) a complete enabling temporary random code or personal password (103), which is formed by said temporary random code (102) and said first identification code and which is associated to the smartphone (10) of the user (1 ) and again sent to and temporarily stored (15) in a destination field of said accessory (130).
- the complete enabling temporary random code (103) is therefore made up of a first part of the code which is generated by the smartphone (10) and of a second part of the code which strictly identifies the user (1 ) and which is sent and stored on said smartphone (10) and then sent to the accessory (130) (where it is stored by overwriting the possible code that can be previously stored).
- the user (1) sends (16) said complete enabling temporary random code (103), by means of the APP (11 , 51 , 71) running on the smartphone (10), to the third electronic device (electronic lock (350), POS (250) or PC (750)), which is composed of an electronic circuit (800) and an operating software or firmware (30, 40, 90); therefore, a data exchange occurs between the smartphone (10), the accessory (130) and the third electronic device and, in particular, the third electronic device requires the complete enabling temporary random code (103) to the accessory (130) and provides to compare the complete enabling temporary random codes received from the accessory (130) and from the user's (1) smartphone (10).
- the third electronic device electronic lock (350), POS (250) or PC (750)
- the third electronic device requires the complete enabling temporary random code (103) to the accessory (130) and provides to compare the complete enabling temporary random codes received from the accessory (130) and from the user's (1) smartphone (10).
- the third electronic device seeks (17) the presence of the same complete enabling temporary random code (103) provided by the user's (1 ) smartphone (10) in the accessory (130). If said complete enabling temporary random code (103) is not identified, the system stops (19) the activities of recharging and/or payment (22) or the access (62) to places or properties or the activities of personal identification (82), since it has not been exceeded the necessary authentication request (18) of the smartphone's (10) user (1), and communicates said failure to the user (1) via the APP (11 , 51 , 71 ) of the smartphone (10).
- the system validates the user's (1 ) certification/authentication and allows to go on acquiring (21 ) the encrypted data of the financial instrument (110) or the codes of the electronic lock (310) or the identification data of the user (710), as well as the system allows to go on recharging and/or paying (22) or accessing to places or properties (62) or signing a personal identification (82) and communicates the validation to the smartphone's (10) user (1) and, simultaneously, communicates to the financial institution (100) or to the manufacturer or supplier of electronic locks (300) or to the personal identification institution (700) the operation's details.
- the accessory (130) constituted by an electronic bracelet or smart device where are stored the unique identification data (110, 310, 710) of the smartphone's (10) user (1) and/or owner (10), such as data related to the fiscal code, together with any other smartphone's identification data (10) and data related to the financial instrument (110) or the electronic lock codes (310) or user's identification data (710), generates (13) a temporary random code or partial password (102), for example by means of an algorithm or through a random typing on the keyboard and/or on the screen of the smartphone (10) transformed into code or through a code generated by the user's biometric information (1) detected by the accessory (130), such as the user's (1) steps or his/her heartbeat.
- This temporary random code (102) is associated, through the accessory (130), with the identification code (101 A, 301 A, 701 A) of said accessory (130) and with the identification codes (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone (10), thus creating a unique complete enabling temporary random code (103), which is stored (14) on said accessory (130) and which is also sent to (15A) and stored in (15B) the smartphone (10), by deleting any other complete enabling temporary random codes previously stored.
- the smartphone (10) has stored the complete enabling temporary random code (103), said smartphone (10), via the APP (11 , 51 , 71), sends (16) said complete code (103) to the third electronic device and asks said third electronic device to be activated for an exchange of data with the data contained in the accessory (130).
- the third electronic device requires the complete enabling temporary random code (103) to the accessory (130) and compares (17) the complete enabling temporary random codes (103) coming from the smartphone (10) and from the accessory (130) to verify if said codes (103) are equal.
- the system is able to valid (20) the authentication of the smartphone's (10) user (1) and the activities of payment, access and personal identification (22, 62, 82) will be allowed, while if a mismatch between the personal passwords (103) coming from the smartphone (10) and coming from the accessory (103) occurs, the identity will not be verified (18) and the payment, access and personal identification activities (22 , 62, 82) will be denied (19).
- the smartphone (10) generates (13A) a partial password or temporary random code (102A) which is associated with the identification data (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone (10); said partial password or code (102A) is sent from the smartphone (10) to the accessory (130) (which is constituted, for example, by an electronic bracelet or smart device) and the accessory (130) creates (102B), in its turn, a temporary random code associated with its identification data (101 A, 301 A, 701 A).
- the smartphone (10) generates (13A) a partial password or temporary random code (102A) which is associated with the identification data (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone (10); said partial password or code (102A) is sent from the smartphone (10) to the accessory (130) (which is constituted, for example, by an electronic bracelet or smart device) and the accessory (130) creates (102B), in its turn, a temporary random code associated with its identification data (101
- Said two temporary random codes (102A, 102B) can be created in different ways, such as through an algorithm, by a random typing of numbers on the keyboard and/or on the screen of the smartphone (10) transformed into code or through a code generated by biometric information detected by the smartphone (10) or by the accessory (130), such as the user's (1) steps or his/her heartbeat.
- the accessory (130) generates (14) a unique personal password or complete enabling temporary random code (103), which is stored on the accessory (130) and then sent (15A), by said accessory (130), and stored (15B), through the APP (11 , 51 , 71), on the smartphone (10), by deleting any other complete enabling temporary random codes previously stored on said smartphone (10) and/or on said accessory (130); the smartphone (10) sends (16) the complete enabling temporary random code (103) to the third electronic device and requests (17) said third electronic device to carry out a data exchange with the smartphone (10), so that the third electronic device requests the complete enabling temporary random code (103) to the accessory (130) and compares the complete enabling temporary random codes received from the smartphone (10) and from the accessory (130) to verify if said codes are equal.
