EP3616112A1 - Method of identification/authentication of users using two coupled electronic devices and a related software application - Google Patents

Method of identification/authentication of users using two coupled electronic devices and a related software application

Info

Publication number
EP3616112A1
EP3616112A1 EP18723383.8A EP18723383A EP3616112A1 EP 3616112 A1 EP3616112 A1 EP 3616112A1 EP 18723383 A EP18723383 A EP 18723383A EP 3616112 A1 EP3616112 A1 EP 3616112A1
Authority
EP
European Patent Office
Prior art keywords
user
electronic device
data
web server
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP18723383.8A
Other languages
German (de)
French (fr)
Inventor
Sisto Girardi
Mario Recchia
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Archimedetech Srl
Original Assignee
Archimedetech Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Archimedetech Srl filed Critical Archimedetech Srl
Publication of EP3616112A1 publication Critical patent/EP3616112A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention refers to a process/method for obtaining a safety system of a reliable identification and subsequent authentication of a user; the system
  • said devices is a smartphone or a tablet or another electronic device and the other device is a passive or
  • the system can be
  • process/method of the invention provides for delivering
  • accessory item such as a passive tag, an active tag or
  • a smart device where the encrypted unique identification data of the user are stored, and a security code (pin) that can be used to block the identification/authentication in case of theft or loss of one or two of said separate electronic devices.
  • a security code pin
  • the invention relates to a method for obtaining a safety system so as to have a reliable identification and subsequent authentication of a person/user at the request of Third Parties offering activities and/or services, said system including a smartphone, a tablet or another electronic device, an accessory item such as a passive tag, an active tag (provided with an electronic circuit, a Bluetooth chip and a battery) or a smart device (provided with an electronic circuit, a Bluetooth chip, a battery and a firmware able to generate temporary random codes) , a web server (composed by a PC and/or by a software program) which manages the registration of the user by coupling the unique data identifying the user with the associated electronic device by applying an MD5 encryption, a data storage on the accessory item, a generation of the security code (pin) , a response to an identification request and a subsequent authentication of Third Parties; a software application (APP) allows the registration process.
  • a smartphone a tablet or another electronic device
  • an accessory item such as a passive tag, an active tag (
  • a Third Party can thus use the present identification/authentication system of a user by using a software application (APP) providing activities and/or services by querying the web server after sending the data contained in the accessory item, such as said passive or active tag or said smart device, and the unique identification code of the electronic device (C.I.U.D.), for example the IMEI code and/or the UUID code or whatever, for providing a control of the identity of said user; only if the above checking is positive (and the authentication is established) , the system will allow the user to continue the procedures for executing the activities and/or services provided by the Third Party.
  • APP software application
  • the software application (APP) belonging to said Third Party may also provide for using a plurality of enabling temporary random codes as further data to be verified in addition to the unique identification data of the user and of the electronic device (if said data are managed by the web server) .
  • APP software applications
  • Other systems for authenticating a user - especially during the mobile payment activities provided by financial institutions - can also use a QR CODE or biometric data of the user, such as the heartbeat, which are acquired with sensors placed on bracelets and/or smart watches (iWatch®, Gear®, etc.) connected to the smartphone, tablet or other electronic mobile device, or the image of the iris or face; said systems, however, are not totally reliable and safe, since, for example, the placement of the bracelet and/or the smart watch on different zones of the user's arm collects different values of the heartbeat of said user, as well as the reading of the iris or of the face is not possible under certain light conditions.
  • the known methods and processes involve an exchange of money between smartphone users by using software applications or social or messenger APP (the so-called “PEER TO PEER” APP) .
  • the money amounts that are handled are usually limited, but both the input of data for a user authentication (for example a certification similar to the digital signature) and the input of different codes or additional pin are however requested.
  • all said software applications or APP save or "track", on said electronic device, the sensitive data of the current account and/or the credit or debit card of the user, which thus become “accessible and usable” in case of loss or theft of the electronic device.
  • Software application or APP for providing a prior identification/authentication of a user who has an electronic device (such as a mobile phone) for activities and/or services by generating unique codes which are directly identified on the electronic device, such as for example a digital signature, and according to which the IT procedure involves the use of a web server to verify the identity of the user by comparing said unique identification codes which are sent and stored on the web server, are also known.
  • said technical solutions are effective with respect to software applications or APP that do not provide strong and safe user' s identification and authentication systems, their weak point is the possibility of loss or theft of the electronic device and a possible fraudulent use of said electronic device before activating procedures for blocking the activities and/or services.
  • said known software applications or APP need the use of many passwords and/or enabling pin that the user has difficulties to remember .
  • An object of the present invention is therefore to obviate the above-mentioned technical drawbacks and, in particular, to provide a process/method for obtaining a system for a reliable identification and subsequent authentication of the user of an electronic device and to make highly safe the activities/services offered by Third Parties to prevent fraudulent activity in case of theft or loss of the electronic device, as well as to prevent fraudulent activity in case of hacking the unique identification data of the user and the data and hardware and software tools used for said activities and/or services; practically, the present invention discloses a system comprising two electronic devices (a smartphone, tablet or other electronic device and an accessory item, such as a passive or active tag or a smart device, where some identification data of the user are stored) , an application software or ⁇ for registering the unique identification data of the user and of the electronic device, a web server for communicating with the electronic device of the user, which is also able to perform an association and a D5 encryption of the unique identification data of the user and of the electronic device, to store some of said encrypted data into the accessory
  • Another object of the present invention is to obtain an extremely safe process/method that does not require any password or pin and therefore makes it easier and faster the use of software applications or APP that allow specific activities or services offered by Third Parties .
  • a safe identification system and a relative method which comprises the following steps: - registering the user at a web server for a subsequent identification/authentication of said user through a smartphone, tablet or other electronic device in which a software application or ⁇ operates, said APP being downloaded from the web address for managing the registration procedure of the user and of the coupled electronic device and for sending unique identifying data to a web server, said data being for example the name, surname and address of the user, the phone number of the electronic device, an e-mail address and the unique identification code of the electronic device (CIUD) ;
  • an accessory item such as a passive or active tag or a smart device
  • a software application or APP operates, said APP being downloaded from the web address of said Third Party or from a webstore managing an activity and/or service, such as recharging of a financial instrument, mobile or remotely payments, accesses to private properties or places or things with prior authorization and/or identification for bureaucratic formalities, etc.;
  • FIG. 1 shows the registration phase by the user who sends his/her unique identifying data and data related to his/her electronic device to the web server, said web server being provided for creating the User Card, for encrypting the data entered in the User Card, for storing the encrypted data related to the user in the accessory item, for generating the security code (pin) and for sending the accessory item and the security code (pin) to the user who requested the registration, according to the present invention;
  • FIG. 2 shows the phase of requesting identification and safe authentication of the user by a Third Party by using a software application or APP, which acquires the encrypted identification data of the user (inserted in said accessory item) and sends said data, together with the unique identification code of the electronic device (CIUD) , to the web server; the web server, in turn, after a series of checks relating to the adequacy of said data, will ensure the identification and authentication of the user or will report a non- identification of the user, who therefore will not be authenticated; said conditions will be sent to the software application or APP of the Third Party, which may or may not allow the execution of the activity and/or service, according to the present invention.
  • a software application or APP which acquires the encrypted identification data of the user (inserted in said accessory item) and sends said data, together with the unique identification code of the electronic device (CIUD) , to the web server; the web server, in turn, after a series of checks relating to the adequacy of said data, will ensure the identification and authentication
  • the process/method for obtaining a reliable identification system of a user requires the simultaneous presence of two separate but mutually coupled electronic devices, wherein one of said devices is a smartphone, a tablet or another electronic device and the other device is a passive or active tag or a smart device;
  • the system can be used by Third Parties to carry out safe activities and/or services, such as for example recharging of a financial instrument, mobile or remotely payments, accesses to private properties or places or things with prior authorization of access and/or identifications for bureaucratic formalities, etc.
  • the system also provides for a first registration phase, according to which the person/user/owner (1) of a smartphone, tablet or other electronic device (10), by using a software application or APP (11), which is downloaded from a web portal that manages the registration procedure of the user (1) and the coupled electronic device (10), provides for sending (12) unique identification data, such as the name, surname and/or address of the user, the phone number of the device (10) , an e
  • the web server (100) Only if the web server (100) receives a related confirmation (102) to the text message by the user (1), said web server (100) is able to create (103) a User Card (200) where the unique identification data of the user (1) and of the electronic device (10) are saved (10), said data being identified by a User ID and said web server (100) also creating a link between the user (1) and the electronic device (10); the software application (21) managing said web server (100) also performs an MD5 encryption (104) of the unique data contained in said User Card (200) and subsequently stores (105) only the data (201) relating to the user (1) on an accessory item, such as a passive (50) or active tag (51) or a smart device (52), in addition to defining and writing (106) a secret code (pin) (60) to be used if the user is blocked by the web server; subsequently, the system sends directly to the address user (1) both the accessory item (50, 51, 52) and the secret code (pin) (60).
  • an accessory item such as
  • the user (1) by using the electronic device (10) with which he/she carried out his/her registration on the web server (100) , can subsequently be identified by comparing the data stored in the accessory item (50, 51, 52) and the data stored in the electronic device (10), such as the CIUD code, and the data present on the web server, said data being stored in a unique User Card (200) . Since said identifying data are encrypted unique identifying data (104) it is impossible for hackers to trace the single "nature" of said data present in the User Card (200) .
  • the encrypted unique identifying data (104) are divided on two separate electronic devices (smartphone and/or tablet 10 and a wearable accessory item 50, 51, 52) , only the simultaneous presence of said two electronic devices allows for a certain identification of the user (1); therefore, it is necessary for attackers to carry out a simultaneous theft of said two electronic devices (10, 50, 51, 52) to steal the identity of the user (1) .
  • the method of the present invention allows to activate a security procedure for sending a communication to the web server by using a password identifying the security code (pin) (60), which is available only to the user (1).
  • a Third Party that allows users (1) to perform activities and/or services by using an electronic device (10) also allows said users (1) to carry out said activities, thus having a safe identification of said users' identity through a request of identification and authentication to the web server (100) where the user (1) has carried out a registration, thus obviating frauds and thefts and without having to request the user (1) any password or additional pins.
  • the user (1) who requests a Third Party access to an activity/service that can be used with an electronic device (10) is able to use a software application or APP (21) downloaded from the web server (100) of the Third Party or by a webstore; the software application (21) asks the user (1) to be identified by requesting (22A) him/her to acquire the data (201) stored on the active or passive tag (50, 51) or by requesting (22B) to acquire the data (201) stored on the smart device (52) (and optionally a temporary random code (202)), and, once obtained (23A, 23B) , to send said data (24) to the web server (100) together with the unique identification code of the electronic device (CIUD) (10) .
  • a software application or APP (21) downloaded from the web server (100) of the Third Party or by a webstore
  • the software application (21) asks the user (1) to be identified by requesting (22A) him/her to acquire the data (201) stored on the active or passive tag (50, 51) or by requesting (22
  • a software procedure on the web server will provide for verifying (111) the equality between the unique data stored in the User Card (200) (together with a possible temporary random code (202) if a supplementary software procedure for managing temporary random codes is also provided on the web server (100)) and the data sent by the electronic device (10); if said data are equal (112), the software application (21) will also perform other security checks (113) and, only if said checks are overcome, the software application will send to the electronic device (10) a confirmation of identification/authentication (115); on the contrary, said procedure of identification and/or authentication (123) will be blocked if the data sent by the electronic device (10) are not equal (121) to the data stored in the User Card (200) or the security checks (113) are not overcome (122). Only said authentication step (115) will allow the user (1) to proceed with the execution of the related activity/service (25); if there is no authentication (123), the system provides for a blocking (26) of said activities/services.

Abstract

A method for obtaining a reliable system for identifying and authenticating a user person, said method requiring the simultaneous presence of two separate and coupled electronic devices, such as a smartphone or tablet and a passive or active tag or smart device, without the need for the user to insert passwords or pins. The system can be used by Third Parties for providing activities and/or services, such as recharging of a financial instrument, mobile or remotely payments, accesses to private properties or places or things with prior authorization of access and/or identifications for bureaucratic formalities, which need to identify the user.

Description

METHOD OF IDENTIFICATION/AUTHENTICATION OF USERS USING TWO COUPLED ELECTRONIC DEVICES AND A
RELATED SOFTWARE APPLICATION
The present invention refers to a process/method for obtaining a safety system of a reliable identification and subsequent authentication of a user; the system
requires the simultaneous presence of two separate but mutually coupled electronic devices, wherein one of
said devices is a smartphone or a tablet or another electronic device and the other device is a passive or
active tag or smart device; the system works without
using enabling passwords, pins, etc. The system can be
used by Third Parties that provide services in various
activities and/or services, such as for example
recharging of a financial instrument, remote payments,
access to private properties or places or things with
prior authorization of access and/or identifications
for bureaucratic formalities, etc., which need to
identify their user in a certain way. The person/user
to be identified must be registered into a dedicated
web server by using a smartphone, tablet or other
electronic device and by using a software application
(APP) . In order to guarantee the identification and/or
authentication of a person/user in a safety manner and
without entering additional passwords, pins, etc., the
process/method of the invention provides for delivering
to the registered person/user a separate wearable
accessory item, such as a passive tag, an active tag or
a smart device, where the encrypted unique identification data of the user are stored, and a security code (pin) that can be used to block the identification/authentication in case of theft or loss of one or two of said separate electronic devices.
More specifically, the invention relates to a method for obtaining a safety system so as to have a reliable identification and subsequent authentication of a person/user at the request of Third Parties offering activities and/or services, said system including a smartphone, a tablet or another electronic device, an accessory item such as a passive tag, an active tag (provided with an electronic circuit, a Bluetooth chip and a battery) or a smart device (provided with an electronic circuit, a Bluetooth chip, a battery and a firmware able to generate temporary random codes) , a web server (composed by a PC and/or by a software program) which manages the registration of the user by coupling the unique data identifying the user with the associated electronic device by applying an MD5 encryption, a data storage on the accessory item, a generation of the security code (pin) , a response to an identification request and a subsequent authentication of Third Parties; a software application (APP) allows the registration process. A Third Party can thus use the present identification/authentication system of a user by using a software application (APP) providing activities and/or services by querying the web server after sending the data contained in the accessory item, such as said passive or active tag or said smart device, and the unique identification code of the electronic device (C.I.U.D.), for example the IMEI code and/or the UUID code or whatever, for providing a control of the identity of said user; only if the above checking is positive (and the authentication is established) , the system will allow the user to continue the procedures for executing the activities and/or services provided by the Third Party. Furthermore, the software application (APP) belonging to said Third Party may also provide for using a plurality of enabling temporary random codes as further data to be verified in addition to the unique identification data of the user and of the electronic device (if said data are managed by the web server) . There are currently many software applications (APP) on the market, in particular for mobile payments, which require the use of additional codes or pins to be added to a first pin or to the reading of a fingerprint (which can be "by-passed" by taking a picture of said fingerprint) , such as one or more passwords (for example a numeric code and a user name) , which constitute additional security levels in case of loss or theft of the electronic device. Other systems for authenticating a user - especially during the mobile payment activities provided by financial institutions - can also use a QR CODE or biometric data of the user, such as the heartbeat, which are acquired with sensors placed on bracelets and/or smart watches (iWatch®, Gear®, etc.) connected to the smartphone, tablet or other electronic mobile device, or the image of the iris or face; said systems, however, are not totally reliable and safe, since, for example, the placement of the bracelet and/or the smart watch on different zones of the user's arm collects different values of the heartbeat of said user, as well as the reading of the iris or of the face is not possible under certain light conditions. Regarding mobile payments, the known methods and processes involve an exchange of money between smartphone users by using software applications or social or messenger APP (the so-called "PEER TO PEER" APP) . The money amounts that are handled are usually limited, but both the input of data for a user authentication (for example a certification similar to the digital signature) and the input of different codes or additional pin are however requested. In any case, all said software applications or APP save or "track", on said electronic device, the sensitive data of the current account and/or the credit or debit card of the user, which thus become "accessible and usable" in case of loss or theft of the electronic device.
The same applies to the software applications or APP which are able to manage electronic locks or other public or private accesses but which do not provide any identification and authentication system of the user who has an electronic device to access to private properties .
Software application or APP for providing a prior identification/authentication of a user who has an electronic device (such as a mobile phone) for activities and/or services by generating unique codes which are directly identified on the electronic device, such as for example a digital signature, and according to which the IT procedure involves the use of a web server to verify the identity of the user by comparing said unique identification codes which are sent and stored on the web server, are also known. Although said technical solutions are effective with respect to software applications or APP that do not provide strong and safe user' s identification and authentication systems, their weak point is the possibility of loss or theft of the electronic device and a possible fraudulent use of said electronic device before activating procedures for blocking the activities and/or services. Moreover, said known software applications or APP need the use of many passwords and/or enabling pin that the user has difficulties to remember .
An object of the present invention is therefore to obviate the above-mentioned technical drawbacks and, in particular, to provide a process/method for obtaining a system for a reliable identification and subsequent authentication of the user of an electronic device and to make highly safe the activities/services offered by Third Parties to prevent fraudulent activity in case of theft or loss of the electronic device, as well as to prevent fraudulent activity in case of hacking the unique identification data of the user and the data and hardware and software tools used for said activities and/or services; practically, the present invention discloses a system comprising two electronic devices (a smartphone, tablet or other electronic device and an accessory item, such as a passive or active tag or a smart device, where some identification data of the user are stored) , an application software or ΆΡΡ for registering the unique identification data of the user and of the electronic device, a web server for communicating with the electronic device of the user, which is also able to perform an association and a D5 encryption of the unique identification data of the user and of the electronic device, to store some of said encrypted data into the accessory item and to generate a security code (pin) to block authentication and, at the request of third parties, to ensure the congruity check between the unique data of the user and the electronic device stored on said device with the data sent by the electronic device and/or to perform other security checks by confirming or blocking the identification and/or authentication activity.
Another object of the present invention is to obtain an extremely safe process/method that does not require any password or pin and therefore makes it easier and faster the use of software applications or APP that allow specific activities or services offered by Third Parties .
These and other objects, which will be more clear in the following, are achieved, according to the present invention, by a safe identification system and a relative method, which comprises the following steps: - registering the user at a web server for a subsequent identification/authentication of said user through a smartphone, tablet or other electronic device in which a software application or ΆΡΡ operates, said APP being downloaded from the web address for managing the registration procedure of the user and of the coupled electronic device and for sending unique identifying data to a web server, said data being for example the name, surname and address of the user, the phone number of the electronic device, an e-mail address and the unique identification code of the electronic device (CIUD) ;
- said web server receiving the above mentioned unique identification data of said user and electronic device;
- sending a text message requesting confirmation of registration of the user in said electronic device;
- creating - after a reply text message of the user - a unique User Card with a User ID related to the user which is coupled to said electronic device;
- operating a MD5 cryptography of said identifying data of the user coupled with said electronic device;
- generating a secret security code (pin) to be used in case of blocking the user by said web server;
- storing only the encrypted unique identifying data of the user into an accessory item, such as a passive or active tag or a smart device;
- sending said secret code (pin) and the data related to the accessory item to the e-mail address of the user;
- identifying and/or authenticating the user (as requested by a Third Party) by means of a smartphone, tablet or other electronic device in which a software application or APP operates, said APP being downloaded from the web address of said Third Party or from a webstore managing an activity and/or service, such as recharging of a financial instrument, mobile or remotely payments, accesses to private properties or places or things with prior authorization and/or identification for bureaucratic formalities, etc.;
identifying the owner of the electronic device (smartphone) , said device being able to request to have the data stored on the accessory item and the unique identification code of the electronic device (CIUD) , said data also being sent to the web server for identifying the user and said user being previously registered to said web server;
- communication between the web server and the smartphone, tablet or other electronic device used by the user, in order to verify the congruity between the data sent and the data entered in the stored User Card;
- carrying out any other security checks;
- confirming said identification/authentication if the data are equal to the data stored or blocking said identification/authentication if the data are not equal or for other security reasons, by sending a related message to the electronic device.
Therefore, only if the authentication of the user is successful, the user will be able to proceed with the activities and/or services provided by the Third Party. Further characteristics and advantages of the method for obtaining a safety system for a reliable identification and authentication of a user, which requires the simultaneous presence of two separate and mutually coupled electronic devices, according to the present invention, will be more clear from the following description of a preferred embodiment and from the attached drawings, in which:
- Figure 1 shows the registration phase by the user who sends his/her unique identifying data and data related to his/her electronic device to the web server, said web server being provided for creating the User Card, for encrypting the data entered in the User Card, for storing the encrypted data related to the user in the accessory item, for generating the security code (pin) and for sending the accessory item and the security code (pin) to the user who requested the registration, according to the present invention;
- Figure 2 shows the phase of requesting identification and safe authentication of the user by a Third Party by using a software application or APP, which acquires the encrypted identification data of the user (inserted in said accessory item) and sends said data, together with the unique identification code of the electronic device (CIUD) , to the web server; the web server, in turn, after a series of checks relating to the adequacy of said data, will ensure the identification and authentication of the user or will report a non- identification of the user, who therefore will not be authenticated; said conditions will be sent to the software application or APP of the Third Party, which may or may not allow the execution of the activity and/or service, according to the present invention.
With reference to the above mentioned figures, the process/method for obtaining a reliable identification system of a user, according to the present invention, requires the simultaneous presence of two separate but mutually coupled electronic devices, wherein one of said devices is a smartphone, a tablet or another electronic device and the other device is a passive or active tag or a smart device; the system can be used by Third Parties to carry out safe activities and/or services, such as for example recharging of a financial instrument, mobile or remotely payments, accesses to private properties or places or things with prior authorization of access and/or identifications for bureaucratic formalities, etc.; the system also provides for a first registration phase, according to which the person/user/owner (1) of a smartphone, tablet or other electronic device (10), by using a software application or APP (11), which is downloaded from a web portal that manages the registration procedure of the user (1) and the coupled electronic device (10), provides for sending (12) unique identification data, such as the name, surname and/or address of the user, the phone number of the device (10) , an e-mail address and the unique identifying code of the electronic device (CIUD) (10), to a web server (100), which sends (101) a text message requesting a confirmation of registration to the electronic device (10) of the user (1) who is requiring the registration. Only if the web server (100) receives a related confirmation (102) to the text message by the user (1), said web server (100) is able to create (103) a User Card (200) where the unique identification data of the user (1) and of the electronic device (10) are saved (10), said data being identified by a User ID and said web server (100) also creating a link between the user (1) and the electronic device (10); the software application (21) managing said web server (100) also performs an MD5 encryption (104) of the unique data contained in said User Card (200) and subsequently stores (105) only the data (201) relating to the user (1) on an accessory item, such as a passive (50) or active tag (51) or a smart device (52), in addition to defining and writing (106) a secret code (pin) (60) to be used if the user is blocked by the web server; subsequently, the system sends directly to the address user (1) both the accessory item (50, 51, 52) and the secret code (pin) (60). Therefore, the user (1), by using the electronic device (10) with which he/she carried out his/her registration on the web server (100) , can subsequently be identified by comparing the data stored in the accessory item (50, 51, 52) and the data stored in the electronic device (10), such as the CIUD code, and the data present on the web server, said data being stored in a unique User Card (200) . Since said identifying data are encrypted unique identifying data (104) it is impossible for hackers to trace the single "nature" of said data present in the User Card (200) .
Moreover, since the encrypted unique identifying data (104) are divided on two separate electronic devices (smartphone and/or tablet 10 and a wearable accessory item 50, 51, 52) , only the simultaneous presence of said two electronic devices allows for a certain identification of the user (1); therefore, it is necessary for attackers to carry out a simultaneous theft of said two electronic devices (10, 50, 51, 52) to steal the identity of the user (1) . In case of theft or loss of one or both of said electronic devices (10, 50, 51, 52), the method of the present invention allows to activate a security procedure for sending a communication to the web server by using a password identifying the security code (pin) (60), which is available only to the user (1). A Third Party that allows users (1) to perform activities and/or services by using an electronic device (10) also allows said users (1) to carry out said activities, thus having a safe identification of said users' identity through a request of identification and authentication to the web server (100) where the user (1) has carried out a registration, thus obviating frauds and thefts and without having to request the user (1) any password or additional pins. In fact, the user (1) who requests a Third Party access to an activity/service that can be used with an electronic device (10) is able to use a software application or APP (21) downloaded from the web server (100) of the Third Party or by a webstore; the software application (21) asks the user (1) to be identified by requesting (22A) him/her to acquire the data (201) stored on the active or passive tag (50, 51) or by requesting (22B) to acquire the data (201) stored on the smart device (52) (and optionally a temporary random code (202)), and, once obtained (23A, 23B) , to send said data (24) to the web server (100) together with the unique identification code of the electronic device (CIUD) (10) . A software procedure on the web server will provide for verifying (111) the equality between the unique data stored in the User Card (200) (together with a possible temporary random code (202) if a supplementary software procedure for managing temporary random codes is also provided on the web server (100)) and the data sent by the electronic device (10); if said data are equal (112), the software application (21) will also perform other security checks (113) and, only if said checks are overcome, the software application will send to the electronic device (10) a confirmation of identification/authentication (115); on the contrary, said procedure of identification and/or authentication (123) will be blocked if the data sent by the electronic device (10) are not equal (121) to the data stored in the User Card (200) or the security checks (113) are not overcome (122). Only said authentication step (115) will allow the user (1) to proceed with the execution of the related activity/service (25); if there is no authentication (123), the system provides for a blocking (26) of said activities/services.
The invention thus conceived and illustrated herein is susceptible of numerous modifications and variations, all of which are within the scope of the inventive concept as claimed in the following claims. Furthermore, all the details may be replaced by other technically equivalent elements. Finally, the components used, so long as they are compatible with the specific use, as well as the dimensions, may be any according to requirements and to the state of the art. Where the characteristics and techniques mentioned in any claim are followed by reference marks, such reference marks have been attached for the sole purpose of increasing the intelligibility of the claims and, consequently, said reference marks have no limiting effect on the claims.

Claims

1. Method for identifying/authenticating a person or user (1), said method employing at least two coupled electronic devices (10, 50, 51, 52) and a related software application, characterized by comprising at least the following steps:
- a first step of registering said user (1) at a web server (100) by means of a first electronic device (10), such as a smartphone or a tablet or other, on which a first software application (11), which can be downloaded from said web server (100) or from a web store, runs, said software application (11) managing said first registering step and said first registering step being provided for sending to said web server (100) identification unique data related to said user (1) and to said first electronic device (10), which is coupled to said user (1),
- a second step of receiving, by means of said web server (100), said identification unique data of said user (1) and of said first electronic device (10),
- a third step of creating (103) a user card (200) containing said identification unique data of said user (1) and of said first electronic device (10),
- a fourth step of encrypting (104) said data contained in said user card (200),
- a fifth step of generating (106) a secret code or a security pin (60);
- a sixth step of storing (105) the encrypted unique identification data (201) of said user (1) in a second electronic device (50, 51, 52), such as a passive or active tag or a smart device;
- a seventh step of sending (107) to said user (1) said second electronic device (50, 51, 52) and said secret code or security pin (60);
- an eighth step of confirming an activity or service, such as a recharging of a financial instrument, a remote payment, an access to private properties or places or things with prior access permission and/or for bureaucratic formalities, said confirming step being carried out by means of an adequacy test (111) between data entered in said first (10) and second electronic devices (50, 51, 52) and data entered in said user card (200) .
2. Method according to claim 1, characterized in that, between said first registering step and said second receiving step, a step of sending (101) to said first electronic device (10) a text message for confirming said registering step of the user (1) is provided.
3. Method according to at least one of the preceding claims, characterized in that said activity or service is offered by a third party, such as a service company.
4. Method according to at least one of the preceding claims, characterized in that said first registering step includes a step of sending to said web server (100) a unique identification code of said first electronic device (10), such as the I. M.E.I, code or the U.U.I.D or C.I.U.D. code.
5. Method according to at least one of the preceding claims, characterized in that said fourth encrypting step (104) takes place through an MD5 encryption (104).
6. Method according to at least one of the preceding claims, characterized in that said unique identification data of said user (1) are encrypted (104) and divided over said first (10) and second electronic devices (50, 51, 52), which are physically separated.
7. Method according to at least one of the preceding claims, characterized in that, in case of theft or loss of at least one of said first (10) and second electronic devices (50, 51, 52), a security procedure is activated, according to which a communication is sent to said web server (100) by using said security code or pin (60), which is only available to said user (1), as an identifying password.
8. Method according to at least one of the preceding claims, characterized in that at least one temporary random code (202) is stored in said second electronic device (50, 51, 52), said temporary random code (202) being compared, during said adequacy test (111), with at least one temporary random code inserted in said user card (200) .
EP18723383.8A 2017-03-21 2018-03-05 Method of identification/authentication of users using two coupled electronic devices and a related software application Withdrawn EP3616112A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102017000030500A IT201700030500A1 (en) 2017-03-21 2017-03-21 PROCESS / IDENTIFICATION METHOD / CERTAIN AUTHENTICATION OF A PERSON WITHOUT PASSWORD OR PIN USING TWO ELECTRONIC DEVICES SEPARATED BETWEEN THEM ASSOCIATED AND RELATIVE SOFTWARE APPLICATIONS
PCT/IT2018/000032 WO2018173081A1 (en) 2017-03-20 2018-03-05 Method of identification/authentication of users using two coupled electronic devices and a related software application

Publications (1)

Publication Number Publication Date
EP3616112A1 true EP3616112A1 (en) 2020-03-04

Family

ID=59521512

Family Applications (1)

Application Number Title Priority Date Filing Date
EP18723383.8A Withdrawn EP3616112A1 (en) 2017-03-21 2018-03-05 Method of identification/authentication of users using two coupled electronic devices and a related software application

Country Status (3)

Country Link
EP (1) EP3616112A1 (en)
IT (1) IT201700030500A1 (en)
WO (1) WO2018173081A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU755458B2 (en) * 1997-10-14 2002-12-12 Visa International Service Association Personalization of smart cards
EP2063400A1 (en) * 2007-11-23 2009-05-27 Gemalto SA Virtual security access module
EP2141667A1 (en) * 2008-06-25 2010-01-06 Gemalto SA Identifier calculation method for web services
EP2579199A1 (en) * 2011-10-06 2013-04-10 Gemalto SA Method for paying for a product or a service on a commercial website by means of an internet connection and corresponding terminal

Also Published As

Publication number Publication date
IT201700030500A1 (en) 2018-09-21
WO2018173081A1 (en) 2018-09-27

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
TWI667585B (en) Method and device for safety authentication based on biological characteristics
US11184343B2 (en) Method for carrying out an authentication
US10616198B2 (en) Apparatus, system and method employing a wireless user-device
CN103544599B (en) Embedded-type security element for authenticating, storing and trading in mobile terminal
CN204948095U (en) Authenticate device and the mutual system guaranteeing between application program and user
CN104321777B (en) Public identifier is generated to verify the personal method for carrying identification object
CA2857106C (en) Method for securing electronic transactions
CA3027909A1 (en) Authentication in ubiquitous environment
KR20210121307A (en) System for accessing data from multiple devices
US20160155123A1 (en) System and method for user authentication by using a physical financial card and mobile communication terminal
JP2009510644A (en) Method and configuration for secure authentication
US20150038118A1 (en) Method for verifying the identity of a user of a communicating terminal and associated system
US9692754B2 (en) Ensuring the security of a data transmission
US11620650B2 (en) Mobile authentication method and system therefor
KR20070029537A (en) Authentication system and method using individual unique code linked with wireless terminal
KR101294805B1 (en) 2-channel authentication method and system based on authentication application
EP3563327A1 (en) Safety process/method for sending and exchanging a temporary enabled random code among at least three electronic devices for recharges, payments, accesses and/or ids of owners of a mobile device, such as a smartphone
US20160342996A1 (en) Two-factor authentication method
KR101187414B1 (en) System and method for authenticating card issued on portable terminal
EP3752936B1 (en) Identity authentication process/method by sending and exchanging a temporary personal password among at least four electronic devices for recharges, payments, accesses and/or ids of the owner of a mobile device, such as a smartphone
US20140359703A1 (en) Method for securing an action that an actuating device must carry out at the request of a user
EP3616112A1 (en) Method of identification/authentication of users using two coupled electronic devices and a related software application
KR101381388B1 (en) Real name authentication system by smart terminal
CN103814381A (en) Method and system for allowing access to a protected part of a web application

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190919

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06Q 20/32 20120101ALI20201111BHEP

Ipc: G06Q 20/40 20120101ALI20201111BHEP

Ipc: G06F 21/34 20130101ALI20201111BHEP

Ipc: G06Q 20/34 20120101ALI20201111BHEP

Ipc: H04W 12/06 20090101AFI20201111BHEP

Ipc: H04L 29/06 20060101ALI20201111BHEP

Ipc: G06F 21/31 20130101ALI20201111BHEP

Ipc: G07F 7/10 20060101ALI20201111BHEP

Ipc: G06Q 20/36 20120101ALI20201111BHEP

INTG Intention to grant announced

Effective date: 20201215

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20210427