GB2591759A - System and process for Validation - Google Patents

System and process for Validation Download PDF

Info

Publication number
GB2591759A
GB2591759A GB2001515.2A GB202001515A GB2591759A GB 2591759 A GB2591759 A GB 2591759A GB 202001515 A GB202001515 A GB 202001515A GB 2591759 A GB2591759 A GB 2591759A
Authority
GB
United Kingdom
Prior art keywords
computing device
validation
graphic
sequence
graphics
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2001515.2A
Other versions
GB202001515D0 (en
Inventor
Davis Louis-James
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vst Enterprises Ltd
Original Assignee
Vst Enterprises Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vst Enterprises Ltd filed Critical Vst Enterprises Ltd
Priority to GB2001515.2A priority Critical patent/GB2591759A/en
Publication of GB202001515D0 publication Critical patent/GB202001515D0/en
Priority to PCT/GB2021/050245 priority patent/WO2021156617A1/en
Publication of GB2591759A publication Critical patent/GB2591759A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Facsimiles In General (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A validation or authorisation process and system comprises a first computer, a second computer and an intermediary or third-party server/processor in communication with the first and second computers. The intermediary processor stores a set of validation codes, and a set of graphics each representing a validation code is displayed on the first computer in a time-based or temporal sequence. Each graphic is imaged by the second device and parsed to obtain the validation codes. The intermediary processor compares the obtained validation code to the stored validation code at each step in the sequence, and validation is confirmed if there is a match. Each graphic may be imaged and match tested before the next graphic in the sequence is displayed. The graphics may be generated by the intermediary server and sent to the first computer. A user of the first computer may need to be authenticated prior to validation.

Description

Intellectual Property Office Application No. GII2001515.2 Rum Date:3 August 2020 The following terms are registered trade marks and should be read as such wherever they occur in this document: WiFi Intellectual Property Office is an operating name of the Patent Office www.gov.uk/ipo
SYSTEM AND PROCESS FOR VALIDATION
The present invention relates to a computerised validation process conducted between a first party and a second party.
The present invention is potentially applicable to any of a very wide range of situations in which one party is to validate themselves, which may comprise providing evidence of their identity or of some other fact or proposition to another party. An example might be where two parties need to validate themselves to one another prior to exchange of information, for example in the context of a commercial transaction.
Consider as a simple example ticketing systems used to gain access to venues, transport networks and so on. A ticket is presented by its holder to a second party as evidence that the holder has paid for a service. But tickets can be stolen and are potentially vulnerable to copying and counterfeiting.
Where use is made of computing devices for validation, more sophisticated measures may be adopted. As just one example, one-time codes may be used to provide greater security. For example a log-in process for a user may involve issuance of a one-time code to the user through a known channel of communication, the one-time code being returned by the user. This demonstrates that the user has access to the known communication channel and provides improved security. But even a one-time code is essentially a static process.
The invention is intended to provide an improved means and process for validation involving a first party, a second party and an intermediary.
In accordance with a first aspect of the present invention there is a process of validation conducted between a first party and a second party using an intermediary, wherein the first party has a first computing device in communication with an intermediary processing system; the second party has a second computing device in communication with the intermediary processing system; a set of validation codes is generated and is stored in the intermediary processing system; a set of graphics each representing a respective validation code is presented on the first computing device in temporal sequence; each graphic is imaged using the second computing device and parsed to obtain the validation code represented in the image; and the validation code obtained from each image in the sequence is compared by the intermediary processing system against the stored validation code at the corresponding point in the sequence to determine whether there is a match, validation being contingent on the outcomes of a sequence of such comparisons.
In accordance with a second aspect of the present invention there is a system for validation comprising a first computing device having a display; and a second computing device having a camera; the first computing device being configured to display a temporal sequence of graphics, and the second computing device being configured to optically image the graphics to generate a sequence of graphic/digital image pairs, the system further comprising a processing device configured to test each graphic/digital image pair to determine whether they match, authorisation being granted or refused based on the outcomes of the tests.
Specific embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawing, Figure 1, which is a symbolic representation of a system embodying the present invention; and A system operable in accordance with the present invention is represented in Figure land comprises: an intermediary processing system 10 accessible in this example through a web portal 10a; a first computing device 12 associated with a first party 12a; and a second computing device 14 associated with a second party 14a.
The intermediary processing system 10 will typically be administered by some trusted service provider. There is no particular limitation on the form of the processing system on which it is implemented. It may in particular be implemented in the cloud, and may run on any suitable server, virtual server or network of servers.
The first party 12a participates in the validation process through the first computing device 12, which may take any of a range of different forms including without limitation smart phones, tablets, laptops, desktop computers, PDAs, wearable devices and any suitable computing device that is currently available or that is developed in the future. Often a portable device will be most suitable. The first computing device 12 is able to exchange data with the intermediary processing system 10 by some suitable means. Typically this will be through a wide area network 16, which may be the internet. The first computing device may for example be connected to the wide area network 16 through an unwired connection which may for example be a mobile (cellular) telecommunications network or a wireless local area network (WiFi).
The second party 14a participates in the validation process through the second computing device 14, which may take an even wider range of different forms. For example, where the present invention is used to control or record access to some premises by individuals, the second computing device 14 may comprise a turnstile with a suitable optical scanner, or other means of access control such as an automatic gate. This example is given without limitation. The second computing device 14 is able to exchange data with the intermediary processing system. Again, this may be through a wide area network 16, which may be the internet, and The second computing device 14 may for example be connected to the wide area network 16 through an unwired connection which may for example be a mobile (cellular) telecommunications network or a wireless local area network (WiFi). The first 12 and second 14 computing devices need not connect to the intermediary processing system through the same network.
Prior to validation, the first party 12a must authenticate him or herself using the first computing device 12. "Authentication" as used herein refers to a process intended to verify the identity of the party to the validation system based on stored data personal to that party. A whole range of authentication techniques is known in relation to computers in general and smartphones in particular, and any suitable technique -existing at the time of writing or developed in the future -may be adopted in the present context. The authentication may be single factor or multi-factorial. It may involve the entry of a password, username or other data known to the person and intended to be confidential to them, or a combination of multiple items of such data. Additionally or alternatively it may involve sensing biometric properties of the person making the authentication, which may, without limitation, include one or more of iris imaging, finger print recognition, vein pattern imaging, voice recognition and facial recognition. Authentication may involve use of geolocation data.
The authentication process may simply involve unlocking the computing device 12 by whatever secure means the first person routinely uses. Alternatively an application running on the first computing device 12 may implement a suitable authentication process to be completed before the authorisation process can proceed. The same application may manage the operation of the first computing device 12 during the subsequent validation process.
In some (but not all) instances the second party will likewise be required to authenticate him/herself through the second computing device before participating in the validation process.
The validation process is initiated by a validation request from one of the parties. In the present example it is initiated by a request from the first party 12a, made through the first computing device 12 to the intermediary processing system 10.
The validation process itself, briefly summarised, comprises display of a temporal sequence of graphics 16 on display 18 of the first computing device 12. Each of the sequence of graphics is optically imaged using camera 20 of the second computing device 14, providing a respective digital image 22 on the second computing device 14 corresponding to each of the images 16 displayed on the first computing device 12 (the digital image 22 is shown displayed on the screen of the second computing device 14 in Figure 1 but this is not essential -the image referred to takes the form of a computer file). Thus for each graphic 16 displayed, a graphic/digital image pair is formed. A test is made whether the digital image 22 of the pair matches the graphic 16, and validation is granted or refused conditional on the outcome of a sequence of such tests.
The graphic 16 may in principle take any of a wide range of forms. The word "graphic" is used herein merely to denote an item which can be displayed on a screen, without in itself imposing any limitation on the nature of that item. But it is especially preferred that the temporal sequence of graphics 16 comprises at least one visual symbol representing a code 26, the visual symbol being readable from the digital image by a computer to recover the code 26.
A suitable form of visual symbol is commercially offered under the registered trade mark VCode by VST Enterprises Ltd. The details of the manner in which data is encoded in this format symbol are not relevant for present purposes. Other computer-readable symbols may be used in implementing the present invention, and the skilled person is familiar with suitable symbols and their mode of generation, as well as being aware that software for their generation is widely commercially available. The term "computer-readable" as used herein does not exclude human readable symbols such as strings of natural language characters or digits, which can of course be read by computer.
The term "code" as used herein refers merely to a piece of data which can be represented in the graphic 16, so that the code 26 can be read from the digital image of the graphic 16. In this way a straightforward test can be made whether the required match is present between the graphic 16 and the digital image. The graphic is generated from the code 26, so the code 26 is known. The testing of the graphic/digital image pair comprises reading the data from that image and comparing that data against the known code 26. If the two are the same then the test is satisfied. If they differ the test is failed.
The code 26 may be a numerical value. In the present embodiment the code 26 is a string of alphanumeric characters.
The term "temporal sequence" implies that the graphics 16 in the sequence are displayed over different time periods. It does not necessarily exclude the possibility that the time of display of one graphic might overlap with the time of display of another. In the present embodiment they are displayed one after another without overlap. In the present embodiment the process involves displaying a first graphic 16, imaging that graphic using the camera 20, to obtain a first digital image 22, testing whether the first digital image matches the first graphic 16, and then (in this example, only in the event of a match) moving on to display a second graphic 16a which is once more imaged and match tested. This sequence may in principle be repeated for any chosen number of graphics 16. Five graphics are used in a sequence, in the present embodiment.
In the present embodiment, if there is a match in each of a sequence of tests then validation is granted. If one or more tests is failed -that is, any of the tests in the sequence fails to show a match, then the system will respond accordingly. Since the process may fail for reasons not indicative of nefarious activity (e.g. poor quality imaging, camera shake and so on), management of such a situation may involve total or partial repetition of the process to provide a renewed opportunity for validation to be made.
The graphics 16/codes 26 may be generated at the intermediary system 10 and sent to the first computing device 12 for display. However in the present embodiment they are generated by an app running on the first computing device 12 and sent to the intermediary processing system 10 by the first computing device 12. The codes 26 may for example be generated by a random or pseudorandom process. In principle a new graphic 16/code 26 may be generated and sent each time the displayed graphic is changed. But in the present example a limited sequence of graphics 16 is generated by the portal 10 and sent to the first computing device 12, which then cycles through these graphics 16 during the validation process.
Where the validation process is initiated by a request sent from the first computing device 12 to the intermediary processing system 10, the latter thereby receives the network address for the computing device 12 and is able to address the graphics 16 to that device accordingly.
In the present embodiment the intermediary processing system 10 implements or has access to a database 28 of users. In some embodiments both the first party 12a and the second person 14a are recorded in the database. The database may include for example authentication information for parties registered to the system, to provide for their secure log-in including authentication. In some embodiments the intermediary processing system may for example play the role of a trusted intermediary. The purpose of the validation process may be to demonstrate the identity of one party to the other, or to demonstrate the identity of each party to the other.
The graphics presented on the first computing device may represent a user ID for the first user 12a.
In this case, when the intermediary processing system 10 receives this user ID in the form of the digital images 22, it is able -by reference to it -to retrieve from the database 28 the record for the user in question. Thus for example the intermediary processing system 10 may then provide confirmation of the identity of the first user 12a to the second user 14a.
While the drawings show the intermediary processing system 10 to be a remote system accessed through a wide area network, this need not be the case in all embodiments. This system may instead be locally implemented. For example, the present invention may be employed to validate identity of individuals at an entrance or exit. This might for example be done at any premises where security is required, or where workers need to clock in and out upon entry and exit. In this case, the intermediary processing system may be on-site. The second computing device which images the graphics may for example be implemented in a turnstile or other arrangement for control of access.
Other self-contained versions of the system and process may for example be employed where internet access is unreliable, as in rural areas or in countries without universal telecommunications infrastructure. In such cases a self-contained system might carry its own database and include the intermediary processing system 10. That database might still be updated periodically -perhaps daily -when internet access is available. In such cases, the first and second computing devices need not be networked through the internet -they may instead connect through B/uetooth®1 or through a wired connection or WiFi connection or other suitable form of local area network.

Claims (11)

  1. CLAIMS1. A process of validation conducted between a first party and a second party using an intermediary, wherein the first party has a first computing device in communication with an intermediary processing system; the second party has a second computing device in communication with the intermediary processing system; a set of validation codes is generated and is stored in the intermediary processing system; a set of graphics each representing a respective validation code is presented on the first computing device in temporal sequence; each graphic is imaged using the second computing device and parsed to obtain the validation code represented in the image; and the validation code obtained from each image in the sequence is compared by the intermediary processing system against the stored validation code at the corresponding point in the sequence to determine whether there is a match, validation being contingent on the outcomes of a sequence of such comparisons.
  2. 2. A process as claimed in claim 1 in which at least one of the graphics comprises a symbol representing a validation code.
  3. 3. A process as claimed in claim 1 or claim 2 in which a graphic is displayed and imaged and the resultant graphic/digital image pair is match tested prior to display of the next graphic in the temporal sequence.
  4. 4. A process as claimed in any preceding claim in which the validation codes and/or the graphis are generated by the intermediary processing system and sent to the first computing device.
  5. 5. A process as claimed in any preceding claim in which at least one of the first and second computing devices is networked to the portal through the internet.
  6. 6. A process as claimed in any preceding claim which further comprises generation of an authorisation request by the first computing device or the second computing device, the authorisation request including information from which the other of the computing devices is able to be addressed and/or identified.
  7. 7. A process as claimed in any preceding claim which further comprises authentication of the first user through the first computing device.
  8. 8. A system for validation comprising a first computing device having a display; and a second computing device having a camera; the first computing device being configured to display a temporal sequence of graphics, and the second computing device being configured to optically image the graphics to generate a sequence of graphic/digital image pairs, the system further comprising a processing device configured to test each graphic/digital image pair to determine whether they match, authorisation being granted or refused based on the outcomes of the tests.
  9. 9. A system as claimed in claim 8 further comprising an intermediary processing system networked to the first and second computing devices and configured to carry out the testing of the graphic/digital image pairs and to grant or refuse validation.
  10. 10. A system as claimed in claim 8 or claim 9 in which at least one of the graphics is a symbol representing a stored code.
  11. 11. A system as claimed in claim 10 in which the testing comprises computer-reading the symbol from the digital image and comparing the result to the stored code.
GB2001515.2A 2020-02-05 2020-02-05 System and process for Validation Pending GB2591759A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB2001515.2A GB2591759A (en) 2020-02-05 2020-02-05 System and process for Validation
PCT/GB2021/050245 WO2021156617A1 (en) 2020-02-05 2021-02-04 System and process for validation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2001515.2A GB2591759A (en) 2020-02-05 2020-02-05 System and process for Validation

Publications (2)

Publication Number Publication Date
GB202001515D0 GB202001515D0 (en) 2020-03-18
GB2591759A true GB2591759A (en) 2021-08-11

Family

ID=69800140

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2001515.2A Pending GB2591759A (en) 2020-02-05 2020-02-05 System and process for Validation

Country Status (2)

Country Link
GB (1) GB2591759A (en)
WO (1) WO2021156617A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015000425A1 (en) * 2013-07-03 2015-01-08 Mpayme Ltd. Method and system for authenticating user using out-of-band channel
US20170316626A1 (en) * 2016-04-27 2017-11-02 Cubic Corporation 4d barcode
US10498730B1 (en) * 2016-03-30 2019-12-03 Snap Inc. Authentication via camera
WO2020009658A1 (en) * 2018-07-04 2020-01-09 Leow Wee Dar Identity or security authentication device for electronic system using visual patterns or codes

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9189722B2 (en) * 2014-03-24 2015-11-17 Cellum Innovacios Es Szolgal Tato Zrt Systems and methods for motion two dimensional codes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015000425A1 (en) * 2013-07-03 2015-01-08 Mpayme Ltd. Method and system for authenticating user using out-of-band channel
US10498730B1 (en) * 2016-03-30 2019-12-03 Snap Inc. Authentication via camera
US20170316626A1 (en) * 2016-04-27 2017-11-02 Cubic Corporation 4d barcode
WO2020009658A1 (en) * 2018-07-04 2020-01-09 Leow Wee Dar Identity or security authentication device for electronic system using visual patterns or codes

Also Published As

Publication number Publication date
GB202001515D0 (en) 2020-03-18
WO2021156617A1 (en) 2021-08-12

Similar Documents

Publication Publication Date Title
CN110741369B (en) Secure biometric authentication using electronic identity
JP6951329B2 (en) Systems and methods for managing digital identities
US8453207B1 (en) Methods and systems for improving the security of secret authentication data during authentication transactions
US20080005578A1 (en) System and method for traceless biometric identification
US20100115591A1 (en) Method and system for authenticating users with optical code tokens
US8959359B2 (en) Methods and systems for improving the security of secret authentication data during authentication transactions
JP7364057B2 (en) Information processing device, system, face image update method and program
JP5145179B2 (en) Identity verification system using optical reading code
US11640616B2 (en) System and method of counting votes in an electronic voting system
Nath et al. Issues and challenges in two factor authentication algorithms
Mohamed Security of Multifactor Authentication Model to Improve Authentication Systems
US8804158B2 (en) Token generation from a printer
GB2591759A (en) System and process for Validation
KR101475422B1 (en) Internet Security Method and System using One Time IDentification
Kamau et al. A review of Two Factor Authentication Security Challenges in the Cyberspace
Shaji et al. Multi-factor authentication for net banking
Guma Development of a secure multi-factor authentication algorithm for mobile money applications
BRĂCĂCESCU et al. A PROPOSAL OF DIGITAL IDENTITY MANAGEMENT USING BLOCKCHAIN
Ali Development of a secure multi-factor authentication algorithm for mobile money applications
TWI844163B (en) Financial verification system
Wodo et al. Human-Related Security Threats and Countermeasures of Electronic Banking and Identity Services-Polish Case Study
Malik et al. Enhancing the Security of Online Voting System Using Defined Biometrics
US20160306959A1 (en) Method of authentication
Liou et al. A study of biometric feature for a recall-based behavioral graphical mobile authentication
Habibu Development of secured algorithm to enhance the privacy and security template of biometric technology