EP4338371A1 - Method and system for identity verification in a telecommunication network and a verification service - Google Patents

Method and system for identity verification in a telecommunication network and a verification service

Info

Publication number
EP4338371A1
EP4338371A1 EP21831079.5A EP21831079A EP4338371A1 EP 4338371 A1 EP4338371 A1 EP 4338371A1 EP 21831079 A EP21831079 A EP 21831079A EP 4338371 A1 EP4338371 A1 EP 4338371A1
Authority
EP
European Patent Office
Prior art keywords
user
user device
verification
service
confirmation message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21831079.5A
Other languages
German (de)
French (fr)
Inventor
Ari SIPONEN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Id Security Group
Original Assignee
Id Security Group
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Id Security Group filed Critical Id Security Group
Publication of EP4338371A1 publication Critical patent/EP4338371A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Abstract

The method of the invention for identity verification takes place in a telecommunication network, wherein at least one user device (1, 7) is used in connection with accessing an event. In the method, an identity number is presented by a user as requested by a second party for the access to the event. The second party is linked to a verification service (4) to which the information of the identity number is forwarded from a first computer other than or same as the user device. The verification service (4) then matches the identity number with contact information to a user device (1, 7) of the user and sends a confirmation message request to some user device (1, 7) of the user by means of the contact information. The user sends the requested confirmation message from the user device (1, 7) to the verification service (4) as a reply message to the confirmation message request. Thereafter, the verification service (4) requests a code on the first computer other than or same as the user device to be entered in by the user. When the verification service receives the code entered by the user, matching the code with the identity number of the user is performed by the verification service, and the second party is informed if the code was correct. The second party can the provide access to the event for the user. The invention is also concerned with said verification service (4) and a system comprising said verification service and at least one user device.

