FI125753B - Authentication system and method for user authentication - Google Patents

Authentication system and method for user authentication Download PDF

Info

Publication number
FI125753B
FI125753B FI20145111A FI20145111A FI125753B FI 125753 B FI125753 B FI 125753B FI 20145111 A FI20145111 A FI 20145111A FI 20145111 A FI20145111 A FI 20145111A FI 125753 B FI125753 B FI 125753B
Authority
FI
Finland
Prior art keywords
mobile device
identity data
user identity
authentication system
authentication
Prior art date
Application number
FI20145111A
Other languages
Finnish (fi)
Swedish (sv)
Other versions
FI20145111A (en
Inventor
Markku Raitanen
Original Assignee
Idcontrol Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Idcontrol Oy filed Critical Idcontrol Oy
Priority to FI20145111A priority Critical patent/FI125753B/en
Priority to PCT/FI2015/050057 priority patent/WO2015114215A1/en
Publication of FI20145111A publication Critical patent/FI20145111A/en
Application granted granted Critical
Publication of FI125753B publication Critical patent/FI125753B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10366Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves the interrogation device being adapted for miscellaneous applications
    • G06K7/10415Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves the interrogation device being adapted for miscellaneous applications the interrogation device being fixed in its position, such as an access control device for reading wireless access cards, or a wireless ATM
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/38Individual registration on entry or exit not involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Toxicology (AREA)
  • General Business, Economics & Management (AREA)
  • Power Engineering (AREA)
  • Finance (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Description

AUTHENTICATION SYSTEM AND METHOD FOR AUTHENTICATING A USER
TECHNICAL FIELD OF THE INVENTION
The invention relates to a method and system for authenticating a user. Especially the invention relates to a method and system for authenticating a user by a mobile device by reading a tag.
BACKGROUND OF THE INVENTION
There is a need for authenticating a user in many situations, such as at a cash-register terminal in order to recognize possible membership, loyal customership or access to a bonus, discount or account arrangement related to said membership or loyal customer data. The similar needs for authenticating the users are also with different kinds of access systems, for example in relation to locked door, or other access systems or closed environment, where the user identity and thus the access authorization should be authenticated before authorize the access.
Plurality of systems for authenticating users are known from prior art, such as reading different kinds of magnetic or RFID bonus or access card or providing ID information of the user by a mobile device, such as mobile or smart phone, for example via a radio communication link, like via Bluetooth or RFID link, or displaying a number or barcode or the like via a display of the device, where it is read by a reader of the end relating the authenticating system, such as cash-register systems or access point systems.
For example US2013304648 discloses a prior art solution for using a payment processing network as an authorization engine to access secure physical areas. There a keycard with a cryptogram generator is presented by a user to an access device, and the access device or associated computer sends an access request message formatted like a payment authentication request message to an aggregator/acquirer and payment processing network. The payment processing network validates the cryptogram and returns an access response message, again formatted like a payment authorization response message, indicating that the keycard is authentic.
In addition US2012259715 discloses an example of a point-of-sale (POS) system, which may include a wireless data capture device capable of obtaining customer information from a wireless-enabled customer device. Data obtained by the wireless data capture device may be converted into a format that is compatible with a corresponding POS computer system. The wirelessly obtained data may be transmitted to the POS system along with data gathered using data capture devices, such as optical readers, bar code scanners or radio frequency identifier (RFID) readers.
Furthermore US2009066509 discloses a solution for capturing and processing bar code and RFID data by a uniform architecture contained in a mobile device including a combined bar code and RFID reader. The bar code data is captured by a sensor included in the mobile device. The RFID data is received from a module after interrogation by a RFID reader. The signals from the sensor are translated into digitized data having a first data format and a first identifier indicative of the first data format. The reader translates the RFID data into a second data format including a second identifier indicative of the second data format. The digitized data in the first or second data format is parsed to match a record layout of a common data format. The matched digitized data in the first or second data format is reformatted into the common data format and passed to an application in the mobile device or to an external application in a network.
There are however some disadvantages relating to the known prior art. For example different cash-register systems or access point systems must have a suitable and dedicated reading systems, namely a different kind of reader is required for reading e.g. a displayed barcode than for reading information transferred via the radio link. In addition it is not very convenient for the user to carry a number of different cards or devices for the authentication purposes.
SUMMARY OF THE INVENTION
An object of the invention is to alleviate and eliminate the problems relating to the known prior art. Especially the object of the invention is to provide a method and system for authenticating a user in different environments so that the user can be authenticated via one user related device and especially independently of the type of the reared used in the end relating the authenticating system, such as cash-register systems or access point systems.
The object of the invention can be achieved by the features of independent claims.
The invention relates to an authentication system for authenticating a user according to claim 1. In addition the invention relates to an authentication method for authenticating a user according to claim 17, as well as to a computer program product according to claim 25.
According to an embodiment of the invention the authentication system relates for authenticating a user at a first end, such as at a cash-register or bonus systems at the commercial end system; or an access point system, such as a closed environment system having e.g. locked door or other locked system, which can be opened after successful authorization of the user. Thus the user identity data may relate to a membership or loyal customer data, whereupon a permission to a certain act after authorization may be an access to a bonus, discount or account arrangement related to said membership or loyal customer data. Alternatively in the access control system to a closed system (gate/port/door to a certain closed area, for example) the permission to a certain act may be e.g. a manipulation of the locked port (e.g. opening the port) based on the authentication.
According to an embodiment the first end comprises a reader for reading a user identity data. It is to be noted that the reader type may be chosen freely and can be e.g. 1D or 2D barcode reader, RFID or NFC reader, Bluetooth or any other type of reader known from prior art. In addition the authentication system comprises a tag arranged at a first end, such as cash-register terminal or access point system (hereinafter the first end). The tag advantageously comprises information related to a format in which said user identity data is to be communicated to the authentication system, such as to the first end’s reader. The format may be for example 1D barcode or 2D barcode format communicated via a display means, or a radio code communicated via a radio communication connection, such as RFID or NFC or Bluetooth readable code for example, depending on the type of the reader at the first end so what kind of format the reader is able to read (these are only examples and the invention is however not limited only to those).
The tag as such is advantageously configured to be read by the mobile device, whereupon the tag may be implemented e.g. by a NFC or RFID, Bluetooth, or 1D or 2D barcode or a smart code techniques. When the tag is read by the mobile device, the mobile device advantageously selects and communicates, such as displays the user identity data in the format identified by the tag to the authentication system via said reader of the first end.
The mobile device is advantageously provided by a user identity data, such as data related to a membership or loyal customership of the store system or access code related to the access point system, at least in the format required by the first end. As an example, the user identity data may be stored beforehand into the memory means of the mobile device. Advantageously the mobile device comprises the user identity data in many different formats and the format identified by the tag in question is selected by the mobile device and communicated to the first end.
According to an embodiment the user identity data may be stored beforehand into an external memory means where the mobile device has an access, advantageously wireless access via internet or mobile communication network. Advantageously the mobile device comprises an application or a user identity data managing system for storing and managing said user identity data. Alternatively the user identity data may be provided to the mobile device by an external user identity data managing system, which advantageously sends the user identity data in the format identified by the tag to the mobile device as a response to a query sent by the mobile device after reading the tag and knowing the format required by the first end. The external user identity data managing system may be implemented e.g. at an external server or cloud system.
It is to be noted that according to an embodiment the user identity data may be provided only when the tag is read by the mobile device, for example by the application of the mobile device. This ensures that the user identity data is not used in any other event and minimizes the risk for unauthorized use. In addition the use or communication of the user identity data may be secured by a PIN code or the like, for example the user may be asked to enter the PIN code before sending the user identity data to the reader of the first end.
The user identity data is communicated to the first end by the mobile device in the format identified by the tag and again to an authentication portion of the authentication system. The authentication portion is configured to authenticate said user based on the user identity data provided by the mobile device and based on the authentication configured to determine permission to a certain act at said first end.