- the system is able to valid (20) the authentication of the smartphone's (10) user (1 ) and the activities of payment, access and personal identification (22, 62, 82) will be allowed, while if the complete enabling temporary random codes (103) coming from the smartphone (10) and coming from the accessory (130) are different, the identity will not be verified (18) and the payment, access and personal identification activities (22, 62, 82) will be denied.
- the features of the safety method concerning the sending and exchange of a temporary enabling random code between at least three electronic devices for recharging, payments, accesses and/or identifications of the owner of a mobile device, such as a smartphone, which is the object of the present invention, are clear, as well as the related advantages.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Telephone Function (AREA)
Abstract
A process of obtaining a safety and authentication system for strongly verify the identity of a legitimate owner (1) of a smartphone (10), tablet and/or other mobile electronic devices, which can be used for recharging a financial instrument and/or for mobile or remotely payments and/or for accesses to private properties, places or things with prior authorization and/or for identifying the owner of the mobile electronic device, which involves the use of a smartphone (10), tablet or other mobile device, of a separate accessory, such as a passive TAG or a smart device (130), and of a third electronic device (250, 350, 750), such as a POS, an electronic lock or a PC or other electronic devices, as well as of a security software application or APP (11, 51, 71), which manages and presides over the process. The process employs a temporary enabling random code (103), associated with the mobile device (10), which can only be used once and which is exchanged and verified between at least three electronic devices that are involved in the process.
Description
SAFETY PROCESS/METHOD FOR SENDING AND EXCHANGING A TEMPORARY ENABLED RANDOM CODE AMONG AT LEAST THREE ELECTRONIC DEVICES FOR RECHARGES, PAYMENTS, ACCESSES AND/OR IDS OF OWNERS OF A MOBILE DEVICE, SUCH AS A
SMARTPHONE.
The present invention refers to a process/method for achieving a high security and strong identity authentication system about the legitimate owner of a smartphone, tablet or other mobile device with which an accessory element such as a passive TAG or smart device is coupled. The system can be used to make recharges of a financial instrument, for payments in mobility or remotely, for access to private property or to places or things with prior authorization of access and/or for identifications of the owner of the mobile device for bureaucratic formalities, and it employs a software application (APP), which provides for sending and exchanging a temporary enabling random code, which can be used only once, between at least three electronic devices.
More specifically, the invention relates to a process/method for obtaining a safety system comprising a smartphone, tablet or other mobile device, an accessory element, such as a passive TAG and/or a smart device (with an electronic circuit, a battery and a specific firmware), another electronic device, such as a POS or an electronic lock or a Desktop PC, and a software application (APP), which manages the procedure to make extremely safe the recharging of a financial instrument and/or the payments in mobility or remotely, the access to private property or to places or things with prior authorization of access (e.g. housing, means of transport, public or private offices, etc.) and the identification of the owner of the smartphone, tablet or other mobile device, in case of loss, theft or fraudulent manipulation of the mobile device or in case of hacker attacks. The process is able to allow users of smartphones, tablets or other mobile
device to certify their identity in total security in order to recharge their financial instrument and/or to make payments in mobility or remotely, to access to private properties or to places or things with prior authorization of access and/or to identify the owner of the mobile device for bureaucratic formalities, by using a temporary random authorization code which is univocally associated with the owner of the smartphone, tablet or other mobile device to which an accessory, such as a passive TAG or a smart device (also previously associated with the smartphone's owner), is coupled; said random authorization code is exchanged with a third electronic device, which is used for recharging a financial instrument, for making payments in mobility or remotely, for accessing to private property or to places or things with pre-authorization and/or for identifying the owner of the mobile device for bureaucratic formalities.
Many software applications (APP) are currently known, in particular for mobile payments, which require the insertion of additional codes or PINs (besides an initial pin), the reading of a fingerprint or the typing of additional passwords (such as, for example, a numeric code and a user- name) for obtaining an authentication of the legitimate owner of a smartphone, tablet or other mobile device; said codes or PINs are verified on-line by a server application, in order to obtain a reasonable level of security in case of loss, theft or fraudulent use of the smartphone, tablet or other mobile device by unknown third parties. Other known authentication systems which are able to identify the legitimate owner of a mobile device, especially for mobile payments provided by financial institutions (with specific software applications or APP), can also use QR CODEs, which are sent online from a server, or biometric data of the user, such as the heartbeat, which are acquired with sensors placed on bracelets and/or smart watches (such as iWatch®, Gear®, etc.) connected to the smartphone, tablet and/or other mobile device; said systems, however, are not totally reliable and secure, as online transmissions can be stolen by
hackers while biometric data may be unreliable and/or falsified with photos and images.
Regarding mobility payments, methods and processes involving the exchange of money among smartphone's users are also known; said methods are performed with social software applications (APP) or messenger applications (the so-called "peer-to-peer" applications) for handling limited money amounts and data entry for authenticating the owner of the mobile device (for example a digital signature), as well as the entry of different codes or PINs for security are also requested. However, all of said software applications (APP) store and track on the smartphone, tablet or other mobile device the sensitive data of the current account and/or of the credit or debit card used by the owner of the smartphone, tablet or other mobile device.
The same applies to software applications (APP), which are also suitable for managing electronic locks or other accesses, but which do not provide any strong authentication system of the owner of the smartphone, tablet or other mobile device.
Other methods and/or procedures for a strong authentication of the owner of a smartphone, tablet or other mobile device, which are relatively safer than those highlighted above, provide for sending encrypted unique identification codes together with the identification data of the owner of the mobile device and the data related to a financial instrument and/or to an electronic access system to private properties or to places or things with prior authorization; all said data are stored on a separate device or accessory, such as a passive or active TAG.
