FR3016455A1 - METHOD FOR IMPROVED USER IDENTIFICATION - Google Patents

Abstract

A method of identifying a user by comparing a code provided by said user with a previously registered personal code. Said code consists of a sequence consisting of a succession of syllables each formed by a single vowel and a single consonant character, of type X1Y1 X2Y2 XnYn, where n is an integer greater than 2 and where the terms X and Y are chosen one from a subset of vowels, the other from a subset of consonantal characters.

Description

FIELD OF THE INVENTION The present invention relates to the field of securing IT transactions. The invention connects in addition to existing systems or simply replaces the current authentication systems by providing more freedom to the consumer, strengthening its willingness to join the merchants offering this service while providing a high level of security. State of the art Transaction security generally comprises a verification operation of the legitimacy of the user wishing to use a service, by a process where the user declares an identity, by entering an identifier (name, pseudonym, address e-mail, identifier provided during registration to the service, ...) completed by the entry of a code (password, morphological print, physical support ...). If this code corresponds to the one previously registered in relation to the identifier, the user is considered legitimate and access to the service or transaction is authorized. Disadvantages of the Prior Art The solutions of the prior art are not totally satisfactory. Those based on code verification are vulnerable because user habits, and the desire to facilitate storage often lead to the choice of codes that are easy to guess. By imposing constraints (for example use of at least one digit, code not belonging to the words of the dictionaries, code generators the user is confronted with major mnemonic difficulties.

Moreover, only a small part of the combinatorial possibilities are exploited, which leads to unnecessarily long codes when one wants to be able to provide unique codes to a large population. Solutions based on morphological recognition require significant processing capabilities and are sensitive to morphological variations of the user. In addition, they prohibit any delegation of use of the service, because the morphological characteristics can not be transmitted to a third party to which the registered user would like to delegate his rights. Solutions based on the verification of a code recorded on a physical medium (memory card, are sensitive to the theft of the physical medium generally associated with a relatively simple validation code, and they involve the possession of a reader device). In order to remedy these drawbacks, the invention relates, according to its most general meaning, to a method of identifying a user by comparing a code supplied by said user with a personal code previously characterized in that said code is constituted by a sequence consisting of a succession of 30 syllables each formed by a single vowel and a single consonant character, of type) (y, X2Y2 ... XnYn, where n is an integer inclusive greater than 2 and where the terms X and Y are selected from one subset of vowels, the other from a subset of consonant characters.

Preferably, one of said subset comprises 4 characters, and the other of said subset comprises 2m characters, m being an integer between 2 and 4.

According to a preferred embodiment, - said subset of vowels consisting of vowels A, I, O, U, and - the subset of consonant characters being constituted by the characters B, D, F, G, H, K, L, M, N, P, R, S, T, V, X, Z, Y.

Advantageously, one of the consonant characters Xi, Xi, 1 is automatically replaced by the consonant character Z in the case of succession of two identical syllables. Preferably, n is between 3 and 6. According to a particular embodiment of the invention, the method comprises the following steps: capture of a code constituted by a sequence consisting of a succession of syllables formed each by a single vowel and a single consonant character, of type) (y, X2Y2 ... XnYn by a device making it possible to translate it into code that can be used by a machine, - transmission by a secure protocol of said translated code as well as by least one public identification element declared by the user, - comparison between the code registered at the address associated with the public identifier of the user and said translated code - sending an accreditation notification in case of According to another embodiment, the method comprises the following steps: capture of a code consisting of a sequence consisting of a succession of syllables each formed by a single vowel and a only consonant character, of the type X1Y1 X2Y2 ... XnYn by a device making it possible to translate it into a code that can be used by a machine, - transmission by a secure protocol of said translated code to a server comprising access to a database containing the records assigned codes, an identifier of each associated legitimate user and at least one personal attribute of said legitimate user, - searching among the stored codes of that corresponding to said translated code, and sending the attribute of the corresponding legitimate user audit code - the edition on the terminal of a representation of said attribute. The attribute is for example the photograph of the user, or a sequence comprising a personal question and the answer previously provided by the user or any other graphic, textual or audible information verifiable by the terminal operator seeking to confirm the identity of an unknown user. According to a first variant, said step of capturing the code is carried out using an alphanumeric character input means. According to a second variant, said step of capturing the code is carried out using a sound acquisition means associated with a voice recognition means. According to a particular embodiment, said voice recognition means comprises a software application for recognizing the speaker's native language or his preferred language, and recording an optimization parameter of the associated voice recognition means. to the public identifier of the user. DETAILED DESCRIPTION OF A NON-LIMITATIVE EMBODIMENT The invention is described according to a nonlimiting exemplary embodiment. It is implemented on a computer system comprising a "merchant" terminal comprising a computer 5 equipped in a known manner with a computer for executing computer programs, and peripherals such as a screen, a keyboard, a microphone, and finally an electronic card for establishing a link with a server according to a transport and communication protocol 10 via a web / internet type network. The hardware portion of the invention is consistent with what is customary to use for secure transactions. It may also consist of equipment dedicated to the implementation of the solutions proposed by the invention. The method according to the invention is a complement to the existing systems or purely and simply replaces the existing authentication systems by providing more freedom to the user, for example a consumer, by a strengthening of his willingness to join the 20 merchants offering this service while offering a high level of security. The invention is based on the fact that the human being has intrinsic abilities easily discernible. For example, consumers have faces recognizable by merchants (provided they have access to the original photo). The accumulation of presumption of identity thus makes the fraud difficult on the consumer side but also on the merchant side. To enhance security, it is necessary for the user, for example the customer, and the provider to mutually secure each other's identities. The encoding solution according to the invention A first important aspect of the invention relates to the structure of the code. This code is chosen by the user when registering for the service, respecting the structure specific to the invention. The respect of this structure can be constrained by a computer tool assisting the user during the step of choosing his code. The code can also be generated by an automaton producing one or more code proposals conforming by construction to the structure specific to the invention, the user selecting one of the codes proposed according to personal choices (for example, easier to memorize or evocation of a context that is familiar to him). The structure of the code is defined by a succession of syllables each formed of only two characters, one being obligatorily a vowel, the other being necessarily a consonant character. Some characters of the Roman alphabet are excluded to avoid sound ambiguities. This structure leads to codes that are easy to memorize because they have a "musical" form, and allow a great combinatorial richness for relatively short sequences. They are also independent of the language of the user. Since all codes have the same structure, the temptation to use overly vulnerable codes such as common words is avoided. No code is more or less vulnerable than another code, unlike alphanumeric codes where the user often tends to choose simple combinations for reasons of mnemonic ease. The code sequence is therefore of the type C1V1C2V2 ... Cyn, with C denoting a consonant character and V a vowel. The consonant characters are selected from a subset comprising 17 characters: B, D, F, G, H, K, L, M, N, P, R, S, T, V, X, Z, Y The character Y "is likened to a consonant in the proposed solution. The "Z" character is used to replace the second consonant character repeatedly appearing in two consecutive syllables, to facilitate memorization and pronunciation. The consonants C, Q, K, W and V as well as J, R and G are not used according to their phonetic ambiguities in certain languages. These 16 significant characters are encoded in a form interpretable by a 4-bit machine language, for example according to the following table of correspondence: BDFGHKLMNPRSTVXY 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 0 1 2 3 4 The coding in binary or hexadecimal is optimized for the invention. Vowels form a second subset of 4 characters, A, I, O, and U. The "E" character is not taken into account because of phonetic ambiguities in some languages. These 4 significant characters are coded in a form interpretable by a 2-bit machine language, for example according to the following correspondence table: AIOU 00 01 10 11 0 1 2 3 Each syllable is thus coded on a byte, with the last four bits coding the consonant character, the two preceding bits encoding the vowel, and two free bits that can for example be used for an error correction code.

A code consists of n syllables each corresponding to one of 64 combinations, and therefore sounds, possible (64 being the product of 16 possible consonant characters and 4 possible vowels). A code has a structure of LABOTU type, easily pronounceable and memorizable in all languages. The letters are not case-sensitive (upper or lower case letters are equivalent). Some codes with a repetition of two identical syllables may present difficulties of interpretation. To avoid this, the structure imposes that the consonant of rank i is always different from the consonant character of rank i-1 and rand i + 1. In case of identity, the second doubled consonant character 15 will be replaced by the character "Z". For example, "Pipi" will give "Pizi". With n = 3, that is, three-syllable codes, 242,144 different combinations can be produced. By comparison, prior art solutions of the PIN (personal identification number) type allow only 10,000 combinations with four numeric characters. With n = 6, it is possible to generate more than 64 billion combinations, with codes that remain easily memorizable and pronounceable, of the BARAKOBAMAMA type. A computer processing makes it possible to code and decode code according to the invention of the "human" code (of the "LABOTU" type) to code "Machine" and vice versa 30 The code can be entered from a keyboard, under its textual form. An audio module allows you to enter the code by voice. This module may include a "calibration" function of the speaker to analyze his language and his probable identity.

Implementation of the method The coding method according to the invention makes it possible to implement an identification and authentication service which is simple, secure and more user-friendly. Indeed the customer does not need any device or particular card to be recognized: it is the reign of the freedom but with technical means sure to reinforce the confidence.

An "A" merchant will only need a standard digital tablet loaded with the code processing application according to the invention. It will be able to register the customer free of charge, that is to say: - His image - His digital footprints - A secret code - A photograph or a scan of the identity card - A photograph or a scan of a bank card - His Voice fingerprints - Optionally, if the merchant has the device suitable for that, complementary biometric fingerprints.

The registration consists in generating a code presenting the aforementioned structure, and recording it on a server with the additional data corresponding to the same user. When the user wants to make a new transaction, he enters his code on a keyboard, tablet or voice. The equipment digitally codes the code and transmits it to the server. In return, the server transmits to the equipment the associated information recorded during registration. This information makes it possible to verify whether the user who provided the code 35 is legitimate and corresponds to the one who had proceeded with the registration. Similarly, the user can verify that the merchant is authorized to carry out a transaction, by the fact that he receives the relevant associated information.

Claims (4)

CLAIMS1 - A method of identifying a user by comparing a code provided by said user with a previously registered personal code, characterized in that said code is constituted by a sequence consisting of a succession of syllables each formed by a single vowel and a single consonant character, of type) (y, X2Y2 ... XnYn, where n is an integer greater than 2 10 and where the terms X and Y are chosen from one of a subset of vowels, another among a subset of consonant characters. 2 - A method of identification of a user by 15 according to claim 1 characterized in that one of said subset comprises 4 characters, and the other of said subset comprises 2m characters, m being an integer between 2 and 4. 20 3 - A method of identifying a user according to claim 1 or 2 characterized in that - said subset of vowels consisting of the vowels A, I, O, U, and - the subset of consonants being consisting of B, D, F, G, H, K, L, M, N, P, R, S, T, V, X, Z, Y. 4 - Identification method according to claim 3 characterized in that one of the characters consonant Xi, Xi, 1 is automatically replaced by the consonant character Z 30 in the case of succession of two identical syllables. - Identification method according to at least one of the preceding claims characterized in that n is between 3 and 6. 35-12- 6 - Identification method according to at least one of the preceding claims characterized in that it comprises the following steps: - Capture of a code consisting of a sequence consisting of a succession of syllables each formed by a single vowel and a single consonant character, X1Y1 type X2Y2 ... Xyn by a device to translate it in code that can be used by a machine, - transmission by a secure protocol of said code 10, as well as at least one public identification element declared by the user, - comparison between the code registered at the address associated with the public identifier of the user and said translated code 15 - sending an accreditation notification in case of a positive comparison. 7 - Identification method according to at least one of claims 1 to 3 characterized in that it comprises the following 20 steps: - Capture of a code consisting of a sequence consisting of a succession of syllables each formed by a single vowel and a single consonant character, of the X1Y1 X2Y2 ... Xyn type by a device making it possible to translate it into a code that can be used by a machine, - transmission by a secure protocol of said translated code to a server comprising access to a base data containing the assigned code records, an identifier of each associated legitimate user and at least a personal attribute of said legitimate user, - searching from the registered codes of that corresponding to said translated code, and sending the attribute of the legitimate user corresponding to said code - the edition on the terminal of a representation of said attribute.-13- 8 - Identification method according to claim 6 o u 7 characterized in that said step of capturing the code is performed using an alphanumeric character input means. 9 - Identification method according to claim 6 or 7 characterized in that said step of capturing the code is performed using a sound acquisition means associated with a voice recognition means. 10 - Identification method according to the preceding claim characterized in that said voice recognition means comprises a software application for recognizing the native language of the speaker or his preferred language, and record of an optimization parameter voice recognition means associated with the public identifier of the user.