According to an embodiment the mobile device may also communicate the user identification information to the authentication system being external of the first end, whereupon the external authentication system authenticates the user, determine the permission and then communicates the information related to the permission e.g. directly to the first end or alternatively to the mobile device, which again may communicate it to the first end, and again advantageously in the format identified by the tag.
According to an embodiment the first end may be provided by identification information related to the first end, such as e.g. cash#3 or door#21, or IP address or the like whereupon also the identification information of the first end may be sent to the authentication system. For example the tag or data communication means of the first end may comprise said first end identification information, whereupon the first end may send its identification information to the authentication system, such as to the authentication portion after reading the user identity data in the suitable format from the mobile device. Alternatively the first end identification information can be read by the mobile device for example from the tag, especially if the mobile device communicates the user identification information to the external authentication system (so not directly to the first end reader), whereupon the mobile device advantageously communicates both the user identification information as well as first end identification information to the external authentication system.
According to an embodiment the mobile device comprises own application for different types of the first ends, such as for different chain stores (for example S-store, K-store, etc.) or for different types of access points. The application advantageously comprises the user identity data in different format or has access to or comprises portion of the user data managing system, as well as possibly also other types of data related to the user and to the chain store in question. The suitable application corresponding to the first end type may be selected either manually by the user or alternatively automatically based on the identification information of the first end of the authentication system read from the tag by said mobile device hosting the application.
Advantageously individualized data related to the authentication system or other organisation related to the first end, such as logo, advertisement, offers, or membership information, or map or location information related to the organisation, such as associations or fellowship or chain of stores or offers thereof, is provided to the mobile device after said tag reading. For example daily offers may be provided to the mobile device after reading a suitable tag at the store and send the user identity data in a suitable format (identified by the tag) to the system. According to an example the application related to the first end, as is disclosed elsewhere in this document, may be configured to receive Push Notifications from the system, such as from a server system of a service provider of the identification system (or organisation) in question, such as text, images, URL links, or queries to be answered.
The present invention offers advantages over the know prior art, such as the user does not need plurality of different types of user identity data devices, like magnetic or barcode cards, for different cash-register systems or access point systems. In addition there is no need for different types of first ends to update their reading systems for reading the user identity data, but the current systems can be used, when the mobile device may be provided by the user identity data in required format for each first end type in question, which is clear advantage. In addition the management of the user identity data as well as the authorization and permissions to different first end systems can be managed easily and fast.
BRIEF DESCRIPTION OF THE DRAWINGS
Next the invention will be described in greater detail with reference to exemplary embodiments in accordance with the accompanying drawings, in which:
Figure 1 illustrates an exemplary embodiment of an authentication system for authenticating a user according to an advantageous embodiment of the invention, and
Figure 2 illustrates another exemplary embodiment of the authentication system for authenticating a user according to an advantageous embodiment of the invention,
DETAILED DESCRIPTION
Figure 1 illustrates a principle of an exemplary authentication 100 system for authenticating a user according to an advantageous embodiment of the invention, where the system comprises the first end 102, mobile device 101 and authentication portion 106. The authentication system 100 comprises a tag 103 arranged at a first end 102, such as the cash-register terminal or the access point system, as described via examples elsewhere in this document. The first end comprises also a reader 109 for reading the user identity data communicated by the mobile device, such as 1D or 2D barcode reader or NFC or RFID or Bluetooth reader, for example.
In the system the mobile device 101 reads 105a the tag and the tag comprises the information related to a format in which said user identity data is to be communicated to the authentication system, advantageously to the reader 109 of the first end. According to an embodiment the mobile device 101 comprises a memory or a special application or user identity managing system (like a library) 104 of the user identity data in different formats. Alternatively the mobile device is configured to send query 105b to the external user identity data managing system 107, whereupon the user identity data managing system 107 may send 105c the user identity data in the format asked by the mobile device. Anyway, the mobile device 101 advantageously then communicates 105b the user identity data in the format identified by the tag to the authentication system, advantageously to the reader 109. The format of the user identity data is advantageously the format suitable for the reader 109. For example the tag may have information that the user identity data must be communicated as a 1D or 2D barcode, whereupon it is displayed in the display of the mobile device as said 1D or 2D barcode, whereupon the reader reads said code advantageously optically. If the tag identifies that the user identity data must be communicated via RFID means, for example, then the mobile device is configured to selected said user identity data in the format suitable to be communicated via said RFID means.
When the first end 102 has received the user identity data, it advantageously communicates 105e it to the authentication portion 106 of the authentication system, which is configured to authenticate said user based on the user identity data provided by the mobile device. The first end may also communicate 105e its identification information, such as IP address. Based on the authentication the authentication portion 106 determines permissions of the user to a certain act at said first end 102, and communicates 105f said permissions to said first end 102.
The user identity data managing system 107 may be an external system of the mobile device, such as an external server or cloud system, which is configured to communicate said user identity data in the format identified by the tag as a response to said request to the mobile device. Alternatively the mobile device 101 may comprise said user identity data managing system 107 (e.g. as a part of the application system), whereupon the user identity data is stored into the memory means of the mobile device beforehand at least in two different formats, and the desired format of the user identity data is selected by the user identity data managing system based on the format information identified by the tag.
In addition, according to an embodiment the first end 102 may comprise said authentication portion 106 of the authentication system for authenticating the user based on the user identity data.
Figure 2 illustrates another exemplary embodiment of the authentication system 200 for authenticating a user according to an advantageous embodiment of the invention, wherein the tag 103 of the first end 102 also comprises identification information related to the first end, such as e.g. cash#3 or door#21, which is advantageously 105a read by the mobile device 101. Now the mobile device may communicate both the user identity data as well as also first end identification data to the authentication system, such as to the external authentication end 110. The external authentication end 110 may then authenticate the user and determine the permission to a certain act at said first end 102 for that user and then communicate information related to the permission either directly 105f (optional) to said first end 102 or alternatively 105d to said mobile device 101, which again may communicate 105b said information to the first end 102. The mobile device 101 advantageously communicates 105b the information to the reader 109 of the first end 102 in the format identified by the tag 103 and thereby in the format the reader 109 is able to read.
It is to be noted that again in embodiment described in Figure 2 the tag 103 may identify the format in which said user identity data should be communicated 105c to the authentication system. Moreover the tag may also identify the format in which the permission or other information must be communicated 105b, 105f to the first end 102, such as to the first end reader 109.
The invention has been explained above with reference to the aforementioned embodiments, and several advantages of the invention have been demonstrated. It is clear that the invention is not only restricted to these embodiments, but comprises all possible embodiments within the spirit and scope of the inventive thought and the following patent claims.

Claims (25)

1. Todentamisjärjestelmä (100) käyttäjän todentamiseksi mobiililaitteella (101) ensimmäisessä päässä (102), jolloin mobiililaite on konfiguroitu toimittamaan käyttäjän identiteettidata todentamisjärjestelmään käyttäjän todentamiseksi, tunnettu siitä, että: - todentamisjärjestelmä käsittää tunnisteen (103), joka on järjestetty ensimmäiseen päähän (102), - mainittu tunniste käsittää informaation liittyen formaattiin, jossa mainittu käyttäjän identiteettidata tulee viestitettäväksi todentamisjärjestelmään, - mainittu tunniste on konfiguroitu luettavaksi (105a) mobiililaitteella, ja - mainittu mobiililaite on konfiguroitu tulemaan varustetuksi (104) käyttäjän identiteettidatalla tunnisteen identifioimassa formaatissa, ja mobiililaite on konfiguroitu viestittämään (105b, 105c, 105e) mainittu käyttäjän identiteettidata todentamisjärjestelmään tunnisteen identifioimassa formaatissa, jolloin - todentamisjärjestelmän todentamisosa (106) on konfiguroitu todentamaan mainittu käyttäjä mobiililaitteella toimitetun käyttäjän identiteettidatan perusteella ja todentamisen perusteella konfiguroitu määrittämään lupa tiettyyn toimenpiteeseen mainitussa ensimmäisessä päässä (102).An authentication system (100) for authenticating a user with a mobile device (101) at a first end (102), wherein the mobile device is configured to provide user identity data to an authentication system for user authentication, characterized in that: said identifier comprising information relating to a format in which said user identity data is to be communicated to an authentication system, said identifier being configured to be read (105a) by a mobile device, and said mobile device configured to be provided (105b, 105c, 105e) said user identity data to the authentication system in a format identified by the identifier, wherein: (106) is configured to authenticate said user on the basis of user identity data provided by the mobile device and configured to determine permission for a particular operation at said first end (102). 2. Patenttivaatimuksen 1 mukainen todentamisjärjestelmä, jossa mainittu ensimmäinen pää (102) käsittää lukijan (109) ja jossa mainittu mobiililaite on konfiguroitu viestittämään (105b, 105c) mainittu käyttäjän identiteettidata mainittuun lukijaan (109) tunnisteen identifioimassa formaatissa.An authentication system according to claim 1, wherein said first end (102) comprises a reader (109) and wherein said mobile device is configured to communicate (105b, 105c) said user identity data to said reader (109) in an identifier-identified format. 3. Kumman tahansa edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa tunniste käsittää myös todentamisjärjestelmän ensimmäistä päätä (102) koskevan tunnistusinformaation, jolloin - mainittu ensimmäisen pään tunnistusinformaatio on konfiguroitu luettavaksi (105a) mobiililaitteella, jolloin mobiililaite (101) on konfiguroitu viestittämään (105b, 105c, 105e) mainittu ensimmäisen pään tunnistusinformaatio ja mainittu käyttäjän identiteettidata todentamisjärjestelmään, tai -jossa ensimmäinen pää (102) on konfiguroitu viestittämään mainittu ensimmäisen pään tunnistusinformaatio ja mainittu käyttäjän identiteettidata todentamisjärjestelmään.An authentication system according to any one of the preceding claims, wherein the identifier also comprises identification information for a first end (102) of the authentication system, wherein - said first end identification information is configured to be read (105a) by the mobile device; 105e) said first end authentication information and said user identity data into an authentication system, or wherein the first end (102) is configured to communicate said first end authentication information and said user identity data to an authentication system. 4. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa mobiililaite (101) on konfiguroitu lähettämään (105c) pyyntö käyttäjän identiteettidatan hallintajärjestelmään (107) mainitun tunnisteen lukemisen jälkeen mainitun käyttäjän identiteettidatan vastaanottamiseksi (105d) tunnisteen identifioimassa formaatissa.An authentication system according to any one of the preceding claims, wherein the mobile device (101c) is configured to send (105c) a request to the user identity data management system (107), after reading said identifier, to receive (105d) said user identity data in a format identified by the identifier. 5. Patenttivaatimuksen 4 mukainen todentamisjärjestelmä, jossa mainittu käyttäjän identiteettidatan hallintajärjestelmä (107) on ulkopuolinen järjestelmä, kuten ulkopuolinen palvelin- tai pilvijärjestelmä, joka on vasteena pyyntöön konfiguroitu viestittämän mainittu käyttäjän identiteettidata mobiililaitteeseen tunnisteen identifioimassa formaatissa.The authentication system of claim 4, wherein said user identity data management system (107) is an external system, such as an external server or cloud system, configured in response to the request to communicate said user identity data to a mobile device in an identifier-identified format. 6. Patenttivaatimuksen 4 mukainen todentamisjärjestelmä, jossa mainittu mobiililaite käsittää mainitun käyttäjän identiteettidatan hallintajärjestelmän (107) ja käyttäjän identiteettidata on tallennettu etukäteen mobiililaitteen muistivälineeseen vähintään kahdessa eri formaatissa, jolloin käyttäjän identiteettidatan haluttu formaatti valitaan käyttäjän identiteettidatan hallintajärjestelmän toimesta tunnisteen identifioiman formaatti-informaation perusteella tai jossa mobiililaite on konfiguroitu muuntamaan ja viestittämään mainittu käyttäjän identiteettidata tunnisteen identifioimassa formaatissa.The authentication system of claim 4, wherein said mobile device comprises said user identity data management system (107) and the user identity data is pre-stored in the mobile device storage medium in at least two different formats, wherein the desired user identity data management system is is configured to convert and communicate said user identity data in a format identified by the identifier. 7. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa mobiililaite käsittää oman sovelluksen (108) erityyppisille ensimmäisille päille, jolloin ensimmäisen pään tyyppiä vastaava sopiva sovellus valitaan joko manuaalisesti tai mobiililaitteella tunnisteesta (103) luetun todentamisjärjestelmän ensimmäisen pään (102) tunnistusinformaation perusteella.The authentication system according to any one of the preceding claims, wherein the mobile device comprises its own application (108) for different types of first ends, wherein a suitable application corresponding to the first end type is selected manually or on the mobile device based on the identification information of the first end (102) of the authentication system. 8. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa käyttäjän identiteettidata toimitetaan vain silloin kun mainittu tunniste tulee luetuksi mobiililaitteella.An authentication system according to any one of the preceding claims, wherein the user identity data is provided only when said identifier is read by a mobile device. 9. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa todentamisjärjestelmän todentamisosa (106) on konfiguroitu toimittamaan (105f) ensimmäiseen päähän (102) informaatio, joka koskee mainittua lupaa tiettyyn toimenpiteeseen.An authentication system according to any one of the preceding claims, wherein the authentication part (106) of the authentication system is configured to provide (105f) to the first end (102) information relating to said authorization for a particular operation. 10. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa todentamisjärjestelmän ensimmäinen pää käsittää vastaanottovälineen, kuten lukijan (109), joka on konfiguroitu vastaanottamaan mainittu käyttäjän identiteettidata tunnisteen identifioimassa formaatissa ja siirtämään se todentamisjärjestelmän todentamisosaan (106).An authentication system according to any one of the preceding claims, wherein the first end of the authentication system comprises a receiving means, such as a reader (109), configured to receive said user identity data in a format identified by the identifier and transfer it to the authentication part (106). 11. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa mobiililaitteella viestitettävän käyttäjän identiteettidatan formaatti on 1D-viivakoodi, mobiililaitteen näytön kautta viestitetty 2D-viivakoodi tai radioviestintäyhteyden kuten RFID:n tai NFC:n kautta luettava koodi tai Bluetooth-luettava koodi.The authentication system according to any one of the preceding claims, wherein the format of the identity data of the user communicating with the mobile device is a 1D barcode, a 2D barcode communicated via the display of the mobile device or a code readable by radio communication such as RFID or NFC. 12. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa todentamisjärjestelmän ensimmäinen pää (102) käsittää todentamisjärjestelmän mainitun todentamisosan (106) käyttäjän todentamiseksi käyttäjän identiteettidatan perusteella.An authentication system according to any one of the preceding claims, wherein the first end (102) of the authentication system comprises an authentication system for verifying a user of said authentication part (106) based on user identity data. 13. Jonkin edellä olevan patenttivaatimuksen mukainen todentamisjärjestelmä, jossa todentamisjärjestelmä liittyy liikkeen maksu- ja/tai bonusjärjestelmään ja käyttäjän identiteettidata liittyy jäsenyys- tai asiakasuskollisuusdataan, jolloin mainittu lupa tiettyyn toimenpiteeseen on pääsy mainittua jäsenyys- tai asiakasuskollisuusdataa koskevaan bonus-, alennus- tai tilijärjestelyyn.An authentication system according to any one of the preceding claims, wherein the authentication system is associated with a motion payment and / or bonus system and the user identity data is associated with membership or loyalty data, wherein said authorization for a particular operation is access to a bonus, discount or account arrangement for said membership or loyalty data. 14. Jonkin edellä olevan patenttivaatimuksen 1-12 mukainen todentamisjärjestelmä, jossa todentamisjärjestelmä liittyy suljettuun järjestelmään pääsyä ohjaavaan kulunvalvontajärjestelmään, jolloin käyttäjän tullessa todennetuksi toimittaa todentamisjärjestelmä käyttäjän kulunvalvontadatan kulunvalvontajärjestelmään.The authentication system according to any one of claims 1 to 12, wherein the authentication system is associated with an access control system controlling access to the closed system, wherein the authentication system provides the user access control data access control system when the user is authenticated. 15. Patenttivaatimuksen 14 mukainen todentamisjärjestelmä, jossa ensimmäinen pää käsittää lukitun ja ohjatusti avattavan oven, portin tai veräjän suljettuun ympäristöön, jolloin mainittu lupa tiettyyn toimenpiteeseen liittyy lukitun portin toimintaan.The authentication system of claim 14, wherein the first end comprises a locked and controllably open door, gate, or gate in a closed environment, wherein said permission for a particular operation is associated with the operation of the locked gate. 16. Todentamismenetelmä käyttäjän todentamiseksi mobiililaitteella (101), jossa käyttäjän identiteettidata viestitetään (105b, 105c, 105e) todentamisjärjestelmään mainitulla mobiililaitteella käyttäjän todentamiseksi, tunnettu siitä, että: - todentamisjärjestelmän ensimmäiseen päähän (102) järjestetään tunniste (103), jolloin mainittu tunniste käsittää informaation liittyen formaattiin, jossa mainittu käyttäjän identiteettidata tulee viestitettäväksi todentamisjärjestelmään, - mainittu tunniste luetaan mobiililaitteella (101), ja - mainittu mobiililaite varustetaan käyttäjän identiteettidatalla tunnisteen identifioimassa formaatissa ja mainittu käyttäjän identiteettidata viestitetään todentamisjärjestelmään mobiililaitteella tunnisteen identifioimassa formaatissa, jolloin - mainittu käyttäjä todennetaan todentamisjärjestelmän todentamisosan (106) toimesta mobiililaitteella toimitetun käyttäjän identiteettidatan perusteella ja mainitun todentamisen perusteella määritetään lupa tiettyyn toimenpiteeseen mainitussa ensimmäisessä päässä (102).An authentication method for authenticating a user on a mobile device (101), wherein the user identity data is communicated (105b, 105c, 105e) to an authentication system by said mobile device to authenticate a user, characterized by: providing an identifier (103) on the first end (102) relating to the format in which said user identity data is communicated to the authentication system, said identifier is read by a mobile device (101), and - said mobile device is provided with user identity data in an identifier identifiable format and ) based on the identity of the user provided on the mobile device a and based on said verification, a specific action is determined at said first end (102). 17. Patenttivaatimuksen 16 mukainen menetelmä, jossa mainittu ensimmäinen pää (102) käsittää lukijan (109) ja mainittu käyttäjän identiteettidata viestitetään (105b, 105c, 105e) mainittuun lukijaan (109) tunnisteen identifioimassa formaatissa.The method of claim 16, wherein said first end (102) comprises a reader (109) and said user identity data (105b, 105c, 105e) is communicated to said reader (109) in a format identified by the identifier. 18. Kumman tahansa patenttivaatimuksen 16-17 mukainen menetelmä, jossa tunniste käsittää myös todentamisjärjestelmän ensimmäistä päätä koskevan tunnistusinformaation (102), jolloin - mainittu ensimmäisen pään tunnistusinformaatio luetaan (105a) mobiililaitteella, jolloin mobiililaite (101) viestittää (105b, 105c, 105e) mainitun ensimmäisen pään tunnistusinformaation ja mainitun käyttäjän identiteettidatan todentamisjärjestelmään, tai - jossa ensimmäinen pää (102) viestittää mainitun ensimmäisen pään tunnistusinformaation ja mainitun käyttäjän identiteettidatan todentamisjärjestelmään.The method of any one of claims 16 to 17, wherein the identifier also comprises identification information (102) for a first end of the authentication system, wherein - said first end identification information is read (105a) by a mobile device, wherein (105b, 105c, 105e) a first end authentication information and said user identity data authentication system, or - wherein the first end (102) communicates said first end authentication information and said user identity data authentication system. 19. Jonkin patenttivaatimuksen 16-18 mukainen menetelmä, jossa pyyntö käyttäjän identiteettidatan saamiseksi tunnisteen identifioimassa formaatissa lähetetään käyttäjän identiteettidatan hallintajärjestelmään mainitun tunnisteen lukemisen jälkeen mainitun vastaanottamiseksi; jolloin - mainittu käyttäjän identiteettidatan hallintajärjestelmä on mobiililaitteen ulkopuolinen järjestelmä, kuten ulkopuolinen palvelin- tai pilvijärjestelmä, joka vasteena pyyntöön viestittää mainitun käyttäjän identiteettidatan mobiililaitteeseen tunnisteen identifioimassa formaatissa, tai - käyttäjän identiteettidata tallennetaan etukäteen mobiililaitteen muistivälineeseen vähintään kahdessa eri formaatissa, jolloin käyttäjän identiteettidatan haluttu formaatti valitaan mobiililaitteeseen kuuluvan käyttäjän identiteettidatan hallintajärjestelmän toimesta tunnisteen identifioiman formaatti-informaation perusteella.The method of any one of claims 16-18, wherein a request for obtaining user identity data in a format identified by the identifier is transmitted to the user identity data management system after reading said identifier to receive said identity; wherein - said user identity data management system is a non-mobile system, such as an external server or cloud system, in response to a request for communicating said user identity data to the mobile device in an identifier identifiable format, or by the identity data management system of the belonging user based on the format information identified by the identifier. 20. Jonkin patenttivaatimuksen 16-19 mukainen menetelmä, jossa mobiililaite käsittää oman sovelluksen erityyppisille ensimmäisille päille, jolloin ensimmäisen pään tyyppiä vastaava sopiva sovellus valitaan joko manuaalisesti tai tunnisteesta luetun todentamisjärjestelmän ensimmäisen pään tunnistusinformaation perusteella.The method of any one of claims 16 to 19, wherein the mobile device comprises its own application for different types of first ends, wherein a suitable application corresponding to the first end type is selected either manually or based on identification information of the first end of the authentication system. 21. Jonkin patenttivaatimuksen 16-19 mukainen menetelmä, jossa ensimmäinen pää on rahajärjestelmä ja käyttäjän identiteettidata liittyy jäsenyys- tai asiakasuskollisuusdataan, jolloin mainittu lupa tiettyyn toimenpiteeseen on pääsy mainittua jäsenyys- tai asiakasuskollisuusdataa koskevaan bonus-, alennus- tai tilijärjestelyyn; tai jossa ensimmäinen pää on suljettuun järjestelmään pääsyä ohjaava kulunvalvontajärjestelmä ja jossa mainittu lupa tiettyyn toimenpiteeseen on lukitun portin käsittely todennuksen perusteella.The method of any one of claims 16 to 19, wherein the first end is a money system and the user identity data is associated with membership or loyalty data, wherein said permission for a particular operation is access to a bonus, discount or account arrangement for said membership or loyalty data; or wherein the first end is an access control system controlling access to the closed system and wherein said authorization for a particular operation is authenticated handling of the locked port. 22. Jonkin patenttivaatimuksen 16-21 mukainen menetelmä, jossa todentamisjärjestelmän ensimmäinen pää vastaanottaa mainitun käyttäjän identiteettidatan tunnisteen identifioimassa formaatissa suoraan mobiililaitteelta mainitun tunnisteen identifioimassa formaatissa, kuten 1 D-viivakoodi, mobiililaitteen näyttövälineen kautta viestitetty 2D-viivakoodiformaatti tai radioviestintäyhteyden kautta viestitetty radiokoodi kuten RFID- tai NFC-luettava koodi.The method of any one of claims 16 to 21, wherein the first end of the authentication system receives said user identity data in a format identifiable directly from a mobile device in a format identified by said identifier, such as a 1D barcode, a 2D barcode format communicated via a mobile device display device NFC-readable code. 23. Jonkin patenttivaatimuksen 16-22 mukainen menetelmä, jossa tunnisteen lukemisen jälkeen mobiililaitteeseen toimitetaan todentamisjärjestelmää tai ensimmäiseen päähän liittyvää muuta organisaatiota koskevaa yksilöityä dataa, kuten logo, mainos, tarjouksia tai jäsenyysinformaatiota, tai kartta- tai paikkainformaatiota koskien organisaatiota kuten yhdistyksiä tai liikkeiden muodostamaa yhteisöä tai ketjua.A method according to any one of claims 16 to 22, wherein, after reading the identifier, the mobile device is provided with unique identification data, such as a logo, advertisement, promotions or membership information, or map or location information related to an organization such as associations or movement community or chain. 24. Jonkin patenttivaatimuksen 16-23 mukainen menetelmä, jossa sovellus konfiguroidaan vastaanottamaan kyseessä olevan tunnistusjärjestelmän palveluntarjoajan palvelinjärjestelmästä push-viestejä, kuten tekstiä, kuvia, URL-linkkejä tai vastattavia kyselyjä.The method of any one of claims 16 to 23, wherein the application is configured to receive push messages such as text, images, URL links, or queries from the server system of the identification system in question. 25. Tietokoneohjelmatuote käyttäjän todentamiseksi mobiililaitteen sovelluksen kautta erilaisille tunnistusjärjestelmille, joissa on lukuvälineet käyttäjän identiteettidatan lukemiseksi, tunnettu siitä, että se käsittää ohjelmakoodivälineet tallennettuina tietokoneluettavalle välineelle, jotka koodivälineet on järjestetty suorittamaan kaikki patenttivaatimuksissa 17-24 määritellyn menetelmän vaiheet ajettaessa ohjelma tietokoneella.A computer program product for authenticating a user through an application of a mobile device to various identification systems having read means for reading user identity data, characterized in that it comprises program code means stored on a computer readable medium which code means are configured to perform all steps of the method defined in claims 17-24.
FI20145111A 2014-01-31 2014-01-31 Authentication system and method for user authentication FI125753B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
FI20145111A FI125753B (en) 2014-01-31 2014-01-31 Authentication system and method for user authentication
PCT/FI2015/050057 WO2015114215A1 (en) 2014-01-31 2015-01-29 Authentication system and method for authenticating a user

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20145111A FI125753B (en) 2014-01-31 2014-01-31 Authentication system and method for user authentication
FI20145111 2014-01-31

Publications (2)

Publication Number Publication Date
FI20145111A FI20145111A (en) 2015-08-01
FI125753B true FI125753B (en) 2016-02-15

Family

ID=53756265

Family Applications (1)

Application Number Title Priority Date Filing Date
FI20145111A FI125753B (en) 2014-01-31 2014-01-31 Authentication system and method for user authentication

Country Status (2)

Country Link
FI (1) FI125753B (en)
WO (1) WO2015114215A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6576129B2 (en) * 2015-07-06 2019-09-18 キヤノン株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM
GB2551794A (en) * 2016-06-30 2018-01-03 Vst Enterprises Ltd Authentication method & apparatus
WO2018165146A1 (en) 2017-03-06 2018-09-13 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090066509A1 (en) * 2007-09-07 2009-03-12 Nokia Corporation Uniform architecture for processing data from optical and radio frequency sensors
US20110137804A1 (en) * 2009-12-03 2011-06-09 Recursion Software, Inc. System and method for approving transactions
US20110251910A1 (en) * 2010-04-13 2011-10-13 James Dimmick Mobile Phone as a Switch
EP2378451B1 (en) * 2010-04-19 2018-07-04 Vodafone Holding GmbH User authentication in a tag-based service
WO2012106538A2 (en) * 2011-02-02 2012-08-09 Datalogic ADC, Inc. Information gathering and decoding using near field wireless communication
WO2013169926A1 (en) * 2012-05-08 2013-11-14 Visa International Service Association, Inc. System and method for authentication using payment protocol

Also Published As

Publication number Publication date
FI20145111A (en) 2015-08-01
WO2015114215A1 (en) 2015-08-06

Similar Documents

Publication Publication Date Title
US20190272532A1 (en) Systems, methods, and computer program products for providing a contactless protocol
EP2487629B1 (en) Secure smart poster
US8965800B2 (en) Systems, methods, and computer readable media for conducting an electronic transaction via a backend server system
US8061595B2 (en) Display device, data processing method and data processing system using the display device
US10504111B2 (en) Secure mobile device transactions
KR101807779B1 (en) Systems, methods and devices for transacting
US20150339652A1 (en) Method for controlling payment device for selecting payment means
KR101157541B1 (en) The system of issuing a p2p coupon and method thereof
CN106470049A (en) There is the NFC device of multiple safety elements
US20160012408A1 (en) Cloud-based mobile payment system
EP2631860A1 (en) Sending a 2D code via a hardware interface of a Pin-Pad
SE536589C2 (en) Secure two-party comparison transaction system
EP2887272B1 (en) Hybrid NFC and RFID passive contactless card
JP6016253B2 (en) Apparatus and method for generating unique ID of radio frequency card
FI125753B (en) Authentication system and method for user authentication
KR20070030231A (en) Method of choosing one of a multitude of data sets being registered with a device and corresponding device
KR20150069237A (en) Payment method and system using dynamic NFC tag
Kulkarni Near field communication (NFC) technology and its application
KR20120020804A (en) Method and system of payment, and mobile terminal thereof
KR20120105600A (en) Qr code for smart phone applications created using the system and its application to
EP2249300A1 (en) Method and system for providing universal access to a service amongst a plurality of services
Calvet The role of RFID in the mobile phone
Potgantwar et al. A Standalone RFID and NFC based Healthcare System.
KR20110041045A (en) Passport management system and method
US20190097803A1 (en) Encrypted reverse biometric token validation

Legal Events

Date Code Title Description
FG Patent granted

Ref document number: 125753

Country of ref document: FI

Kind code of ref document: B