Even if the above mentioned procedures are able to guarantee a greater level of security in case of loss, theft or fraudulent use of the smartphone, tablet or other mobile device by third parties, there is still a real risk of possible theft of the mobile device owner's identification data and of data relating to the financial instrument or to the electronic access system, in
particular during the transmission and exchange of data or codes between the electronic devices used during the payment procedures and/or the access to private properties, as said data or codes are fixed or created with algorithms to which an attacker can date back.
An object of the present invention is therefore to obviate the above- mentioned technical drawbacks and, in particular, to provide a method for obtaining a security and strong authentication system for the owner of a smartphone, tablet or other mobile device and to make totally safe the recharging of a financial instrument, the mobile or remotely payments, the access to private properties or to places or things with prior authorization and/or the identification of the owner of the mobile device for bureaucratic formalities; basically, the invention provides for a system comprising at least three electronic devices (a first electronic device, such as a smartphone, tablet or other mobile device together with a software application or APP, a second electronic device or accessory, such as a passive TAG or smart device, which is previously associated with the owner of the smartphone, tablet or other mobile device, and a third electronic device, such as a POS, an electronic lock or a Desktop PC or another specific device), which is configured to send and exchange a temporary enabling random code, to be used once, among the above mentioned three electronic devices.
A further object of the present invention is to allow the owner of the smartphone, tablet or other mobile device to recharge its own financial instrument and/or to carry out mobile or remotely payments and/or an access to private properties or places or things with a pre-authorization and/or an identification of the owner of said mobile device for bureaucratic formalities.
In order to achieve said objects, according to a first embodiment of the invention, the following are used:
1. an identification code (ID) of the smartphone or other mobile device and
an identification code (ID) of the accessory, such as the passive TAG or smart device, which are originally associated with the owner of the smartphone or other mobile device;
2. a unique code including the identification data of the owner of the smartphone or other mobile device (for example, the owner's tax code and/or the encrypted data referring to a financial instrument or to an access system and/or other personal data of the smartphone's owner);
3. a temporary random code, which can be created by an algorithm, by a random typing of numbers on the keyboard and/or on the screen of the smartphone or mobile device or through a code generated by biometric data detected by the smartphone or mobile device, in order to create a "complete" temporary random code which is composed of the above mentioned codes.
Said "complete" temporary random code is stored on the smartphone, tablet or other mobile device and then sent and stored on the accessory, such as the passive TAG or smart device, and then verified by the POS, the electronic lock, the PC or other specific device.
Therefore, a possible theft of the "complete" temporary random authorization code, by third parties, through tools such as a digital scanner ("sniffer"), is in fact impracticable because this code changes from time to time and cannot be rebuilt, since it is not completely based on a mathematical reference model.
Finally, not the last purpose of the present invention is to allow the owner of the smartphone, tablet or other mobile device to provide for recharging a financial instrument and/or to make mobile or remotely payments and/or accesses to private properties or places or things of which the owner has a prior authorization and/or identifications for bureaucratic formalities, without the use of a remote server which sends an authentication code and/or a PIN and/or a QR Code in order to complete the operation; the steps performed by the method according to the present invention, in fact,
are performed exclusively by the electronic device configured to recharge the financial instrument and/or to make mobile or remotely payments and/or accesses to private properties or to places or things of which the owner has a prior authorization and/or identifications of the owner of the mobile device for bureaucratic formalities, so that it is practically impossible, by third parties, to acquire by fraud, said "complete" temporary authorization code. The financial institution and/or other institution which manages accesses and/or personal identifications will receive "ex post" information referring to the activity carried out, thus ensuring an extreme safety. The operations described can also be further verified by one or more remote servers.
These and other objects, which more clearly will appear in the following, are achieved, according to the invention, by a safety method according to the attached claim 1.
Advantageously, the system performing the above method includes:
- a smartphone, tablet or other mobile device where an identification code (e.g. an ID code of the mobile device) is permanently stored and a complete random enabling code is temporarily stored, and where a software application (APP) provided by third parties is configured to manage communications between the mobile device, a second electronic device or accessory, such as a passive TAG or smart device, and a third electronic device, such as a POS or an electronic lock or a Desktop PC or other specific device;
- a second electronic device or accessory, such as a passive TAG or smart device, which is inserted into an element for personal use of the owner of said smartphone, tablet or other mobile device and which is previously associated with the owner of the smartphone or other mobile device, where an identification code (for example, the ID of the passive TAG or smart device) is permanently stored, and/or the identifying data of a user and owner of the mobile device, the data referring to a financial
instrument or access system and other personal data of said user and owner of the mobile device are permanently stored and encrypted, as well as a complete random enabling code is temporarily stored;
- a third electronic device, such as a POS or an electronic lock or a desktop PC or other device, which has a firmware (electronic circuits, chips to manage multiple technologies and/or data transmission protocols, battery and operating software) configured to communicate with said accessory (the passive TAG or smart device) and with the mobile device;
- a software application (APP), running on the smartphone, tablet or other mobile device, for managing the method.
The user and owner of a mobile device (smartphone, tablet, etc.), following a request, is able to receive from a financial institution and/or from a manufacturer or supplier of electronic locks and/or from a public or private institution both the passive TAG or smart device, which is already associated with the owner of the smartphone, tablet or other mobile device, and the software application (APP) for managing the method according to the present invention; said software application (APP) allows to obtain a strong authentication of the owner of the mobile device, so as to carry out recharging of a financial instrument, mobile or remotely payments, accesses to properties, places or things with prior authorization of access and/or identifications of the owner of said mobile device for bureaucratic formalities.
In particular, the present invention allows to increase the safety of the above operations by implementing different operating modes.
The data exchange among three different electronic devices takes place using one or more technologies and/or data transmission protocols (for example, radio frequency or Bluetooth); furthermore, a complete enabling temporary random code can be provided only with the presence both of the mobile device and of the passive TAG or smart device, in order to carry out a recharging of a financial instrument, a mobile or remotely
payment, an access to properties or to places or things with prior authorization and/or an identification of the owner of the mobile device for bureaucratic formalities.
After having completed the authentication phase, the system of the present invention performs the normal operations such as acquiring the encrypted information relating to the financial instrument and/or to the access codes and/or the sensitive data of the person owning the mobile device, thus completing the recharging activities of the financial instrument, the payment activities, the access activities and/or the identification activities of said owner of the mobile device for bureaucratic formalities.
The complete temporary enabling random code is therefore always different and usable only once, because a part of said code is generated, for example, either by means of an algorithm and/or by means of a random typing on the keyboard and/or on the screen of the mobile device (said typing being transformed into a code) and/or by means of a code generated by biometric information acquired from the mobile device or from the smart device; the owner of the mobile device is thus guaranteed regarding the impossibility that third parties may use, in case of theft with systems such as digital scanners or "sniffers", said temporary complete enabling random code during the subsequent activities of recharging a financial instrument, paying in mobility or remotely, accessing to private properties or to places or things with prior authorization or identifying the owner of the mobile device for bureaucratic formalities.
Further features and advantages of the safety method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharging, paying and accessing activities and/or for identifying the owners of a mobile device for bureaucratic formalities, according to the present invention, will be more clear from the following description of different preferred embodiments and from the attached
drawings, in which:
- Figure 1 shows a first preliminary step, carried out by those who must grant a financial instrument or access or certification of personal identity, according to which the ID of the element such as a passive TAG or smart device is written on said passive TAG or smart device and the encrypted identifying data of a user and owner of the mobile device, as well as data referring to a financial instrument or access system and other personal data of the user and owner of the mobile device are written on said passive TAG or smart device; Figure 1 also shows a second phase according to which the passive TAG or smart device and a software application (APP) are delivered to the user who requested them, according to the present invention;
- Figures 2A, 2B, 2C, 2D and 2E show further steps according to which the user and owner of the mobile device (e.g. a smartphone), who has the passive TAG or smart device which is already associated with the owner of the smartphone, is preparing to certify his/her identity and then to perform a charging and/or a payment in mobility or remotely (by using a Desktop PC instead of a POS) or to make an access or an identification; Figures 2D and 2E also show the type and the flow of data sent and exchanged among the three electronic devices, according to the invention;
- Figures 3A, 3B, 3C and 3D show the steps of the method according to which the user and owner of the mobile device (e.g. a smartphone), who has got the smart device (already associated), is preparing to certify his/her identity and therefore to perform a recharging and/or a mobile or remotely payment operation (using a Desktop PC instead of a POS) or to make an access or an identification; Figures 3C and 3D also show the type of a first flow of data which are sent and exchanged between the three electronic devices, according to the present invention;
- Figures 4A, 4B, 4C and 4D show the steps of the method according to which the user and owner of the mobile device (e.g. a smartphone), who
has got the smart device (already associated), is preparing to certify his/her identity and therefore to perform a recharging and/or a mobile or remotely payment operation (using a Desktop PC instead of a POS) or to make an access or an identification; Figures 4C and 4D also show the type and flow of data sent and exchanged between the three electronic devices, according to the invention.
According to a first embodiment of the present invention, the claimed method is able to perform the following steps:
a) the user starts the software application (APP) on a first mobile electronic device (e.g. the user's smartphone) and said APP reads and acquires the identification data of the user and owner of the mobile electronic device (for example, the user's fiscal code) together with other identification codes (for example, codes relating to a financial instrument or to an electronic lock), which are stored on a second electronic device (an accessory, such as a passive TAG, an electronic bracelet or a smart device) previously associated to the user;
b) the first mobile electronic device (the smartphone) produces a temporary random code (partial password) in different ways, such as, for example, by means of an algorithm, by means of a random typing of alphanumeric characters on the keyboard and/or on the screen of the smartphone or through a series of alphanumeric characters generated from biometric information detected by the smartphone (such as heartbeats, user steps, etc.);
c) the smartphone is able to join the data and identification codes referred to in point a) with the temporary random code (partial password) so as to obtain, univocally, a complete enabling temporary random code (personal password);
d) said complete enabling temporary random code is stored on the first mobile electronic device (the smartphone);
e) said complete enabling temporary random code is sent to the second
electronic device previously associated with the smartphone's owner (said complete enabling temporary random code is overwritten to any other codes previously stored on said second electronic device);
f) the smartphone sends the same complete enabling temporary random code (personal password) to a third electronic device (such as an electronic lock, a POS or a PC);
g) said third electronic device is able to verify that said complete enabling code is equal both within the first electronic device (smartphone) and within the second electronic device (passive TAG or smart device); practically, the third electronic device asks for the personal password to the passive TAG or smart device and compares the personal passwords received from the smartphone and from the second electronic device to verify that said personal passwords are the same.
If said personal passwords are the same, the identity will be verified and the activities (recharging of the financial instrument and/or mobile or remotely payments and/or accesses to places or things and/or personal identifications) are allowed, while, if said two personal passwords, respectively coming from the smartphone and from the second electronic device, are not equal, the identity is not verified and the activities will be denied.
