NZ761244B2 - Method of authentication, server and electronic identity device - Google Patents

Method of authentication, server and electronic identity device

Info

Publication number
NZ761244B2
NZ761244B2 NZ761244A NZ76124420A NZ761244B2 NZ 761244 B2 NZ761244 B2 NZ 761244B2 NZ 761244 A NZ761244 A NZ 761244A NZ 76124420 A NZ76124420 A NZ 76124420A NZ 761244 B2 NZ761244 B2 NZ 761244B2
Authority
NZ
New Zealand
Prior art keywords
identity device
electronic identity
visual element
individual
verification code
Prior art date
Application number
NZ761244A
Other versions
NZ761244A (en
Inventor
Boni Laurent
Kerautret Laurent
Heurtier Olivier
Original Assignee
Idemia Identity & Security France
Filing date
Publication date
Priority claimed from FR1901001A external-priority patent/FR3092414B1/en
Application filed by Idemia Identity & Security France filed Critical Idemia Identity & Security France
Publication of NZ761244A publication Critical patent/NZ761244A/en
Publication of NZ761244B2 publication Critical patent/NZ761244B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D7/00Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency
    • G07D7/004Testing specially adapted to determine the identity or genuineness of valuable papers or for segregating those which are unacceptable, e.g. banknotes that are alien to a currency using digital security elements, e.g. information coded on a magnetic thread or strip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0846On-card display means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/125Offline card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention proposes a method of authentication of an electronic identity device (1) presented by an individual, the method being characterized in that it comprises the implementation of steps of: (b) Reception by data processing means (21) of a server (2) of an acquired image of said electronic identity device (1), the image representing at least one personal visual element of the individual and a dynamic verification code that are visible on said electronic identity device (1), said dynamic verification code containing at least one item of reference information representative of an expected appearance of said visual element; (c) Extraction, by analysis of said acquired image by the data processing means (21) of the server (2), of: ? an item of candidate information representative of the appearance of said visual element as represented in the acquired image; ? the reference information representative of the expected appearance of said visual element contained in said dynamic verification code as represented in the acquired image; (d) Verification by the data processing means (21) of the server (2) that the extracted candidate information and reference information match.

Claims (15)

1. A method of authentication of an electronic identity device presented by an individual, the method comprising the implementation of steps of: (b) reception by a data processor of a server, of an acquired image of said electronic identity device, the image representing at least one personal visual element of the individual and a dynamic verification code that are visible on said electronic identity device, said dynamic verification code containing at least one item of reference information representative of an expected appearance of said visual element, said visual element visible on said electronic identity device being a graphic element, in particular a photograph or a handwritten signature of the individual, the reference information representative of an expected appearance of said graphic element being Digital Photo Seal type security data; (c) extraction by analysis of said acquired image by the data processor of the server of: - an item of candidate information representative of the appearance of said visual element as represented in the acquired image; - the reference information representative of the expected appearance of said visual element contained in said dynamic verification code as represented in the acquired image; (d) verification by the data processor of the server that the extracted item of candidate information and reference information match.
2. The method according to claim 1, comprising a step (a) of displaying by display means said dynamic verification code from said electronic identity device.
3. The method according to claim 2, wherein the step (a) comprises the preliminary generation of said dynamic verification code by a data processor of said electronic identity device based on at least said reference information representative of an expected appearance of said visual element and a one-time password, (OTP).
4. The method according to claim 3, wherein the step (a) and the step (c) each comprise the generation of said OTP, respectively by the data processor of the electronic identity device and the data processor of the server based on a shared secret;
5. The method according to claim 4, wherein said one-time password is a time-based one-time password, TOTP, the generation of said TOTP by the data processing means of the electronic identity device and the data processor of the server also being based on time information. 1004994414
6. The method according to claim 3, wherein said dynamic verification code also contains at least one descriptive data from said OTP generated by the data processor of the electronic identity device, step (c) also comprising the extraction of the descriptive data from said OTP contained in said dynamic verification code as represented in the acquired image, step (d) also comprising the verification that the OTP generated by the data processor of the server matches said descriptive data of the extracted OTP.
7. The method according to claim 2, wherein said dynamic verification code is displayed in the form of a QR code and/or an alphanumeric code.
8. The method according to claim 1, wherein said dynamic verification code also contains an electronic signature of said reference information representative of an expected appearance of said visual element, step (c) also comprising the extraction of the electronic signature contained in said dynamic verification code as represented in the acquired image, step (d) also comprising the verification that said extracted electronic signature is valid.
9. The method according to claim 1, wherein said personal visual element of the individual is printed on the electronic identity device.
10. An authentication server, comprising a data processor configured for: - receiving an acquired image of an electronic identity device presented by an individual, the image representing at least one personal visual element of the individual and a dynamic verification code that are visible on said electronic identity device, said dynamic verification code containing at least one item of reference information representative of an expected appearance of said visual element, said visual element visible on said electronic identity device being a graphic element, in particular a photograph or a handwritten signature of the individual, the reference information representative of an expected appearance of said graphic element being Digital Photo Seal type security data; - extracting, by analysis of said acquired image: - an item of candidate information representative of the appearance of said visual element as represented in the acquired image; - the reference information representative of the expected appearance of said visual element contained in said dynamic verification code as represented in the acquired image; verifying that the extracted candidate information and reference information match.
11. An electronic identity device of an individual, the electronic identity device configured to: display at least one personal visual element of said individual on said electronic identity device, 1004994414 said visual element being a graphic element that is a photograph or a handwritten signature of the individual, generate and display a dynamic verification code containing at least one item of reference information representative of an expected appearance of said visual element, the reference information representative of an expected appearance of said graphic element being Digital Photo Seal type security data.
12. The device according to claim 11, including a data processor configured for preliminarily generating a one-time password (OTP), said dynamic verification code being generated based on at least said reference information representative of an expected appearance of said visual element and of said generated OTP.
13. An authentication system comprising: an authentication server according to claim 10; at least one electronic identity device of an individual on which at least one personal visual element of said individual is visible, said visual element visible on said electronic identity device being a graphic element, in particular a photograph or a handwritten signature of the individual, wherein the electronic identity device comprises a data processor configured for generating and displaying on display means a dynamic verification code containing at least one item of reference information representative of an expected appearance of said visual element, the reference information representative of an expected appearance of said graphic element being the Digital Photo Seal type security data, and at least one client equipment comprising a scanner or camera for the acquisition of said image representing at least the personal visual element of the individual and the dynamic verification code that are visible on said electronic identity device.
14. A non-transitory computer program product comprising code instructions for the execution of a method according to claim 1 of authenticating an electronic identity device presented by an individual, when said method is executed on a computer.
15. A non-transitory storage means readable by a computer equipment on which a computer program product comprises code instructions for the execution of a method according to claim 1 of authenticating an electronic identity device presented by an individual.
NZ761244A 2020-01-29 Method of authentication, server and electronic identity device NZ761244B2 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR1901001A FR3092414B1 (en) 2019-02-01 2019-02-01 Authentication process, server and electronic identity device

Publications (2)

Publication Number Publication Date
NZ761244A NZ761244A (en) 2024-01-26
NZ761244B2 true NZ761244B2 (en) 2024-04-30

Family

ID=

Similar Documents

Publication Publication Date Title
US11080384B2 (en) Systems and methods for authentication using digital signature with biometrics
US9396383B2 (en) System, method and computer program for verifying a signatory of a document
EP3223483B1 (en) Voice print verification method and apparatus, storage medium and device
US20170243097A1 (en) Method and apparatus for decoding or generating multi-layer color or code, method for recommending setting parameters in generation of multi-layer or code, and product comprising multi-layer color or code
WO2019075840A1 (en) Identity verification method and apparatus, storage medium and computer device
US20150143483A1 (en) Device and Method for Identity Authentication Management
US20160358298A1 (en) Dynamic digital watermark
EP3807794B1 (en) Age verification
JP2020524860A (en) Identity authentication method and device, electronic device, computer program and storage medium
EP3264309B1 (en) Information processing method and terminal, and a computer storage medium
Hossain et al. Improving cloud data security through hybrid verification technique based on biometrics and encryption system
CN106503527A (en) A kind of method and apparatus of electronic document fingerprint signature
US20180097805A1 (en) Pharmacy Authentication Methods and Systems
CN112085643A (en) Image desensitization processing method, verification method, device, equipment and medium
US20180124034A1 (en) Image based method, system and computer program product to authenticate user identity
NZ761244B2 (en) Method of authentication, server and electronic identity device
US20160306959A1 (en) Method of authentication
US20160342783A1 (en) Visual obfuscation security device, method and system
US20230133702A1 (en) System, Method, and Computer Program Product for Sensitive Data Obfuscation
WO2018113803A1 (en) Multi-factor authentication method
KR102361950B1 (en) System and method for detecting object data for learning and applying ai
CN110197246B (en) Self-anti-counterfeiting multi-dimensional bar code generation and verification method, device and system
EP3671503A1 (en) Graphometric document signing method and system
CN115730952A (en) Method, device, equipment and medium for embedding and authenticating invisible image identity code
CN115270091A (en) Data processing method and device