Description

METHOD AND SYSTEM FOR IDENTITY VERIFICATION IN A TELECOMMUNICATION
NETWORK AND A VERIFICATION SERVICE
TECHNICAL FIELD
The invention is concerned with a method and system of identity verification in a telecommunication network and a verification service to be used therein.
BACKGROUND
Personally identifiable information generally includes a person's name, e-mail address, and/or phone number, identifying or identity number, such as a social security number, date of birth, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's resources, such as financial resources.
Identification, simply defined, is claiming to be someone, i.e. the process of someone claiming to be a specific person. As indicated above, persons can identify themselves by the above personally identifiable information, or in particular by showing up an identification document that has his/her picture and personal information. A driver’s license or a passport are examples of such identification documents.
The social security number is generally for identifying persons in the public sector, such as different authority and government registers and in communication between those but also the private sector, such as banks, insurance companies, and health service providers, might need the social security number to ensure that data is registered for the right person for sure. Often, however, the mere name is used.
Users identify themselves by providing such personally identifiable information on a web form for example, especially when it comes to online transactions or when they purchase an article online by additionally entering a credit card number and other credit card details and a billing address. Some service, providers, especially banks, may also require providing a social security number.
If using a process of identification alone, as long as a person has the credit card holder's information associated with the credit card or other form of identification, the information is usually accepted as is. A business requiring identification alone usually have no reason to doubt that the person is whom they claim to be despite having not independently verified the information as truthful. For low-stakes transactions and in a business where there is no need to doubt your consumers or users, the identification process alone might work, like getting into a sporting event, having someone declare identity without actually confirming or verifying it, may suffice.
In the age of identity theft, however, one can not be sure that the person interacting with is the person they are claiming to be. Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. For example, goods and services might be ordered in the name of the victim for the identity theft and even bank accounts might be emptied. Other usual criminal acts are taking quickie loans and subscriptions in another person's name.
Identity-related frauds are on the rise and it is advisable not to rely on identification alone. Therefore, for most online-transactions, identification alone is rarely adequate.
Verification is performed for ensuring that a person really is the one he is claiming to be and consequently, verification is an important step.
Verification, traditionally, is verifying the person to be as claimed to be by validating his official documents. Verification is done digitally in two main ways, either by comparing user-submitted identity data such as name, date of birth and phone number to third-party data sources or by examining an identity document such as an ID card or driver’s license to make sure it is valid.
Establishing a trustworthy link between who someone claims to be and who they really are requires an identity verification process to be embedded into e.g. a transaction process, onboarding or account opening process. The process usually starts with the verification of a government-issued ID document by some known technology in order to confirm whether the ID document is valid. Although ID verification is essential for all types of businesses, verification of customers’ and clients’ identities are necessary within financial services, online marketplace, travel, insurance, and real estate business.
Verifying someone's identity to a high degree or certainty, however, takes much effort with existing methods. At a time when service providers want to provide a frictionless onboarding process, some may just require a low barrier to entry to make it as easy as possible for consumers. They might ask only a name, an e-mail address, a user name, and a password, and maybe a phone number even if verification is recommendable.
Therefore, more and more businesses are looking for a more user-friendly and professional identity verification service. Small companies for example might not have the resources to maintain heavy systems for identity verification or to rely on security systems produced by commercial service providers. Serious risk not always known are therefore associated when small traditional companies are going over to network business on-line.
Examples of prior art requiring heavy systems are disclosed in US patent application 2020/0092107A1 . Other related prior art is known from US patent applications 2013/0007849A1 , US 2019/0199698A1 , and WO publication 2015/057248A1 .
OBJECT OF THE INVENTION
The object of the invention is to provide a verification service for versatile use enabling identity information to be easily verified without much effort and in a user-friendly way.
SUMMARY OF THE INVENTION
The method of the invention for identity verification takes place in a telecommunication network, wherein at least one user device is used in connection with accessing an event. In the method, an identity number is presented by a user as requested by a second party for the access to the event. The second party is linked to a verification service to which the information of the identity number is forwarded from a first computer other than or same as the user device. The verification service then matches the identity number with contact information to a user device of the user and sends a confirmation message request to some user device of the user by means of the contact information. The user sends the requested confirmation message from the user device to the verification service as a reply message to the confirmation message request. Thereafter, the verification service requests a code on the first computer other than or same as the user device to be entered in by the user. When the verification service receives the code entered by the user, matching the code with the identity number of the user is performed by the verification service, and the second party is informed if the code was correct. The second party can the provide access to the event for the user.
The event can be a transaction process in a service provided by a service provider as said second party. In that case, the identity number is presented by a user as requested by the service provider for access to the transaction process by entering it on the user interface of the service on the first computer or on the user device.
The event can also consist in e.g. verification of an identification document of a user to be performed by a requesting party as said second party. In that case, the identity number is presented by a user by showing it as a part of an identification card as requested by said second party. Such an identification document can e.g. be a passport, and identity card, a driving license, a debit card, or a credit card.
The identity number can be the social security number of a person.
The user device to which the confirmation request message is sent can be the first computer or it can be other than the first computer, whereby the first computer is a first user device and the user device other than the first computer is a second user device.
The contact information can be an e-mail address to a user device of the user, whereby the confirmation message request, and the confirmation message sent as a reply to that are e-mails.
The contact information can also be a telephone number to a telephone of the user, the telephone constituting the second user device, whereby the confirmation message request and the confirmation message sent as a reply to that are Short Message Service, SMS, text messages.