According to another embodiment of the invention, a data exchange takes place between the first mobile electronic device (the user's smartphone), the second electronic device (an electronic bracelet or a smart device) and the third electronic device (electronic lock, POS or PC Desktop), so that the second electronic device, where the identification data of the smartphone's owner or user (for example, the user's fiscal code together with the smartphone's identification data) and the financial instrument data or the electronic lock code or other data identifying said second electronic device are stored, is configured to generate a partial password (temporary random code), which can be created in different ways (by means of an
algorithm or by means of a random generation of alphanumeric data on the screen of the second electronic device which is converted into a code or by means of a code produced by biometric information of the user detected by the second electronic device, such as the user's steps or his/her heartbeat).
Said partial password (temporary random code) is then combined, by the second electronic device, with the identification data of the smartphone's user, thus univocally creating a personal password (complete enabling temporary random code), which is stored on the second electronic device and sent to the smartphone; the smartphone stores said personal password by deleting any previously stored personal passwords.
Once the smartphone has stored the personal password, said personal password is sent to the third electronic device (electronic lock, POS or PC Desktop) and the third electronic device is activated for exchanging data between the same third electronic device and the second electronic device; therefore, the third electronic device will ask for the personal password to the second electronic device and will compare the two personal passwords (complete enabling temporary random code) coming from the smartphone and from the second electronic device so as to verify if said personal passwords are equal. If said personal passwords are equal, the identity is verified and the activities are permitted, while in case of failure of matching between the two personal passwords coming from the smartphone and from the second electronic device, the identity is not verified and the activities will be denied.
According to a further embodiment of the present invention, data exchange between the first mobile electronic device (smartphone), the second electronic device (electronic bracelet or smart device) and the third electronic device (electronic lock, POS or PC Desktop) occurs, first of all, thanks to the smartphone which is able to generate a partial password (first temporary random code), said partial password being sent from the
smartphone to the second electronic device; similarly, the second electronic device generates its own partial password (second temporary random code).
Said partial passwords can be produced in different ways, such as, for example, by means of an algorithm, by means of a random typing (transformed into code) of alphanumeric characters on the smartphone keyboard or screen or starting from biometric information detected by the smartphone or by the second electronic device (such as the user's steps or the user's heartbeat). Both the two partial passwords are combined, by means of said smartphone and second electronic device, to their identification codes and to the user's identification data (such as the user's fiscal code and the financial instrument data or the electronic lock codes or other identification data of the second electronic device), in such a way that both said smartphone and said second electronic device are able to create, univocally and autonomously, a personal password (complete enabling temporary random code), which is stored both in the smartphone and in the second electronic device in place of any other personal passwords previously stored on said smartphone and on said second electronic device.
Thus, the smartphone sends the personal password to the third electronic device (electronic lock, POS or PC Desktop) and requests the activation of said third electronic device for a data exchange between the third electronic device and the second electronic device so as to verify the data equality.
In particular, the third electronic device asks for the personal password to the second electronic device and compares the two personal passwords (complete enabling temporary random codes) coming from the smartphone and coming from the second electronic device so as to verify if said passwords are equal; if yes, the identity will be verified and the activities allowed, while in case of failure of equality between the two
personal passwords coming from the smartphone and coming from the second electronic device, the identity will not be verified and the activities will be denied.
With reference to the above mentioned figures, the process and/or method for obtaining a high security authentication system for identifying the legitimate owner of a smartphone, tablet or other mobile electronic device, which can be used, according to the present invention, for recharging a financial instrument, for mobile or remotely payments, for accesses to private properties or places or things with prior authorization and/or for identifying the user or owner of the mobile electronic device for bureaucratic formalities, makes use of an offline procedure (without using remote servers) in order to verify a plurality of codes, which are exchanged among at least three electronic devices, and is performed by means of a software application (APP), which manages the perfect correspondence (identity) between two complete enabling temporary random codes, which are respectively associated to a first electronic device (smartphone, tablet, etc.) and to a second electronic device (passive TAG, electronic bracelet or smart device) which is provided to the user or owner of the smartphone, tablet, etc.; said codes can only be used once and are exchanged among the first mobile electronic device (smartphone, tablet, etc.), the second electronic device (passive TAG, electronic bracelet or smart device) and a third electronic device, such as an electronic lock, a POS or a PC.
According to a first preferred embodiment of the invention, which is schematically shown in the enclosed Figures 1 and 2A, 2B, 2C, 2D and 2E, the user and owner (1) of a first mobile electronic device (such as a smartphone (10), a tablet or other similar electronic devices) requires and/or receives to/from a financial institution (100), to/from a manufacturer or supplier (300) of electronic locks (350) or to/from a public or private identification institution (700), a software application or APP (11 , 51 , 71 ) and an accessory (130), such as a passive TAG or an electronic bracelet
or a smart device, which is already associated with the smartphone's owner (10) and which can also be inserted into an object for personal use (500), where destination fields have been created to store information and/or data, of which a first destination field (101 A, 301 A, 701 A) is used for storing an identification code of said accessory (130) and a second destination field (110, 310, 710) is used to store encrypted data of the user (1) and owner of said smartphone (10), together with encoded data which are associated with a financial instrument (110) or with access codes (310) of an electronic lock (350) or with data (710) identifying the user (1).
The user (1), after having installed the software application or APP (11 , 51 , 71) on the smartphone (10) and taking the accessory (130), which can also be inserted in an object for personal use (500), in order to carry out a mobile or remotely recharging or payment operation (22) (by using a POS (250) or a PC Desktop (750)) or an access (62) to private properties or places or things with a prior authorization (by means of an electronic lock (350)) or a personally identification (82) for bureaucratic formalities or other purposes (by means of a PC (750)), is able to use his/her smartphone (10) to read and acquire (12) his/her identification data (110, 310, 710), which are constituted for example by the fiscal code, together with the data of the financial instrument or the codes of the electronic lock or the identification data, which are stored in the accessory (130) already associated to the user (1 ); said user (1 ) checks, validates and accepts all said data directly on the smartphone (10) and the set of said data constitutes a first identification code (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone (10).
Subsequently, a temporary random code or partial password (102) is created (13) and stored on said smartphone (10); the temporary random code or partial password (102) is associated, through the APP (11 , 51 , 71) of the smartphone (10), with the first identification code; the temporary random code (102) can be created in different ways, such as, for example,
through an algorithm, by random typing of alphanumeric characters on the keyboard and/or on the smartphone screen (10) or starting from biometric information of the user (1) that are detected by the smartphone (10), such as a certain number of the user's (1) steps or his/her heartbeats.
The association between the temporary random code (102) and the first identification code uniquely produces (14) a complete enabling temporary random code or personal password (103), which is formed by said temporary random code (102) and said first identification code and which is associated to the smartphone (10) of the user (1 ) and again sent to and temporarily stored (15) in a destination field of said accessory (130).
In particular, the complete enabling temporary random code (103) is therefore made up of a first part of the code which is generated by the smartphone (10) and of a second part of the code which strictly identifies the user (1 ) and which is sent and stored on said smartphone (10) and then sent to the accessory (130) (where it is stored by overwriting the possible code that can be previously stored).
Once the complete enabling temporary random code (103) has been stored on said accessory (130), the user (1) sends (16) said complete enabling temporary random code (103), by means of the APP (11 , 51 , 71) running on the smartphone (10), to the third electronic device (electronic lock (350), POS (250) or PC (750)), which is composed of an electronic circuit (800) and an operating software or firmware (30, 40, 90); therefore, a data exchange occurs between the smartphone (10), the accessory (130) and the third electronic device and, in particular, the third electronic device requires the complete enabling temporary random code (103) to the accessory (130) and provides to compare the complete enabling temporary random codes received from the accessory (130) and from the user's (1) smartphone (10). The third electronic device seeks (17) the presence of the same complete enabling temporary random code (103) provided by the user's (1 ) smartphone (10) in the accessory (130).
If said complete enabling temporary random code (103) is not identified, the system stops (19) the activities of recharging and/or payment (22) or the access (62) to places or properties or the activities of personal identification (82), since it has not been exceeded the necessary authentication request (18) of the smartphone's (10) user (1), and communicates said failure to the user (1) via the APP (11 , 51 , 71 ) of the smartphone (10).
If, on the other hand, said complete enabling temporary random code (103) is found and then the required authentication request (20) of the smartphone's (10) user (1 ) is fulfilled, the system validates the user's (1 ) certification/authentication and allows to go on acquiring (21 ) the encrypted data of the financial instrument (110) or the codes of the electronic lock (310) or the identification data of the user (710), as well as the system allows to go on recharging and/or paying (22) or accessing to places or properties (62) or signing a personal identification (82) and communicates the validation to the smartphone's (10) user (1) and, simultaneously, communicates to the financial institution (100) or to the manufacturer or supplier of electronic locks (300) or to the personal identification institution (700) the operation's details.
According to another preferred embodiment of the invention, which is schematically shown in Figures 1 and 3A, 3B, 3C and 3D, the accessory (130), constituted by an electronic bracelet or smart device where are stored the unique identification data (110, 310, 710) of the smartphone's (10) user (1) and/or owner (10), such as data related to the fiscal code, together with any other smartphone's identification data (10) and data related to the financial instrument (110) or the electronic lock codes (310) or user's identification data (710), generates (13) a temporary random code or partial password (102), for example by means of an algorithm or through a random typing on the keyboard and/or on the screen of the smartphone (10) transformed into code or through a code generated by
the user's biometric information (1) detected by the accessory (130), such as the user's (1) steps or his/her heartbeat.
This temporary random code (102) is associated, through the accessory (130), with the identification code (101 A, 301 A, 701 A) of said accessory (130) and with the identification codes (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone (10), thus creating a unique complete enabling temporary random code (103), which is stored (14) on said accessory (130) and which is also sent to (15A) and stored in (15B) the smartphone (10), by deleting any other complete enabling temporary random codes previously stored. Once the smartphone (10) has stored the complete enabling temporary random code (103), said smartphone (10), via the APP (11 , 51 , 71), sends (16) said complete code (103) to the third electronic device and asks said third electronic device to be activated for an exchange of data with the data contained in the accessory (130). In particular, the third electronic device requires the complete enabling temporary random code (103) to the accessory (130) and compares (17) the complete enabling temporary random codes (103) coming from the smartphone (10) and from the accessory (130) to verify if said codes (103) are equal. If yes (21 ), the system is able to valid (20) the authentication of the smartphone's (10) user (1) and the activities of payment, access and personal identification (22, 62, 82) will be allowed, while if a mismatch between the personal passwords (103) coming from the smartphone (10) and coming from the accessory (103) occurs, the identity will not be verified (18) and the payment, access and personal identification activities (22 , 62, 82) will be denied (19).
