GB2501069A - Authentication using coded images to derive an encrypted passcode - Google Patents
Authentication using coded images to derive an encrypted passcode Download PDFInfo
- Publication number
- GB2501069A GB2501069A GB201206036A GB201206036A GB2501069A GB 2501069 A GB2501069 A GB 2501069A GB 201206036 A GB201206036 A GB 201206036A GB 201206036 A GB201206036 A GB 201206036A GB 2501069 A GB2501069 A GB 2501069A
- Authority
- GB
- United Kingdom
- Prior art keywords
- authentication
- application
- passcode
- server
- smartphone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- User Interface Of Digital Computer (AREA)
- Telephone Function (AREA)
Abstract
A method for authentication or step-up authentication as part of a login process for a graphical or web-based application comprises a server component and a smartphone application ("app"). The server component generates a random challenge 1 which is displayed in a graphical form to the end user, encoded in a quick response code image. A compatible smartphone which has the smartphone application installed is used to scan the quick response code 2. The smartphone application generates a passcode 3 from the challenge using a unique key, which the user inputs into the form 4. At the same time, the server carries out the same passcode generation using the unique key, and compares the result to the input received from the user 5. A positive comparison results in successful authentication. The method is intended to minimise the impact of keylogging or man-in-the-middle attacks.
Description
QRyptoLogin This invention relates to a method for authentication or step-up authentication to login into a web-based or other graphical application using a OR Code and Smartphone.
When a computer user wants to login to a web based application it requires, in majority of cases, a username and password approach with no external methods for authentication.
However, the use of the conventional method for a computer user to login with a username and password leads to a number of security issues. If while a computer user is logging in someone is looking over their shoulder or recording from CCTV the username and password is compromised.
Furthermore, with the increase amount of malware and viruses there are programs which record computer user keystrokes without the computer user knowledge. This renders secure https sites to encrypt data giving the computer user the false impression that what they type is encrypted and secure. To overcome these issues, the present invention proposes an authentication system in which a server issues a random challenge in the form of a string of 32 random characters. This challenge is encoded in a Quick Response (OR) code image displayed on a web page or other graphical interface.
The client is a smartphone application which contains a key unique to the user and shared with the server. On scanning the OR code, the challenge is encrypted using the unique key and a mathematical digest is calculated, resulting in a 4-8 digit passcode which the user enters in the web page or graphical interface. On entering the generated passcode, the server performs a similar mathematical digest to check that the results match and, if matched, the authentication process is deemed successful.
The unique l28bit key is set on the smartphone during initial registration. The key is progressed each time the application is used, as follows: the current key is combined with the just-processed challenge to generate a next key in the sequence. In this way, even if the same challenge is issued the resulting passcode will be different.
The smartphone application is provided in versions for iphone, Android and Blackberry, but the algorithm is portable to any device with a camera and suitable processing capability.
The server application is written in Java and can reside on any platform that is able to support a J2EE-compliant server.
The invention is described with reference to the accompanied drawing in Figure 1, which shows an overview of the authentication process.
Claims (5)
- (Ia iins 1. An authentication application system which generates a unique shared key for a user when first registering to use the smartphone application that is only shared with the server application.
- 2. An authentication application system which according to claim 1, issues a random challenge in the form of a string of 32 to encode the challenge in a Quick Response (OR) code image displayed by the application server on a web page or other graphical interface, the image also includes the required length of the passcode.
- 3. An authentication application system according to claim 2, in which the smartphone application that contains a unique shared key scans the OR code and the mathematical algorithm in the smartphone application encrypts the key using the AES cipher and then performs a hashing function to generate a passcode of the required length, this is entered in the server application in web page or graphical interface.
- 4. An authentication application system according to claim 3, in which the smartphone application does not need to communicate with any network or server to successfully perform the passcode generation process.
