GB2551794A - Authentication method & apparatus - Google Patents
Authentication method & apparatus Download PDFInfo
- Publication number
- GB2551794A GB2551794A GB1611407.6A GB201611407A GB2551794A GB 2551794 A GB2551794 A GB 2551794A GB 201611407 A GB201611407 A GB 201611407A GB 2551794 A GB2551794 A GB 2551794A
- Authority
- GB
- United Kingdom
- Prior art keywords
- user
- code
- permission
- data
- string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G08—SIGNALLING
- G08G—TRAFFIC CONTROL SYSTEMS
- G08G1/00—Traffic control systems for road vehicles
- G08G1/01—Detecting movement of traffic to be counted or controlled
- G08G1/017—Detecting movement of traffic to be counted or controlled identifying vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
Abstract
A method of authenticating a user to determine if they have permission to use a device comprises the steps of: storing at a server a unique code string identifying the device, and a user credential; generating a first data string by machine reading a code symbol on the device representing the unique code string; generating a second data string by machine reading biometric data credentials from the user; transmitting the first and second data strings to the server; establishing the identity of the device for which permission is sought from the first data string; establishing whether the user has permission to use the device from the second data string; generating an authorisation code at the server if the user is authenticated as having permission, and transmitting the authorisation code to the device to activate it for use by the user. The machine reader may be a mobile phone. The unique codes may be created by a random number generator and encoded by an encryption algorithm into a code symbol. The code symbol may be a light pattern, a sound sequence or a visual symbol. The device may be a vehicle, which is only operable after receipt of the authorisation code.
Description
(54) Title of the Invention: Authentication method & apparatus Abstract Title: Method of authenticating a user (57) A method of authenticating a user to determine if they have permission to use a device comprises the steps of: storing at a server a unique code string identifying the device, and a user credential; generating a first data string by machine reading a code symbol on the device representing the unique code string; generating a second data string by machine reading biometric data credentials from the user; transmitting the first and second data strings to the server; establishing the identity of the device for which permission is sought from the first data string; establishing whether the user has permission to use the device from the second data string; generating an authorisation code at the server if the user is authenticated as having permission, and transmitting the authorisation code to the device to activate it for use by the user. The machine reader may be a mobile phone. The unique codes may be created by a random number generator and encoded by an encryption algorithm into a code symbol. The code symbol may be a light pattern, a sound sequence or a visual symbol. The device may be a vehicle, which is only operable after receipt of the authorisation code.
At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy.
1/5
08 17
Fig. 1
2/5
08 17
3/5
08 17
ο co
CM
Fig. 3
4/5
Fig. 4
5/5
08 17
Fig. 5
AUTHENTICATION METHOD & APPARATUS
The present invention relates to a method and apparatus for authentication.
Typically, authentication for access to a particular situation, such as the use of a computer, phone or service (such as social media sites, for example) is conducted by the use of a user name and a password. The username is usually not secret, though it will inevitably assist the security of access if the username is kept secret. The password is, however, habitually kept secret. Such authentication methods do not per se, however, provide any further capacity to control or audit access.
The present invention provides an alternative.
Embodiments of the present invention will now be described, by way of example, and with reference to the accompanying drawings, in which:
Fig. 1 illustrates the generation of a code symbol; and
Figs. 2 to 5 illustrate a scenario of authentication according to an embodiment of the present invention;
Description of embodiments of the present invention will be most suitably made by reference to a sequence of drawings illustrating a scenario. Referring to Fig. 1, one element or ‘tool’ of relevance to embodiments of the present invention is a code format which provides sufficient address space to enable, for all practical purposes, an unlimited number of different codes to be generated. One embodiment of such a code format is based upon a 14 character hexadecimal number Hn. This provides an address space with around 2χ 1018 different numbers. Codes are generated using a random number generator 500. Once the number Hn has been generated, it is then encoded by a processor 502 running a dedicated algorithm into an indicium 504. Encoding the number Hn into an indicium serves a number of purposes. First, where the encoding algorithm is not made public, it performs an encryption function, since the value Hn of the number cannot be parsed from the indicium without the algorithm. Secondly, encoding a number into an indicium then provides a means by which the number may more readily and robustly be machine readable or assimilable, to enable rapid transfer between parties and transmitted across networks. The indicium may take any form that enables encryption and representation of a code number of the requisite format and so may be a light pattern (varying, over time, for example), a sound sequence or a visual symbol. In the present embodiment a visual symbol V is adopted in which the presence of black marks upon the white pathways represent the values of the 14 characters in the code Hn. The code Hn may be retrieved from the symbol 504 by scanning the symbol 504 with a scanning device 506 that then sends digitised data to the processor 502 which runs the algorithm then to generate the number Hn from that scanned data.
Embodiments of the invention are thus predicated firstly upon the premise that the visual representation of the code string Hn provides robust encryption; and secondly upon the presence and probity of a Trusted Administrator for the code. The Trusted Administrator will store values against the code Hn that permit it to provide trusted authority for the performance of an activity based upon the provision to the Trusted Authority of a code Hn and, for example, suitable credentials.
Referring to Fig. 2 one such scenario will now be described with reference to a heavy plant machine 200. Such machines are frequently left on site overnight because it is financially impractical not to do so. The machine 200 has a unique code Hn. Hn is encoded into a visual symbol 202 which is located upon the dashboard of the machine 200. The ignition of the machine, schematically illustrated by key 210, is configured to required the provision of an authorisation code AuthCode received, for example, over the mobile telephone network via a GPRS module 220 and then converted into a suitable data format via a processor 230 predicated upon the presence of a Trusted Administrator of code.
Referring additionally to Fig. 3, the authorisation code is held on a server 300 which is accessible via the URL http://www.administrationoftrustedcode.fake. The server holds a database of interrelational tables, some of which are schematically illustrated in Fig. 4. A first table, T1, holds code values of Hn against a UserlD, in this example XYZXYZ. The UserlD may be related to the owner or operator of the machine 200, for example, so that it may be that although several different machines each have a unique code Hn they are all mapped to a single UserlD on the trusted server 300. A second table T2 maps a given UserlD - here XYZXYZ - to credentials. In the illustrated example the UserlD XYZXYZ maps to the credential #*“**; it may also map to other credentials. In the present example, the credential ****** is derived from biometric data ***** such as a thumbprint, which is then stored in T2 after salting and hashing to protect against compromise of the security of the server 300 as ******
Referring to Fig. 3, when a user wishes to use the machine 200, the user first scans the code symbol 202 using a mobile telephone 250. The telephone may simply digitise the symbol 202 or translate it into an encrypted version of the code number Hn. In the former scenario the digitised symbol is returned to the server 300 as a data string and translated into Hn on the server 300; in the latter scenario an encrypted version of Hn is transmitted by the phone 250 to the server 300. The phone is then used to acquire the biometric data forming the authentication credentials. In the present embodiment the thumbprint 260 is scanned using the phone 250 and then digitised by it into the data ***** is then encrypted to the string {*****}. The digitised thumbprint {*****} and code number Hn are then sent to the server 300, forming an authorisation request for use of the machine 200 and, therefore the return of AuthCode to enable the machine ignition 210 to operate. In the present example they are sent together but can be sent separately with a suitable associating label enabling them to be paired at the server 300.
The server 300 then uses the table T1 to retrieve the UserlD XYZXYZ corresponding to the code Hn; and table T2 to map UserlD XYZXYZ to the Credentials which will trigger the issue of the authorisation code AuthCode to enable the machine 200 ignition 210. The encrypted biometric data {*****} is then decrypted and used, together with the salted and hashed stored biometric data ******* to establish the authenticity of the request for the issue of the authorisation code.
Referring to Fig. 5, upon establishing that the authorisation request is authentic, the server 300 then issues AuthCode to the machine via the mobile telephone network which, upon processing by the processor 220, causes the ignition 210 to become live and therefore actuable.
In a first modification, actuation of the ignition 210 is limited to a period of time after receipt of AuthCode, say 30 seconds. Alternatively or additionally, the AuthCode may merely be conditional that the ignition can occur upon the provision of some further data, such as the biometric data 260 used to require the authorisation code.
In yet a further modification, instead of biometric data for the provision of the Credentials, a further code Hn+i which identifies an authorised user, together with geolocation data may be used to trigger the release of AuthCode. Where geolocation data is used, this will typically be a data log of recent geolocation data received in connection with transactions conducted in connection with the code Hn+i. Thus, if it becomes unlikely that, having regard to recent transactions, the user of code Hn+1 could occupy the geolocation of the machine 200 at the time the authorisation request is sent, it will be refused.
In yet a further embodiment, biometric data is stored associated with the code Hn+1 and both are sent as part of the authorisation request, which is issued upon both the biometric data and Hn+1 relating to each other and the UserlD of Hn+1 having the necessary validation permissions for ignition of the machine 200.
Claims (4)
1. A method of authenticating a user for the provision of permission to user an artefact comprising the steps of:
5 storing, at a server:
a) , a unique code string identifying the artefact, and
b) . a user credential for the performance of the act in relation to the artefact;
machine reading a code symbol displayed on the artefact and which represents the unique code string to generate a first data string;
10 generating a second data string by machine reading biometric data credentials from the user;
transmitting the first and second data strings to the server;
establishing, on the basis of the first data string, the identity of the artefact in connection with which the permission is sought;
15 establishing, on the basis of the second data string, whether the biometric data credentials authenticate the user as having the permission;
in the event that the user is authenticated as having the permission, generating an authorisation code and transmitting the authorisation code to the artefact to activate the artefact for use by the user.
Intellectual
Property
Office
Application No: GB1611407.6 Examiner: Mr Robert Alexander
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1611407.6A GB2551794A (en) | 2016-06-30 | 2016-06-30 | Authentication method & apparatus |
PCT/GB2017/051897 WO2018002621A1 (en) | 2016-06-30 | 2017-06-29 | Authentication method & apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1611407.6A GB2551794A (en) | 2016-06-30 | 2016-06-30 | Authentication method & apparatus |
Publications (2)
Publication Number | Publication Date |
---|---|
GB201611407D0 GB201611407D0 (en) | 2016-08-17 |
GB2551794A true GB2551794A (en) | 2018-01-03 |
Family
ID=56891428
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1611407.6A Withdrawn GB2551794A (en) | 2016-06-30 | 2016-06-30 | Authentication method & apparatus |
Country Status (2)
Country | Link |
---|---|
GB (1) | GB2551794A (en) |
WO (1) | WO2018002621A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3767917A1 (en) * | 2019-07-18 | 2021-01-20 | In-Idt | System for identifying an individual |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090324025A1 (en) * | 2008-04-15 | 2009-12-31 | Sony Ericsson Mobile Communicatoins AB | Physical Access Control Using Dynamic Inputs from a Portable Communications Device |
GB2489332A (en) * | 2010-11-25 | 2012-09-26 | Richard H Harris | Handling encoded information and identifying user |
US20140337221A1 (en) * | 2013-05-13 | 2014-11-13 | Hoyos Labs Corp. | Systems and methods for biometric authentication of financial transactions |
US20140375422A1 (en) * | 2013-06-20 | 2014-12-25 | Parakeet, Llc | Technologies and methods for security access |
WO2015114215A1 (en) * | 2014-01-31 | 2015-08-06 | Idcontrol Oy | Authentication system and method for authenticating a user |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8768565B2 (en) * | 2012-05-23 | 2014-07-01 | Enterprise Holdings, Inc. | Rental/car-share vehicle access and management system and method |
DE102012012565A1 (en) * | 2012-06-23 | 2013-12-24 | Audi Ag | Method for entering identification data of a vehicle in a user database of an Internet server device |
US10831859B2 (en) * | 2012-11-07 | 2020-11-10 | Ford Global Technologies, Llc | Hardware and controls for personal vehicle rental |
US20150221140A1 (en) * | 2014-02-04 | 2015-08-06 | Gilbert Eid | Parking and tollgate payment processing based on vehicle remote identification |
-
2016
- 2016-06-30 GB GB1611407.6A patent/GB2551794A/en not_active Withdrawn
-
2017
- 2017-06-29 WO PCT/GB2017/051897 patent/WO2018002621A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090324025A1 (en) * | 2008-04-15 | 2009-12-31 | Sony Ericsson Mobile Communicatoins AB | Physical Access Control Using Dynamic Inputs from a Portable Communications Device |
GB2489332A (en) * | 2010-11-25 | 2012-09-26 | Richard H Harris | Handling encoded information and identifying user |
US20140337221A1 (en) * | 2013-05-13 | 2014-11-13 | Hoyos Labs Corp. | Systems and methods for biometric authentication of financial transactions |
US20140375422A1 (en) * | 2013-06-20 | 2014-12-25 | Parakeet, Llc | Technologies and methods for security access |
WO2015114215A1 (en) * | 2014-01-31 | 2015-08-06 | Idcontrol Oy | Authentication system and method for authenticating a user |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3767917A1 (en) * | 2019-07-18 | 2021-01-20 | In-Idt | System for identifying an individual |
FR3098948A1 (en) * | 2019-07-18 | 2021-01-22 | In-Idt | Identification system for an individual. |
Also Published As
Publication number | Publication date |
---|---|
WO2018002621A1 (en) | 2018-01-04 |
GB201611407D0 (en) | 2016-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9646161B2 (en) | Relational database fingerprinting method and system | |
US8756416B2 (en) | Checking revocation status of a biometric reference template | |
US7069440B2 (en) | Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system | |
CN102217277B (en) | Method and system for token-based authentication | |
CN109688133B (en) | Communication method based on account login free | |
CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
CN108347428B (en) | Registration system, method and device of application program based on block chain | |
CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
CN104270338A (en) | A method and system of electronic identity registration and authentication login | |
CN1423206A (en) | Safty printing using secrete key after being checked | |
EP1832036A2 (en) | Method and device for key generation and proving authenticity | |
CN105074721A (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
JP2003229851A (en) | Assignment of user certificate/private key in token enabled public key infrastructure system | |
CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
CN104767616A (en) | Message processing method, system and related device | |
CN105978994A (en) | Web system oriented logging-in method | |
US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN110188545B (en) | Data encryption method and device based on chained database | |
JP3704681B2 (en) | System and method for placing a digital certificate on a hardware token | |
WO2020183250A1 (en) | A system for generation and verification of identity and a method thereof | |
CN111770081B (en) | Role authentication-based big data confidential file access method | |
GB2457491A (en) | Identifying a remote network user having a password | |
GB2551794A (en) | Authentication method & apparatus | |
CN110807210A (en) | Information processing method, platform, system and computer storage medium | |
Habibu et al. | Developing an algorithm for securing the biometric data template in the database |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |