EP4309060A1 - Authentifizierungsverfahren und entsprechende elektronische vorrichtung, computerprogrammprodukt und medium - Google Patents

Authentifizierungsverfahren und entsprechende elektronische vorrichtung, computerprogrammprodukt und medium

Info

Publication number
EP4309060A1
EP4309060A1 EP22712986.3A EP22712986A EP4309060A1 EP 4309060 A1 EP4309060 A1 EP 4309060A1 EP 22712986 A EP22712986 A EP 22712986A EP 4309060 A1 EP4309060 A1 EP 4309060A1
Authority
EP
European Patent Office
Prior art keywords
data
datum
electronic device
user account
authentication method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22712986.3A
Other languages
English (en)
French (fr)
Inventor
Cédric Floury
Mickael LE TROCQUER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Publication of EP4309060A1 publication Critical patent/EP4309060A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • This application relates to the field of access authentications via electronic means.
  • It relates in particular to an authentication method, as well as an electronic device, a computer program product and a corresponding medium.
  • a software and/or hardware resource such as a user account accessible via an electronic device, a secure portion of a building, and/or an object with restricted access
  • a user to authenticate to validate an access right to this resource.
  • the authentication mechanisms can be more or less sophisticated. Some are based, for example, on a password, double authentication, and/or facial and/or digital recognition. While at least some of these solutions are reliable, their implementation can often be cumbersome. Thus, some solutions may require specific sensors or even require a significant memory effort from a user to authenticate in order to remember increasingly complex passwords.
  • the purpose of this application is to propose improvements to at least some of the drawbacks of the state of the art.
  • the present application aims to improve the situation, according to a first aspect, using a method comprising: a supply, on at least one output user interface of an electronic device, of a plurality of data comprising at least an audio sequence and/or at least one image, at least a first of said supplied data being obtained by altering at least one data item associated with a user account; receiving a designation via at least one input user interface of at least one of said provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated piece of data and said at least one piece of data associated with said user account.
  • data in the present application, we mean data that can be restored (or returned) via an output interface of an electronic device, such as data audio type and/or image type (drawing, photography, video), or a combination of such elements.
  • a transformation can for example correspond to an addition of complementary data to the data.
  • complementary data For example, for an image type data, it can be the addition of a character or an object in the image.
  • a sound character voice, or sound from at least one object
  • the added data can represent, for example, a person unknown to the user, or known to the user but whose presence is incongruous in the audio and/or image sequence that includes the data).
  • a transformation can, according to another example, correspond to a modification of an element present in the audio sequence and/or image(s).
  • a transformation can also correspond to an occultation (or masking) or a blurring of part of an image sequence, a sound effect of part of an audio sequence and/or a truncation of the data (audio or 'image).
  • An alteration of a data may of course include several different transformations (such as an addition of a first character and a modification of a second character) in certain embodiments.
  • the method comprises obtaining said at least one piece of data associated with said user account from a storage space accessible from said user account.
  • said obtaining of said at least one piece of data associated with said user account takes into account the presence in the data of said storage space of a content element of said piece of data associated with said user account.
  • said obtaining of said at least one piece of data associated with said user account takes account of an access history to; and/or rendering of said at least one piece of data associated with said user account.
  • said at least one piece of data associated with said user account is included at least partially in said data provided.
  • the method comprises a partial rendering, on said output user interface, of at least one other data item associated with said user account and comprising an audio sequence and/or of at least one image, said plurality provided data having a shape and/or a length adapted to be substituted for an unrendered part of said other data.
  • said other partially rendered data item comprises said data item associated with said user account.
  • said first datum provided comprises at least a first portion not belonging to said datum associated with said user account or vice versa.
  • the data provided includes at least one other piece of data adapted to be inserted into said first piece of data provided, replacing an altered portion of said piece of data associated with said user account in said first piece of data.
  • said access to a user account is access to a software application accessible from said electronic device.
  • said access is authenticated when said designated datum corresponds to said at least one datum associated with said user account.
  • said access is authenticated when said designated datum does not correspond to any of said at least one datum associated with said user account.
  • the present application also relates to an authentication method comprising: a supply, on at least one output user interface of an electronic device, of a plurality of data comprising at least one audio sequence and/or at least one image , said plurality of data provided comprising at least one first datum and at least one second datum, said at least one first datum provided being obtained by altering at least one third datum associated with a user account, said at least one second datum provided being data or a portion of data, unaltered, associated with said user account; receiving a designation via at least one input user interface of at least one of said plurality of provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated piece of data and said at least one first and/or second piece of data provided.
  • the method comprises obtaining said at least one second and/or third datum associated with said user account from a storage space accessible from said user account.
  • said obtaining of said at least one second and/or third datum associated with said user account takes account of a presence in the data of said storage space of a content element of said second and/or third piece of data associated with said user account.
  • said obtaining of said at least one second and/or third piece of data associated with said user account takes into account a frequency of presence of said content element in the data of said storage space.
  • said obtaining of said at least one second and/or third datum associated with said user account takes account of an access history to and/or rendering of said at least one second and/or third data associated with said user account.
  • said at least one third piece of data associated with said user account is included at least partially in said data provided.
  • the method comprises a partial rendering, on said output user interface, of at least one fourth piece of data associated with said user account and comprising an audio sequence and/or of at least one image, said plurality provided data having a form and/or a length adapted to be substituted for a non-rendered part of said fourth data.
  • said fourth datum partially rendered is said third datum associated with said user account.
  • said first datum provided comprises at least a first portion not belonging to said third datum associated with said user account or vice versa.
  • the data provided includes at least one fifth data item adapted to be inserted into said first data item provided, replacing an altered portion of said third data item associated with said user account in said first data item.
  • said method comprises obtaining, prior to said supply, data from said storage space by filtering data collected from another storage space.
  • said obtaining of data from said storage space comprises an identification of at least one content element of at least one of the collected data.
  • said access to be authenticated is access to a software application accessible from said electronic device.
  • said access is authenticated when said designated datum corresponds to said at least one second datum. According to at least one embodiment, said access is authenticated when said designated datum corresponds to said first datum.
  • said supply is implemented upon entry of a user identifier.
  • said provision is implemented in addition to a password authentication mechanism.
  • the present application relates to an electronic device adapted to implement the method of the present application in any one of its embodiments.
  • the present application relates to an electronic device comprising at least one processor configured for: a supply, on at least one output user interface of an electronic device, of a plurality of data comprising at least one audio sequence and/or at least one image, at least a first of said provided data being obtained by altering at least one data associated with a user account; receiving a designation via at least one input user interface of at least one of said plurality of provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated piece of data and said at least one piece of data associated with said user account.
  • the present application relates to an electronic device comprising at least one processor configured for: a supply, on at least one output user interface of said electronic device, of a plurality of data comprising at least one audio sequence and/or at least one at least one image, said plurality of data provided comprising at least one first data item and at least one second data item, said at least one first data item provided being obtained by altering at least one third data item associated with a user account, said at least one second data provided being data or a portion of data, unaltered, associated with said user account; receiving a designation via at least one input user interface of at least one of said plurality of supplied data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated datum and said at least one first and/or second datum provided.
  • the present application also relates to a computer program comprising instructions for the implementation of the various embodiments of the above method, when the computer program is executed by a processor, and a recording medium readable by a electronic device and on which the computer program is stored.
  • the present application relates to a computer program comprising instructions for the implementation, when the computer program is executed by a processor of an electronic device, of a method comprising: a supply, on at least a user interface for outputting from an electronic device, a plurality of data items comprising at least one audio sequence and/or at least one image, at least a first of said provided data items being obtained by altering at least one data item associated with a user account; receiving a designation via at least one input user interface of at least one of said provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated piece of data and said at least one piece of data associated with said user account.
  • the present application relates to a computer program comprising instructions for the implementation, when the computer program is executed by a processor of an electronic device, of a method comprising: a supply, on at least a user interface for outputting from said electronic device, a plurality of data comprising at least one audio sequence and/or at least one image, said plurality of data provided comprising at least one first datum and at least one second datum, said at least one first datum provided being obtained by altering at least one third datum associated with a user account, said at least one second datum provided being a datum or a portion of data, unaltered, associated with said user account; receiving a designation via at least one input user interface of at least one of said plurality of supplied data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated datum and said at least one first and/or second datum provided.
  • the present application relates for example to a recording medium readable by a processor of an electronic device and on which is recorded a computer program comprising instructions for the implementation, when the computer program is executed by the processor, of a method comprising: a supply, on at least one output user interface of an electronic device, of a plurality of data comprising at least one audio sequence and/or at least one image, to the at least a first of said provided data being obtained by altering at least one data associated with a user account; receiving a designation via at least one input user interface of at least one of said provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated datum and said at least one datum associated with said user account.
  • the present application relates to a recording medium readable by a processor of an electronic device and on which is recorded a computer program comprising instructions for the implementation, when the computer program is executed by the processor, of a method comprising: supplying, on at least one output user interface of said electronic device, a plurality of data comprising at least one audio sequence and/or at least one image, said plurality of data supplied comprising at least one first datum and at least one second datum, said at least one first datum provided being obtained by altering at least one third datum associated with a user account, said at least one second datum provided being a datum or a portion data, unaltered, associated with said user account; receiving a designation via at least one input user interface of at least one of said plurality of provided data; an authentication of access to said user account from said electronic device according to a proximity between said at least one designated piece of data and said at least one first and/or second piece of data provided.
  • a medium can comprise a storage means, such as a ROM, for example a CD ROM, a microelectronic circuit ROM, and/or a magnetic recording means.
  • a storage means such as a ROM, for example a CD ROM, a microelectronic circuit ROM, and/or a magnetic recording means.
  • Such a storage means can for example be a hard disk, a flash memory, etc.
  • an information medium can be a transmissible medium such as an electrical or optical signal, which can be conveyed via an electrical or optical cable, by radio or by other means.
  • a program according to the invention can in particular be downloaded from an Internet-type network.
  • an information medium may be an integrated circuit in which a program is incorporated, the circuit being adapted to execute or to be used in the execution of any one of the embodiments of the method which is the subject of the present application for patent.
  • an element we mean in the present application for example a reception of this element from a communication network, an acquisition of this element (via for example user interface elements or sensors), a creation of this element by various means of processing such as by copying, encoding, decoding, transformation etc. and/or access to this element from a local or remote storage medium accessible to at least one device implementing, at least partially, this obtaining.
  • FIG. 1 presents a simplified view of a system, cited by way of example, in which at least certain embodiments of the authentication method of the present application can be implemented,
  • FIG 2 presents a simplified view of a device adapted to implement at least certain embodiments of the authentication method of the present application
  • FIG 3 presents an overview of the authentication method of the present application, in some of its embodiments.
  • FIG 4 details some steps of the authentication method of Figure 3, in some of its embodiments
  • FIG 5 presents an example of enrichment of a library (or knowledge base) of elements known by a user to be authenticated and usable by the authentication method of the present application, in some of its embodiments
  • FIG 6 details certain steps of the authentication method of Figure 3, in some of its embodiments
  • the present application aims to offer a simple way of authenticating at least one user by exploiting the capacities of a human brain to remember moments experienced and/or to recognize close beings with whom they have shared such moments.
  • humans generally have an ability to recognize, often very quickly, beings they know (for example close beings) in photos, based for example on facial features, expressions, lived contexts together, etc
  • individuals can also identify known beings or places via an audio sample, for example.
  • the set of beings known (such as public figures or relatives such as friends, family members, colleagues, or even pets) by an individual is specific to that individual.
  • each individual remembers places of life which, as a whole, are specific to him.
  • the present application proposes to use audio and/or visual elements representative of these sets of beings or places specific to an individual to authenticate this individual.
  • an authentication of a user can for example be based on a distinction by this user between audio and/or image(s) elements (or data), considered as known to the user. , from a set of audiovisual elements comprising at least one audio and/or image element, referred to as “virtual”, obtained by altering a known element.
  • the known data can, for example, represent living beings (humans or animals), objects, or places and come from a storage space associated (or even dedicated) to the user.
  • the known data may come from a knowledge base personal to the user such as an audio base, an image and/or video base).
  • the group of users can correspond to a professional group (a project team for example), to a group of friends, neighbors, or to members of a family, an association, a sports club, a company, and/or a community.
  • a professional group a project team for example
  • friends a group of friends
  • neighbors or to members of a family
  • an association a sports club, a company, and/or a community.
  • the known data can belong to the group (a logo of the group for example) or to at least one individual of the group. This may include data from one or more individuals of the group likely to be recognized or at least evaluated (in terms of veracity and/or likelihood) by all members of the group. It may for example be photos of a sports competition taken by one of the members of a sports club, the competition taking place in the premises of the club and/or between the members of the club).
  • FIG. 1 depicts a telecommunications system 100 in which certain embodiments of the invention may be implemented.
  • the system 100 comprises one or more electronic devices, at least some of which can communicate with each other via one or more communication networks, possibly interconnected, such as a local area network or LAN (Local Area Network) and/or a wide area type network, or WAN (Wide Area Network).
  • LAN Local Area Network
  • WAN Wide Area Network
  • the network can comprise a corporate or domestic LAN network and/or a WAN network of the internet or cellular type, GSM - Global System for Mobile Communications, UMTS - Universal Mobile Telecommunications System, Wifi - Wireless, etc.) .
  • the system 100 can also include several electronic devices, such as a terminal (such as a laptop computer 110, a tablet 120, a smartphone 130, or a device 140 restricting access to a material resource (portal, safe etc.), a storage device 150 and/or a server 160, for example an application server, such as an application for supplying or altering audiovisual content. and/or network interconnection (not shown).
  • a terminal such as a laptop computer 110, a tablet 120, a smartphone 130, or a device 140 restricting access to a material resource (portal, safe etc.)
  • a storage device 150 for example an application server, such as an application for supplying or altering audiovisual content.
  • a server 160 for example an application server, such as an application for supplying or altering audiovisual content.
  • network interconnection not shown.
  • Some of these electronic devices can be associated with at least one individual 132 (through, for example, a user account accessible by login), some of the electronic devices 110, 130 possibly be associated with the same user 132.
  • FIG. 2 illustrates a simplified structure of an electronic device 200 adapted to implement the principles of the present application, for example the device 110, 120, 130 or 140 of the system 100 illustrated in FIG. 1. According to the embodiments, it can be a server, and/or a terminal.
  • the device 200 notably comprises at least one memory M 210.
  • the device 200 can notably comprise a buffer memory, a volatile memory, for example of the RAM type (for "Random Access Memory” according to the English terminology), and/or a non-volatile memory. volatile (for example of the ROM type (for "Read Only Memory” according to the English terminology).
  • the device 200 can also comprise a processing unit UT 220, equipped for example with at least one processor P 222, and controlled by a program computer Pg 212 stored in memory M 210. On initialization, the code instructions of the computer program Pg are for example loaded into a RAM memory before being executed by the processor P.
  • the at least one processor P 222 of the processing unit UT 220 can in particular implement, individually or collectively, any of the embodiments of the method of the present application (described in particular in relation to FIG. 3), according to the instructions of the computer program Pg 212.
  • the device can also comprise, or be coupled to, at least one I/O input/output module 230, such as a communication module, allowing for example the device 200 to communicate with other devices of the system 100, via wired or wireless communication interfaces, and/or such as an interfacing module with a user of the device (also called more simply in this application “user interface”).
  • user interface of the device is meant, for example, an interface integrated into the device 200, or part of a third-party device coupled to this device by wired or wireless communication means. For example, it may be a secondary screen of the device or a set of loudspeakers connected by wireless technology to the device.
  • a user interface can in particular be a so-called “output” user interface, suitable for rendering (or for controlling a rendering) of at least one output element of a computer application used by the device 200, for example an application executing at least partially on the device 200 or an "online” application executing at least partially remotely, for example on the server 140 of the system 100.
  • “according to the English terminology) on at least one user interface in any form, for example comprising a textual component, an audio component, an image component, and/or a video component, or a combination of such components.
  • Examples of output user interface of the device include one or more screens, in particular at least one graphic screen (touchscreen for example), one or more loudspeakers, a connected headset.
  • a user interface can be a so-called “input” user interface, suitable for acquiring information from a user of the device 200. It can be in particular information intended for an application computer accessible via the device 200, for example an application running at least partially on the device 200 or an "online" application running at least partially remotely, for example on the server 140 of the system 100.
  • the input user interface of the device 200 includes a sensor, an audio and/or video acquisition means (microphone, camera (webcam) for example), a keyboard, a mouse.
  • the at least one microprocessor of the device 200 can for example be adapted for: a supply, on at least one output user interface of an electronic device, of a plurality of data comprising at least one sequence audio and/or at least one image, at least a first of the provided data being obtained by altering at least one data associated with a user account; receiving a designation via at least one input user interface of at least one of the provided data; an authentication of access to said user account from the electronic device according to a proximity between the at least one designated datum and the at least one datum associated with the user account.
  • the at least one microprocessor of the device 200 can for example be adapted for: a supply, on at least one output user interface of the electronic device, of a plurality of data comprising at least one audio sequence and /or at least one image, the plurality of data provided comprising at least one first data item and at least one second data item, the at least one first data item provided being obtained by altering at least one third data item associated with an account user, the at least one second datum provided being a datum or a portion of data, unaltered, associated with said user account; receiving a designation via at least one input user interface of at least one of said plurality of provided data; an authentication of access to the user account from the electronic device according to a proximity between the at least one designated datum and the at least one first and/or second datum provided.
  • Some of the above input-output modules are optional and may therefore be absent from device 200 in some embodiments.
  • the method can also be implemented locally by a device, when it uses a library of personal elements stored on a storage medium local to the device for example.
  • the method can be implemented in a distributed fashion (for example between at least two devices 110, 120, 130, 140, 150 and/or 160 of the system 100).
  • module or the term “component” or “element” of the device here means a hardware element, in particular wired, or a software element, or a combination of at least one hardware element and at least one software item.
  • the method according to the invention can therefore be implemented in various ways, in particular in wired form and/or in software form.
  • FIG. 3 illustrates some embodiments of the authentication method 300 of the present application.
  • the method 300 can for example be implemented by the electronic device 200 illustrated in FIG. 2.
  • the authentication process can in particular be implemented to secure access to an electronic, software or hardware resource, or to a physical resource (such as a place with restricted access).
  • the authentication method can be implemented systematically, on entry of a user identifier for example, or conditionally, for example following a configuration of the electronic device by a user to favor such authentication. , or in addition to another authentication mechanism (by entering a password for example), as in the case of forgetting passwords.
  • the method 300 comprises obtaining 310 a riddle to be solved in connection with data associated with the user account to be authenticated (for example elements that are personal and/or known to a person to whom this account is assigned user).
  • a riddle may correspond to a statement (in other words, a request or a scenario), for example a question, relating (or applicable) in particular to at least one piece of data associated with the user account. Access authentication is based on the response to the request.
  • the statement may also be linked to other data (for example virtual data) than that (s) associated with the user account.
  • the statement of a riddle can be a text passage such as (“Point to the photograph that corresponds to one of your contacts” or “One of the photographs presented has been retouched. You must point to this photograph” ).
  • Obtaining 310 a riddle may include a step 312 of selecting a statement. This step is optional. Thus, in some embodiments, only a single statement may be provided, which may apply to various data. In other embodiments, several different utterances may be possible. These can for example be chosen in a configuration file between N statements (where N is a strictly positive integer) randomly and/or via a selection by a user or automatically. Statements can also be constructed based on parameters in a configuration file. The configuration file can possibly be writable by a user once authenticated, or by an administrator.
  • the data associated with the user account can, in certain embodiments, be obtained from a library (or knowledge base) dedicated to the user account to be authenticated.
  • This dedicated library may for example have been built and/or enriched prior to obtaining 310 an enigma.
  • the dedicated knowledge base 540 may have been built and/or enriched during prior learning 500 (not illustrated in FIG. 3).
  • the prior learning 500 can comprise for example a collection 510 of data (photographs in the example illustrated) from at least one other storage space associated with the user account. It may be a local storage space and/or a remote storage space (for example an online storage space (“cloud” type according to English terminology), such as an online storage space linked to a social network). Learning 500 may include filtering 520 of the collected data. Indeed, these data are intended to be returned on a user interface and therefore to be potentially accessible to a third party. For example, as illustrated in FIG. 5, a permission 522 to use collected data can be obtained via a user interface. In other embodiments, the filtering 520 can be based on an application of configurable rules.
  • filtering can make it possible not to retain, in the collected data, data considered as personal or confidential.
  • the filtering 520 can be performed at least partially automatically, by applying filtering rules, such as the rejection of collected data representing naked characters, festive atmospheres, or children, or data associated (by metadata for example) with key word (eg, "personal”, “confidential”, “private”, “private”, etc.) indicative of an excessively personal or confidential nature of a piece of data.
  • the learning can also include an identification 530 of a content element represented on and/or by collected data. It can be a face or a voice of a person, that contains a collected data. In the same way, it can be a form or a sound identifiable as relating to an object and/or a place.
  • This identification can be done “manually” by questioning a user or automatically. For example, in certain embodiments, the identification can use at least one annotation or at least one metadata associated with the collected data. In some embodiments, the identification may highlight implementation of modules for detecting faces, and/or for classifying images and/or audio samples (for example at least one neural network trained for this purpose). According to the embodiments, the learning 500 can be executed one or more times to enrich and improve the knowledge base 540.
  • the learning 500 can also comprise an evaluation of a knowledge by the user of an identified content element. This involves evaluating, for example, whether a contact of the user is a relative In certain embodiments, this knowledge can for example be evaluated by taking into account a number of identifications of the same element of content (such as a face of the contact) in data of the knowledge base.
  • this knowledge can be evaluated by taking into account a frequency of appearance of the content element in the data of the knowledge base.
  • the knowledge of a datum can be evaluated by taking into account a history of access to this datum. Indeed, we can expect that a user who frequently reads audio or image data knows this data better than data that is rarely played back.
  • the obtaining 310 of a riddle to be solved in connection with data associated with the user account to be authenticated comprises obtaining 314 of at least one piece of data associated with the user account to be authenticated, for example from the knowledge base introduced above in connection with figure 5.
  • Obtaining 314 data associated with the user account from the knowledge base may include selecting the associated data. This may be, according to the embodiments, a random selection for example, or taking into account at least one criterion, for example knowledge by the user of a datum (taking into account a number or frequency of appearance of the content elements represented by the data in the knowledge base or a history of access to this data, for example). Account can also be taken of a history of use, by the authentication method 300, of the associated datum. Indeed, favoring data that has not been recently used by the authentication process can help protect against attacks from a third party that may memorizing the choices of a user during previous authentications in the presence of this third party. In certain embodiments, the selection can also take account of the characteristics of the content elements, so as to select only certain content elements (faces or heads of animals for example).
  • obtaining 310 a riddle can also include obtaining 316 virtual data, obtained by altering data associated with the user account.
  • the virtual data may for example have been generated prior to the implementation of the authentication process and be stored in a dedicated library, in association for example with the altered data.
  • it may be virtual data created during a previous implementation of the authentication method and/or during an initialization phase, comprising for example a creation of a set of virtual items for later use.
  • At least one virtual datum can also be generated on the fly from one of the data associated with the user account obtained 314 during the implementation of the authentication method.
  • the method can comprise a storage of the at least one virtual datum generated, in association for example with the datum of which it is the alteration.
  • the alteration made to a data item may vary. For example, it may be a modification of an element contained in data associated with the user account.
  • certain embodiments can implement at least one person detection and/or face modification algorithm (to act for example on certain parameters allowing aging and/or rejuvenation of a face, or even, to obtain a face by crossing features of several different faces.
  • the alterations can be obtained by an artificial intelligence module, so as to have plausible virtual data that is sufficiently close to the real photographs to make it difficult for a third party to distinguish the two kinds of photographs.
  • the face can be achieved by using different types of style features of different faces.
  • the face can use general style characteristics ("Coarse style” according to the English terminology) of a first face, “middle” style characteristics ("Middle style” according to the English terminology), and “fine”("Finestyle” according to the English terminology) of a third face, for example characteristics obtained via convolution matrices of a neural network (for example a matrix of dimension 4 2 to 16 2 for the characteristics general style, dimension 16 2 to 32 2 for “medium” style features and dimension 64 2 to 1024 2 for “fine” style features.
  • the process includes a rendering 320 of the puzzle to be solved
  • photographs are rendered (rendered) on a screen coupled to the device 200, at least a first, of the presented photographs being a known photograph, or part of a known photograph, obtained 314 from a knowledge base constructed at from a library of photographs of the user, and at least one second of the photographs presented being a "virtual" photograph, not belonging to a library of photographs of the user.
  • the "virtual" photograph may correspond to an element (scene, object or character) that does not exist in the real world (and obtained by alteration as explained above). Certain photographs of element(s) existing in the real mode but not belonging to the user's knowledge base can also be restored. At least one of the returned virtual photographs may have been obtained by altering a known photograph present in the returned set of photographs.
  • Rendering 320 of the puzzle also includes rendering its utterance on a user interface of the electronic device (vocally, textually, or graphically). It is for the user, to authenticate himself, to enter a correct answer to the statement of the enigma.
  • the user must designate at least one photograph that he knows from among the returned photographs (thanks to his memories, and/or his knowledge of the context of the returned personal photographs or of the places and/or characters represented on the personal photographs returned).
  • FIG. 6 illustrates certain steps 314, 316, 320, 340 of the method 300 already described above in connection with FIG. 3 in at least one embodiment leading to rendering 320 of photographs (all of the steps of the method 300 n not being illustrated for the sake of simplicity).
  • obtaining an enigma to be solved comprises obtaining 314 at least one photograph of a knowledge base obtained for example via learning 500, as detailed above.
  • Obtaining 314 at least one photograph may comprise, according to FIG. 6, an automatic selection 3142 of a content item (a face in the detailed example) of the knowledge base.
  • this selection 3142 can take into account a frequency of appearance of the content element in the knowledge base and the characteristics of the content element.
  • selection 3142 may implement face detection in the knowledge base photographs and/or content items, so as to select only faces.
  • the method 300 includes obtaining 316 at least one virtual datum. In the example of FIG.
  • the virtual datum to be obtained is a photograph obtained by altering the photograph of the face selected from the knowledge base and the obtaining 316 of this photograph comprises an application 3162 of an algorithm for modifying face morphology (“Face Morphing” according to the English terminology) so as to slightly deform or modify at least part of the face selected in the knowledge base.
  • Face Morphing Face Morphing
  • the obtaining 316 also includes a verification 3164 of the consistency of the face resulting from the alteration.
  • the face morphology modification algorithm can be applied one or more times, for example until the result is plausible.
  • the method 300 then includes a rendering of the puzzle to be solved.
  • the rendering of two photographs may include a first photograph of a contact of the user (a child in this example) obtained 314 from the knowledge base, and a second photograph, virtual, obtained by retouching at least one element present in this personal photograph.
  • the shape of the child's nose has been modified.
  • FIG. 4 illustrates some embodiments of the authentication method 300 of the present application, with another puzzle to solve. (To facilitate reading, the reference numerals of FIG. 3 are used for the corresponding steps already introduced above).
  • FIG. 4 illustrates certain steps 314, 316, 320, 340 of the method 300 already described in at least one embodiment leading to rendering 320 of photographs (or part of photographs). All of the steps of the method 300 are not illustrated for the sake of simplicity.
  • obtaining an enigma to be solved includes obtaining 314 at least one photograph or part of a photograph from the knowledge base 540 obtained via learning 500, as detailed above.
  • Obtaining 314 of at least one photograph can comprise, according to FIG. 4, an automatic selection 3144 of a content element of the knowledge base.
  • this selection 3144 can take into account a frequency of appearance of the content element in the knowledge base and the characteristics of the content element, so as to select only in the example illustrated photographs comprising a landscape in the background and, in the foreground, at least one character having at least one apparent particular characteristic, such as an apparent face.
  • the selection 3144 can in particular implement face detection or other content elements (such as particular objects) in the photographs of the knowledge base.
  • the method may further comprise a selection of a portion of the selected photograph, for example an apparent part (such as a face) of at least one character of the selected photograph.
  • the method 300 includes obtaining 316 at least one virtual datum.
  • one of the virtual data to be obtained is a photograph obtained by altering the face photograph selected from the knowledge base.
  • the virtual photograph was obtained by deleting or obscuring a portion of at least one character from the selected knowledge base photograph.
  • the method further comprises obtaining 3166 at least one portion of the photograph likely to be plausibly integrated into the deleted and/or concealed part of the virtual photograph, by its form and its content for example, and possibly after a change in direction or angle of view.
  • the method can for example comprise a search, via face detection means and an artificial intelligence module for example, of photographs comprising faces resembling the concealed face.
  • these photographs can be searched in the knowledge base or in an image base.
  • these photographs may be virtual photographs, generated by image synthesis from different real photographs.
  • the method may include a modification 3168 of the portions of photographs to make them suitable for editing with the altered photograph, in the area masked or concealed.
  • the modification may, for example, relate to a clipping of the virtual portion, an application of a fade to the periphery of the portion so that it blends with the altered photograph, a change in color and/or size, and/ or a change in orientation or camera angle.
  • the method 300 then includes a rendering of the puzzle to be solved.
  • the rendering of the virtual photograph may include an occluded area, as well as several portions of the photograph, one of which corresponds to the part of the known photograph occluded in the rendered altered photograph.
  • the statement of the riddle requires a designation of the portion actually occulted in the restored altered photograph (or alternatively a designation of the portions which are not this occulted part). If the user to be authenticated took the shot, and/or was present when the shot was taken, and/or knows the partially deleted and/or obscured character or at least one of the other characters possibly present in the photograph, he will find it easier to identify the deleted and/or concealed portion than a third party.
  • the method includes obtaining 330 a rendered puzzle answer via an input interface of device 200.
  • the user is authenticated 340 and access is authorized (unlocked for example).
  • the puzzles can of course vary according to the embodiments.
  • a puzzle For a first example of a puzzle, several photographs of known and unknown people are offered to a user. He is asked to designate the people who are part of his contacts (or conversely those who are not part of it). If the user manages to recognize all his contacts correctly (or conversely to identify those who are not part of it), access to the user account is unlocked.
  • a second example of a puzzle several photographs representing the same face are offered to a user, the face being slightly modified in certain photographs (eye color, hair, shape of the nose, ears, etc.). The user is asked to distinguish the original faces from the retouched faces.
  • a third example of a puzzle several photographs of the same scene are proposed, certain photographs having been obtained by altering the background of a personal photograph of a user, the request of the puzzle being to distinguish the original photographs retouched photographs.
  • new riddle when the answer does not correspond to the expected answer, a new riddle is proposed to the user.
  • new riddle we mean a riddle with a statement and/or data different from the statement and/or data of the riddle for which an answer was expected.
  • Some embodiments can tolerate several erroneous answers to a riddle before proposing a new riddle, and/or block the user account after several erroneous answers to several riddles, or even condition the authentication on the resolution of several riddles.
  • the method 500 for learning a knowledge base 540 has been described above in connection with the method 300 for authentication of at least one user.
  • the learning method 500 of a knowledge base can be implemented independently of the method 300 above.
  • the learning method can be implemented to constitute and/or enrich a knowledge base used for a recommendation of audio content and/or images to a user, for example a proposal for an audio memory album and/or or pictures.
  • the present application also relates to an electronic device suitable for implementing the learning method of the present application in any one of its embodiments as well as a computer program comprising instructions for the implementation of the various embodiments of the above learning method, when the computer program is executed by a processor, and a recording medium readable by an electronic device and on which the computer program is recorded.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
EP22712986.3A 2021-03-16 2022-03-15 Authentifizierungsverfahren und entsprechende elektronische vorrichtung, computerprogrammprodukt und medium Pending EP4309060A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR2102589A FR3120958A1 (fr) 2021-03-16 2021-03-16 Procédé d’authentification, dispositif électronique, produit programme d’ordinateur et support correspondants
PCT/FR2022/050460 WO2022195213A1 (fr) 2021-03-16 2022-03-15 Procede d'authentification, dispositif electronique, produit programme d'ordinateur et support correspondants

Publications (1)

Publication Number Publication Date
EP4309060A1 true EP4309060A1 (de) 2024-01-24

Family

ID=77913140

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22712986.3A Pending EP4309060A1 (de) 2021-03-16 2022-03-15 Authentifizierungsverfahren und entsprechende elektronische vorrichtung, computerprogrammprodukt und medium

Country Status (4)

Country Link
US (1) US20240152595A1 (de)
EP (1) EP4309060A1 (de)
FR (1) FR3120958A1 (de)
WO (1) WO2022195213A1 (de)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7174462B2 (en) * 2002-11-12 2007-02-06 Intel Corporation Method of authentication using familiar photographs
US8726355B2 (en) * 2008-06-24 2014-05-13 Gary Stephen Shuster Identity verification via selection of sensible output from recorded digital data

Also Published As

Publication number Publication date
FR3120958A1 (fr) 2022-09-23
US20240152595A1 (en) 2024-05-09
WO2022195213A1 (fr) 2022-09-22

Similar Documents

Publication Publication Date Title
US11393209B2 (en) Generating a video segment of an action from a video
US12038964B2 (en) Behavioral curation of media assets
Botha et al. Fake news and deepfakes: A dangerous threat for 21st century information security
RU2408067C2 (ru) Идентификация медиаданных
CA2957774C (fr) Procede de securisation et de verification d'un document
CN105407261A (zh) 图像处理装置、方法以及电子设备
EP0619660A1 (de) Verfahren zur Dateiunterschrift und Einrichtung für seine Durchführung
CN103905904A (zh) 播放多媒体文件的方法及装置
US11270119B2 (en) Video privacy using machine learning
Heimo et al. Augmented reality-Towards an ethical fantasy?
US20190034536A1 (en) Cue data model implementation for adaptive presentation of collaborative recollections of memories
US20180039854A1 (en) Personalized image collections
US9081801B2 (en) Metadata supersets for matching images
WO2021250564A1 (en) Method for accessing multimedia content
WO2016188304A1 (zh) 拍照的方法及装置
EP4309060A1 (de) Authentifizierungsverfahren und entsprechende elektronische vorrichtung, computerprogrammprodukt und medium
Kulvicki Recording and Representing, Analog and Digital
Sun Security and Privacy Solutions for Camera and Camera Based Authentication
Caldwell Framing digital image credibility: image manipulation problems, perceptions and solutions
Xiao et al. " My face, my rules": Enabling Personalized Protection Against Unacceptable Face Editing
FR3136082A1 (fr) Procédé de gestion de la restitution d’au moins un contenu par un terminal, terminal et programme d’ordinateur correspondants.
US20220109995A1 (en) Generation and implementation of distinctive event based cryptographic token via machine recognized event
Lancaster Cinema raw: shooting and color grading with the Ikonoskop, Digital Bolex, and Blackmagic Cinema cameras
FR3053557A1 (fr) Procede de stockage d'un contenu multimedia, procede de lecture associe et procede de gestion d'un espace de stockage contenant un tel contenu
KR20240127310A (ko) 식별 코드 기반의 고인 추모 콘텐츠를 제작 및 제공하는 방법, 장치 및 시스템

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230907

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)