- 5. An authentication application system according to claim 4, in which the identical encryption and hashing function is performed by the server application and compared to the entered passcode to identify and verify the user and if confirmed the user is successfully authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB201206036A GB2501069A (en) | 2012-04-04 | 2012-04-04 | Authentication using coded images to derive an encrypted passcode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB201206036A GB2501069A (en) | 2012-04-04 | 2012-04-04 | Authentication using coded images to derive an encrypted passcode |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201206036D0 GB201206036D0 (en) | 2012-05-16 |
GB2501069A true GB2501069A (en) | 2013-10-16 |
Family
ID=46160324
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB201206036A Withdrawn GB2501069A (en) | 2012-04-04 | 2012-04-04 | Authentication using coded images to derive an encrypted passcode |
Country Status (1)
Country | Link |
---|---|
GB (1) | GB2501069A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2509045A (en) * | 2012-07-26 | 2014-06-25 | Highgate Labs Ltd | Generating a device identifier by receiving a token from a server, signing a request including the token with a private key and verifying the request |
CN104618401A (en) * | 2015-03-10 | 2015-05-13 | 四川省宁潮科技有限公司 | Real-name system-based wifi one-key logging method |
US9990489B2 (en) | 2014-02-21 | 2018-06-05 | Liveensure, Inc. | System and method for peer to peer mobile contextual authentication |
CN108667813A (en) * | 2018-04-18 | 2018-10-16 | 珠海横琴盛达兆业科技投资有限公司 | Net system method in a kind of login based on small routine |
CN108694429A (en) * | 2018-05-11 | 2018-10-23 | 张玉 | A kind of generation method of Quick Response Code and recognition methods |
US10251057B2 (en) | 2016-08-29 | 2019-04-02 | International Business Machines Corporation | Authentication for device connection using visible patterns |
GB2597675A (en) * | 2020-07-29 | 2022-02-09 | Canon Europa Nv | Mobile app login and device registration |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009056897A1 (en) * | 2007-10-30 | 2009-05-07 | Telecom Italia S.P.A | Method of authentication of users in data processing systems |
US7578436B1 (en) * | 2004-11-08 | 2009-08-25 | Pisafe, Inc. | Method and apparatus for providing secure document distribution |
-
2012
- 2012-04-04 GB GB201206036A patent/GB2501069A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7578436B1 (en) * | 2004-11-08 | 2009-08-25 | Pisafe, Inc. | Method and apparatus for providing secure document distribution |
WO2009056897A1 (en) * | 2007-10-30 | 2009-05-07 | Telecom Italia S.P.A | Method of authentication of users in data processing systems |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2509045A (en) * | 2012-07-26 | 2014-06-25 | Highgate Labs Ltd | Generating a device identifier by receiving a token from a server, signing a request including the token with a private key and verifying the request |
US9990489B2 (en) | 2014-02-21 | 2018-06-05 | Liveensure, Inc. | System and method for peer to peer mobile contextual authentication |
CN104618401A (en) * | 2015-03-10 | 2015-05-13 | 四川省宁潮科技有限公司 | Real-name system-based wifi one-key logging method |
US10251057B2 (en) | 2016-08-29 | 2019-04-02 | International Business Machines Corporation | Authentication for device connection using visible patterns |
CN108667813A (en) * | 2018-04-18 | 2018-10-16 | 珠海横琴盛达兆业科技投资有限公司 | Net system method in a kind of login based on small routine |
CN108694429A (en) * | 2018-05-11 | 2018-10-23 | 张玉 | A kind of generation method of Quick Response Code and recognition methods |
CN108694429B (en) * | 2018-05-11 | 2021-03-02 | 张玉 | Two-dimensional code generation method and identification method |
GB2597675A (en) * | 2020-07-29 | 2022-02-09 | Canon Europa Nv | Mobile app login and device registration |
GB2597675B (en) * | 2020-07-29 | 2022-10-05 | Canon Europa Nv | Mobile app login and device registration |
Also Published As
Publication number | Publication date |
---|---|
GB201206036D0 (en) | 2012-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021202620B2 (en) | Method of using one device to unlock another device | |
US10348715B2 (en) | Computer-implemented systems and methods of device based, internet-centric, authentication | |
US9378352B2 (en) | Barcode authentication for resource requests | |
US10645577B2 (en) | Enhanced secure provisioning for hotspots | |
US10516536B2 (en) | Method and apparatus for logging into medical devices | |
US8156333B2 (en) | Username based authentication security | |
US9338164B1 (en) | Two-way authentication using two-dimensional codes | |
JP6399382B2 (en) | Authentication system | |
US20160205098A1 (en) | Identity verifying method, apparatus and system, and related devices | |
GB2501069A (en) | Authentication using coded images to derive an encrypted passcode | |
US11544365B2 (en) | Authentication system using a visual representation of an authentication challenge | |
US20170085561A1 (en) | Key storage device and method for using same | |
US20180062863A1 (en) | Method and system for facilitating authentication | |
WO2014146446A1 (en) | Method, client and system of identity authentication | |
JP2013509840A (en) | User authentication method and system | |
US9942042B1 (en) | Key containers for securely asserting user authentication | |
US10798068B2 (en) | Wireless information passing and authentication | |
CN104202163A (en) | Password system based on mobile terminal | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
CN105141629A (en) | Method for improving network security of public Wi-Fi based on WPA/WPA2 PSK multiple passwords | |
CN106953731B (en) | Authentication method and system for terminal administrator | |
WO2017029708A1 (en) | Personal authentication system | |
JP2013134530A (en) | Authentication system, authentication method, and authentication program | |
WO2018033016A1 (en) | Method and system for authorizing conversion of terminal state | |
KR101535980B1 (en) | Password security system for providing input of random characters and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |