GB2551794A - Authentication method & apparatus - Google Patents

Authentication method & apparatus Download PDF

Info

Publication number
GB2551794A
GB2551794A GB1611407.6A GB201611407A GB2551794A GB 2551794 A GB2551794 A GB 2551794A GB 201611407 A GB201611407 A GB 201611407A GB 2551794 A GB2551794 A GB 2551794A
Authority
GB
United Kingdom
Prior art keywords
user
code
permission
data
string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1611407.6A
Other versions
GB201611407D0 (en
Inventor
Davis Louis-James
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vst Enterprises Ltd
Original Assignee
Vst Enterprises Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vst Enterprises Ltd filed Critical Vst Enterprises Ltd
Priority to GB1611407.6A priority Critical patent/GB2551794A/en
Publication of GB201611407D0 publication Critical patent/GB201611407D0/en
Priority to PCT/GB2017/051897 priority patent/WO2018002621A1/en
Publication of GB2551794A publication Critical patent/GB2551794A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G1/00Traffic control systems for road vehicles
    • G08G1/01Detecting movement of traffic to be counted or controlled
    • G08G1/017Detecting movement of traffic to be counted or controlled identifying vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method of authenticating a user to determine if they have permission to use a device comprises the steps of: storing at a server a unique code string identifying the device, and a user credential; generating a first data string by machine reading a code symbol on the device representing the unique code string; generating a second data string by machine reading biometric data credentials from the user; transmitting the first and second data strings to the server; establishing the identity of the device for which permission is sought from the first data string; establishing whether the user has permission to use the device from the second data string; generating an authorisation code at the server if the user is authenticated as having permission, and transmitting the authorisation code to the device to activate it for use by the user. The machine reader may be a mobile phone. The unique codes may be created by a random number generator and encoded by an encryption algorithm into a code symbol. The code symbol may be a light pattern, a sound sequence or a visual symbol. The device may be a vehicle, which is only operable after receipt of the authorisation code.

Description

(54) Title of the Invention: Authentication method & apparatus Abstract Title: Method of authenticating a user (57) A method of authenticating a user to determine if they have permission to use a device comprises the steps of: storing at a server a unique code string identifying the device, and a user credential; generating a first data string by machine reading a code symbol on the device representing the unique code string; generating a second data string by machine reading biometric data credentials from the user; transmitting the first and second data strings to the server; establishing the identity of the device for which permission is sought from the first data string; establishing whether the user has permission to use the device from the second data string; generating an authorisation code at the server if the user is authenticated as having permission, and transmitting the authorisation code to the device to activate it for use by the user. The machine reader may be a mobile phone. The unique codes may be created by a random number generator and encoded by an encryption algorithm into a code symbol. The code symbol may be a light pattern, a sound sequence or a visual symbol. The device may be a vehicle, which is only operable after receipt of the authorisation code.
Figure GB2551794A_D0001
At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
1/5
08 17
Figure GB2551794A_D0002
Fig. 1
2/5
08 17
Figure GB2551794A_D0003
3/5
08 17
Figure GB2551794A_D0004
ο co
CM
Fig. 3
4/5
Figure GB2551794A_D0005
Fig. 4
5/5
08 17
Figure GB2551794A_D0006
Fig. 5
AUTHENTICATION METHOD & APPARATUS
The present invention relates to a method and apparatus for authentication.
Typically, authentication for access to a particular situation, such as the use of a computer, phone or service (such as social media sites, for example) is conducted by the use of a user name and a password. The username is usually not secret, though it will inevitably assist the security of access if the username is kept secret. The password is, however, habitually kept secret. Such authentication methods do not per se, however, provide any further capacity to control or audit access.
The present invention provides an alternative.
Embodiments of the present invention will now be described, by way of example, and with reference to the accompanying drawings, in which:
Fig. 1 illustrates the generation of a code symbol; and
Figs. 2 to 5 illustrate a scenario of authentication according to an embodiment of the present invention;
Description of embodiments of the present invention will be most suitably made by reference to a sequence of drawings illustrating a scenario. Referring to Fig. 1, one element or ‘tool’ of relevance to embodiments of the present invention is a code format which provides sufficient address space to enable, for all practical purposes, an unlimited number of different codes to be generated. One embodiment of such a code format is based upon a 14 character hexadecimal number Hn. This provides an address space with around 2χ 1018 different numbers. Codes are generated using a random number generator 500. Once the number Hn has been generated, it is then encoded by a processor 502 running a dedicated algorithm into an indicium 504. Encoding the number Hn into an indicium serves a number of purposes. First, where the encoding algorithm is not made public, it performs an encryption function, since the value Hn of the number cannot be parsed from the indicium without the algorithm. Secondly, encoding a number into an indicium then provides a means by which the number may more readily and robustly be machine readable or assimilable, to enable rapid transfer between parties and transmitted across networks. The indicium may take any form that enables encryption and representation of a code number of the requisite format and so may be a light pattern (varying, over time, for example), a sound sequence or a visual symbol. In the present embodiment a visual symbol V is adopted in which the presence of black marks upon the white pathways represent the values of the 14 characters in the code Hn. The code Hn may be retrieved from the symbol 504 by scanning the symbol 504 with a scanning device 506 that then sends digitised data to the processor 502 which runs the algorithm then to generate the number Hn from that scanned data.
Embodiments of the invention are thus predicated firstly upon the premise that the visual representation of the code string Hn provides robust encryption; and secondly upon the presence and probity of a Trusted Administrator for the code. The Trusted Administrator will store values against the code Hn that permit it to provide trusted authority for the performance of an activity based upon the provision to the Trusted Authority of a code Hn and, for example, suitable credentials.
Referring to Fig. 2 one such scenario will now be described with reference to a heavy plant machine 200. Such machines are frequently left on site overnight because it is financially impractical not to do so. The machine 200 has a unique code Hn. Hn is encoded into a visual symbol 202 which is located upon the dashboard of the machine 200. The ignition of the machine, schematically illustrated by key 210, is configured to required the provision of an authorisation code AuthCode received, for example, over the mobile telephone network via a GPRS module 220 and then converted into a suitable data format via a processor 230 predicated upon the presence of a Trusted Administrator of code.
Referring additionally to Fig. 3, the authorisation code is held on a server 300 which is accessible via the URL http://www.administrationoftrustedcode.fake. The server holds a database of interrelational tables, some of which are schematically illustrated in Fig. 4. A first table, T1, holds code values of Hn against a UserlD, in this example XYZXYZ. The UserlD may be related to the owner or operator of the machine 200, for example, so that it may be that although several different machines each have a unique code Hn they are all mapped to a single UserlD on the trusted server 300. A second table T2 maps a given UserlD - here XYZXYZ - to credentials. In the illustrated example the UserlD XYZXYZ maps to the credential #*“**; it may also map to other credentials. In the present example, the credential ****** is derived from biometric data ***** such as a thumbprint, which is then stored in T2 after salting and hashing to protect against compromise of the security of the server 300 as ******
Referring to Fig. 3, when a user wishes to use the machine 200, the user first scans the code symbol 202 using a mobile telephone 250. The telephone may simply digitise the symbol 202 or translate it into an encrypted version of the code number Hn. In the former scenario the digitised symbol is returned to the server 300 as a data string and translated into Hn on the server 300; in the latter scenario an encrypted version of Hn is transmitted by the phone 250 to the server 300. The phone is then used to acquire the biometric data forming the authentication credentials. In the present embodiment the thumbprint 260 is scanned using the phone 250 and then digitised by it into the data ***** is then encrypted to the string {*****}. The digitised thumbprint {*****} and code number Hn are then sent to the server 300, forming an authorisation request for use of the machine 200 and, therefore the return of AuthCode to enable the machine ignition 210 to operate. In the present example they are sent together but can be sent separately with a suitable associating label enabling them to be paired at the server 300.
The server 300 then uses the table T1 to retrieve the UserlD XYZXYZ corresponding to the code Hn; and table T2 to map UserlD XYZXYZ to the Credentials which will trigger the issue of the authorisation code AuthCode to enable the machine 200 ignition 210. The encrypted biometric data {*****} is then decrypted and used, together with the salted and hashed stored biometric data ******* to establish the authenticity of the request for the issue of the authorisation code.
Referring to Fig. 5, upon establishing that the authorisation request is authentic, the server 300 then issues AuthCode to the machine via the mobile telephone network which, upon processing by the processor 220, causes the ignition 210 to become live and therefore actuable.
In a first modification, actuation of the ignition 210 is limited to a period of time after receipt of AuthCode, say 30 seconds. Alternatively or additionally, the AuthCode may merely be conditional that the ignition can occur upon the provision of some further data, such as the biometric data 260 used to require the authorisation code.
In yet a further modification, instead of biometric data for the provision of the Credentials, a further code Hn+i which identifies an authorised user, together with geolocation data may be used to trigger the release of AuthCode. Where geolocation data is used, this will typically be a data log of recent geolocation data received in connection with transactions conducted in connection with the code Hn+i. Thus, if it becomes unlikely that, having regard to recent transactions, the user of code Hn+1 could occupy the geolocation of the machine 200 at the time the authorisation request is sent, it will be refused.
In yet a further embodiment, biometric data is stored associated with the code Hn+1 and both are sent as part of the authorisation request, which is issued upon both the biometric data and Hn+1 relating to each other and the UserlD of Hn+1 having the necessary validation permissions for ignition of the machine 200.

Claims (4)

1. A method of authenticating a user for the provision of permission to user an artefact comprising the steps of:
5 storing, at a server:
a) , a unique code string identifying the artefact, and
b) . a user credential for the performance of the act in relation to the artefact;
machine reading a code symbol displayed on the artefact and which represents the unique code string to generate a first data string;
10 generating a second data string by machine reading biometric data credentials from the user;
transmitting the first and second data strings to the server;
establishing, on the basis of the first data string, the identity of the artefact in connection with which the permission is sought;
15 establishing, on the basis of the second data string, whether the biometric data credentials authenticate the user as having the permission;
in the event that the user is authenticated as having the permission, generating an authorisation code and transmitting the authorisation code to the artefact to activate the artefact for use by the user.
Intellectual
Property
Office
Application No: GB1611407.6 Examiner: Mr Robert Alexander
GB1611407.6A 2016-06-30 2016-06-30 Authentication method & apparatus Withdrawn GB2551794A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1611407.6A GB2551794A (en) 2016-06-30 2016-06-30 Authentication method & apparatus
PCT/GB2017/051897 WO2018002621A1 (en) 2016-06-30 2017-06-29 Authentication method & apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1611407.6A GB2551794A (en) 2016-06-30 2016-06-30 Authentication method & apparatus

Publications (2)

Publication Number Publication Date
GB201611407D0 GB201611407D0 (en) 2016-08-17
GB2551794A true GB2551794A (en) 2018-01-03

Family

ID=56891428

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1611407.6A Withdrawn GB2551794A (en) 2016-06-30 2016-06-30 Authentication method & apparatus

Country Status (2)

Country Link
GB (1) GB2551794A (en)
WO (1) WO2018002621A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3767917A1 (en) * 2019-07-18 2021-01-20 In-Idt System for identifying an individual

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090324025A1 (en) * 2008-04-15 2009-12-31 Sony Ericsson Mobile Communicatoins AB Physical Access Control Using Dynamic Inputs from a Portable Communications Device
GB2489332A (en) * 2010-11-25 2012-09-26 Richard H Harris Handling encoded information and identifying user
US20140337221A1 (en) * 2013-05-13 2014-11-13 Hoyos Labs Corp. Systems and methods for biometric authentication of financial transactions
US20140375422A1 (en) * 2013-06-20 2014-12-25 Parakeet, Llc Technologies and methods for security access
WO2015114215A1 (en) * 2014-01-31 2015-08-06 Idcontrol Oy Authentication system and method for authenticating a user

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8768565B2 (en) * 2012-05-23 2014-07-01 Enterprise Holdings, Inc. Rental/car-share vehicle access and management system and method
DE102012012565A1 (en) * 2012-06-23 2013-12-24 Audi Ag Method for entering identification data of a vehicle in a user database of an Internet server device
US10831859B2 (en) * 2012-11-07 2020-11-10 Ford Global Technologies, Llc Hardware and controls for personal vehicle rental
US20150221140A1 (en) * 2014-02-04 2015-08-06 Gilbert Eid Parking and tollgate payment processing based on vehicle remote identification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090324025A1 (en) * 2008-04-15 2009-12-31 Sony Ericsson Mobile Communicatoins AB Physical Access Control Using Dynamic Inputs from a Portable Communications Device
GB2489332A (en) * 2010-11-25 2012-09-26 Richard H Harris Handling encoded information and identifying user
US20140337221A1 (en) * 2013-05-13 2014-11-13 Hoyos Labs Corp. Systems and methods for biometric authentication of financial transactions
US20140375422A1 (en) * 2013-06-20 2014-12-25 Parakeet, Llc Technologies and methods for security access
WO2015114215A1 (en) * 2014-01-31 2015-08-06 Idcontrol Oy Authentication system and method for authenticating a user

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3767917A1 (en) * 2019-07-18 2021-01-20 In-Idt System for identifying an individual
FR3098948A1 (en) * 2019-07-18 2021-01-22 In-Idt Identification system for an individual.

Also Published As

Publication number Publication date
WO2018002621A1 (en) 2018-01-04
GB201611407D0 (en) 2016-08-17

Similar Documents

Publication Publication Date Title
US9646161B2 (en) Relational database fingerprinting method and system
US8756416B2 (en) Checking revocation status of a biometric reference template
US7069440B2 (en) Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
CN102217277B (en) Method and system for token-based authentication
CN109688133B (en) Communication method based on account login free
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN108347428B (en) Registration system, method and device of application program based on block chain
CN108965222B (en) Identity authentication method, system and computer readable storage medium
CN104270338A (en) A method and system of electronic identity registration and authentication login
CN1423206A (en) Safty printing using secrete key after being checked
EP1832036A2 (en) Method and device for key generation and proving authenticity
CN105074721A (en) Method for signing electronic documents with an analog-digital signature with additional verification
JP2003229851A (en) Assignment of user certificate/private key in token enabled public key infrastructure system
CN101321064A (en) Information system access control method and apparatus based on digital certificate technique
CN104767616A (en) Message processing method, system and related device
CN105978994A (en) Web system oriented logging-in method
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
CN110188545B (en) Data encryption method and device based on chained database
JP3704681B2 (en) System and method for placing a digital certificate on a hardware token
WO2020183250A1 (en) A system for generation and verification of identity and a method thereof
CN111770081B (en) Role authentication-based big data confidential file access method
GB2457491A (en) Identifying a remote network user having a password
GB2551794A (en) Authentication method & apparatus
CN110807210A (en) Information processing method, platform, system and computer storage medium
Habibu et al. Developing an algorithm for securing the biometric data template in the database

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)