RU2816670C1 - Method of control and secure access to data - Google Patents

Abstract

FIELD: computer engineering.

SUBSTANCE: technical result is achieved due to the fact that in order to obtain access and execute commands, based on the unique data of the user—Object No. 2, a digital file is created and stored in the memory of the IC, which is an OCV No. 2; IC performs procedure of comparison and recognition of provided OCV No. 2 in OCV database; based on the obtained as a result of the operation of the algorithms for recognizing data on the OCV No. 2, a digital file is created and stored in the IC, which is a potential public key for obtaining access to IC resources; authentication takes place by comparing the secret and potential public keys with each other; if the comparison result gives the agreed number of matches, then the user is provided with access to the IC resources in this session, additional commands associated with the secret key are executed, or rejected; when keys are created by different algorithms in different IC, identification is provided by software.

EFFECT: improved protection of the provided data.

1 cl, 1 dwg

Description

The present invention relates to the field of digital data processing and data management systems, and more specifically, to methods for secure access to data, authentication of users of data processing systems, and remote user authentication. The technical solution will be used as a system for accessing information, for working on a computer, as a control unit on a locking electronic device, as an identifier in tracking and security systems, as a trigger for scripts and household appliances, etc.

Various technical solutions are known in this area.

Thus, the patent application US 2017/0171177 A1 is known (published 06/15/2017, IPC H04L 29/06, G06K 9/62, G06K 9/00).

The user specifies one or more items for authentication, and the system provides images of one or more items. When the user opens the mobile application, the camera on the mobile device is activated and takes a photo of the object in his field of view. If the image matches one of the item images, the user is authenticated. The system allows the user to electronically authenticate themselves using an item in the mobile application. Personal item (such as jewelry, keys, clothing, accessories, handbags, keychains, photographs, tools, or books). In particular, the user is authenticated when the personal item image is recognized as matching a reference or stored personal item image to be authenticated.

Disadvantages: The patent has narrower functionality compared to that presented by the author. Namely, we are talking only about photographing technology, it is intended for mobile phones, does not provide for recognition based on deep learning, or use outside of a mobile application. In addition, a significant difference is that the User uses only one object for identification, strictly associated with the key, both secret and public. The proposed technical solution provides for a fundamentally different level of functionality, which ensures complete protection of the data provided.

There is a known application for an invention - US 2016/0300046 A1 (published on October 13, 2016, IPC G06F 21/31, G06K 9/62, H04N 5/225), which is closest to the proposed invention in terms of the set of essential features, and accordingly accepted as a prototype. The authentication system, according to one example, includes an image capture device for scanning an object. The authentication system also includes a module for determining the flaws of an object based on scanning, generating a key database based on the identified flaws, and authenticating the user based on comparing the parameters of the identified flaws. Modular data is generated during the initial registration of an object, when the user presents the object as the desired authentication device. However, it should be noted that in some examples the entity may be selected (eg by management) as the user authentication device. During registration, the image capture device scans or reads the object when the object is initially presented. The authentication module scans the object to identify flaws and generate data that is used to authenticate the user in the future. It should be noted that a particular user may present one or more objects as an authentication device, and model data may be generated for each object. A solution is provided in which a person can be authenticated by an object. For example, a user may provide their own/personal item to be used as an authentication object. The solution is based on the fact that objects of the user's choice, for example, accessories (ring, bracelet, belt buckle) acquire unique flaws during the production process and everyday use. These imperfections can be read or scanned by an image capture device to extract or identify unique wear patterns that can be stored as a template. The template is then used to recognize the object and authenticate the user. As an example, a user may wish to have their ring serve as an authentication device for access to a facility/building or secure data processing system (eg, a computer). Another object (for example, a car key) can serve as an authentication device for another type of access (a specific premises or ATM, payment device, etc.).

Disadvantages: the known solution is based on scanning technology and has a narrow applied nature. The idea is to scan the inherent flaws of an individual item, and on this basis identify the user.

The proposed technical solution has a different level of functionality, much broader, and is based on a different principle for creating a key, which ensures complete protection of the data provided.

Thus, the technical problems in this area lie in the limited ability to ensure complete protection of the provided data, because there is a transfer of the user’s personal data, which increases the vulnerability of the computer or server due to the fact that false information can be entered into the data from the outside, and also because authentication is complicated by the need for very high detail. The proposed technical solution is aimed at eliminating these and other problems.

The technical result is an improvement in the technical characteristics of the method, which consists in increasing the protection of the provided data, coupled with simplifying the proposed method.

The technical result is achieved in that in the method of managing and secure access to data, which consists in the fact that, based on objects of the material world, including their images, electronic user data is created and stored in the information system database, which is subsequently compared with electronic user data, also created on the basis of objects of the material world, which the user provides for gaining access and executing commands, and based on this comparison, a decision is made on granting access or executing a command, according to the invention. To ensure control and access to the information system, objects of the material world, objects and images (Objects) are used.

The method consists of the following steps:

During the first session of work in the information system, based on the unique data of the User - object of the material world No. 1, selected as the basis for creating a secret key, a digital file (machine code) is created and stored in the IS memory, which represents the Object in digital form (hereinafter "OTsV");

- then the information system compares and recognizes Object in digital form No. 1 in the database of Objects in digital form, or creates a new OCV in the database;

- to carry out the comparison and recognition procedure, the information system uses a set of image recognition algorithms, including deep learning methods using neural networks, computer vision methods based on histograms of directional gradients, scale-invariant transformations of features, etc.;

- the result of recognition will be the assignment of OCV to a certain class from the IS database, or the creation of a new class;

- based on data about the Object in digital form No. 1, obtained as a result of the operation of recognition algorithms, a digital file (machine code) is created and stored in the information system, including recognition results, essential features of the object, OCV No. 1 itself, and other data sets , which may be needed for further identification depending on the purpose and design of the IS;

- then the IS assigns this digital file or part of this digital file as a secret key for accessing IS resources in subsequent sessions, at this stage additional conditions are assigned for executing other computer commands, program script triggers, etc.;

- during the second and subsequent sessions of work in the IS, based on the unique data of the user - Object of the material world No. 2, a digital file (machine code) is created and stored in the IS memory, which represents the Object in digital form No. 2;

- then the IS performs the procedure for comparing and recognizing OCV No. 2, similar to that described above and, based on the data obtained as a result of the recognition algorithms, creates and saves a new digital file (machine code), which includes a data array with recognition results, essential features of the object , OCV No. 2 itself, other data sets that may be needed for further identification depending on the purposes and structure of the IS, and which is ultimately a potential public key for access to IS resources, a candidate for a public key;

- in its structure, like machine code, the potential public key will be completely similar to the secret key (since these two keys are created based on the same data processing procedure);

- then authentication occurs - the information system compares the secret and potential public keys with each other; if the comparison result gives the agreed number of matches, then the user is granted access to the information system resources in this session, additional commands associated with the secret key are executed, otherwise access is denied;

- in cases where keys are created by different algorithms in different information systems, identification is ensured using special software that ensures mutual identification of classes among the contents of key files and makes it possible to compare keys created by different algorithms.

The essence of the invention is illustrated by the graphic material presented in Fig. 1, which shows all stages of the method.

Here the author considers it necessary to give several clarifications.

By “Information system” (IS), the author means a set of hardware and software tools for creating, storing, changing and retrieving information for interaction with the user. In accordance with this definition, for the purposes of the application, IP is further understood as both a separate computer and remote authentication servers, any combinations of computers, networks, network devices, peripheral devices and execution mechanisms.

“Objects of the material world” include not only objects and images, but also any material objects - landscapes, buildings, structures, geological structures, etc.

By “Object in digital form” the author means a digital file/machine code created on the basis of any devices and technologies that allow an array of data related to the original/Object to be encoded and transferred to a medium.

Such devices and technologies include emitters, receivers, analyzers and data converters across the entire spectrum of radiation and mechanical waves, capable of generating a digital file with an array of data related to an object of the material world (digital image, digital copy), as well as mechanical devices that copy shape and other features of a material object.

In particular, such technologies are photography, video filming, scanning, which create a digital image - an array of data obtained by sampling (analog-to-digital conversion) of the original. Once encoded using a special algorithm and recorded on a medium, this data array becomes a file.

Separately, it should be mentioned the possibility of using digital twin technology - a digital model of a physical object that interacts with this object and uses real-time data from the physical object to model the behavior and monitor the operations of such an object, allowing for control over the operation of such a physical object.

The key point of the invention is the combined use of recognition systems. These are traditional computer vision methods and recognition based on deep learning. Recognition is the assignment of source data to a certain class by identifying significant features that characterize this data from the total mass of data.

The file obtained by recognition algorithms, named by the author as OCV, created on the basis of an object of the material world, undergoes a recognition procedure, the purpose of which is to assign it to a certain class from the IP database. The recognition result will be the key information in the newly created file - a secret or potential public key.

Thus, in practice, this means that the user can provide as an object for creating a public key not the same object that was used to create the private key, but an identical or similar one, and not necessarily from the same angle and lighting. For example, the user provided the IP with a green stool with a round seat to create a secret key. The recognition algorithm found the class of these particular stools in its database. Now, when you access the system again, another user will show exactly the same stool. Even with deviations in shape, color, texture, etc., the IP will recognize it, assign it to the same class and make a decision on access.

If the IS does not have enough information regarding the assignment of OCV to a certain class, the algorithm creates a new class.

As an alternative, the IS can use OCV to create a key for computer vision recognition, creating a key based on histograms of directed gradients or scale-invariant feature transformations, for example.

The question of using a specific recognition method in an IS (based on deep learning or computer vision technology), or a combination of recognition methods, is solved programmatically, depending on the specific purpose of the IS. The same applies to filling the key with information. It may contain information about the class, clusters, and any other information, including histograms and essential features of the object that allow identification.

One more important note. The user creates a secret key in the IS. But the public key has not been created and is not stored in the IS memory. The public key will be created in the future, after matching/recognizing the applicant’s OCV and determining the OCV class.

This approach to creating keys greatly diversifies the opportunities available to users of the invention. This ensures the highest degree of protection against unauthorized access.

The invention provides for the use of objects of the material world or their images, not necessarily the same or 100% identical, as the basis for creating keys! The main thing is that recognition systems classify them into the same class. The importance of other significant individual characteristics may be taken into account in software ways in different ways, depending on the User’s tasks.

The proposed invention practically connects the material and digital worlds, introducing into circulation material objects, objects and their images for managing digital technologies.

Thus, with the help of the invention, a computer user can provide or gain access to data, as well as control the computer itself remotely, without using a standard computer interface. In practice (not in the sense of scientific terminology), the password/key that must be presented to initialize commands will be any object of the material world or its image - you just need to know which object is the key.

Examples of practical use of the invention:

To gain access to the data, the traveler takes an agreed key with him on the trip. For example, a bottle of your favorite drink, an engagement ring or a pendant. By presenting the designated item or its image, the traveler will have access to his files anywhere on the planet, without the risk of forgetting or losing secret codes, without the need for an electronic device;

in order to carry out a banking transaction, the user must present to the device, for example, a table lamp of a special design - anywhere in the world;

to pay for a secret product, the user sends a messenger to the other side of the world with the obligation to wear a specially cut red shirt to a certain location;

to turn off the TV, you need to show the device your slipper or something else that is always at hand at home;

the unmanned vehicle can move independently, matching its path to the target with map data. Simply by comparing information from your video camera with a map or a set of landmarks;

to open the lock on the entrance door to the apartment, or the lock of the safe, you need to show the device your hat (or the key to the apartment, or an insect, or decoration, etc.);

to automatically sort people in video surveillance systems; in this case, people with certain signs (for example, wearing bandanas) are taken under control, and people (for example, with roses in their buttonholes) are excluded from observation;

to get a room key or pay for a room, confirm your location, a tourist must take a photograph and send an image of his hotel, a palace nearby, a mountain nearby, etc.; in order to gain guaranteed access to the tangible assets of the community, participants create an analogue of a bank letter of credit - they present the agreed objects to the IP, and access is granted to everyone at the same time;

To make access to your assets as difficult as possible, the user assigns not one secret key based on an item, but a series, combination, sequence of keys. Uses both objects and images to create a key, includes time and geographical intervals and restrictions. The possibilities for using the invention are endless.

Thus, thanks to the new technical solution, users receive a fundamentally new level of data protection, as well as an effective way to manage their computers.

The advantages of the invention are:

• ease of key creation and authentication;

• the practical impossibility of hacking/selecting a key, due to the endless variety of objects in the material world, their images and their combinations when creating a key;

• no need to save digital passwords and media in any form;

• the everyday convenience of such “material encryption”, storage and transfer of keys, along with its wide applicability;

• the ability to control the operation of computers and devices using objects of the material world, without using standard interfaces;

• reducing the time of interaction with the computer. There is no need to enter data from the keyboard, use the mouse, etc.

Thanks to the proposed technical solution, the technical characteristics of the method are improved, namely, the protection of the provided data is increased, and the simplification of the proposed method is also achieved.

Claims (16)

1. A method of managing and secure access to data, which consists in the fact that, based on objects of the material world, including their images, electronic user data is created and stored in the information system database, which is subsequently compared with electronic user data also created based on the objects of the material world that the user provides to gain access and execute commands, and based on this comparison, a decision is made to grant access or execute a command, characterized in that to ensure control and access to the information system, objects of the material world are used - objects and images, not necessarily identical (hereinafter - Objects), and consisting of the following stages: - during the first session of work in the information system, on the basis of unique user data - Object 1 - a digital file is created and saved in the memory of the information system, which represents Object in digital form 1; - then the information system compares/recognizes the Object in digital form 1 in the database of Objects in digital form or creates a new Object (or class of Objects) in digital form in the database; - to carry out the matching/recognition procedure, the information system uses a set of image recognition algorithms, including deep learning methods based on neural networks, computer vision methods based on histograms of directional gradients, scale-invariant transformations of features; - based on the resulting algorithms for recognizing data about the Object in digital form 1, a digital file is created and stored in the information system, which (or part of which) will be a secret key for gaining access to IS resources in subsequent sessions; - this file stores an array of data associated with the Object in digital form 1 - information about the class label, recognition results; - at this stage, the secret key is assigned additional functions for executing commands to the information system; - during the second and subsequent sessions of the information system, to gain access and execute commands, based on the unique data of the user - Object 2, a digital file is created and stored in the memory of the information system, which represents the Object in digital form 2; - the information system carries out a procedure for matching/recognizing Object 2 in the database of Objects in digital form, similar to that described above; - based on the algorithms obtained as a result of the recognition of data about the Object in digital form 2, a digital file is created and stored in the information system, which will be a potential public key for gaining access to the resources of the information system; - in its structure, like machine code, a potential public key will be completely similar to a secret key, since these two keys are created based on the same data processing procedure; - then authentication occurs - the information system compares the secret and potential public keys with each other; - if the comparison result gives the agreed number of matches, then the user is granted access to the resources of the information system in this session, additional commands associated with the secret key are executed, otherwise access is denied; - in cases where keys are created by different algorithms in different information systems, identification is carried out using software that ensures mutual identification of classes among the contents of key files. 2. The method according to claim 1, characterized in that a computer or an authentication server is used as an information system.