According to a further preferred embodiment of the present invention, which is schematically shown in the enclosed Figures 1 and 4A, 4B, 4C and 4D, the smartphone (10) generates (13A) a partial password or temporary random code (102A) which is associated with the identification data (101 B, 301 B, 701 B) related to the user (1) and/or to the smartphone
(10); said partial password or code (102A) is sent from the smartphone (10) to the accessory (130) (which is constituted, for example, by an electronic bracelet or smart device) and the accessory (130) creates (102B), in its turn, a temporary random code associated with its identification data (101 A, 301 A, 701 A). Said two temporary random codes (102A, 102B) can be created in different ways, such as through an algorithm, by a random typing of numbers on the keyboard and/or on the screen of the smartphone (10) transformed into code or through a code generated by biometric information detected by the smartphone (10) or by the accessory (130), such as the user's (1) steps or his/her heartbeat. Therefore, the accessory (130) generates (14) a unique personal password or complete enabling temporary random code (103), which is stored on the accessory (130) and then sent (15A), by said accessory (130), and stored (15B), through the APP (11 , 51 , 71), on the smartphone (10), by deleting any other complete enabling temporary random codes previously stored on said smartphone (10) and/or on said accessory (130); the smartphone (10) sends (16) the complete enabling temporary random code (103) to the third electronic device and requests (17) said third electronic device to carry out a data exchange with the smartphone (10), so that the third electronic device requests the complete enabling temporary random code (103) to the accessory (130) and compares the complete enabling temporary random codes received from the smartphone (10) and from the accessory (130) to verify if said codes are equal.
If yes (21 ), the system is able to valid (20) the authentication of the smartphone's (10) user (1 ) and the activities of payment, access and personal identification (22, 62, 82) will be allowed, while if the complete enabling temporary random codes (103) coming from the smartphone (10) and coming from the accessory (130) are different, the identity will not be verified (18) and the payment, access and personal identification activities (22, 62, 82) will be denied.
From the above description the features of the safety method concerning the sending and exchange of a temporary enabling random code between at least three electronic devices for recharging, payments, accesses and/or identifications of the owner of a mobile device, such as a smartphone, which is the object of the present invention, are clear, as well as the related advantages.
Furthermore, the invention thus conceived and illustrated herein is susceptible of numerous modifications and variations, as well as the details may be replaced by other technically equivalent elements, all of which are within the scope of the inventive concept as claimed in the appended claims.
Finally, the elements, so long as they are compatible with the specific use, as well as the dimensions, may be any according to requirements and to the state of the art.
Where the characteristics and techniques mentioned in any claim are followed by reference marks, such reference marks have been attached for the sole purpose of increasing the intelligibility of the claims and, consequently, said reference marks have no limiting effect on the claims.
Claims
1. A safety process for sending and exchanging a temporary enabling random code among at least three electronic devices for recharges, payments, accesses and/or ids of a user (1) or owner (1) of a mobile device, such as a smartphone (10), said process being able to guarantee high levels of security during recharging operations of a financial instrument, during mobile or remotely payments, during accesses to private properties or places or things with prior authorization and/or during identification procedures of said user (1) for bureaucratic formalities and said process being performed by means of:
- a first mobile electronic device, such as a smartphone (10), a tablet or other mobile device, owned by said user (1 ),
- a second electronic device or accessory (130), such as an electronic bracelet or passive TAG or smart device, provided with a firmware and inserted into an object for personal use (500) by said user (1) , wherein said second electronic device (130) stores inside respective destination fields (101A, 301A, 701A, 1 10, 310, 710) a first alphanumeric code identifying said second electronic device (130) and a second alphanumeric encrypted code containing a first set of identifying data of said user (1) and/or of said first mobile electronic device (10) and a second set of identifying data referring to a financial instrument or to an access system or to a system of personal identification of said user (1 ),
- a third electronic device, such as an electronic lock (350), a POS (250) or a PC (750), equipped with a firmware (30, 40, 90) and electronic circuits for managing one or more data transmission protocols, so that said third electronic device is able to communicate both with said second electronic device (130) and with said first mobile electronic device (10),
- a software application or APP (11 , 51 , 71) provided by third parties, such as a financial institution (100), a supplier or manufacturer of electronic locks (300) and/or a public institution (700), and operating on said first
mobile electronic device (10), which manages an exchange of said codes and identification data between said first mobile electronic device (10) and said second electronic device (130),
characterized in that said process provides for the following steps:
a) generating, by means of said first mobile electronic device (10) and/or of said second electronic device (130), a first temporary random code composed of alphanumeric characters;
b) coupling said first temporary random code to said first alphanumeric code identifying said second electronic device (130) and/or to a portion of said second alphanumeric code, in order to obtain, respectively, a first and/or a second partial encoding;
c) joining said first and/or second partial encoding with said first set of identifying data of said user (1) and owner of said first mobile electronic device (10) and with said second set of identifying data referring to a financial instrument or an access system or a personal identification system of said user (1), in order to obtain a complete enabling temporary random code (103), which is stored on said second electronic device (130) or on said first mobile electronic device (10) and, respectively, sent to said first mobile electronic device (10) if stored on said second electronic device (130) or to said second electronic device (130) if stored on said first mobile electronic device (10);
d) sending said complete enabling temporary random code (103) from said first mobile electronic device (10) to said third electronic device (250, 350, 750);
e) requesting said complete enabling temporary random code (103), by means of said third electronic device (250, 350, 750), to said second electronic element (130) and comparing, by means of said third electronic device, said complete enabling temporary random code (103) coming from said second electronic device (130) with said complete enabling temporary random code (103) present on said first mobile electronic device (10), in
order to verify if said complete temporary random codes are equal.
2. Process according to claim 1 , characterized in that said recharging, payment, access and/or personal identification activities are stopped (18, 19) when said complete temporary random codes (103) are different, while a confirmation (20, 21 , 22, 62, 82) of said recharging, payment, access and/or personal identification activities is performed when said complete temporary random codes (103) are equal.
3. Process as claimed in at least one of the previous claims, characterized in that said first temporary random code is generated by means of an algorithm and/or by a random typing of alphanumeric characters on said first mobile electronic device (10) and/or by transforming into a code a series of biometric data of said user (1) detected by said first mobile electronic device (10) and/or by said second electronic device (130).
4. Process as claimed in at least one of the previous claims, characterized in that said complete enabling temporary random code (103) which is stored on said second electronic device (130) is sent and stored on said first mobile electronic device (10) by deleting any other temporary random codes previously stored on said second electronic device (130) and on said first mobile electronic device (10).
5. Process as claimed in at least one of the previous claims, characterized in that said first mobile electronic device (10) is a smartphone (10) or a tablet.
6. Process as claimed in at least one of the previous claims, characterized in that said second electronic device (130) is an electronic bracelet or a passive TAG or a smart device.
7. Process as claimed in at least one of the previous claims, characterized in that said third electronic device is an electronic lock (350) or a POS (250) or a PC (750).
8. Process as claimed in at least one of the previous claims, characterized in that said recharging, payment, access and/or personal identification
activities are confirmed or denied through related communications sent to said user (1) and/or to institutions, such as financial institutions (100), manufacturers or suppliers (300) of electronic locks (350) or other public or private institutions (700).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IT102016000132561A IT201600132561A1 (en) | 2016-12-30 | 2016-12-30 | PROCESS / SAFETY METHOD WITH TRIANGULATION OF DATA OF AN AUTHORATIVE TEMPORARY CAUSAL CODE BETWEEN AT LEAST THREE ELECTRONIC DEVICES FOR RECHARGES, PAYMENTS, ACCESSES AND / OR IDENTIFICATIONS OF THE OWNER OF A MOBILE DEVICE AS A SMARTPHONE |
PCT/IT2017/000295 WO2018122883A1 (en) | 2016-12-30 | 2017-12-28 | Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3563327A1 true EP3563327A1 (en) | 2019-11-06 |
Family
ID=58995022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17842338.0A Withdrawn EP3563327A1 (en) | 2016-12-30 | 2017-12-28 | Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3563327A1 (en) |
IT (1) | IT201600132561A1 (en) |
WO (1) | WO2018122883A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IT201800009217A1 (en) * | 2018-10-11 | 2020-04-11 | Archimedetech Srl | METHOD / PROCESS TO CREATE A SECURITY SYSTEM FOR ACCESS, PAYMENTS AND PERSONAL IDENTIFICATION VIA SMARTPHONE AND / OR TABLET AND AT LEAST ONE ASSOCIATED DEVICE |
IT201800011156A1 (en) * | 2018-12-18 | 2020-06-18 | Archimedetech Srl | USER AUTHENTICATION PROCEDURE WITH ARTIFICIAL INTELLIGENCE SOFTWARE AND TWO ELECTRONIC DEVICES |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6908030B2 (en) * | 2001-10-31 | 2005-06-21 | Arcot Systems, Inc. | One-time credit card number generator and single round-trip authentication |
WO2010070539A1 (en) * | 2008-12-19 | 2010-06-24 | Nxp B.V. | Enhanced smart card usage |
US10949844B2 (en) * | 2011-05-09 | 2021-03-16 | Intuit Inc. | Processing electronic payment involving mobile communication device |
EP2579199A1 (en) * | 2011-10-06 | 2013-04-10 | Gemalto SA | Method for paying for a product or a service on a commercial website by means of an internet connection and corresponding terminal |
US20140214674A1 (en) * | 2013-01-29 | 2014-07-31 | Reliance Communications, Llc. | Method and system for conducting secure transactions with credit cards using a monitoring device |
-
2016
- 2016-12-30 IT IT102016000132561A patent/IT201600132561A1/en unknown
-
2017
- 2017-12-28 EP EP17842338.0A patent/EP3563327A1/en not_active Withdrawn
- 2017-12-28 WO PCT/IT2017/000295 patent/WO2018122883A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2018122883A1 (en) | 2018-07-05 |
IT201600132561A1 (en) | 2018-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11664996B2 (en) | Authentication in ubiquitous environment | |
US10999268B2 (en) | System and method for electronic credentials | |
CA2980114C (en) | Authentication in ubiquitous environment | |
CN104321777B (en) | Public identifier is generated to verify the personal method for carrying identification object | |
US8131260B2 (en) | Mobile communication device, mobile communication device control program, and mobile communication device control method | |
EP3807831B1 (en) | Method and system to create a trusted record or message and usage for a secure activation or strong customer authentication | |
US20120191615A1 (en) | Secure Credit Transactions | |
US20130219481A1 (en) | Cyberspace Trusted Identity (CTI) Module | |
US20120159599A1 (en) | Personalized Multifunctional Access Device Possessing an Individualized Form of Authenticating and Controlling Data Exchange | |
EP3043306A1 (en) | System for convenient person authentication using mobile communication terminal and actual financial card and method therefor | |
WO2020072583A1 (en) | Systems and methods for establishing identity for order pick up | |
WO2021212009A1 (en) | Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage | |
US9692754B2 (en) | Ensuring the security of a data transmission | |
JP2015138545A (en) | Electronic payment system and electronic payment method | |
US20230062507A1 (en) | User authentication at access control server using mobile device | |
CN107506998B (en) | Fingerprint password payment method, device and system based on NFC verification | |
JP6691582B2 (en) | User authentication method and authentication management method | |
EP3563327A1 (en) | Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone | |
CN103544598A (en) | Financial transaction safety certification system | |
EP3752936B1 (en) | Identity authentication process/method by sending and exchanging a temporary personal password among at least four electronic devices for recharges, payments, accesses and/or ids of the owner of a mobile device, such as a smartphone | |
KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
US20220255925A1 (en) | Cryptobionic system and associated devices and methods | |
EP3616112A1 (en) | Method of identification/authentication of users using two coupled electronic devices and a related software application | |
KR20200103615A (en) | System and Method for Identification Based on Finanace Card Possessed by User |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20190703 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20200701 |