EP4338371A1 - Method and system for identity verification in a telecommunication network and a verification service - Google Patents
Method and system for identity verification in a telecommunication network and a verification serviceInfo
- Publication number
- EP4338371A1 EP4338371A1 EP21831079.5A EP21831079A EP4338371A1 EP 4338371 A1 EP4338371 A1 EP 4338371A1 EP 21831079 A EP21831079 A EP 21831079A EP 4338371 A1 EP4338371 A1 EP 4338371A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- user device
- verification
- service
- confirmation message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 128
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000012790 confirmation Methods 0.000 claims abstract description 63
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002747 voluntary effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Abstract
The method of the invention for identity verification takes place in a telecommunication network, wherein at least one user device (1, 7) is used in connection with accessing an event. In the method, an identity number is presented by a user as requested by a second party for the access to the event. The second party is linked to a verification service (4) to which the information of the identity number is forwarded from a first computer other than or same as the user device. The verification service (4) then matches the identity number with contact information to a user device (1, 7) of the user and sends a confirmation message request to some user device (1, 7) of the user by means of the contact information. The user sends the requested confirmation message from the user device (1, 7) to the verification service (4) as a reply message to the confirmation message request. Thereafter, the verification service (4) requests a code on the first computer other than or same as the user device to be entered in by the user. When the verification service receives the code entered by the user, matching the code with the identity number of the user is performed by the verification service, and the second party is informed if the code was correct. The second party can the provide access to the event for the user. The invention is also concerned with said verification service (4) and a system comprising said verification service and at least one user device.
Description
METHOD AND SYSTEM FOR IDENTITY VERIFICATION IN A TELECOMMUNICATION
NETWORK AND A VERIFICATION SERVICE
TECHNICAL FIELD
The invention is concerned with a method and system of identity verification in a telecommunication network and a verification service to be used therein.
BACKGROUND
Personally identifiable information generally includes a person's name, e-mail address, and/or phone number, identifying or identity number, such as a social security number, date of birth, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's resources, such as financial resources.
Identification, simply defined, is claiming to be someone, i.e. the process of someone claiming to be a specific person. As indicated above, persons can identify themselves by the above personally identifiable information, or in particular by showing up an identification document that has his/her picture and personal information. A driver’s license or a passport are examples of such identification documents.
The social security number is generally for identifying persons in the public sector, such as different authority and government registers and in communication between those but also the private sector, such as banks, insurance companies, and health service providers, might need the social security number to ensure that data is registered for the right person for sure. Often, however, the mere name is used.
Users identify themselves by providing such personally identifiable information on a web form for example, especially when it comes to online transactions or when they purchase an article online by additionally entering a credit card number and other credit card details
and a billing address. Some service, providers, especially banks, may also require providing a social security number.
If using a process of identification alone, as long as a person has the credit card holder's information associated with the credit card or other form of identification, the information is usually accepted as is. A business requiring identification alone usually have no reason to doubt that the person is whom they claim to be despite having not independently verified the information as truthful. For low-stakes transactions and in a business where there is no need to doubt your consumers or users, the identification process alone might work, like getting into a sporting event, having someone declare identity without actually confirming or verifying it, may suffice.
In the age of identity theft, however, one can not be sure that the person interacting with is the person they are claiming to be. Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. For example, goods and services might be ordered in the name of the victim for the identity theft and even bank accounts might be emptied. Other usual criminal acts are taking quickie loans and subscriptions in another person's name.
Identity-related frauds are on the rise and it is advisable not to rely on identification alone. Therefore, for most online-transactions, identification alone is rarely adequate.
Verification is performed for ensuring that a person really is the one he is claiming to be and consequently, verification is an important step.
Verification, traditionally, is verifying the person to be as claimed to be by validating his official documents. Verification is done digitally in two main ways, either by comparing user-submitted identity data such as name, date of birth and phone number to third-party data sources or by examining an identity document such as an ID card or driver’s license to make sure it is valid.
Establishing a trustworthy link between who someone claims to be and who they really are requires an identity verification process to be embedded into e.g. a transaction process, onboarding or account opening process.
The process usually starts with the verification of a government-issued ID document by some known technology in order to confirm whether the ID document is valid. Although ID verification is essential for all types of businesses, verification of customers’ and clients’ identities are necessary within financial services, online marketplace, travel, insurance, and real estate business.
Verifying someone's identity to a high degree or certainty, however, takes much effort with existing methods. At a time when service providers want to provide a frictionless onboarding process, some may just require a low barrier to entry to make it as easy as possible for consumers. They might ask only a name, an e-mail address, a user name, and a password, and maybe a phone number even if verification is recommendable.
Therefore, more and more businesses are looking for a more user-friendly and professional identity verification service. Small companies for example might not have the resources to maintain heavy systems for identity verification or to rely on security systems produced by commercial service providers. Serious risk not always known are therefore associated when small traditional companies are going over to network business on-line.
Examples of prior art requiring heavy systems are disclosed in US patent application 2020/0092107A1 . Other related prior art is known from US patent applications 2013/0007849A1 , US 2019/0199698A1 , and WO publication 2015/057248A1 .
OBJECT OF THE INVENTION
The object of the invention is to provide a verification service for versatile use enabling identity information to be easily verified without much effort and in a user-friendly way.
SUMMARY OF THE INVENTION
The method of the invention for identity verification takes place in a telecommunication network, wherein at least one user device is used in connection with accessing an event. In the method, an identity number is presented by a user as requested by a second party
for the access to the event. The second party is linked to a verification service to which the information of the identity number is forwarded from a first computer other than or same as the user device. The verification service then matches the identity number with contact information to a user device of the user and sends a confirmation message request to some user device of the user by means of the contact information. The user sends the requested confirmation message from the user device to the verification service as a reply message to the confirmation message request. Thereafter, the verification service requests a code on the first computer other than or same as the user device to be entered in by the user. When the verification service receives the code entered by the user, matching the code with the identity number of the user is performed by the verification service, and the second party is informed if the code was correct. The second party can the provide access to the event for the user.
The event can be a transaction process in a service provided by a service provider as said second party. In that case, the identity number is presented by a user as requested by the service provider for access to the transaction process by entering it on the user interface of the service on the first computer or on the user device.
The event can also consist in e.g. verification of an identification document of a user to be performed by a requesting party as said second party. In that case, the identity number is presented by a user by showing it as a part of an identification card as requested by said second party. Such an identification document can e.g. be a passport, and identity card, a driving license, a debit card, or a credit card.
The identity number can be the social security number of a person.
The user device to which the confirmation request message is sent can be the first computer or it can be other than the first computer, whereby the first computer is a first user device and the user device other than the first computer is a second user device.
The contact information can be an e-mail address to a user device of the user, whereby the confirmation message request, and the confirmation message sent as a reply to that are e-mails.
The contact information can also be a telephone number to a telephone of the user, the telephone constituting the second user device, whereby the confirmation message
request and the confirmation message sent as a reply to that are Short Message Service, SMS, text messages.
The verification service of the invention is used in a telecommunication network for identity verification. It comprises a database of registered users, the register storing combined data of an identity number, a code, and contact information for each registered user. It further comprises a computer program product comprising instructions which when executed perform the steps when run by an application in a first computer or as software in a second computer. The steps consist in receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to a user device of the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in by the user, receiving the code entered by the user, matching the code with the identity number of the user, and informing the second party if the code was correct.
The system of the invention for identity verification in a telecommunication network comprises the verification service of the invention. It also comprises a first computer communicating with the verification service by forwarding identity information of a user and receiving information of the verification of the identity information of the user. The first computer can be a user device, or the system comprises a further user device communicating with the verification service at least by receiving a confirmation message request from the verification service and sending a confirmation message as a reply to said confirmation message request.
The first computer is connected to the Internet, and can be a personal Computer (PC), a laptop, a tablet, or a smart phone being a user device for accessing services from a service provider or it can be an authority device or a general access device with a reader for e.g. reading identification cards, credit cards.
A further user device can be a telephone for receiving the confirmation message request from the verification service and for sending the confirmation message as a reply to said confirmation message request as Short Message Service, SMS, text messages.
The confirmation message request from the verification service and the confirmation message sent as a reply to said confirmation message request can also be e-mails, when
the user device is the same device as the first computer, or other user device capable for communicating per e-mail, such as a personal Computer (PC), a laptop, a tablet, or a smart phone.
The identity verification of the invention can be applied in all situations, where an identity number such as a social security number needs to be verified, even for verification of an identity of a person in situations, wherein the identity primarily is ensured by a person showing a passport, an identity card or the like. In contrary to known solutions, the identity verification of the invention is not service provider bound since it is primarily meant for private users to be used in all these situations wherein verification is needed.
The invention for verification of identities is especially meant for preventing misuse of a person’ identity at use of transactions, purchases, and other services, taking place via the internet , such as at processes at online stores, credit applications, car purchases, moving notifications and corresponding notifications of change of residence, ordering of goods, payment transactions and all other such commercial situations. The invention is for example expected to especially decrease fraud at moving notifications and quickie loans.
The invention can also be used at verification of identities in connection with the presentation and use of identity documents, such a passport and ID-cards, and in connection with the use of debit and credit cards at e.g. shops, restaurants, barbers, hairstylists, cash withdrawals from automates, cash desks and cashiers.
A service provider by a service provider can have functionality to be linked to a verification service that itself is inventive.
The verification service is used by users voluntary and independently from external parties, but it would be recommendable to involve service providers and to require the use of such a verification service. A service provider could be required to use the verification service and to check whether a person requiring access to a service requires use of the verification service in question. If that is the case, the identity number of the user needs to be verified by the verification service in accordance with the method of the invention and in case the verification is not successful, access to the service is denied.
In the invention, when an identity number, such as a social security number, of a person that is registered for the verification service is used .e.g. as an input of that to a service
provider, a notification is always sent in real-time to its owner with a text message, such as a Short Message Service (SMS) message, or by e-mail, or the both, when someone is using or trying to use the identity number and the owner has to confirm that the use of it is accepted at that moment in real-time.
If misuse of the identity number is suspected, the identity number can in some embodiments of the invention be excluded from use by means of the verification service, for an indefinite duration or temporarily for a defined time, such as for some hours, for example for a sufficient time until the security code has been changed.
The invention provides an efficient protection against misuse of personal data, against money losses and other property and a lot of extra work, pain and regret when such incidents occur.
At the use of credit and debit cards, the function of the use of a code could be omitted and a mere confirmation message to some user device of an ongoing use of the credit card would be enough in some cases in practice.
In the following, the invention is illustrated by means of some useful embodiments of the invention by referring to figures. The invention is not restricted to the details of these embodiments.
FIGURES
Figure 1 is an architecture view of a system, wherein one embodiment of the invention can be applied.
Figure 2 is a signal diagram of a first embodiment of the invention in connection with the use of services through a public network
Figure 3 is a signal diagram of a second embodiment of the invention in connection with the verification of a person’s identity document
DETAILED DESCRIPTION
Figure 1 is an architecture view of a system, wherein one embodiment of the invention can be applied.
A user has a user device 1 , such as a PC, Ipad or laptop or a smart phone, is connected to the Internet 2 and can use services provided by a service provider 3 that provides services through the Internet 2. This user device 1 is the first computer in the invention.
The user has registered himself to a verification service 4 meaning that, the identity number, such as the social security number can not be used for services or identification unless it is verified in a way required by and though the verification service 4. The verification service 4 has a database 8 with registered users that match user identity information with security codes and contact information to the user. The registered users can e.g. be private persons, or companies, like service providers. For users that are service providers or companies or the like, a business identity code can be used as identity information. For private persons, the identity information usually consists of an identity number, such as the social security number.
In this example, also the service provider 4 is registered to the verification service. The service provider 4 is either committed to use the verification service 4 or has decided to use the verification service for verification of identities, or it uses the verification service for such customer that has registered for the verification service.
For that purpose, the service provider 4 has an identity verification function 5 working as a link to the verification service 4 in order to perform the functionality of the verification service 4 that either is hosted in a separate server or in an application in the server of the service provider 4.
The user can have a second user device 7, which can be a telephone that communicates via the Global System for Mobile Communications (GSM) network 6 by voice calls or Short Message Service (SMS) messages. If it e.g. is a smart phone, it can also usually communicate via the Internet and send and receive e-mails. The user might access services provided by the service provider from either one of his user devices 1 , 7.
Private users, who are registered to the verification service 4 receive confirmation request messages to either one or both of their user devices 1 , 7 in real-time when their identity number is used.
Figure 2 is a signal diagram of a first embodiment of the invention in connection with the use of services through a public network.
The invention can be used in connection with a transaction process wherein a user requests use of a service provided by a service provider on-line in a public network like the Internet from a first user device. The service might consist of ordering an article to be paid.
The transaction processes are usually managed by transaction processing systems that perform routine transactions necessary to conduct a business in question. Examples include systems that manage sales order entry, airline reservations, payroll, employee records, manufacturing, and shipping. The transaction processes especially useful to be used with the invention are interactive and concerned with online transaction processing. A Service Provider (SP) provides services, such as sells articles or services through e.g. the internet. It can be an Internet service provider (ISP) that provides services for accessing, using, or participating in the Internet.
This service request for accessing a service from a service provider through the Internet constituting the first step 1 is made by the user form a first computer being the first user device in this example is indicated by arrow 1 .
Upon receiving the request, the service provider replies in step 2 with asking identity information of the user on the user interface of the service provided suitably on the web page of the service provider on the first computer being here the first user device. The identity information asked usually consists of the name, address, telephone number, e- mail address and the social security number of the user. This second step is indicated by arrow 2 in figure 2.
After that the user has, as a third step 3, indicated by arrow 3, entered the information requested in step 2, the information is automatically sent to a verification service. In case the identity number as entered by the user belong to a person, who is registered for the verification service, the verification service matches the identity number with contact information of the user in step 4 by using the database for fetching data (indicated by arrows not numbered) and sends a confirmation request message in signal 5 to the second user device as Short Message Service (SMS) text message. Alternatively, or in addition, the confirmation request message could have been sent to the first and/or second user device as e-mails.
A confirmation message is sent in signal 6 as a reply message from the user device, in which the user confirms that he is the one trying to access the service provided by the service provider.
When the confirmation message has been received by the verification service, the verification service next requests in step 7 on the user device (or on some user device) to enter a security code. Usually the code is requested and entered on the interface of the first user device, usually being a laptop, tablet, like an Ipad, or a PC or it can be a smart phone or a telephone. But it can also be requested and entered by SMS on a second user device that is a telephone, especially in cases wherein ID cards a or credit or debit cards are used.
When the user has entered the requested code in step 8, the verification service matches in step 9 the code with the identity information given in step 3.
If the code was correct, the verification service informs the service provider in step 10 of the successful verification of the identity information of the user, and the service provider can give the user access to the service in step 1 1 .
Figure 3 is a signal diagram of a second embodiment of the invention in connection with the verification of a person’s identity document.
It is assumed that a user has to identify himself by means of some identification document for example with a passport at e.g. a passport control. The identity number is a part of an identification card. In this case the invention is useful for verification of the identity number of the identification document when a user presents it in a step 1 .
The person checking the identification card, such as an authority person, accesses in step 2 a verification service to be presented on a user interface in a computer held by the authority person being the first computer. For that the authority device has to be in contact with the verification service in a server or application holding the verification service. This is indicated by arrows (not numbered).
The identity number of the person of the identification card is entered in step 3 in a field presented by the verification service on the user interface of the verification service on the first computer.
After that the identity number has been entered by the user or preferably the authority person and received by the verification service in step 3, the verification service matches the identity number with contact information of the user in step 4. For that purpose, the verification service has a database to fetch the information from, which is indicated by arrows (not numbered).
The verification service then sends a confirmation request message in signal 5 to a user device, preferably as a Short Message Service (SMS) text message so that the user can verify that he is the person accessing the service. Alternatively, or in addition, the confirmation request message could have been sent as an e-mail if the user device has e-mail capability and connection. Preferably, however, the confirmation messages take place by SMS through the Global System for Mobile communications (GSM) network to a telephone used by the user as a user device.
A confirmation message is sent in signal 6 as a reply message from the user device, in which the user confirms that he is the one trying to access the event constituting in verification of the identification card for example to pass a gate in a passport control .
When the confirmation message has been received by the verification service, the verification service next requests in step 7 the user to enter a code, as a security code, on the user interface of the computer held by the authority person. Like in the embodiment of figure 2, an alternative is that the code is requested and entered on a device by the user, such as a telephone or smart phone of the user.
When the user has entered the requested code in step 8, the verification service matches in step 8 the code with the identity information given in step 1 . For that purpose, the verification service has a database to fetch the information from, which is indicated by arrows (not numbered).
If the code was correct, the verification service informs in step 10 of the successful verification of the identity information of the user on the first computer held by the authority person, who can now accept the identification card in step 1 1 and let the user pass having now identified himself.
In one embodiment, a process similar to that of figure 3 can also be automated so that a user presents the ID card to a device with a reader working e.g. with RFID identification or other technique. The ID card has to be verified to be carried by the right person before e.g. a gate or door opens for the person so that he can pass. The device reads the identity number from the ID car presented by the user and forwards it to a verification service that can be in the form of an application in the device.
The verification service then matches the read identity number and with contact information to a user device of the user.
A confirmation request message is sent to the user device from the device by means of the contact information in real-time, where after a confirmation message is sent as a reply message from the user device.
As in the other embodiments, the verification service then requests a security code to be entered therein.
When the user has entered the requested security code, the verification service matches the code with the read identity number and maybe with contact information to some user
device of the user. As in the other embodiments, the code can be requested and entered on the user device or authority device.
If the code was correct, the gate opens for the user to pass.
Claims
1 . Method of identity verification in a telecommunication network comprising at least one user device (1 , 7) at an event, the method comprising the steps, wherein an identity number is presented by a user as requested by a second party for access to an event, characterized by the second party being linked to a verification service (4) to which the information of the identity number is forwarded automatically from a first computer other than or same as the user device, by means of an identity verification function working as a link to the verification service in order to perform the functionality of the verification service, the verification service (4) having a database (8) with registered users that match user identity information with security codes and contact information to the user, matching the identity number with contact information to a user device (1 , 7) of the user by using the database, and sending a confirmation message request to some user device (1 , 7) of the user by means of the contact information, the user sending the requested confirmation message from the user device (1 , 7) to the verification service (4) as a reply message to the confirmation message request, the verification service (4) requesting a security code on the first computer other than or same as the user device to be entered in by the user, the verification service (4) receiving the security code entered by the user, matching the security code with the identity number of the user, and informing the second party if the security code was correct, and, the second party providing access to the event for the user.
2. Method of claim 1 , wherein the event is a transaction process in a service provided by a service provider (3) as said second party, whereby the identity number is presented by a user as requested by a second party for access to transaction process the by entering it on the user interface of the service on the first computer or on the user device.
3. Method of claim 1 , wherein the event is a verification of an identification document of a user to be performed by a requesting party as said second party, whereby
the identity number is presented by a user by showing it as a part of an identification card as requested by said second party. Method of claim 3, wherein the identification document is a passport, and identity card, a driving license, a debit card, or a credit card. Method of any of claims 1 - 4, wherein the identity number is the social security number. Method of any of claims 1 - 5, wherein the contact information is an e-mail address to a user device (1 , 7) of the user, whereby the confirmation message request, and the confirmation message sent as a reply to that are e-mails. Method of any of claims 1 , 2, 5 or 6, wherein the user device to which the confirmation request message is sent is the first computer. Method of any of claims 1 , 2, 5 or 6, wherein the user device to which the confirmation request message is sent is other than the first computer, whereby the first computer is a first user device and the user device other than the first computer is a second user device. Method of claim 8, wherein the contact information is a telephone number to a telephone of the user, the telephone constituting the second user device (7), whereby the confirmation message request and the confirmation message sent as a reply to that are Short Message Service, SMS, text messages. Verification service (4) in a telecommunication network for identity verification, comprising a database (8) of registered users, the register storing combined data of an identity number, a code, and contact information for each registered user, and a computer program product comprising instructions which when executed perform the following steps when run by an application in a first computer or as software in a second computer:
receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to a user device of the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in by the user, receiving the code entered by the user, matching the code with the identity number of the user, and informing the second party if the code was correct.
1 1 . System for identity verification in a telecommunication network, comprising a a verification service (4) comprising a database (8) of registered users, a part of which are private persons, the register storing for private users a combined data of an identity number, a security code, and contact information for each registered user, a computer program product comprising instructions which when executed perform the following steps when run by an application in a first computer, in a user device or as software in a second computer: receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in, receiving the code entered by the user,
matching the code with the identity number of the user, and informing the second party if the code was correct, the system also comprising a first computer communicating with the verification service by forwarding identity information of a user and receiving information of the verification of the identity information of the user, and the system further comprising a user device, communicating with the verification service at least by receiving a confirmation message request from the verification service and sending a confirmation message as a reply to said confirmation message request, and the system further comprising a second party having an identity verification function working as a link to the verification service.
12. System of claim 1 1 , wherein when the user device (7) is a telephone for receiving the confirmation message request from the verification service and for sending the confirmation message as a reply to said confirmation message request as Short Message Service, SMS, text messages.
13. System of claim 1 1 or 12, wherein the first computer also can be a user device for accessing events provided by a service provider, the verification service being activated upon a service request requiring identification of a user accessing the service.
14. System of claim 1 1 , wherein when the user device is the same device as or other device than the first computer, the confirmation message request from the verification service and the confirmation message sent as a reply to said confirmation message request are e-mails.
15. System of claim 1 1 , wherein when the user device is another device than the first computer, the confirmation message request from the verification service and the
confirmation message sent as a reply to said confirmation message request are e- mails or Short Message Service, SMS, text messages.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FI20206285A FI20206285A (en) | 2020-12-11 | 2020-12-11 | Method and system for identity verification in a telecommunication network and a verification service |
PCT/FI2021/050843 WO2022123112A1 (en) | 2020-12-11 | 2021-12-03 | Method and system for identity verification in a telecommunication network and a verification service |
Publications (1)
Publication Number | Publication Date |
---|---|
EP4338371A1 true EP4338371A1 (en) | 2024-03-20 |
Family
ID=79024720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP21831079.5A Pending EP4338371A1 (en) | 2020-12-11 | 2021-12-03 | Method and system for identity verification in a telecommunication network and a verification service |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP4338371A1 (en) |
FI (1) | FI20206285A (en) |
WO (1) | WO2022123112A1 (en) |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130007849A1 (en) | 2011-05-26 | 2013-01-03 | FonWallet Transaction Soulutions, Inc. | Secure consumer authorization and automated consumer services using an intermediary service |
US9727866B2 (en) | 2013-10-15 | 2017-08-08 | Intuit Inc. | Methods systems and computer program products for verifying consumer identity during transaction |
US9537661B2 (en) * | 2014-02-28 | 2017-01-03 | Verizon Patent And Licensing Inc. | Password-less authentication service |
US20170230368A1 (en) * | 2016-02-10 | 2017-08-10 | Tahir Khan | System and method of logging into a web server |
US10491595B2 (en) * | 2017-07-31 | 2019-11-26 | Airwatch, Llc | Systems and methods for controlling email access |
US11108757B2 (en) | 2017-12-21 | 2021-08-31 | Mastercard International Incorporated | Systems and methods relating to digital identities |
EP3627363A1 (en) | 2018-09-19 | 2020-03-25 | Vocalink Limited | Information processing system, devices and methods |
-
2020
- 2020-12-11 FI FI20206285A patent/FI20206285A/en unknown
-
2021
- 2021-12-03 EP EP21831079.5A patent/EP4338371A1/en active Pending
- 2021-12-03 WO PCT/FI2021/050843 patent/WO2022123112A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2022123112A1 (en) | 2022-06-16 |
FI20206285A1 (en) | 2022-06-12 |
FI20206285A (en) | 2022-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11288676B2 (en) | Private confirmation system | |
US10467624B2 (en) | Mobile devices enabling customer identity validation via central depository | |
US7761384B2 (en) | Strategy-driven methodology for reducing identity theft | |
KR101309594B1 (en) | A system and method for verifying a user's identity in electronic transactions | |
US8738921B2 (en) | System and method for authenticating a person's identity using a trusted entity | |
US7849014B2 (en) | System and method for facilitating a financial transaction with a dynamically generated identifier | |
US7383988B2 (en) | System and method for locking and unlocking a financial account card | |
US20060173776A1 (en) | A Method of Authentication | |
US20080255992A1 (en) | Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet | |
US20060131390A1 (en) | Method and system for providing transaction notification and mobile reply authorization | |
US20090125440A1 (en) | Method and system for approving credit card transactions | |
US11122049B2 (en) | Attribute database system and method | |
MXPA05011481A (en) | Systems and methods for verifying identities in transactions. | |
US20210390556A1 (en) | Systems and methods for age verification | |
KR20000049788A (en) | Personal ID automatic delivery and security by telecommunication system | |
JP5164544B2 (en) | Account management apparatus and account management method | |
US20080083024A1 (en) | Single use user IDS | |
US20210185036A1 (en) | Secure authentication system | |
EP4338371A1 (en) | Method and system for identity verification in a telecommunication network and a verification service | |
KR101547730B1 (en) | Apparatus and method for managing financial account having two or more secret numbers in an account | |
JP2002042028A (en) | Fraudulent use preventive system for card and the like | |
John | METHOD AND SYSTEM FOR SECURE CREDENTIAL GENERATION | |
GB2360383A (en) | Payment authorisation | |
KR20240021510A (en) | Logistics Service Support System | |
WO2013160830A1 (en) | A server and mobile device for authorizing a transaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20231009 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |