GB2557975A - Secure log-in procedure - Google Patents

Secure log-in procedure Download PDF

Info

Publication number
GB2557975A
GB2557975A GB1621795.2A GB201621795A GB2557975A GB 2557975 A GB2557975 A GB 2557975A GB 201621795 A GB201621795 A GB 201621795A GB 2557975 A GB2557975 A GB 2557975A
Authority
GB
United Kingdom
Prior art keywords
given user
mobile communication
authorization
service
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1621795.2A
Other versions
GB201621795D0 (en
Inventor
Mikael Karkkainen Tuomas
Mikael Kalevo Ossi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gurulogic Microsystems Oy
Original Assignee
Gurulogic Microsystems Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gurulogic Microsystems Oy filed Critical Gurulogic Microsystems Oy
Priority to GB1621795.2A priority Critical patent/GB2557975A/en
Publication of GB201621795D0 publication Critical patent/GB201621795D0/en
Priority to EP17832471.1A priority patent/EP3559881A1/en
Priority to PCT/EP2017/025367 priority patent/WO2018114053A1/en
Publication of GB2557975A publication Critical patent/GB2557975A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Method and system for providing access to a service via a mobile communications device. User details are entered at a user interface on a user device. The service access is authorised through the use of a personal identification code and/or a bio-credential of a user. An authorisation request message is sent using real-time push signalling for activating the mobile communications device or an application on the user device. A response message indicating the authorisation has been verified successfully is sent by the mobile communications device thereby allowing a user to log-in to the service. The service may relate to a payment transaction. The bio-credentials may involve a fingerprint, facial features, iris recognition or DNA genetic information. The system may maintain a log of a given mobile device used. The user device may be a personal computer or a smart watch.

Description

(71) Applicant(s):
Gurulogic Microsystems Oy Linnankatu 34, Turku FI-20100, Finland (56) Documents Cited:
GB 2496046 A WO 2016/025943 A1 US 20140359069 A1 US 20100325194 A1
EP 2779012 A US 20160019543 A1 US 20140007213 A1 (72) Inventor(s):
Tuomas Mikael Karkkainen Ossi Mikael Kalevo (58) Field of Search:
INT CL G06F, G06Q, H04L
Other: WPI & EPODOC; Patent Fulltext (74) Agent and/or Address for Service:
Basck Ltd
Saxon Road, CAMBRIDGE, Cambridgeshire, CB5 8HS, United Kingdom (54) Title ofthe Invention: Secure log-in procedure
Abstract Title: User authorisation for access to a service (57) Method and system for providing access to a service via a mobile communications device. User details are entered at a user interface on a user device. The service access is authorised through the use of a personal identification code and/or a bio-credential of a user. An authorisation request message is sent using real-time push signalling for activating the mobile communications device or an application on the user device. A response message indicating the authorisation has been verified successfully is sent by the mobile communications device thereby allowing a user to log-in to the service. The service may relate to a payment transaction. The bio-credentials may involve a fingerprint, facial features, iris recognition or DNA genetic information. The system may maintain a log of a given mobile device used. The user device may be a personal computer or a smart watch.
Step 2.2
Figure GB2557975A_D0001
FIG. 2
7/7
102
Figure GB2557975A_D0002
FIG. 1 οοι
Ο
2/7
Figure GB2557975A_D0003
Step 2.2
Figure GB2557975A_D0004
FIG. 2
Figure GB2557975A_D0005
co
3/7
Ο) ω
CL =3 £= ω
φ £= £
ο υ
£=
4—·
σ) ο
CL
CL =3
CZ3 θ
ΙΌ
ΧΤ
ΙΌ
ΧΤ
ΧΤ
Ο
ΧΤ
Ο
ΧΤ
ΙΌ +
C^>
ω ο
Η
UJ or τ
ο or <
LU ω
LU
Ο τ
% ο
υ £=
Figure GB2557975A_D0006
ω ο
CM
Ο ω Ε φ 4= ω ο ω'σ> ο ο =3 =3
03-, ° Ο 5 °ο
Ο ω
FIG. 3Α
Figure GB2557975A_D0007
FIG. 3Β
5/7
CM M
O O
84%
ized
o £
5 <
-t—' Φ
Keywal
Figure GB2557975A_D0008
FIG. 3C
6/7
CD
+358404044545 | support@starwindow.net bob@example.com / Log out Starwindow HOME SEARCH FRIENDS Gurulogic Microsystems Oy 2016 | support@gurulogic.fi
FIG. 3D
Figure GB2557975A_D0009
Figure GB2557975A_D0010
- 1 SECURE LOG-IN PROCEDURE
TECHNICAL FIELD
The present disclosure relates to systems for providing access to a service via use of a secure log-in procedure. Moreover, the present disclosure concerns methods of providing access to a service via use of a secure log-in procedure. Furthermore, the present disclosure also relates to computer program products comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute the aforementioned methods.
BACKGROUND
Various types of secure transactions, for example financial transactions, implemented using chip-enabled debit cards, Internet-based payment services (for example, Paypal® and similar), and wirelessly-connected mobile communication devices (for example, smart phones) executing software applications (namely Apps), have become widely employed in contemporary commerce. However, there has been a corresponding increase in third-party hostile hacking and malware for acquiring sensitive information, for example passwords, personal identification number (PIN) codes and debit/credit card details, of users. Such acquired sensitive information enables malicious third parties to steal money, or make purchases for their own benefit, at an expense of the users, by the third parties masquerading as the users. For example, sensitive information of a given debit/credit card includes a card number, a username, a term of validity and a verification number of that debit/credit card. A malicious party can easily make financial transactions using this sensitive information of the given debit/credit card on the Internet. A PIN code associated with the given debit/credit card is usually needed only at Point-Of-Sale (POS) terminals, namely when shopping in retail stores. Moreover, strong customer authentication via the PIN code is needed very rarely in online
- 2 Internet-based transactions, namely only when a financial transaction is charged from a debit account.
There exist conventional techniques for performing financial transactions in a secure manner. In one conventional technique, a financial institution, for example such as a bank, offers to its customers a software application (namely, an App) for mobile authorization, wherein the App is to be downloaded and installed at the customers' mobile communication devices. In this conventional technique, a given customer is required to open the App on his/her mobile communication device manually, so as to initiate an authorization process using the App. This technique is not just userunfriendly, but also drains a battery of the given customer's mobile communication device, as the given customer's mobile communication device has to be kept active for a long duration.
In light of the foregoing, there exists a need for a mobile authorization technique that is user-friendly and that consumes less power.
SUMMARY
The present disclosure seeks to provide an improved system for providing access to a service via use of a secure log-in procedure that is highly robust and relatively easy for users to employ, for example, when implementing financial transactions or other types of transactions.
Moreover, the present disclosure seeks to provide an improved method of providing access to a service via use of a secure log-in procedure.
A further aim of the present disclosure is to at least partially overcome at least some of the problems of the prior art, as described in the foregoing.
In a first aspect, embodiments of the present disclosure provide a method of providing access to a service via use of a secure log-in procedure, wherein the access to the service is provided by a server arrangement that is coupled via a data communication network to at least one mobile
- 3 communication device of a given user, characterized in that the method includes:
(i) receiving user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) sending, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorizationrequest message is sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
(iii) receiving, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (iv) allowing the given user device to log-in to the service, if the authorization has been verified successfully.
Embodiments of the present disclosure are of advantage in that the aforementioned method facilitates a quick, robust and uncomplicated approach for performing strongly-secured customer authorization.
In a second aspect, embodiments of the present disclosure provide a system for providing access to a service via use of a secure log-in procedure, wherein the system includes a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the server arrangement is operable to:
- 4 (i) receive user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) send, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorization10 request message is to be sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
(iii) receive, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (iv) allow the given user device to log-in to the service, if the authorization has been verified successfully.
Optionally, the service is a payment service.
In a third aspect, embodiments of the present disclosure provide a computer program product comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method of the aforementioned first aspect.
Additional aspects, advantages, features and objects of the present disclosure would be made apparent from the drawings and the detailed description of the illustrative embodiments construed in conjunction with the appended claims that follow.
- 5 It will be appreciated that features of the present disclosure are susceptible to being combined in various combinations without departing from the scope of the present disclosure as defined by the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
The summary above, as well as the following detailed description of illustrative embodiments, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the present disclosure, exemplary constructions of the disclosure are shown in the drawings. However, the present disclosure is not limited to specific methods and apparatus disclosed herein. Moreover, those in the art will understand that the drawings are not to scale. Wherever possible, like elements have been indicated by identical numbers.
Embodiments of the present disclosure will now be described, by way of example only, with reference to the following diagrams wherein:
FIG. 1 is a schematic illustration of a network environment wherein a system for providing access to a service via use of a secure log-in procedure is implemented pursuant to embodiments of the present disclosure;
FIG. 2 is a sequence diagram depicting an example implementation of a method of providing access to a service via use of a secure log-in procedure, in accordance with an embodiment of the present disclosure;
FIGs. 3A-D are schematic illustrations of example views of user interfaces presented to a given user at various steps of the example implementation of the aforementioned method; and.
FIG. 4 is a collection of exemplary views of screenshots of an authorization-request message at the user's mobile communication device.
In the accompanying drawings, an underlined number is employed to represent an item over which the underlined number is positioned or an
- 6 item to which the underlined number is adjacent. When a number is nonunderlined and accompanied by an associated arrow, the non-underlined number is used to identify a general item at which the arrow is pointing.
DETAILED DESCRIPTION OF EMBODIMENTS
The following detailed description illustrates embodiments of the present disclosure and ways in which they can be implemented. Although some modes of carrying out the present disclosure have been disclosed, those skilled in the art would recognize that other embodiments for carrying out or practising the present disclosure are also possible.
In a first aspect, embodiments of the present disclosure provide a method of providing access to a service via use of a secure log-in procedure, wherein the access to the service is provided by a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the method includes:
(i) receiving user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) sending, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorization25 request message is sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
- 7 (iii) receiving, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (iv) allowing the given user device to log-in to the service, if the authorization has been verified successfully.
It will be appreciated that the user interface can be presented to the given user via a web browser or a software application running on the given user device. It will be further appreciated that the user interface can be presented at the given user's mobile communication device or any other device, such as a personal computer or a smartwatch. Optionally, the user interface is presented at a same device to where the authorization-request message is sent. This enables the user efficiently to log-in to different services by using, for example, his/her mobile phone only.
Optionally, the method includes sending, to the given user device, a notification to be presented to the given user for instructing the given user to wait until the authorization via the at least one mobile communication device of the given user has been verified successfully. Optionally, the sending of this notification is performed substantially simultaneously with the sending of the aforementioned authorization-request message at (ii).
Moreover, it will be appreciated that the real-time push signalling is beneficial for sending the authorization-request message at (ii), because such push signalling activates (namely, awakens) the at least one mobile communication device of the given user and displays the authorizationrequest message to the given user even when a display screen of the at least one mobile communication device is locked.
According to an embodiment of the present disclosure, in order to be able to awaken the at least one mobile communication device via such push signalling, a push notification service provided by an ecosystem of the at least one mobile communication device is required to be enabled on the at least one mobile communication device. Examples of such push notification
- 8 services include, but are not limited to, Apple® Push Notification service (APNs), Google® Cloud Messaging (GCM), and Windows® Notification Service (WNS).
Optionally, in this regard, such push signalling activates (namely, awakens) a trusted software application on the at least one mobile communication device, wherein the trusted software application is previously provided to the at least one mobile communication device by the server arrangement. This allows the given user to provide the personal identification code and/or the at least one bio-credential of the given user without wasting any time (namely promptly), and thus, without draining a battery of the at least one mobile communication device unnecessarily, because the aforementioned method requires that the at least one mobile communication device of the given user is active only for the time needed for performing the authorization. Notably, contemporary known techniques are based on pull technology, and require an end user to open a software application (namely, App) manually on his/her mobile communication device, prior to initiating an authorization process. Such contemporary known techniques are not only inconvenient to the end user, but also drain a battery of the end user's mobile communication device for a longer time, as compared to the method pursuant to embodiments of the present disclosure.
According to another embodiment of the present disclosure, the aforementioned push signalling is implemented by way of a trusted software application that is executing in the background at the at least one mobile communication device, wherein the trusted software application is operable to receive a push signal from the server arrangement to awaken the at least one mobile communication device, and to present the authorization-request message at the at least one mobile communication device in real time or near real time.
Regardless of any specific embodiment of the present disclosure, a service provider can generate at the user's device an event such as an image, or such as a link, acting as a request for the user to confirm.
- 9 Moreover, according to an embodiment of the present disclosure, the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server arrangement. Optionally, in such a case, the authorizationrequest message is sent to each of the plurality of mobile communication devices of the given user at (ii).
Optionally, in such a case, when the response message is received from any one of the plurality of mobile communication devices at (iii), the method includes sending, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message that was previously sent at (ii).
Moreover, optionally, the method includes keeping a track of which mobile communication device has been used to perform the authorization. Optionally, in this regard, the method includes maintaining a log of a given mobile communication device that was used to perform the authorization and its associated timestamp.
Maintaining such a log over a period of time is particularly beneficial for investigative purposes, for example, in a case when the given user did not perform the authorization himself or herself. Optionally, in this regard, the method includes blocking a given mobile communication device of the given user from which an unauthorized party has made an attempt to perform the authorization, so as to avoid any further abuse.
Optionally, in order to register the at least one mobile communication device with the server arrangement, the method includes providing a trusted software application (for example, an App) to the at least one mobile communication device, wherein the trusted software application is then installed at the at least one mobile communication device. More optionally, the trusted software application is provided to the at least one mobile communication device in an encrypted form.
- 10 Optionally, in the method, the trusted software application is operable to compare the personal identification code and/or the at least one biocredential provided by the given user with a previously-registered personal identification code and/or at least one bio-credential of the given user, namely a personal identification code and/or at least one bio-credential of the given user previously registered with the trusted software application. Alternatively, optionally, the comparison is performed by the ecosystem of the at least one mobile communication device.
Optionally, the trusted software application is then operable to determine whether or not the authorization has been verified successfully, based upon the comparison.
Optionally, in the method, the trusted software application is operable to employ at least one key that is stored in a key store of the at least one mobile communication device to encrypt the response message.
Additionally or alternatively, optionally, the trusted software application is operable to employ a certificate that is stored in the key store of the at least one mobile communication device to sign digitally the response message.
In other words, the response message may be any one of:
(i) encrypted using the at least one key, (ii) digitally signed using the certificate, or (iii) both encrypted (using the at least one key) and digitally signed (using the certificate).
Optionally, by providing the personal identification code and/or the at least one bio-credential, the given user authorizes the trusted software application to sign digitally the content of the response message using his/her own private key (for example, for a Public Key Infrastructure (PKI) equivalent usage). This enables the server arrangement to verify the given user as its registered client, using a public key registered for the given user.
- 11 Optionally, the content of the response message is the same as the content ofthe authorization-request message. Optionally, in such a case, when the response message is digitally signed using a private key and/or a certificate of the key store, the server arrangement is operable to verify that the content of the response message that is delivered back is unchanged from the content of the authorization-request message that was previously sent at (ii).
It will be appreciated that when the response message is received in encrypted form, the method includes decrypting the response message.
Moreover, optionally, the response message is received from the at least one mobile communication device, via secured transportation. Such secured transportation can be implemented, for example, via HyperText Transport Protocol Secure (HTTPS) protocol or Secure Sockets Layer (SSL).
Optionally, the method includes providing the at least one mobile communication device with the key store including keys and/or certificates to be used for encryption and/or decryption purposes and/or signing purposes, respectively. The key store may, for example, be provided by the server arrangement or a trusted third party.
Optionally, in the method, the usage of the key store is protected in operation, such that the contents of the key store are accessible to the trusted software application only. Optionally, in the method, the usage of the key store is protected in operation by a kernel layer of the at least one mobile communication device. Optionally, the kernel layer of the at least one mobile communication device is implemented as a mixture of hardware and software, and is proprietary to the at least one mobile communication device, for example is proprietary to a manufacturer of the at least one mobile communication device. However, it will be appreciated that a protected key store is optionally provided by using other security methods, for example by employing heavy data encryption, or by employing a combination of heavy data encryption following by data obfuscation for securing data, and an inverse of such heavy encryption when recovering
- 12 data. Obfuscation is optionally achieved by inverting and/or swapping specific bits of data bytes.
Optionally, the aforementioned trusted software application is operable to interface with other software applications executing in other software layers hosted, in operation, in the at least one mobile communication device. In other words, in operation, various data exchanges occur between the trusted software application executing in the kernel layer and the other software applications executing in the software layers. Optionally, in such a case, the aforementioned trusted software application is protected by security provisions of the kernel layer that are typically more secure than the software layers.
Optionally, in this regard, the trusted software application is executed in a secure area of processing hardware of the at least one mobile communication device. More optionally, the secure area of the processing hardware is implemented by way of Trusted Execution Environment (TEE; see reference [1]).
Moreover, optionally, the method includes aborting the secure log-in procedure, if no response message is received from the at least one mobile communication device of the given user within a predefined time period. In some examples, the predefined time period optionally is in a range of a few seconds to tens of seconds. In other examples, the predefined time period is optionally longer, and is optionally in a range of tens of seconds to a few minutes. In such cases, an additional feature is optionally provided in the authorization-request message that enables the given user to decline the authorization request, for example, when the given user no longer wants to make the financial transaction.
It will be appreciated that when the predefined time period is shorter, there is no need for providing the aforementioned feature, as the at least one mobile communication device is useable again within a short time period, without a need to decline the authorization request. On the other hand, when the predefined time period is too short, there potentially arises a
- 13 situation where the given user is not able to respond to the authorization request within the time period, even when the given user is interested in logging-in to the payment service and/or making the financial transaction. However, for security purposes, it is desirable to define the predefined time period to be as short as practically possible.
Optionally, in the method, the personal identification code is a Personal Identification Number (PIN) code. It will be appreciated that the personal identification code can alternatively be a code that includes alphanumeric characters and/or special characters that can be entered using a keypad of the at least one mobile communication device.
Optionally, the at least one bio-credential of the given user includes at least one of: a fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information of the given user. As an example, a fingerprint or a facial image of the given user can be captured via an image sensor of the at least one mobile communication device of the given user. It will be appreciated that the given user's biocredential may alternatively correspond to any other type of biometrical verification feasible in future, for example by employing a bio-sensor to provide a DNA analysis of the user's sweat or sputum. Optionally, alternatively, the bio-credential can include for example a walking manner of the given user, a writing manner of the given user or a heartbeat pattern of the given user, depending on the feasibility in the service area in question. It will be appreciated that it does not matter what kind of verification method is used for the claimed invention as it is typically the user device that defines such an operation. Examples of the given user device and the at least one mobile communication device include, but are not limited to, mobile phones, smart telephones, smartwatches, Mobile Internet Devices (MIDs), tablet computers, Ultra-Mobile Personal Computers (UMPCs), phablet computers, Personal Digital Assistants (PDAs), web pads, Personal Computers (PCs), handheld PCs, laptop computers, desktop computers, and large-sized touch screens with embedded PCs. Some specific examples of such devices include, but are not limited to, iPhone®,
- 14 iPad®, Android® phone, Android® web pad, Windows® phone, and Windows® web pad.
Moreover, the data communication network can be a collection of individual networks, interconnected with each other and functioning as a single large network. Such individual networks may be wired, wireless, or a combination thereof. Examples of such individual networks include, but are not limited to, Local Area Networks (LANs), Wide Area Networks (WANs), Metropolitan Area Networks (MANs), Wireless LANs (WLANs), Wireless WANs (WWANs), Wireless MANs (WMANs), the Internet, second generation (2G) telecommunication networks, third generation (3G) telecommunication networks, fourth generation (4G) telecommunication networks, fifth generation (5G) telecommunication networks, community networks, satellite networks, vehicular networks, sensor networks, and Worldwide Interoperability for Microwave Access (WiMAX) networks.
Furthermore, it will be appreciated that the aforementioned method is suitable to be implemented for various purposes, for example, such as making financial transactions, logging-in to a secure service, casting a vote and other services that require a strong customer authorization.
Optionally, in the method, the service is a payment service. Such a payment service can be used by the given user to make a financial transaction.
Optionally, in the method, the server arrangement is implemented to provide a background service that is separate from the aforementioned service. In some implementations, the background service is provided by a background service provider that is different from the service provider providing the service. In other implementations, the background service is provided by the service provider itself.
For illustration purposes only, there will now be considered an example implementation of the aforementioned method pursuant to embodiments of the present disclosure, wherein a payment service provided by a service
- 15 provider is linked to a background service provided by a background service provider. In the illustrated example, the method is performed in multiple steps, for example, as follows:
Step 1:
In a user interface, for example a web browser, of a given user device, a log-in page (namely, for logging-in to the payment service and/or to make a financial transaction using the payment service) is presented to a user. On the log-in page, the user provides his/her user details (for example, such as his/her username, e-mail address, phone number, account number, social security number and similar), if his/her user details are not already cached in the web browser.
The given user device sends, to the service provider, the user details along with a request to initiate a secure session to access the payment service. The background service provider listens to the session request incoming at the service provider.
Step 2 (Optional):
The service provider sends, to the given user device, a notification to wait until authorization via a user's registered mobile communication device has been verified successfully.
Step 3:
The background service provider sends, to the user's registered mobile communication device (or devices), an authorization-request message using real-time push signalling. As a result, the user's registered mobile communication device awakens, and presents the authorization-request message to the user.
Optionally, the steps 2 and 3 are performed substantially simultaneously.
Step 4:
- 16 The user provides his/her personal identification code and/or his/her bicredential at the user's registered mobile communication device. A trusted software application of the user's registered mobile communication device then sends, to the background service provider, a response message indicating whether or not the authorization has been verified successfully.
Step 5:
The background service provider routes the response message to the service provider.
Step 6:
Upon successful verification of the authorization, the log-in page at the given user device redirects to a protected site, thereby allowing the given user device to access the payment service provided by the service provider. Otherwise, the log-in page is redirected to a page showing log-in failure or timeout.
In a second aspect, embodiments of the present disclosure provide a system for providing access to a service via use of a secure log-in procedure, wherein the system includes a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the server arrangement is operable to:
(i) receive user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) send, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying authorization, wherein the authorization-request
- 17 message is to be sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
(iii) receive, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (iv) allow the given user device to log-in to the service, if the authorization has been verified successfully.
Optionally, the server arrangement is operable to send, to the given user device, a notification to be presented to the given user for instructing the given user to wait until the authorization via the at least one mobile communication device of the given user has been verified successfully.
According to an embodiment of the present disclosure, in order to be able to awaken the at least one mobile communication device via such push signalling, a push notification service provided by an ecosystem of the at least one mobile communication device is required to be enabled on the at least one mobile communication device. Examples of such push notification services include, but are not limited to, Apple® Push Notification service (APNs), Google® Cloud Messaging (GCM), and Windows® Notification Service (WNS).
According to another embodiment of the present disclosure, the aforementioned push signalling is implemented by way of a trusted software application that is executing in the background at the at least one mobile communication device, wherein the trusted software application is operable to receive a push signal from the server arrangement to awaken the at least one mobile communication device, and to present the authorization-request message at the at least one mobile communication device in real time or near real time.
- 18 Moreover, according to an embodiment of the present disclosure, the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server arrangement. Optionally, in such a case, the server arrangement is operable to send the authorization-request message to each of the plurality of mobile communication devices of the given user at (ii).
Optionally, in such a case, when the response message is received from any one of the plurality of mobile communication devices at (iii), the server arrangement is operable to send, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message that was previously sent at (ii).
Moreover, optionally, the server arrangement is operable to keep a track of which mobile communication device has been used to perform the authorization. Optionally, in this regard, the server arrangement is operable to maintain a log of a given mobile communication device that was used to perform the authorization and its associated timestamp, wherein the log is to be maintained at a database arrangement of the system that is coupled in communication with the server arrangement.
Optionally, the server arrangement and the database arrangement are implemented by way of cloud computing services.
Optionally, in order to register the at least one mobile communication device with the server arrangement, the server arrangement is operable to provide a trusted software application (for example, an App) to the at least one mobile communication device, wherein the trusted software application is then installed at the at least one mobile communication device. More optionally, the server arrangement is operable to provide the trusted software application to the at least one mobile communication device in encrypted form.
Optionally, the trusted software application is operable to compare the personal identification code and/or the at least one bio-credential provided
- 19 by the given user with a previously-registered personal identification code and/or at least one bio-credential of the given user. Alternatively, optionally, the comparison is performed by the ecosystem of the at least one mobile communication device.
Optionally, the trusted software application is then operable to determine whether or not the authorization has been verified successfully, based upon the comparison.
Optionally, the trusted software application is operable to employ at least one key that is stored in a key store of the at least one mobile communication device to encrypt the response message.
Additionally or alternatively, optionally, the trusted software application is operable to employ a certificate that is stored in the key store of the at least one mobile communication device to digitally sign the response message.
Optionally, in this regard, the server arrangement is operable to provide the at least one mobile communication device with the key store including keys and/or certificates to be used for encryption and/or decryption purposes and/or signing purposes, respectively. Alternatively, optionally, the key store is provided by a trusted third party.
Optionally, the usage of the key store is protected in operation, such that the contents of the key store are accessible to the trusted software application only. Optionally, the usage of the key store is protected in operation by a kernel layer of the at least one mobile communication device. Optionally, in this regard, the trusted software application is executed in a secure area of processing hardware of the at least one mobile communication device. More optionally, the secure area of the processing hardware is implemented by way of TEE (see reference [1]).
Moreover, optionally, the server arrangement is operable to abort the secure log-in procedure, if no response message is received from the at least one mobile communication device of the given user within a predefined time period.
- 20 Optionally, the at least one bio-credential of the given user includes at least one of: a fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information of the given user.
Furthermore, optionally, the server arrangement is implemented to provide 5 a background service that is separate from the aforementioned service. In some implementations, the background service is provided by a background service provider that is different from a service provider providing the service. In other implementations, the background service is provided by the service provider itself.
Optionally, the service is a payment service.
In a third aspect, embodiments of the present disclosure provide a computer program product comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method of the aforementioned first aspect.
Optionally, the computer-readable instructions are downloadable from a software application store, for example, from an App store to the computerized device.
Next, embodiments of the present disclosure will be described with reference to figures.
FIG. 1 is a schematic illustration of a network environment 100 wherein a system for providing access to a service via use of a secure log-in procedure is implemented pursuant to embodiments of the present disclosure. The system includes a server arrangement 102 and a database arrangement 104 associated with the server arrangement 102.
In the network environment 100, the server arrangement 102 is coupled in communication with a given user's device 106 of a given user and with at least one mobile communication device of the given user, depicted as a
- 21 mobile communication device 108 in FIG. 1, via a data communication network 110. Optionally, the device 106 is a same device as a device 108.
The server arrangement 102 is operable to perform operations, for example, as described with respect to the aforementioned second aspect. These operations include:
(i) receiving user details entered by the given user at a user interface presented at the given user's device 106 for enabling the given user to log-in to the service;
(ii) sending, to the mobile communication device 108, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying authorization, wherein the authorization-request message is sent using real-time push signalling for activating the mobile communication device 108 or an application in the device 108 to present the authorization-request message thereat;
(iii) receiving, from the mobile communication device 108, a response message indicating whether or not the authorization has been verified successfully; and (iv) allowing the given user device 106 to log-in to the service, if the authorization has been verified successfully.
FIG. 1 is merely an example, which should not unduly limit the scope of the claims herein. It is to be understood that the specific designation for the network environment 100 is provided as an example and is not to be construed as limiting the network environment 100 to specific numbers, types, or arrangements of server arrangements, database arrangements, user devices, mobile communication devices, and data communication networks. A person skilled in the art will recognize many variations, alternatives, and modifications of embodiments of the present disclosure. It
- 22 should be further understood that according to one embodiment a given user's device 106 can also be the same mobile communication device 108.
Referring next to FIG. 2, there is provided a sequence diagram depicting an example implementation of a method of providing access to a service via use of a secure log-in procedure, in accordance with an embodiment of the present disclosure.
At a step 2.1, a given user provides his/her user details (for example, such as his/her username, e-mail address, phone number or similar) on a user interface presented at a given user device of the given user. The user details are received at a server arrangement.
At a step 2.2, the server arrangement sends a notification to the given user device to inform the given user to wait until authorization via a user's registered mobile communication device has been verified successfully.
At a step 2.3, the server arrangement sends an authorization-request 15 message to the user's registered mobile communication device (or devices) using real-time push signalling. The given user provides his/her personal identification code and/or at least one bio-credential at the user's registered mobile communication device.
Optionally, the steps 2.2 and 2.3 are performed substantially 20 simultaneously, and optionally in a same message when a given user's device depicted with number 106 in Figure 1 is the same device as no. 108.
Accordingly, a response message is sent from the user's registered mobile communication device to the server arrangement.
At a step 2.4, upon successful verification of the authorization, the user is 25 allowed to log-in to the service at the given user device.
The steps 2.1 to 2.4 are only illustrative and other alternatives can also be provided where one or more steps are added without departing from the scope of the claims herein.
- 23 FIGs. 3A, 3B, 3C and 3D are schematic illustrations of example views of user interfaces presented to the given user at the steps 2.1, 2.2, 2.3 and 2.4, respectively. The exemplary service in the mentioned figures is a Starwindow® communication and conferencing service of the applicant.
FIG. 3A is a schematic illustration of a first example view of a first user interface that is presented at the given user device of the given user, wherein the given user enters his username bob@example.com at a Starwindow® log-in page presented in the first example view.
FIG. 3B is a schematic illustration of a second example view of the first user interface that is presented at the given user device of the given user, wherein the given user is informed to wait until biometric verification is performed.
FIG. 3C is a schematic illustration of an example view of a second user interface that is presented at the mobile communication device of the given user, wherein the authorization-request message is presented to the given user. In this example view, the given user is requested to perform a biometric verification by way of presenting a fingerprint of the given user to an image sensor of the mobile communication device, within a predefined time period of three minutes.
Optionally, a contact field, denoted by X in the example view, is provided in case the given user changes his/her mind and no longer wants to log-in to the service .
FIG. 3D is a schematic illustration of a third example view of the first user interface that is presented at the given user device of the given user, wherein the given user is allowed to log-in to the Starwindow® service, upon successful verification of the authorization, and a confirmation screen is presented to the given user.
FIGs. 3A-D are merely examples, which should not unduly limit the scope of the claims herein. A person skilled in the art will recognize many variations, alternatives, and modifications of embodiments ofthe present disclosure.
- 24 Referring next to FIG. 4, there is shown an example of a confirmation request message that is presented to the given user via a user interface provided in operation on a mobile communication device of the given user, for example a smart phone, a smart watch, smart electronically-enabled clothing or similar, when performing a transaction pursuant to the present disclosure. In respect of a smart phone depicted to a left side of FIG. 4 for purposes of a confirmation request, an e-mail address detail is provided, together with an amount of time remaining for the given user to respond by sending a confirmation via the user interface. Optionally, beneficially, in the middle at the bottom there is an option for biometric verification for example via a fingerprint credentials. Moreover, in respect of a smart watch depicted to a right side of FIG. 4 for purposes of a confirmation request of a financial transaction, an e-mail address detail is provided, together with a sum of money to be paid, and buttons for enabling the given user either to confirm via the user interface a payment of the sum of money or to decline such payment.
Modifications to embodiments of the present disclosure described in the foregoing are possible without departing from the scope of the present disclosure as defined by the accompanying claims. Expressions such as including, comprising, incorporating, consisting of, have, is used to describe and claim the present invention are intended to be construed in a non-exclusive manner, namely allowing for items, components or elements not explicitly described also to be present. Reference to the singular is also to be construed to relate to the plural; as an example, at least one of' indicates one of' in an example, and a plurality of in another example; moreover, two of, and similarly one or more are to be construed in a likewise manner.
The phrases in an embodiment, according to an embodiment and the like generally mean the particular feature, structure, or characteristic following the phrase is included in at least one embodiment of the present disclosure, and may be included in more than one embodiment of the
- 25 present disclosure. Importantly, such phrases do not necessarily refer to the same embodiment.
- 26 REFERENCES [1] Trusted execution environment - Wikipedia, the free encyclopedia (accessed December 12, 2016); URL:
https ://en. wiki pedia.org/wiki/Trusted... execution...environment

Claims (16)

CLAIMS We claim:
1. A method of providing access to a service via use of a secure log-in 5 procedure, wherein the access to the service is provided by a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the method includes:
(i) receiving user details entered by the given user at a user interface,
10 the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) sending, to the at least one mobile communication device of the given user, an authorization-request message to be presented to
15 the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorizationrequest message is sent using real-time push signalling for activating the at least one mobile communication device or an
20 application in the device of the given user to present the authorization-request message thereat;
(iii) receiving, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and
25 (iv) allowing the given user device to log-in to the service, if the authorization has been verified successfully.
2. A method of claim 1, characterized in that the service is a payment service.
- 28
3. A method of claim 1 or 2, characterized in that the method includes sending, to the given user device, a notification to be presented to the given user for instructing the given user to wait until the authorization via the at least one mobile communication device of the given user has been verified successfully.
4. A method of claim 1, 2 or 3, characterized in that the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server arrangement, wherein when the response message is received from any one of the plurality of mobile communication devices at (iii), the method includes sending, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message sent at (ii).
5. A method of claim 1, 2, 3 or 4, characterized in that the method includes maintaining a log of a given mobile communication device that was used to perform the authorization and its associated timestamp.
6. A method of any one of claims 1 to 5, characterized in that the at least one bio-credential of the given user includes at least one of: a fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information of the given user.
7. A method of any one of claims 1 to 6, characterized in that the response message is received in an encrypted form.
8. A system for providing access to a service via use of a secure login procedure, wherein the system includes a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the server arrangement is operable to:
(i) receive user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
- 29 (ii) send, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given
5 user for verifying an authorization, wherein the authorizationrequest message is to be sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
10 (iii) receive, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (iv) allow the given user device to log-in to the service, if the authorization has been verified successfully.
15
9 A system of claim 8, characterized in that the service is a payment service.
10. A system of claim 8 or 9, characterized in that the server arrangement is operable to send, to the given user device, a notification to be presented to the given user for instructing the given user to wait until
20 the authorization via the at least one mobile communication device of the given user has been verified successfully.
11. A system of claim 8, 9 or 10, characterized in that the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server
25 arrangement, wherein when the response message is received from any one of the plurality of mobile communication devices at (iii), the server arrangement is operable to send, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message sent at (ii).
- 30
12. A system of any one of claims 8 to 11, characterized in that the server arrangement is operable to maintain a log of a given mobile communication device that was used to perform the authorization and its associated timestamp.
5
13. A system of claim 12, characterized in the log is maintained at a database arrangement of the system that is coupled in communication with the server arrangement.
14. A system of any one of claims 8 to 13, characterized in that the at least one bio-credential of the given user includes at least one of: a
10 fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information of the given user.
15. A system of any one of claims 8 to 14, characterized in that the response message is received in an encrypted form.
16. A computer program product comprising a non-transitory computerreadable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method of any one of claims 1 to 6.
Intellectual
Property
Office
Application No: GB1621795.2 Examiner: Ms Becky Lander
16. A system of any one of claims 8 to 15, characterized in that the
15 server arrangement is implemented to provide a background service that is separate from the service.
17. A system of claim 16, characterized in that the background service is provided by a background service provider that is different from a service provider providing the service.
20 18. A computer program product comprising a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device comprising processing hardware to execute a method of any one of claims 1 to 7.
Amendments to the claims have been filed as follows :AMENDED CLAIM SET (clean copy version)
1. A method of providing access to a service via use of a secure log-in procedure, wherein the access to the service is provided by a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the method includes:
(i) receiving user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) sending, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorization-request message is sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
(iii) sending, to the given user device, a notification to be presented to the given user for instructing the given user to wait until the authorization via the at least one mobile communication device of the given user has been verified successfully;
(iv) receiving, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (v) allowing the given user device to log-in to the service, if the authorization has been verified successfully.
2.
A method of claim 1, characterized in that the service is a payment service.
3. A method of claim 1 or 2, characterized in that the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server arrangement, wherein when the response message is received from any one ofthe plurality of mobile communication devices at (iii), the method includes sending, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message sent at (ii).
4. A method of claim 1, 2 or 3, characterized in that the method includes maintaining a log of a given mobile communication device that was used to perform the authorization and its associated timestamp.
5. A method of any one of claims 1 to 4, characterized in that the at least one bio-credential of the given user includes at least one of: a fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information ofthe given user.
6. A method of any one of claims 1 to 5, characterized in that the response message is received in an encrypted form.
7. A system for providing access to a service via use of a secure log-in procedure, wherein the system includes a server arrangement that is coupled via a data communication network to at least one mobile communication device of a given user, characterized in that the server arrangement is operable to:
(i) receive user details entered by the given user at a user interface, the user interface being presented at a given user's device associated with the given user for enabling the given user to log-in to the service;
(ii) send, to the at least one mobile communication device of the given user, an authorization-request message to be presented to the given user for requesting the given user to provide a personal identification code and/or at least one bio-credential of the given user for verifying an authorization, wherein the authorization-request message is to be sent using real-time push signalling for activating the at least one mobile communication device or an application in the device of the given user to present the authorization-request message thereat;
(iii) send, to the given user device, a notification to be presented to the given user for instructing the given user to wait until the authorization via the at least one mobile communication device ofthe given user has been verified successfully;
(iv) receive, from the at least one mobile communication device of the given user, a response message indicating whether or not the authorization has been verified successfully; and (v) allow the given user device to log-in to the service, if the authorization has been verified successfully.
8. A system of claim 7, characterized in that the service is a payment service.
9. A system of claim 7 or 8, characterized in that the at least one mobile communication device of the given user includes a plurality of mobile communication devices of the given user that are registered with the server arrangement, wherein when the response message is received from any one ofthe plurality of mobile communication devices at (iii), the server arrangement is operable to send, to rest of the plurality of mobile communication devices, an instruction to ignore the authorization-request message sent at (ii).
10. A system of claim 7, 8 or 9, characterized in that the server arrangement is operable to maintain a log of a given mobile communication device that was used to perform the authorization and its associated timestamp.
11. A system of claim 10, characterized in the log is maintained at a database arrangement of the system that is coupled in communication with the server arrangement.
12. A system of any one of claims 7 to 11, characterized in that the at least one bio-credential of the given user includes at least one of: a fingerprint of the given user, facial features of the given user, iris recognition of the given user, DNA genetic information of the given user.
13. A system of any one of claims 7 to 12, characterized in that the response message is received in an encrypted form.
14. A system of any one of claims 7 to 13, characterized in that the server arrangement is implemented to provide a background service that is separate from the service.
15. A system of claim 14, characterized in that the background service is provided by a background service provider that is different from a service provider providing the service.
GB1621795.2A 2016-12-21 2016-12-21 Secure log-in procedure Withdrawn GB2557975A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
GB1621795.2A GB2557975A (en) 2016-12-21 2016-12-21 Secure log-in procedure
EP17832471.1A EP3559881A1 (en) 2016-12-21 2017-12-21 Secure log-in or transaction procedure
PCT/EP2017/025367 WO2018114053A1 (en) 2016-12-21 2017-12-21 Secure log-in or transaction procedure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1621795.2A GB2557975A (en) 2016-12-21 2016-12-21 Secure log-in procedure

Publications (2)

Publication Number Publication Date
GB201621795D0 GB201621795D0 (en) 2017-02-01
GB2557975A true GB2557975A (en) 2018-07-04

Family

ID=58284464

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1621795.2A Withdrawn GB2557975A (en) 2016-12-21 2016-12-21 Secure log-in procedure

Country Status (3)

Country Link
EP (1) EP3559881A1 (en)
GB (1) GB2557975A (en)
WO (1) WO2018114053A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update
GB2496046A (en) * 2011-10-27 2013-05-01 Ibm Using push notifications to reduce open browser connections
US20140007213A1 (en) * 2012-06-29 2014-01-02 Wepay, Inc. Systems and methods for push notification based application authentication and authorization
EP2779012A1 (en) * 2013-03-14 2014-09-17 Nuance Communications, Inc. Pro-Active Identity Verification For Authentication Of Transaction Initiated Via Non-Voice Channel
US20140359069A1 (en) * 2013-06-04 2014-12-04 Diego MATUTE Method for securely sharing a url
US20160019543A1 (en) * 2014-07-15 2016-01-21 Square, Inc. Two-Factor Authentication with Push Notification for a Security Code
WO2016025943A1 (en) * 2014-08-15 2016-02-18 Lawrence Douglas A system and method for digital authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100325194A1 (en) * 2009-06-17 2010-12-23 Apple Inc. Push-based location update
GB2496046A (en) * 2011-10-27 2013-05-01 Ibm Using push notifications to reduce open browser connections
US20140007213A1 (en) * 2012-06-29 2014-01-02 Wepay, Inc. Systems and methods for push notification based application authentication and authorization
EP2779012A1 (en) * 2013-03-14 2014-09-17 Nuance Communications, Inc. Pro-Active Identity Verification For Authentication Of Transaction Initiated Via Non-Voice Channel
US20140359069A1 (en) * 2013-06-04 2014-12-04 Diego MATUTE Method for securely sharing a url
US20160019543A1 (en) * 2014-07-15 2016-01-21 Square, Inc. Two-Factor Authentication with Push Notification for a Security Code
WO2016025943A1 (en) * 2014-08-15 2016-02-18 Lawrence Douglas A system and method for digital authentication

Also Published As

Publication number Publication date
WO2018114053A1 (en) 2018-06-28
GB201621795D0 (en) 2017-02-01
EP3559881A1 (en) 2019-10-30

Similar Documents

Publication Publication Date Title
US11956243B2 (en) Unified identity verification
US10235672B2 (en) Securely receiving from a remote user sensitive information and authorization to perform a transaction using the sensitive information
US20190043022A1 (en) Secure registration and authentication of a user using a mobile device
US9642005B2 (en) Secure authentication of a user using a mobile device
US9521548B2 (en) Secure registration of a mobile device for use with a session
RU2676231C2 (en) Image based key derivation function
AU2010306566B2 (en) Anti-phishing system and method including list with user data
US10366250B1 (en) Systems and methods for protecting personally identifiable information during electronic data exchanges
US20160337334A1 (en) Device, system and method of mobile identity verification
US9210146B2 (en) Secure content transfer using dynamically generated optical machine readable codes
US10579996B2 (en) Presenting a document to a remote user to obtain authorization from the user
US10489565B2 (en) Compromise alert and reissuance
JP2017519412A (en) Enhanced security for authentication device registration
JP2017530586A (en) System and method for authenticating a client to a device
CA2884416C (en) Obtaining a signature from a remote user
US10592898B2 (en) Obtaining a signature from a remote user
US20190075094A1 (en) System and method for remote identification during transaction processing
AU2013370667B2 (en) Securely receiving from a remote user sensitive information and authorization to perform a transaction using the sensitive information
GB2557975A (en) Secure log-in procedure
WO2022251337A1 (en) User verification with digital tag
JP2024518218A (en) Multi-factor authentication with cryptography-enabled smart cards
EP3039626A1 (en) Presenting a document to a remote user to obtain authorization from the user

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)