The verification service of the invention is used in a telecommunication network for identity verification. It comprises a database of registered users, the register storing combined data of an identity number, a code, and contact information for each registered user. It further comprises a computer program product comprising instructions which when executed perform the steps when run by an application in a first computer or as software in a second computer. The steps consist in receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to a user device of the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in by the user, receiving the code entered by the user, matching the code with the identity number of the user, and informing the second party if the code was correct.
The system of the invention for identity verification in a telecommunication network comprises the verification service of the invention. It also comprises a first computer communicating with the verification service by forwarding identity information of a user and receiving information of the verification of the identity information of the user. The first computer can be a user device, or the system comprises a further user device communicating with the verification service at least by receiving a confirmation message request from the verification service and sending a confirmation message as a reply to said confirmation message request.
The first computer is connected to the Internet, and can be a personal Computer (PC), a laptop, a tablet, or a smart phone being a user device for accessing services from a service provider or it can be an authority device or a general access device with a reader for e.g. reading identification cards, credit cards.
A further user device can be a telephone for receiving the confirmation message request from the verification service and for sending the confirmation message as a reply to said confirmation message request as Short Message Service, SMS, text messages.
The confirmation message request from the verification service and the confirmation message sent as a reply to said confirmation message request can also be e-mails, when the user device is the same device as the first computer, or other user device capable for communicating per e-mail, such as a personal Computer (PC), a laptop, a tablet, or a smart phone.
The identity verification of the invention can be applied in all situations, where an identity number such as a social security number needs to be verified, even for verification of an identity of a person in situations, wherein the identity primarily is ensured by a person showing a passport, an identity card or the like. In contrary to known solutions, the identity verification of the invention is not service provider bound since it is primarily meant for private users to be used in all these situations wherein verification is needed.
The invention for verification of identities is especially meant for preventing misuse of a person’ identity at use of transactions, purchases, and other services, taking place via the internet , such as at processes at online stores, credit applications, car purchases, moving notifications and corresponding notifications of change of residence, ordering of goods, payment transactions and all other such commercial situations. The invention is for example expected to especially decrease fraud at moving notifications and quickie loans.
The invention can also be used at verification of identities in connection with the presentation and use of identity documents, such a passport and ID-cards, and in connection with the use of debit and credit cards at e.g. shops, restaurants, barbers, hairstylists, cash withdrawals from automates, cash desks and cashiers.
A service provider by a service provider can have functionality to be linked to a verification service that itself is inventive.
The verification service is used by users voluntary and independently from external parties, but it would be recommendable to involve service providers and to require the use of such a verification service. A service provider could be required to use the verification service and to check whether a person requiring access to a service requires use of the verification service in question. If that is the case, the identity number of the user needs to be verified by the verification service in accordance with the method of the invention and in case the verification is not successful, access to the service is denied.
In the invention, when an identity number, such as a social security number, of a person that is registered for the verification service is used .e.g. as an input of that to a service provider, a notification is always sent in real-time to its owner with a text message, such as a Short Message Service (SMS) message, or by e-mail, or the both, when someone is using or trying to use the identity number and the owner has to confirm that the use of it is accepted at that moment in real-time.
If misuse of the identity number is suspected, the identity number can in some embodiments of the invention be excluded from use by means of the verification service, for an indefinite duration or temporarily for a defined time, such as for some hours, for example for a sufficient time until the security code has been changed.
The invention provides an efficient protection against misuse of personal data, against money losses and other property and a lot of extra work, pain and regret when such incidents occur.
At the use of credit and debit cards, the function of the use of a code could be omitted and a mere confirmation message to some user device of an ongoing use of the credit card would be enough in some cases in practice.
In the following, the invention is illustrated by means of some useful embodiments of the invention by referring to figures. The invention is not restricted to the details of these embodiments.
FIGURES
Figure 1 is an architecture view of a system, wherein one embodiment of the invention can be applied.
Figure 2 is a signal diagram of a first embodiment of the invention in connection with the use of services through a public network
Figure 3 is a signal diagram of a second embodiment of the invention in connection with the verification of a person’s identity document DETAILED DESCRIPTION
Figure 1 is an architecture view of a system, wherein one embodiment of the invention can be applied.
A user has a user device 1 , such as a PC, Ipad or laptop or a smart phone, is connected to the Internet 2 and can use services provided by a service provider 3 that provides services through the Internet 2. This user device 1 is the first computer in the invention.
The user has registered himself to a verification service 4 meaning that, the identity number, such as the social security number can not be used for services or identification unless it is verified in a way required by and though the verification service 4. The verification service 4 has a database 8 with registered users that match user identity information with security codes and contact information to the user. The registered users can e.g. be private persons, or companies, like service providers. For users that are service providers or companies or the like, a business identity code can be used as identity information. For private persons, the identity information usually consists of an identity number, such as the social security number.
In this example, also the service provider 4 is registered to the verification service. The service provider 4 is either committed to use the verification service 4 or has decided to use the verification service for verification of identities, or it uses the verification service for such customer that has registered for the verification service.
For that purpose, the service provider 4 has an identity verification function 5 working as a link to the verification service 4 in order to perform the functionality of the verification service 4 that either is hosted in a separate server or in an application in the server of the service provider 4.
The user can have a second user device 7, which can be a telephone that communicates via the Global System for Mobile Communications (GSM) network 6 by voice calls or Short Message Service (SMS) messages. If it e.g. is a smart phone, it can also usually communicate via the Internet and send and receive e-mails. The user might access services provided by the service provider from either one of his user devices 1 , 7. Private users, who are registered to the verification service 4 receive confirmation request messages to either one or both of their user devices 1 , 7 in real-time when their identity number is used.
Figure 2 is a signal diagram of a first embodiment of the invention in connection with the use of services through a public network.
The invention can be used in connection with a transaction process wherein a user requests use of a service provided by a service provider on-line in a public network like the Internet from a first user device. The service might consist of ordering an article to be paid.
The transaction processes are usually managed by transaction processing systems that perform routine transactions necessary to conduct a business in question. Examples include systems that manage sales order entry, airline reservations, payroll, employee records, manufacturing, and shipping. The transaction processes especially useful to be used with the invention are interactive and concerned with online transaction processing. A Service Provider (SP) provides services, such as sells articles or services through e.g. the internet. It can be an Internet service provider (ISP) that provides services for accessing, using, or participating in the Internet.
This service request for accessing a service from a service provider through the Internet constituting the first step 1 is made by the user form a first computer being the first user device in this example is indicated by arrow 1 .
Upon receiving the request, the service provider replies in step 2 with asking identity information of the user on the user interface of the service provided suitably on the web page of the service provider on the first computer being here the first user device. The identity information asked usually consists of the name, address, telephone number, e- mail address and the social security number of the user. This second step is indicated by arrow 2 in figure 2. After that the user has, as a third step 3, indicated by arrow 3, entered the information requested in step 2, the information is automatically sent to a verification service. In case the identity number as entered by the user belong to a person, who is registered for the verification service, the verification service matches the identity number with contact information of the user in step 4 by using the database for fetching data (indicated by arrows not numbered) and sends a confirmation request message in signal 5 to the second user device as Short Message Service (SMS) text message. Alternatively, or in addition, the confirmation request message could have been sent to the first and/or second user device as e-mails.
A confirmation message is sent in signal 6 as a reply message from the user device, in which the user confirms that he is the one trying to access the service provided by the service provider.
When the confirmation message has been received by the verification service, the verification service next requests in step 7 on the user device (or on some user device) to enter a security code. Usually the code is requested and entered on the interface of the first user device, usually being a laptop, tablet, like an Ipad, or a PC or it can be a smart phone or a telephone. But it can also be requested and entered by SMS on a second user device that is a telephone, especially in cases wherein ID cards a or credit or debit cards are used.
When the user has entered the requested code in step 8, the verification service matches in step 9 the code with the identity information given in step 3.
If the code was correct, the verification service informs the service provider in step 10 of the successful verification of the identity information of the user, and the service provider can give the user access to the service in step 1 1 .
Figure 3 is a signal diagram of a second embodiment of the invention in connection with the verification of a person’s identity document. It is assumed that a user has to identify himself by means of some identification document for example with a passport at e.g. a passport control. The identity number is a part of an identification card. In this case the invention is useful for verification of the identity number of the identification document when a user presents it in a step 1 .
The person checking the identification card, such as an authority person, accesses in step 2 a verification service to be presented on a user interface in a computer held by the authority person being the first computer. For that the authority device has to be in contact with the verification service in a server or application holding the verification service. This is indicated by arrows (not numbered).
The identity number of the person of the identification card is entered in step 3 in a field presented by the verification service on the user interface of the verification service on the first computer.
After that the identity number has been entered by the user or preferably the authority person and received by the verification service in step 3, the verification service matches the identity number with contact information of the user in step 4. For that purpose, the verification service has a database to fetch the information from, which is indicated by arrows (not numbered).
The verification service then sends a confirmation request message in signal 5 to a user device, preferably as a Short Message Service (SMS) text message so that the user can verify that he is the person accessing the service. Alternatively, or in addition, the confirmation request message could have been sent as an e-mail if the user device has e-mail capability and connection. Preferably, however, the confirmation messages take place by SMS through the Global System for Mobile communications (GSM) network to a telephone used by the user as a user device.
A confirmation message is sent in signal 6 as a reply message from the user device, in which the user confirms that he is the one trying to access the event constituting in verification of the identification card for example to pass a gate in a passport control . When the confirmation message has been received by the verification service, the verification service next requests in step 7 the user to enter a code, as a security code, on the user interface of the computer held by the authority person. Like in the embodiment of figure 2, an alternative is that the code is requested and entered on a device by the user, such as a telephone or smart phone of the user.
When the user has entered the requested code in step 8, the verification service matches in step 8 the code with the identity information given in step 1 . For that purpose, the verification service has a database to fetch the information from, which is indicated by arrows (not numbered).
If the code was correct, the verification service informs in step 10 of the successful verification of the identity information of the user on the first computer held by the authority person, who can now accept the identification card in step 1 1 and let the user pass having now identified himself.
In one embodiment, a process similar to that of figure 3 can also be automated so that a user presents the ID card to a device with a reader working e.g. with RFID identification or other technique. The ID card has to be verified to be carried by the right person before e.g. a gate or door opens for the person so that he can pass. The device reads the identity number from the ID car presented by the user and forwards it to a verification service that can be in the form of an application in the device.
The verification service then matches the read identity number and with contact information to a user device of the user.
A confirmation request message is sent to the user device from the device by means of the contact information in real-time, where after a confirmation message is sent as a reply message from the user device.
As in the other embodiments, the verification service then requests a security code to be entered therein.
When the user has entered the requested security code, the verification service matches the code with the read identity number and maybe with contact information to some user device of the user. As in the other embodiments, the code can be requested and entered on the user device or authority device.
If the code was correct, the gate opens for the user to pass.

Claims

1 . Method of identity verification in a telecommunication network comprising at least one user device (1 , 7) at an event, the method comprising the steps, wherein an identity number is presented by a user as requested by a second party for access to an event, characterized by the second party being linked to a verification service (4) to which the information of the identity number is forwarded automatically from a first computer other than or same as the user device, by means of an identity verification function working as a link to the verification service in order to perform the functionality of the verification service, the verification service (4) having a database (8) with registered users that match user identity information with security codes and contact information to the user, matching the identity number with contact information to a user device (1 , 7) of the user by using the database, and sending a confirmation message request to some user device (1 , 7) of the user by means of the contact information, the user sending the requested confirmation message from the user device (1 , 7) to the verification service (4) as a reply message to the confirmation message request, the verification service (4) requesting a security code on the first computer other than or same as the user device to be entered in by the user, the verification service (4) receiving the security code entered by the user, matching the security code with the identity number of the user, and informing the second party if the security code was correct, and, the second party providing access to the event for the user.
2. Method of claim 1 , wherein the event is a transaction process in a service provided by a service provider (3) as said second party, whereby the identity number is presented by a user as requested by a second party for access to transaction process the by entering it on the user interface of the service on the first computer or on the user device.
3. Method of claim 1 , wherein the event is a verification of an identification document of a user to be performed by a requesting party as said second party, whereby the identity number is presented by a user by showing it as a part of an identification card as requested by said second party. Method of claim 3, wherein the identification document is a passport, and identity card, a driving license, a debit card, or a credit card. Method of any of claims 1 - 4, wherein the identity number is the social security number. Method of any of claims 1 - 5, wherein the contact information is an e-mail address to a user device (1 , 7) of the user, whereby the confirmation message request, and the confirmation message sent as a reply to that are e-mails. Method of any of claims 1 , 2, 5 or 6, wherein the user device to which the confirmation request message is sent is the first computer. Method of any of claims 1 , 2, 5 or 6, wherein the user device to which the confirmation request message is sent is other than the first computer, whereby the first computer is a first user device and the user device other than the first computer is a second user device. Method of claim 8, wherein the contact information is a telephone number to a telephone of the user, the telephone constituting the second user device (7), whereby the confirmation message request and the confirmation message sent as a reply to that are Short Message Service, SMS, text messages. Verification service (4) in a telecommunication network for identity verification, comprising a database (8) of registered users, the register storing combined data of an identity number, a code, and contact information for each registered user, and a computer program product comprising instructions which when executed perform the following steps when run by an application in a first computer or as software in a second computer: receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to a user device of the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in by the user, receiving the code entered by the user, matching the code with the identity number of the user, and informing the second party if the code was correct.
1 1 . System for identity verification in a telecommunication network, comprising a a verification service (4) comprising a database (8) of registered users, a part of which are private persons, the register storing for private users a combined data of an identity number, a security code, and contact information for each registered user, a computer program product comprising instructions which when executed perform the following steps when run by an application in a first computer, in a user device or as software in a second computer: receiving information of the identity number as forwarded from the first computer, matching the identity number with contact information to the user, sending a confirmation message request to some user device of the user by means of the contact information, receiving a confirmation message from the user device as a reply message to the confirmation message request, requesting a code on the first computer or on the user device to be entered in, receiving the code entered by the user, matching the code with the identity number of the user, and informing the second party if the code was correct, the system also comprising a first computer communicating with the verification service by forwarding identity information of a user and receiving information of the verification of the identity information of the user, and the system further comprising a user device, communicating with the verification service at least by receiving a confirmation message request from the verification service and sending a confirmation message as a reply to said confirmation message request, and the system further comprising a second party having an identity verification function working as a link to the verification service.
12. System of claim 1 1 , wherein when the user device (7) is a telephone for receiving the confirmation message request from the verification service and for sending the confirmation message as a reply to said confirmation message request as Short Message Service, SMS, text messages.
13. System of claim 1 1 or 12, wherein the first computer also can be a user device for accessing events provided by a service provider, the verification service being activated upon a service request requiring identification of a user accessing the service.
14. System of claim 1 1 , wherein when the user device is the same device as or other device than the first computer, the confirmation message request from the verification service and the confirmation message sent as a reply to said confirmation message request are e-mails.
15. System of claim 1 1 , wherein when the user device is another device than the first computer, the confirmation message request from the verification service and the confirmation message sent as a reply to said confirmation message request are e- mails or Short Message Service, SMS, text messages.
EP21831079.5A 2020-12-11 2021-12-03 Method and system for identity verification in a telecommunication network and a verification service Pending EP4338371A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20206285A FI20206285A (en) 2020-12-11 2020-12-11 Method and system for identity verification in a telecommunication network and a verification service
PCT/FI2021/050843 WO2022123112A1 (en) 2020-12-11 2021-12-03 Method and system for identity verification in a telecommunication network and a verification service

Publications (1)

Publication Number Publication Date
EP4338371A1 true EP4338371A1 (en) 2024-03-20

Family

ID=79024720

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21831079.5A Pending EP4338371A1 (en) 2020-12-11 2021-12-03 Method and system for identity verification in a telecommunication network and a verification service

Country Status (3)

Country Link
EP (1) EP4338371A1 (en)
FI (1) FI20206285A (en)
WO (1) WO2022123112A1 (en)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007849A1 (en) 2011-05-26 2013-01-03 FonWallet Transaction Soulutions, Inc. Secure consumer authorization and automated consumer services using an intermediary service
US9727866B2 (en) 2013-10-15 2017-08-08 Intuit Inc. Methods systems and computer program products for verifying consumer identity during transaction
US9537661B2 (en) * 2014-02-28 2017-01-03 Verizon Patent And Licensing Inc. Password-less authentication service
US20170230368A1 (en) * 2016-02-10 2017-08-10 Tahir Khan System and method of logging into a web server
US10491595B2 (en) * 2017-07-31 2019-11-26 Airwatch, Llc Systems and methods for controlling email access
US11108757B2 (en) 2017-12-21 2021-08-31 Mastercard International Incorporated Systems and methods relating to digital identities
EP3627363A1 (en) 2018-09-19 2020-03-25 Vocalink Limited Information processing system, devices and methods

Also Published As

Publication number Publication date
WO2022123112A1 (en) 2022-06-16
FI20206285A1 (en) 2022-06-12
FI20206285A (en) 2022-06-12

Similar Documents

Publication Publication Date Title
US11288676B2 (en) Private confirmation system
US10467624B2 (en) Mobile devices enabling customer identity validation via central depository
US7761384B2 (en) Strategy-driven methodology for reducing identity theft
KR101309594B1 (en) A system and method for verifying a user's identity in electronic transactions
US8738921B2 (en) System and method for authenticating a person's identity using a trusted entity
US7849014B2 (en) System and method for facilitating a financial transaction with a dynamically generated identifier
US7383988B2 (en) System and method for locking and unlocking a financial account card
US20060173776A1 (en) A Method of Authentication
US20080255992A1 (en) Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet
US20060131390A1 (en) Method and system for providing transaction notification and mobile reply authorization
US20090125440A1 (en) Method and system for approving credit card transactions
US11122049B2 (en) Attribute database system and method
MXPA05011481A (en) Systems and methods for verifying identities in transactions.
US20210390556A1 (en) Systems and methods for age verification
KR20000049788A (en) Personal ID automatic delivery and security by telecommunication system
JP5164544B2 (en) Account management apparatus and account management method
US20080083024A1 (en) Single use user IDS
US20210185036A1 (en) Secure authentication system
EP4338371A1 (en) Method and system for identity verification in a telecommunication network and a verification service
KR101547730B1 (en) Apparatus and method for managing financial account having two or more secret numbers in an account
JP2002042028A (en) Fraudulent use preventive system for card and the like
John METHOD AND SYSTEM FOR SECURE CREDENTIAL GENERATION
GB2360383A (en) Payment authorisation
KR20240021510A (en) Logistics Service Support System
WO2013160830A1 (en) A server and mobile device for authorizing a transaction

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20231009

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR