EP3987416A1 - Verfahren und vorrichtung zur authentifizierung eines benutzers unter verwendung der leitfähigkeit des menschlichen körpers - Google Patents

Verfahren und vorrichtung zur authentifizierung eines benutzers unter verwendung der leitfähigkeit des menschlichen körpers

Info

Publication number
EP3987416A1
EP3987416A1 EP20721655.7A EP20721655A EP3987416A1 EP 3987416 A1 EP3987416 A1 EP 3987416A1 EP 20721655 A EP20721655 A EP 20721655A EP 3987416 A1 EP3987416 A1 EP 3987416A1
Authority
EP
European Patent Office
Prior art keywords
user
authentication
signal
authentication device
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20721655.7A
Other languages
English (en)
French (fr)
Inventor
Philippe Michel Levionnais
Olivier Lepetit
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Publication of EP3987416A1 publication Critical patent/EP3987416A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint

Definitions

  • the invention relates to authenticating a user, via communications initiated over a short range wireless channel. More precisely, the invention relates to a method for authenticating a user with an application or a device, by means of a portable terminal of the user capable of establishing a communication using the conductivity capacity of the body. human to transmit the electromagnetic waves carrying such wireless communications.
  • a user inserts his payment card into an electronic payment terminal (TPE) and dials a confidential code on the keypad of the TPE, generally a 4-digit code.
  • TPE electronic payment terminal
  • the payment transaction is authorized when it is verified that the user has entered the correct confidential code.
  • nothing prevents an ill-intentioned person from spying on the user when he dials his confidential code, and steals his bank card.
  • a similar mechanism exists for unlocking a SIM card (for Subscriber Identity Module in English) or the screen of a smartphone (for smart phone in French).
  • the user dials a confidential code to unlock the SIM card or else composes a confidential diagram on the touch screen of the smartphone to unlock the screen of the smartphone.
  • nothing prevents a malicious user from spying on the user with his smartphone and stealing his smartphone.
  • the invention improves the state of the art. For this purpose, it relates to a method for checking an authentication of a user with an authentication device, implemented by a processor.
  • the authentication of the user with said authentication device is implemented at least by a verification by the authentication device that a code composed by the user on an interaction interface of the authentication device corresponds to a predetermined code associated with the user.
  • the authentication control process includes:
  • the authentication device when the user interacts with the authentication device to authenticate himself with it, for example when he dials a confidential code on a TPE, a radio carrier wave, or electromagnetic signal, is transmitted by the device. authentication through the body of the user to a terminal, for example a terminal of the user such as a mobile telephone, suitable for receiving such a signal.
  • Such a signal is characteristic of the interaction made by the user on the interaction interface of the authentication device. Indeed, when the user interacts on the interface, for example a numeric keypad and dials a code, his or her fingers come into contact with the interface of the authentication device and move to different points of the interface when dialing the code requires several user contact points on the interface (several key presses in the case of a multi-digit code). This creates variations in the electromagnetic field picked up by the terminal.
  • the amplitude of the signal received by the terminal is thus modified as a function of the way in which the user interacts on the authentication device.
  • the received radio signal is thus representative of the user's interaction with the authentication device when he dials his code.
  • the form of the signal transmitted via the user's body and picked up by the terminal also depends on a certain number of characteristics specific to the wearer (body size, age, sex, tissue humidity, etc.), as well as means of reception of the terminal (characteristics and position of the antenna, etc.).
  • the analysis of such a signal therefore makes it possible to identify characteristics specific to the user and to the interactions of the user on the authentication device and therefore to recognize it by comparison with a similar signal known.
  • the reference signal may for example correspond to a signal representative of a set of interactions performed by the user on the authentication device or on a similar device during an initialization phase. Such a reference signal can thus be interpreted as a biometric signature of the user.
  • the method described above thus makes it possible to provide a more secure authentication of the user by reinforcing an authentication by composition of a code by a biometric signature associated with the composition of the code.
  • This second verification of the user's identity is completely transparent for the user since it does not require any interactions from the user other than those necessary for the composition of his code.
  • the code composed by the user and to be verified by the authentication device can correspond to any code capable of being dialed on a suitable interface of the authentication device.
  • it may be a code with digits to be entered on a numeric keypad of a TPE, or of an automatic distributor, or an alphanumeric code to be entered on a keyboard, or a touch interface, or even a visual code to be reproduced (for example an unlocking pattern) by user interactions defining one or more points of contact at one or more determined locations of the interface and in a predetermined order.
  • the reference signal is represented by a quadruplet of previously stored reference signals
  • the verification that said at least one radio signal corresponds to a previously stored reference signal comprises:
  • the verification that said at least one radio signal is included in a first reference interval determined from two reference signals of said quadruplet of reference signals, and that said derivative signal is included in a second reference interval determined from the other two reference signals of said reference signal quadruplet comprising:
  • the reference threshold is a function of a criterion of severity of the authentication.
  • the interval of reference signals is obtained from an average and a standard deviation of radio signals characteristic of interactions of the user on an interface of interaction of a device carried out during an initialization phase.
  • the biometric reference of the user takes into account the variability of the user when he composes his code, in particular the variability given by the various presses of the user on the interface. of the device.
  • the authentication device corresponds to the user's terminal.
  • the authentication control method makes it possible to reinforce the user's access to his mobile terminal. For example, when the user dials his code on the terminal, the latter checks that the code dialed is the correct one and also checks that the user who dialed the code is indeed the one for which the reference signal was stored.
  • This particular embodiment of the invention can be used to reinforce the security of unlocking the terminal, or even the security of payment transactions carried out directly by means of a mobile terminal.
  • the authentication device corresponds to a payment terminal.
  • the reference signal is associated with an identifier of the user.
  • This particular embodiment of the invention makes it possible to take into account the case where the code to be dialed for authentication can be used by several users, for example in the case of a bank card shared by a family.
  • the invention also relates to a method for authenticating a user, implemented by an authentication device, comprising:
  • the authentication method thus makes it possible to secure the authentications of users by composing a confidential code while ensuring a double check. It is thus to verify that the code composed by the user is correct and that the identity of the user who composed the code indeed corresponds to an identity associated with the code.
  • the verification that the identity of the user corresponds to an identity associated with the predetermined code associated with the user comprises:
  • the verification of the identity of the user is implemented by a control device, for example a bank server, to which the data representative of the identity of the user are sent.
  • a control device for example a bank server
  • the data representative of the identity of the user received from the user's terminal can correspond to a mobile number of the user's terminal and the second data representative of the identity of the user can correspond to a name associated with the predetermined code.
  • the predetermined code, as well as the second piece of data representative of the identity of the user are stored on a physical means, such as a bank card, or the like. This physical means being read by the authentication device to verify the code composed by the user.
  • the invention also relates to a device for checking an authentication of a user with an authentication device, the authentication of the user with said authentication device being implemented at least by a verification by the user.
  • authentication device that a code composed by the user on an interaction interface of the authentication device corresponds to a predetermined code associated with the user.
  • the authentication control device includes at least a memory and a processor configured to:
  • the invention also relates to an authentication device comprising a memory and a processor configured for:
  • the authentication device described above is included in a payment terminal.
  • the authentication device described above is included in a terminal, for example a mobile terminal, or tablet.
  • the authentication device described above and the control device described above are included in a terminal.
  • the invention also relates to a computer program comprising instructions for implementing the control method and / or the authentication method described above according to any one of the particular embodiments described above, when said program is executed by a processor.
  • the methods can be implemented in various ways, in particular in wired form or in software form.
  • This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other. desirable shape.
  • the invention also relates to a recording medium or information medium readable by a computer, and comprising instructions of a computer program as mentioned above.
  • the recording media mentioned above can be any entity or device capable of storing the program.
  • the medium can comprise a storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or else a magnetic recording means, for example a hard disk, a USB key.
  • the recording media can correspond to a transmissible medium such as an electrical or optical signal, which can be conveyed via an electrical or optical cable, by radio or by other means.
  • the programs according to the invention can in particular be downloaded from an Internet type network.
  • the recording media can correspond to an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
  • FIG. 1 A illustrates an example of an environment for implementing the invention according to a particular embodiment of the invention.
  • FIG. 1 B illustrates an example of an environment for implementing the invention according to another particular embodiment of the invention.
  • FIG. 1 C illustrates an example of an environment for implementing the invention according to another particular embodiment of the invention.
  • FIG. 2 Figure 2 shows a terminal according to one embodiment of the invention.
  • FIG. 3 shows an authentication device according to one embodiment of the invention.
  • FIG. 4 represents the steps of a method of learning a reference signal from a user according to one embodiment of the invention.
  • FIG. 5A represents the steps of a method for checking an authentication according to one embodiment of the invention.
  • FIG. 5B illustrates the steps of the step of verifying that the radio signal corresponds to a reference signal, according to a particular embodiment of the invention.
  • FIG. 6 represents the steps of a method for checking an authentication according to another embodiment of the invention.
  • the general principle of the invention is to use new wireless communication techniques using the human body as a channel to generate a signal representative of a user interaction, for example the composition of a confidential code, on a surface of an authentication device and received by a user's terminal. Using this generated signal and a reference signal learned beforehand for the user, it is possible to check whether the signal received by the terminal is indeed characteristic of the user. It is thus possible to determine whether the user having interacted on the surface of the device authentication is the user of the terminal.
  • the invention thus makes it possible for example to define a new type of biometric signature.
  • FIGS. 1A, 1B, and 1C represent a wireless communication system according to different embodiments of the invention when a user (2) carrying a portable device (1), called in the following terminal, equipped of an NFC module such as defined previously, composes a code on an interaction interface of an authentication device (3), to authenticate itself with this device or with a service.
  • service we mean any type of service, for example a monetary transaction, ticket validation, access to a secure location, unlocking of a terminal, etc.
  • the authentication device (3) can be for example a connected object (in English, IOT for Internet Of Things), a TPE (for Electronic Payment Terminal), an access control terminal, a personal computer, a mouse computer, a home gateway, the user's terminal, etc. It is capable of transmitting radio signals of the NFC type, through the body of the user, via an NFC / CBB antenna (not shown).
  • the authentication device (3) comprises a surface formed by the possibly protected antenna and adapted to react when the user touches it or comes into proximity with it, for example by bringing his hand closer.
  • the term “surface” is in no way limiting and given by way of illustration, the antenna being the only means essential for the operation of the device.
  • Transmitter IBC module The assembly made up of the antenna, the surface and more generally all the components necessary for the implementation of an IBC communication is hereinafter called “transmitter IBC module”, denoted MIBCM. Note that this module corresponds to the standard NFC module an NFC type terminal configured for CBB communication by loading a specific program (software), without changing the hardware.
  • the authentication device (3) is a TPE comprising for example a user interface, also called HMI (for Human Machine Interface), comprising for example a screen intended to display messages to the user's attention and a numeric keypad on which the user can enter a code.
  • HMI Human Machine Interface
  • the terminal (1) is a portable device naturally capable of receiving radio carrier waves, via an antenna, through the body of the user (2). To this end, the terminal (1) is located in the immediate vicinity of the user (2), without necessarily being in direct contact with the latter. For example, the terminal (1) is placed inside a pocket or bag carried against the user. In these configurations, it is estimated that the terminal (1) is not more than a few centimeters away from the user's body (2). The distance is for example less than 5 cm.
  • the terminal (1) is equipped with a battery or batteries, for autonomous operation. According to this example, it is a mobile terminal equipped with an NFC antenna (not shown) adapted in CBB mode to receive the electrical signals modulated in the form of an electromagnetic wave through the body of the user when the latter. this is located in the immediate vicinity of the sending device.
  • the authentication device is included in the terminal (1) of the user.
  • the terminal (1) furthermore comprises means for communicating on a second channel (4), for example Bluetooth or Wi-Fi.
  • a second channel (4) allows higher bit rates and transmission speeds than CBB.
  • This allows the terminal (1) of the user to communicate with the authentication device (3), for example to transmit to the authentication device a piece of data representative of the identity of the user when it is verified by the user. terminal that the radio signal received from the authentication device via the user's body corresponds to a reference signal previously stored by the terminal (1).
  • a characteristic radio signal of the user's interaction is transmitted to the terminal (1) via the user's body (2).
  • the terminal (1) checks whether the received radio signal corresponds to a reference signal previously stored by the terminal (1). In the case of a positive verification, the terminal (1) transmits to the authentication device (3) via the channel (4) a piece of data representative of the identity of the user.
  • the authentication device can then verify on the one hand that the code entered by the user corresponds to a predetermined code, for example a confidential code stored on a secure medium inserted in the authentication device, for example a smart card , and on the other hand if the identity of the user transmitted by the terminal corresponds to the identity of the user associated with the predetermined code, for example such an identity is also stored on the secure medium.
  • a predetermined code for example a confidential code stored on a secure medium inserted in the authentication device, for example a smart card
  • Figure 1B illustrates a variant of the embodiment illustrated in Figure 1A.
  • the authentication device (3) furthermore comprises means for communicating on another channel (4 '), for example Bluetooth or Wi -Fi, or via a mobile or fixed data network.
  • This allows the authentication device (3) to communicate with a control device (1 1), e.g. a bank server.
  • a control device (1 1) e.g. a bank server.
  • Such a channel (4 ') allows for example the authentication device (3) to transmit the data representative of the identity of the user received from the terminal (1) to the control device (1 1), as well as a second identity data of the user associated with the predetermined code.
  • the identity of the user is verified by the control device.
  • FIG. 1 C illustrates another particular embodiment of the invention, in which the authentication device is included in the terminal (1).
  • this particular embodiment of the invention makes it possible to verify the identity of the user (2) when the latter dials a code on his terminal (1), for example a code for unlocking his SIM card or from their screen or to validate a banking transaction on their terminal.
  • the terminal (1) is a TPE.
  • the user dials their confidential code on the TPE that they hold in their hand and the TPE checks that the intracorporeal signal (s) emitted by the TPE, transmitted by the body of the user and received by the TPE correspond to the user who dialed the code.
  • the data representing the identity of the user and his biometric reference (reference signal associated with the user) are stored on a smart card and are read by the TPE at the time of the transaction.
  • the TPE checks that the intracorporeal signal (s) received correspond to the user's reference stored on the smart card and that the code dialed is the code associated with the identity of the user. user stored on the smart card.
  • the terminal (1) is for example a mobile terminal of the smartphone type suitable for implementing the invention.
  • the terminal (1) is a modified TPE and able to receive an intracorporeal signal.
  • the terminal is a simple electronic card equipped with the following modules:
  • CPU Central Processing Unit
  • the memory M contains a memory area (5), preferably secure, containing authentication data of at least one user of the terminal.
  • MIBCU module called "User IBC Module", MIBCU, including:
  • a CBB antenna suitable for receiving signals over the radio channel and via the human body, so that a modulated electrical signal transported by the user's body is suitable for being received by the antenna, which is located in the terminal, in proximity to the human body;
  • a demodulator intended to receive via the antenna a modulated electrical signal and to transform it into a digital signal intended to be transmitted to the processing unit;
  • BT Bluetooth or WiFi type radio module
  • a DGV verification module for analyzing a signal received by the CBB module and determining whether the signal received corresponds to a reference signal previously stored
  • an APPV application module to validate or not the authentication of the user depending on whether the signal received corresponds to the reference signal or not, - preferably, and in particular if this module is not implemented on another device, an application (APPA) intended for the implementation of a learning method according to embodiments of the invention, in particular :
  • this learning module and this database are not necessarily located on the terminal: they can be on a server in a data network, etc.
  • the authentication device comprises several modules which are similar to those of the terminal 1 described in relation to FIG. 2:
  • CPU central processing unit
  • a set M of memories including a volatile memory or “RAM” (for “Random Access Memory”) used to execute code instructions, store variables, etc., and a non-volatile memory, of the “ROM” type or "EEPROM” intended to contain persistent information;
  • RAM Random Access Memory
  • EEPROM Electrically Error Memory
  • Transmitter IBC module a module called "Transmitter IBC module", MIBCM, including:
  • a CBB antenna suitable for transmitting signals over the radio channel and via the human body
  • a modulator intended to adapt a digital signal produced by the microprocessor into a modulated electrical signal, intended to be transmitted, via the antenna, through the user's body.
  • the modulation operation performed by the modulator is for example an amplitude modulation: the signal is a 13.56 MHz signal modulated in amplitude with a modulation rate of approximately 10% (known characteristic of type B according to the standard NFC).
  • the invention is not, however, limited to this type of modulation.
  • the modulation is frequency modulation, less sensitive to interference, or phase modulation;
  • a contact surface not shown, adapted to react to the immediate proximity of the user (contact, quasi-contact, touch, etc.).
  • this surface corresponds to the antenna, so that that a modulated electrical signal emitted via the antenna is suitable for being conveyed by the body of the user which is in proximity to the surface.
  • the antenna can be integrated into the surface. The surface is arranged so as to cooperate with the processing unit to implement the steps of the method which will be described later;
  • Bluetooth or Wi-Fi type BT radio module intended in particular to receive data from the user's terminal (identity data transmitted by the terminal, data relating to a transaction, etc.) and / or to communicate with another device to validate a transaction.
  • the user interface includes a screen on which messages and instructions are displayed and a separate or on-screen numeric keypad through which the user can dial a numeric code, for example.
  • a SUPP obtaining module to obtain a predetermined code associated with the user, for example it may be an integrated smart card reader suitable for reading the information included in the memory of the smart card, or a communication interface suitable for receiving secure information transmitted by the terminal via a dematerialized bank card application,
  • a DGV verification module for analyzing a signal corresponding to a code dialed by the user on the user interface and verifying whether the code dialed by the user corresponds to the predetermined code obtained by the obtaining module SUPP,
  • an application module APPV intended according to an alternative embodiment to verify the identity of the user from an identity datum received from the user's terminal and an identity datum associated with the predetermined code obtained by the SUPP obtaining module.
  • the application module APPV is intended to cooperate with a communication module COM to transmit these two identity data to a control device.
  • the application module APPV 'cooperates with the DGV module to validate the authentication of the user when on the one hand the code composed corresponds to the predetermined code and on the other hand the identity of the user who composed the code corresponds to the 'identity associated with the predetermined code, a COM communication module capable of transmitting identity data to a control device and receiving a signal for validating the identity of the user coming from the authentication device.
  • FIG. 4 represents the steps of a learning method according to an embodiment of the invention.
  • Learning is achieved by placing the user's finger on each of the digits of an interaction interface of a learning device, for example the authentication device.
  • a learning device for example the authentication device.
  • the user is for example in a shop of a telecommunications operator and is preparing to create his reference signal which will be used subsequently to verify the authentication of the user, when using the services of type CBB.
  • the communication is unidirectional (in CBB mode), from the learning device to the user's terminal, and a Bluetooth communication channel (4) is used for communication from the terminal of the user. user to the learning device.
  • the user's terminal for example of the CBB smartphone type, is located in the user's pocket.
  • step E20 the user is asked to successively press each of the digits of a numeric keypad of the learning device (terminal, TPE, etc.).
  • a step E21 the user presses one of the digits of a numeric keypad of the learning device.
  • step E21 communication is established on the IBC channel.
  • the terminal emits the signal SP, (t) transmitted via the user's body and bearing the characteristics of the user when he interacts on digit i.
  • Such a signal SP, (t) is received by the terminal of the user (1) during a step E1.
  • the user's terminal demodulates and processes the received signal SP, (t).
  • the terminal stores the signal SPi (t) in a memory (represented here in the form of a database (6) by way of example). Alternatively it can also transmit the signal, to an external learning server.
  • step E4 it is checked whether the 10 signals SPj (t), corresponding to the 10 digits of the digital keyboard, have been received. If this is not the case, the method returns to step E1 waiting for a new signal SPr (t).
  • step E5 reference signals are generated for the user from the 10 signals SP, (t) stored. For this, the terminal calculates the derivative SP '(t) of each signal SPi (t). Then, for each instant t, the terminal calculates the average M (t) of the 10 y sP (t)
  • the terminal also calculates the mean M '(t) and the standard deviation a' (t) of the 10 derivative signals SP'i (t).
  • the terminal For each instant t, the terminal thus stores a quadruple of reference signals [M ( ⁇ ), s ( ⁇ ), M '( ⁇ ), s' ( ⁇ )].
  • M ( ⁇ ), s ( ⁇ ), M '( ⁇ ), s' ( ⁇ ) Such a biometric reference of the user thus makes it possible to take account of a great variability of the user given by the different touches of each digit.
  • the reference signal is represented by this quadruplet of reference signals.
  • Two reference intervals are then defined from this quadruple of reference signals.
  • the verification of the user's biometric reference will consist in verifying whether the signal received by the terminal is included in the first interval and if the derivative signal of the signal received by the terminal is included in the second interval.
  • the reference signal quadruplet [M (t), a (t), M '(t), a' (t) ⁇ or the reference intervals lnt (t) and lnt '(t) are stored in a memory , or database (5), either in the user's terminal, or in an authentication database, preferably with an identifier of the user (for example his name, his telephone number , the MAC address of their terminal, their bank account number, etc.).
  • the reference signals can typically take the form of an analog or digital signal, that is to say a function representing the variations of the signal corresponding to the touch of a digit by the user over a time interval, for example a few seconds. Preferably, these signals are of the square type.
  • FIG. 5A describes a method for checking the authentication of a user according to a particular embodiment of the invention.
  • the user dials a code on an interaction interface of the authentication device.
  • a code for example, it is assumed here that it is a 4-digit code, according to other exemplary embodiments, the code could include more or less digits, or other alphanumeric characters.
  • step E51 communication is established on the CBB channel.
  • the authentication device emits a signal which is modified by user interaction on the interface.
  • the modified signal transmitted via the user's body and bearing the characteristics of the user's interaction is received by the user's terminal (1) during a step E52.
  • step E52 the user's terminal demodulates and processes the received signal.
  • the user's terminal obtains the user's reference signal from its memory or from an external database.
  • the terminal retrieves the quadruplet of signals [M (t), a (t), M '(t), a' (t)] stored during the learning phase.
  • step E55 it is checked whether the received signal corresponds to the reference signal. Such verification is described below in relation to FIG. 5B.
  • the terminal identifies from the signal received during step E51 the 4 signals SPi (t) corresponding to the interaction of the user on each digit making up the code.
  • the terminal calculates the derivative signals SP'i (t) corresponding to the 4 signals SP (t). The terminal will then check if the signals SP, (t) are included in the first reference interval lnt (t) and if the derivative signals SP'i (t) are included in the second reference interval lnt '(t) . For this, during a step E502, the terminal determines for each signal SPi (t) and SP'i (t), i ranging from 1 to 4, an indicator l (t), respectively i (t), indicating whether the signal SP, (t), respectively SP'i (t), is included in the first reference interval lnt (t), respectively in the second reference interval Int '(t).
  • the terminal determines for each instant t included in the time interval during which the signal SPi (t) was received, if the signal SP, (t) is between the two functions M (t) - ait) / 2 and M (t) + a t / 2, if the signal SP '(t) lies between the two functions M' (t) - a'it) / 2 and M'it) + a'it) / 2.
  • the indicators li (t) and G, ( ⁇ ) are a function of time t, and the indicator l (t), respectively the i (t), takes the value 0 when, at time t, the signal SPi (t), respectively SP'i (t), is included in the first interval lnt (t), respectively in the second interval lnt '(t), and the indicator takes the value 1 when the signal SP, (t), respectively SP'i (t), is not included in the first interval lnt (t), respectively in the second interval lnt '(t).
  • the terminal calculates the distance between the signal generated during the interaction of the user to compose his code and the reference signal represented here by the quadruplet of reference signals. For this, an indicator I, 9 or 1 ', 9 is obtained for each signal SP, (t) or SP'i (t) by summing over the time interval the indicators l, (t) and G, ( ⁇ ) previously obtained. Then, an overall distance is obtained by summing the 8 indicators l, 9 and 1 ', 9 obtained. Such a distance tends towards 0 when the user who entered the code corresponds to the user for whom the reference signals have been learned.
  • the sum of the indicators is compared with a reference threshold S. When the sum of the indicators is less than the reference threshold, the verification is positive. Otherwise, the check is negative.
  • the reference threshold can vary as a function of a criterion of severity of the authentication. For example, when it comes to verifying the identity of the user during the validation of a monetary transaction carried out on the user's terminal, the threshold S may vary depending on the amount of the transaction.
  • step E56 the identity of the user is validated.
  • the terminal transmits to the authentication device a piece of data representing the identity of the user.
  • the authentication device verifies that the code composed by the user corresponds to a predetermined code associated with the user. For example, it may be a confidential code stored on a physical medium inserted by the user into the authentication device.
  • the authentication device receives the data representative of the identity of the user transmitted by the terminal at step E60.
  • the authentication device verifies that the received identity corresponds to the identity associated with the predetermined code. For example, such an identity associated with the predetermined code is also stored on the physical medium.
  • the user When the code entered by the user corresponds to the predetermined code and the identity of the user received from the terminal corresponds to the identity associated with the predetermined code, the user is authenticated and can access the service, for example validating a transaction , access a secure place, etc ...
  • FIG. 6 illustrates steps of the authentication control method and of the authentication method according to another particular embodiment of the invention.
  • the step of verifying the identity of the user from the identity received from the terminal is performed by a control device (1 1).
  • step E630 the authentication device transmits to the control device the datum representative of the identity of the user received from the terminal, and an identity datum of the user associated with the predetermined code.
  • the authentication device receives from the control device a signal validating the identity of the user when the two identity data items correspond to the same user. Otherwise, the authentication device receives from the control device a signal indicating that the identity of the user is not validated.
  • the control device verifies that the two identity data does indeed correspond to the same user.
  • the control device has a correspondence table comprising the name of the user, associated with his mobile number, or a customer account, or a smart card identifier, etc.
  • the authentication control method and the authentication method described in relation to FIG. 5A are implemented by the user's terminal.
  • steps E20 and E61 -E63 are then implemented by the terminal.
  • an identifier of the user when the reference signals of the user are stored in a set of user authentication data, an identifier of the user, for example a mobile number, his name, or another identifier, is used to select the reference signals specific to the user from the set of user authentication data.
  • the user may have identified himself on the terminal beforehand, or else an identifier of the user may be requested by the terminal from the user via a terminal man-machine interface.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
EP20721655.7A 2019-06-20 2020-05-04 Verfahren und vorrichtung zur authentifizierung eines benutzers unter verwendung der leitfähigkeit des menschlichen körpers Pending EP3987416A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1906690A FR3096481A1 (fr) 2019-06-20 2019-06-20 Procédé et dispositif d'authentification d'un utilisateur.
PCT/EP2020/062288 WO2020254026A1 (fr) 2019-06-20 2020-05-04 Procede et dispositif d'authentification d'un utilisateur utilisant la conductivité du corps humain

Publications (1)

Publication Number Publication Date
EP3987416A1 true EP3987416A1 (de) 2022-04-27

Family

ID=68138443

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20721655.7A Pending EP3987416A1 (de) 2019-06-20 2020-05-04 Verfahren und vorrichtung zur authentifizierung eines benutzers unter verwendung der leitfähigkeit des menschlichen körpers

Country Status (4)

Country Link
US (1) US20220318800A1 (de)
EP (1) EP3987416A1 (de)
FR (1) FR3096481A1 (de)
WO (1) WO2020254026A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11914690B2 (en) * 2021-02-08 2024-02-27 Typingdna Inc. Systems and methods for using typing characteristics for authentication
US20230308467A1 (en) * 2022-03-24 2023-09-28 At&T Intellectual Property I, L.P. Home Gateway Monitoring for Vulnerable Home Internet of Things Devices

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8762733B2 (en) * 2006-01-30 2014-06-24 Adidas Ag System and method for identity confirmation using physiologic biometrics to determine a physiologic fingerprint
US8556833B2 (en) * 2007-01-10 2013-10-15 Integrity Tracking, Llc Wireless sensor network system and method
US20130173926A1 (en) * 2011-08-03 2013-07-04 Olea Systems, Inc. Method, Apparatus and Applications for Biometric Identification, Authentication, Man-to-Machine Communications and Sensor Data Processing
FR2992442A1 (fr) * 2012-06-25 2013-12-27 France Telecom Procede d'authentification
US9661499B2 (en) * 2014-12-05 2017-05-23 Sony Corporation Access control authentication based on impedance measurements
FR3044495A1 (fr) 2015-11-30 2017-06-02 Orange Dispositif et procede de communication sans fils
CN105989495A (zh) * 2016-03-07 2016-10-05 李明 一种支付方法及系统
US10275588B2 (en) * 2016-03-08 2019-04-30 Ca, Inc. Providing multi-factor security for electronic devices through body area network and radiofrequency network communications
US11074325B1 (en) * 2016-11-09 2021-07-27 Wells Fargo Bank, N.A. Systems and methods for dynamic bio-behavioral authentication

Also Published As

Publication number Publication date
US20220318800A1 (en) 2022-10-06
WO2020254026A1 (fr) 2020-12-24
FR3096481A1 (fr) 2020-11-27

Similar Documents

Publication Publication Date Title
EP2008483B1 (de) Verfahren für den sicheren zugriff auf ein proximitätskommunikationsmodul in einem mobilen endgerät
EP3688892B1 (de) Verfahren und system zur erkennung eines benutzers während einer funkkommunikation über den menschlichen körper
EP1305937A1 (de) System und dringende vorrichtung des aufrufs
FR2989799A1 (fr) Procede de transfert d'un dispositif a un autre de droits d'acces a un service
FR2988196A1 (fr) Procede d'authentification d'un individu porteur d'un objet d'identification
FR2821225A1 (fr) Systeme de paiement electronique a distance
EP3552327B1 (de) Verfahren zur personalisierung einer sicheren transaktion während einer funkkommunikation
WO2020254026A1 (fr) Procede et dispositif d'authentification d'un utilisateur utilisant la conductivité du corps humain
WO2006082310A1 (fr) Procede de pre-authentification rapide par reconnaissance de la distance
EP2369780B1 (de) Verfahren und system zur validierung einer transaktion, und entsprechendes transaktiosterminal und programm
WO2008104704A1 (fr) Systeme de paiement electronique comportant un terminal mobile incorporant un porte-monnaie electronique et un serveur
FR2912522A1 (fr) Entite electronique portable et procede de communication.
FR3047583A1 (fr) Methode de transmission securisee d'informations d'authentification entre des applications logicielles dans un terminal informatique
FR3052895B1 (fr) Procede d'envoi d'une information de securite
EP2053553A1 (de) Verfahren und Vorrichtung zum Austausch von Werten zwischen persönlichen tragbaren elektronischen Einheiten
FR2927453A1 (fr) Procede et systeme de distribution de billets de banque a partir d'un distributeur de billets
EP3095223B1 (de) Verfahren zur übertragung von verschlüsselten daten, empfangsverfahren, vorrichtungen und computerprogramme im zusammenhang damit
EP3890214A1 (de) Erwerb eines zeitlich befristeten rechts durch nahfeld-funkwellenübertragung
EP3813330A1 (de) Verfahren und geräte zum pairing
FR3108750A1 (fr) Procédé et dispositif de fourniture à un terminal d’un premier utilisateur d’une signature biométrique d’un deuxième utilisateur.
WO2024180049A1 (fr) Procede de delivrance d'une autorisation d'acces pour un individu et procede de verification
EP3926499A1 (de) Verfahren zur authentifizierung eines benutzers auf einem client-gerät
FR2812424A1 (fr) Procede et systeme pour effectuer des transactions securisees de biens et de services au moyen d'un telephone mobile via un reseau de communication cellulaire
FR3007929A1 (fr) Procede d'authentification d'un utilisateur d'un terminal mobile
EP3900228A1 (de) Verfahren und vorrichtung zur erkennung eines benutzers

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20211125

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)