WO2007085824A2 - Système d'extraction d'images - Google Patents

Système d'extraction d'images Download PDF

Info

Publication number
WO2007085824A2
WO2007085824A2 PCT/GB2007/000239 GB2007000239W WO2007085824A2 WO 2007085824 A2 WO2007085824 A2 WO 2007085824A2 GB 2007000239 W GB2007000239 W GB 2007000239W WO 2007085824 A2 WO2007085824 A2 WO 2007085824A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
image
images
unique identifier
service provider
Prior art date
Application number
PCT/GB2007/000239
Other languages
English (en)
Other versions
WO2007085824A3 (fr
Inventor
Tom Elgar
Original Assignee
Serverside Group Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Serverside Group Limited filed Critical Serverside Group Limited
Publication of WO2007085824A2 publication Critical patent/WO2007085824A2/fr
Publication of WO2007085824A3 publication Critical patent/WO2007085824A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention relates to authentication of a user and in particular, but not exclusively, to a web application for authenticating a person online via the internet.
  • an apparatus for authentication of a user comprising: a display device for displaying at least one user image stored in a first storage device and at least one non-user image stored in a second storage device; a user interface for enabling a user to select one of the at least one user image and the at least one non-user image; and an authentication device for determining that the user is an authentic user, if the user selects the user image.
  • the apparatus further comprises: a storage device for storing the location of the at least one user image in a set of images displayed to the user, comprising the at least one user image and the at least one non-user image.
  • the apparatus further comprises: a randomising device for randomly selecting the at least one user image from the at least one user image and randomly selecting the at least one non-user image from a plurality non-user images.
  • the randomising device randomly orders the selected at least one user image and the selected at least one non-user image.
  • the authentic user is directed to an image design device.
  • the user interface enables the user to enter a unique identifier.
  • the unique identifier is associated with the at least one user image.
  • the unique identifier comprises a username.
  • the unique identifier comprises an email address.
  • the unique identifier comprises a telephone number.
  • the first storage device comprises user images from more than one user and an unique user identifier is associated with each user image.
  • the associated unique identifier is used to determine which user images are to be displayed.
  • the user image is an image previously provided by the user.
  • the user image is an image selected from a plurality of images provided in a first category.
  • the first category is previously selected by the user as an authentication category.
  • the image selected from the plurality of images contained in the first category is previously selected by the user as an authentication image.
  • the first category comprises houses, cats or circles.
  • a method for authentication of a user comprising: accessing an user image database comprising at least one user image and selecting at least one of the least one user image; accessing a non-user image database comprising at least one non-user image and selecting at least one of the at least one non-user image; displaying the selected at least one user image and the selected at least one non-user image, and requesting a user select the user image; and determining that the user is an authentic user, if the user selects the user image.
  • the method further comprises: requesting the user input a unique identifier corresponding to the user, prior to accessing the user image database; and accessing the user image database comprising at least one user image corresponding to the unique identifier.
  • a method for authentication of a user comprising: requesting a user selects an image from a plurality of images; and determining that the user is an authentic user, if the user selects an image from the plurality of images which was previously provided by the user.
  • the method further comprises: requesting the user input a usemame and password.
  • the method further comprises: preventing the user from selecting a further image, if the user previously selected a non-user image.
  • a method for transmitting images from an image capturing device to an application service provider comprising: capturing an image with an image capturing device; transmitting the captured image to an application service provider remote from the image capturing device; and storing the captured image in a storage device of the application service provider.
  • the method further comprises: storing the captured image in a first storage device of the image capturing device prior to transmitting the captured image.
  • the method further comprises: deleting the captured image from the first storage device of the image capturing device after transmitting the captured image.
  • the method further comprises: configuring transmission of the captured image such that only one captured image is transmitted at a time.
  • the method further comprises: configuring transmission of the captured image such that more than one captured image is transmitted at a time.
  • the method further comprises: configuring transmission of the captured image such that the captured image is transmitted at a predetermined time.
  • the method further comprises: configuring transmission of the captured image such that the captured image is transmitted in a predetermined format.
  • the image capturing device comprises a unique identifier, and the unique identifier is transmitted with the captured image to the application service provider.
  • the unique identifier is associated with the captured image.
  • the unique identifier comprises a telephone number.
  • the unique identifier comprises a usemame.
  • the unique identifier comprises an email address.
  • the captured image is transmitted when the storage device of the image capturing device is full.
  • the captured image is transmitted when a mobile communications network bandwidth is low.
  • an apparatus for authenticating a user comprising: a user database for storing user identification data; a user image database for storing at least one user image; a non- user image database for storing at least one non-user image; a randomisation device for randomly selecting at least one of the at least one user image and at least one of the at least one non-user image; and a comparison device for comparing a selected image selected from the randomly selected at least one user image and at least one non-user image with the at least one user image to determine if the selected image is the at least one user image.
  • the apparatus further comprises: a location storage device for storing data about the location of the randomly selected at least one user image.
  • a user provides the at least one user image to the user image database.
  • the user identification data is associated with the at least one user image.
  • the comparison device determines whether the selected image is the at least one user image based on the location data stored in the location storage device.
  • the user selected image is the at least one user image
  • the user is authenticated, and wherein if the user selected image is not the at least one user image, then the user is rejected.
  • a randomising device for randomly selecting at least one of a plurality of user images held in a user image database, associated with a user, and at least one of a plurality of stock images held in a stock image database.
  • the randomising device further comprises randomly ordering the selected at least one user image and the selected at least one stock image.
  • a computer program for scheduling transmission of images from an image capturing device to a remote service provider storage device comprising: first means for transmitting an image to an application service provider remote from an image capturing device; and second means for storing the captured image in a storage device of the application service provider.
  • a for setting user authentication data comprising: requesting a user provided at least one user image; and associating user identification data with the user provided image, such that when the user select the user image from a plurality of non-user images, the user is authenticated.
  • a device comprising: a camera arranged to capture an electronic image; a mobile phone for transferring the image over a wireless connection to a storage area; and an application program that is capable of being configured to transfer the image in a predetermined manner.
  • the predetermined manner comprises an automatic schedule to transfer the image at a later specified time.
  • the image is transferred in the predetermined manner it is automatically deleted from the device.
  • the camera is arranged to capture a plurality of images and the predetermined manner comprises transferring the images in batches.
  • the predetermined manner further controls at least one of the time and frequency at which batches are to be transferred.
  • a method of authenticating users of a communications network comprising: storing a unique identifier and at least one image recognisable to a user; generating a prompt for the user to input a unique identifier in response to a login request from a user; identifying the image associated with the unique identifier input by the user and displaying to the user a set of images comprising the at least one recognisable image associated with the user, wherein the user is authenticated if one or more of the recognisable images is selected by the user.
  • the other images of the set displayed to the user are randomly selected from a pool of images.
  • each user there are a plurality of recognisable images associated with each unique identifier such that the set of images displayed to the user comprises the plurality of recognisable images and wherein in order to be authenticated all of the plurality of recognisable images need to be identified and selected by the user.
  • the method is performed by a service provider.
  • an interface of a service provider for authenticating a user of a communication network comprising a plurality of users
  • the service provider is arranged to store a unique identifier and a plurality of electronic images corresponding to each user
  • the interface comprising: input means for allowing a user to input a unique identifier; first output means for displaying a set of images to the user, the set of images comprising at least one image corresponding to the user that input the unique identifier; input means for enabling the user to attempt to select the images corresponding to the user from the displayed set of images; and means for determining the user is authenticated if the images selected are the images corresponding to the user.
  • a plurality of images corresponding to the user are stored and the authentication step comprises selection of said plurality of images.
  • the interface is a web interface hosted by a server computer of the service provider located remotely from a client computer of each of the users.
  • the unique identifier and the plurality of images stored at the service provider is previously uploaded from each user to the service provider.
  • the image associated with the user is an electronic image that has been sent from the user to the service provider.
  • the unique identifier is a telephone number or another dial-up sequence uniquely indicating the user or email address.
  • a method for authenticating users of a communications network comprises: storing a unique identifier and an image associated with each user, and in response to a login request from a user, prompting the user to input a unique identifier, identifying the image associated with the unique identifier input by the user; and displaying a set of images at least one of which is the image associated with the user and authenticating the user responsive to selection by the user of the associated image.
  • a device for connecting to a camera arranged to capture an image comprising: a first port for interfacing with the camera; a second port equipped with mobile telephony capability for transferring the image between the device and a storage unit over a wireless connection.
  • the device further comprises an application for controlling the manner in which the image is transferred.
  • the device has an associated mobile number which identifies the user so that images can be uploaded to the storage area.
  • the user does not need to interfere with the authentication process since the storage area is inherently able to recognise the user by the mobile number of the device and hence it is able to associate the images uploaded from the user with the unique identifier (i.e. mobile number) of the device.
  • a username need not be set up in advance of the first uploaded image.
  • Figure 1 shows a system overview according to an embodiment of the present invention
  • Figures 2a) to 2f) show flow diagrams of different embodiments for sending pictures to the storage area
  • Figure 3 shows an embodiment for authenticating a user
  • Figure 4 shows a flow diagram of an embodiment for enabling the authentication of a user
  • Figure 5 shows a flow diagram of an embodiment for enabling the upload of images and the creation of a usemame from a computer connected to the web;
  • Figure 6 shows a flow diagram of an embodiment for enabling the upload of images and creation of a usemame from a camera device
  • Figure 7 shows a flow diagram of an embodiment of a plurality of interfaces that a user may select from in order to perform an application after authentication by the web "admin picture” application;
  • Figure 8 is a flow chart split over two pages represented by Figure 8a and
  • Figure 1 shows a device 10, 10' which is arranged to deliver images to an image storage area 3 of an ASP (Application Service Provider) 30.
  • the images are electronic images that are sent by the MMS (Multimedia Messaging Service) from the device 10, 10' to the storage area 3.
  • MMS Multimedia Messaging Service
  • a skilled person would understand that other electronic formats (specifically Email) are known and feasible.
  • the device 10, 10' comprises camera functionality for taking pictures and mobile phone functionality for communicating the images over a wireless connection to the storage area 3.
  • the devices can either be integrated units or relevant connectable components offering suitable functionality and which can be joined for example by a standard USB (Universal Serial Bus) Connection.
  • the device 10 is a mobile phone but in an alternative embodiment the device 10' is a digital camera.
  • the device is shown as having an application 100 which can either be loaded directly to the mobile (if the application only consists of software) or can be loaded on a separate hardware unit connected to the mobile phone using for example a USB connection (not shown).
  • the mobile phone 10 may be equipped with a camera and thus the application (software) could be loaded directly to the mobile phone 10 and is used to control the automatic scheduling of the transmission of images to the storage area 3 as will be described later.
  • the mobile phone may not be equipped with a camera, in which case the application 100 may comprise separate hardware in the form of a digital camera that is able to connect to the mobile phone (for example via a USB connection) and/or software for controlling the automatic scheduling of images to be sent from the device 10 to the storage area 3.
  • the application 100 may comprise separate hardware in the form of a digital camera that is able to connect to the mobile phone (for example via a USB connection) and/or software for controlling the automatic scheduling of images to be sent from the device 10 to the storage area 3.
  • the software is for example a computer program that may be programmed by the user of the device and will be executed by a processor connected to the device 10; i.e. the mobile phone itself, the camera or the hardware (if required).
  • the device 10' is a digital camera, which might for example either be integrally equipped with wireless communication functionality or a separate hardware and software application 100' might be required.
  • the application 100' may take the form of a dongle equipped with the capability of transferring the captured electronic images over a mobile phone network to the storage area 3.
  • the dongle further comprising a software application arranged to control the automatic scheduling of images to be sent from the device 10 to the storage area 3.
  • the device 10, 10' may be a camera or mobile phone with a camera as well as any device with image storage and camera function.
  • the application may be installed on the device and, in the embodiments where it is needed, a hardware device of the application is connected to the USB port of the device.
  • the application 100, 100' having software for providing an interface to the user for operating the device and/or to configure the manner in which the scheduled transmissions of the images are performed to the storage area 3.
  • the user may configure one or more of the timing, group and format of images for transmission.
  • the mobile number on the digital camera may be displayed to the user via the device HCI.
  • HCI human computer interface
  • the application device hardware 100' may be equipped with an HCI in order for the user to interact with this so-called "send picture" application of the device.
  • This application thus allows a user to program the device to send pictures (i.e. electronic images) to the storage area in a predetermined manner. Further it may be that the HCI is provided by the ASP and that instructions are communicated back to the remote device.
  • the "send picture” application allows the device to send and receive pictures to a storage unit 3 within the ASP 30.
  • the application also allows the user to set up the transmission of pictures in addition to allowing the user to customise when and how the transmitting may be made. For example, the user may have the choice of sending the images in batches, sending them one-by-one, or even to select a specific time when to send batches or single pictures.
  • the timings of the image download to the ASP may be triggered by the mobile communications network on an ad hoc basis when network bandwidth is low.
  • An advantage of being able to send (and/or to setup the automated scheduling of transmitting the images) is that the camera device 10 may not require a large memory.
  • the user may for example select an option to automatically delete the pictures on the camera device after successfully transmitting the pictures to the storage unit 3.
  • a mobile number may be stored within the hardware application 100" so the device 10' may send pictures to the storage unit 3 using the MMS protocol or any other relevant wireless mobile phone protocol, for example GPRS (General Packet Radio Service) or protocols associated with 3G (Third Generation) mobile telephony, etc.
  • MMS Mobile Management Entity
  • any other relevant wireless mobile phone protocol for example GPRS (General Packet Radio Service) or protocols associated with 3G (Third Generation) mobile telephony, etc.
  • the transmitting between the device 10, 10' and the storage area 3, may also be made through a Wi-Fi connection (not shown) to the internet 60.
  • the application 100, 100' may be provided with an IP address, in addition to the storage area 3 having a unique identifier, for facilitating the connection of the user with the pictures.
  • the send picture application can automatically send the image after the image is taken, thereby further reducing the reliance on camera memory.
  • pictures could be sent at a particular time such as an off-peak time, having the advantage that a user could make use of a cheaper network charge rate.
  • the device 10, 10' that sends the MMS may be a separate device 100' to the camera 10'.
  • this device only has one function, which is to send the images as MMS messages (or similar) to a pre-defined telephone number.
  • standard digital cameras and their software can be adapted to use this system and achieve the advantages of embodiments of the present invention.
  • Figures 2a to 2f show different embodiments for transmitting the images between the device 10, 10' and the storage area 3.
  • the embodiment shown in Figure 2a is for manually sending a single picture.
  • a user takes one picture with the device 10, 10' at step S200.
  • the decision step S202 indicates that the picture can either be stored in the device at step S204 or sent directly to the storage area 3.
  • the image is sent to the storage area 3 at step S206 and stored in the storage area 3 at step S208.
  • the user can then decide to delete the picture in the device 10, 10' and step S212 reflects the decision to store the image in the device, whereas step S214 reflects the decision to delete the image from the device.
  • the embodiment shown in Figure 2b is for manually sending a batch of pictures.
  • a user takes a plurality of pictures with a device at step S216.
  • the pictures are then either stored directly in the device at step S220 or can be sent off to the storage area 3 as a batch of images at step S224 and stored in the storage area at step S226.
  • the user can then decide at step S228 to either delete the pictures on the device at step S232 or store them in the device at step S230.
  • the embodiment shown in Figure 2c is for automatically sending and deleting a single picture.
  • a user takes one picture with a device at step S234, which is automatically sent at step S236 to the storage area 3.
  • This automation may be scheduled to occur substantially immediately after the picture has been taken or scheduled for a later time, for example an off-peak time.
  • the picture is then stored in the storage area 3 at step S238 and is deleted from the device 10, 10' at step S240.
  • the embodiment shown in Figure 2e is for automatically sending a single picture and is the same as that of figure 2c, except it does not contain the deletion step at step S240.
  • the embodiment shown in Figure 2d is for automatically sending and deleting a batch of pictures.
  • a user takes one or a plurality of pictures of a device at step S242.
  • At step S244 at least some of the images are formed into batches comprising a plurality of images and these are sent and stored in the storage area 3 at step S246.
  • the pictures are deleted from the device.
  • the embodiment shown in Figure 2f is for automatically sending a batch of pictures and is similar to the flow chart of Figure 2d, with the exception of the deletion step S248.
  • Automatic deletion may be used, optionally, in connection with any embodiment of the invention.
  • the transmission of pictures, the scheduling thereof and the sequence and form that such transmissions take is flexible and is configurable depending on the requirements of the user, which may involve taking into account external factors such as the capabilities of the equipment and network.
  • Figure 3 shows an embodiment of the present invention for authenticating a user.
  • a user 50 is able to connect to the internet 60 using a computer 40 for example. More specifically, the user is able to connect to a login interface 55 (also termed the web "admin picture” application) of the ASP 3.
  • a login interface 55 also termed the web "admin picture” application
  • the login interface 55 comprises a first login screen 70 which for example prompts a user to input a username, which is a unique identifier corresponding to the user, and in response thereto, the ASP 30 accesses at least one previously stored image that belongs to that user from the image storage area 3.
  • Figure 3 shows an output interface of the user for displaying a plurality of images to the user.
  • some of the images are those previously uploaded to the image storage area 3 and belonging to the user mixed with other randomly selected images to provide a selection set of images displayed to the user by the ASP.
  • the user must then select from the plurality of images those that are considered by the user to belong to him/her.
  • the user does this by recognition of each image belonging to themselves from the set, which includes those images randomly selected from a pool of images (and are thus unrecognisable images), and selecting therefrom the image or images recognisable as their own. If the user selects the right images, they are authenticated by the system and this authentication is confirmed by the further output interface 74.
  • AAM AIIAboutMe
  • an embodiment of the present invention allows the authentication of a user via the Internet through the user's own digital pictures that have been uploaded to the ASP 30.
  • the ASP is implemented on servers as part of the Internet.
  • the user therefore has pictures stored in the storage area 3 of the ASP 30 which the user subsequently has to identify among a set of images including several other randomly shown pictures in order to be authenticated and login.
  • the client computer 40 is for example provided with a unique identifier that identifies a user.
  • the server system uses the unique identifier, which can take a variety of forms for example: a usemame, an email address, a mobile phone number, etc., to identify which pictures to show to the user. A skilled person will appreciate other feasible unique identifiers may be used.
  • the user forwards an email to an image storage device 3 with an attached image.
  • the image and the email are used later to authenticate the user;
  • the user takes a photograph using a digital camera with a mobile phone device attached or a mobile phone containing a digital camera.
  • the pictures are sent to an image storage device through MMS or functionally similar technology.
  • the image and mobile phone number are later used to authenticate the user.
  • the server of the ASP 30 may also use the username (mobile phone, email or usemame) to ensure that the user is valid by checking against a database, as this may be delivered to the market as part of a subscription process along with the mobile phone contract.
  • username mobile phone, email or usemame
  • the person After having created the user login credentials, the person enters the unique username in the authentication site and is then shown a number of pictures (both random pictures and a selection of the persons own previously uploaded pictures). lndeed there are various embodiments for implementing the authentication step itself, once the user has entered a valid user name or mobile number.
  • the users are each able to authenticate themselves by selecting the pictures they have uploaded.
  • choices for authenticating a user include:
  • a random selection of pictures is shown to the user mixed with some of the users own uploaded pictures.
  • the user selects the users own previously uploaded pictures from the selection.
  • the user may have in a previous setup been asked to select one or more of a plurality of categories, like "House”, “Cat”, “Circle”, such that during authentication the user is shown images from different categories and is prompted to select one of the images of each category which the user selected in the previous setup (or initial registration).
  • the image may not be the same as the original picture but may represent the same category.
  • the user may have previously been asked (or at initial registration) to select one or more authorisation pictures, such that during a subsequent authorisation the user is shown a number of random images also containing their authorisation images. In this way a user is able to remember specific images as if they were passwords.
  • Figure 4 shows one authentication embodiment using pictures.
  • the user connects to the Web GUI (Graphical User interface) 55 for picture authorisation.
  • the user enters a usemame.
  • the user is shown a mix of the user's pictures and randomly selected pictures.
  • the user selects all the pictures that he/she is able to identify as his/her own.
  • the ASP 30 decides whether the user has selected correctly and has therefore been authenticated at step S412, or incorrectly in which case the user is not authenticated at step S410 (and refused further entry to the website).
  • a user may have in previous set up been asked to enter a. mobile number if the number is not already in storage 3.
  • a message containing a code is sent to a user's mobile phone, the user enters the code in the window and the code is then validated.
  • the web interface for the authentication may be HTML (Hyper Text Markup Language), DHTML (Dynamic Hyper Text Markup Language), Flash (by Macromedia) or other web-based technologies.
  • the present invention provides a method and system for authentication of users in a client/server environment, or more specifically a web-based environment.
  • the authentication system of the present invention reduces the number of user interactions needed to authenticate a person before entering areas where authentication is needed and reduces the amount of sensitive information that is transmitted between a client system and a server system.
  • the image(s) used in the authentication process may be taken randomly from the whole collection of the users images or may be selected by the user as appropriate for the login process.
  • the authentication process can also be used such that a friend of the user may be able to access certain categories of the site based on images that they are familiar with - such as skiing trip for example, which the family of the user may not be familiar with.
  • Fig 6 outlines a process for sending images from a camera phone or camera with a phone attachment.
  • the figure describes a process using a GUI to select images to be sent to the ASP and for the images on the device to then be deleted.
  • the user may select multiple services provided by the authenticated web applications in order to manipulate the picture or use the picture in other services such as creating a personalized credit card, debit card, loyalty card, subway card, gas station card, enter a building authorization card, membership card, identification cards, slide shows, import or export pictures to other storage like computers; mobile phones; devices with storage installed, manipulate pictures, view pictures on TV, burn pictures to CD or send personalized card or invitations with the use of the users own cards.
  • services provided by the authenticated web applications in order to manipulate the picture or use the picture in other services such as creating a personalized credit card, debit card, loyalty card, subway card, gas station card, enter a building authorization card, membership card, identification cards, slide shows, import or export pictures to other storage like computers; mobile phones; devices with storage installed, manipulate pictures, view pictures on TV, burn pictures to CD or send personalized card or invitations with the use of the users own cards.
  • the user may change the user name or enter a user name if user has created the login details with a mobile number.
  • the usemame may then be validated to be unique or else the user may be prompted to enter another username.
  • the user may also have the choice of changing the mobile number in the same way. When changing the mobile number the user may be prompted to enter a code, sent to the new mobile number, into the web applications. Before the changes are saved the user may go through the authorization process again.
  • the user may import or export pictures through the web interface. Both import and export may be made for devices such as DVD, CD, camera, computer as well as other devices with storage included.
  • the user may manipulate pictures using the AAM designer.
  • the user may send hybrid or electronic mail with personalized pictures on.
  • the user may enter the AAM designer in order to design their picture on a postcard or a letter, the image is then passed as a template to a postcard or letter creation application external to the ASP 30.
  • the user may also send electronic postcards, letters as well as invitations to other people with personalised pictures on. P T/GB2007/000239
  • the user may view the previous uploaded pictures on TV or on the web.
  • the user may be able to create slide shows with a selection of the previous uploaded pictures.
  • the user may be able to create different kinds of personalised plastic cards S782 using the user's previous uploaded pictures and the AAM designer S784.
  • a card issuer may access the ASP 30 and use the AAM designer to personalise the plastic card according to the card issuer's requirements.
  • the AAM designer helps the user to manipulate the card so the application may fit to the card issuer's requirements.
  • Credit card S787 issuers may add their own application to the web "admin picture" application in order for a user to use the card issuer's service within the card issuer's application.
  • the responsible issuing institution may use the AAM designer and image storage 3 in creating such identification cards with pictures on.
  • the AAM designer may be used for the user to upload a picture and manipulate it to ensure the right size and quality to fit the requirements of a card on a passport or ID card, whereas the image checking part (using the image storage area 3) of the AAM application may be used to confirm the accuracy of the uploaded image on the spot with the user that uploaded the picture and the governmental facility dealing with those kinds of requests.
  • the image designer may help the government responsible for the subways in the country to make people buy more prepay/monthly cards instead of day-to-day cards as well as make people care more for their cards and not lose them. Every lost card is a new chance for the traveller to choose another way of getting to their destination, which the card issuer may prefer not to happen.
  • the user, or the company S788 the user works for, may want to create a personalized card for the company or give their employees or members the option to design their own cards (by selecting from the images).
  • the AAM designer is able to send a unique identifier to each card user which makes it possible for the card issuer to combine each card with separate details for each user.
  • Issuers of authorisation S791 and membership S792 cards may have their own requirements.
  • Figure 8 is a flow chart split over two pages represented as Figure 8a and Figure 8b for performing an embodiment of the invention. Although it is a flow chart and can be read as the various steps in a process, various physical elements are also shown. Specifically, the functionality and various physical elements associated with the client (or user) and server (or ASP) are shown as occurring on the left and right hand sides of the vertical dotted line 801 , respectively.
  • the server has an image database, a user database, a stock image database, a randomisation engine, memory and comparison circuitry common to both Figures 8a and 8b.
  • Figure 8a shows at step S800 a camera or phone device associated with the user.
  • the user is able to upload images and a UID (user ID or usemame) by one of the upload processes previously described (i.e. either manually, automatically, in batches, etc).
  • a UID user ID or usemame
  • This can be done in various manners such as by MMS in the case of S800 being a wireless phone device, or via a web interface in the case of S800 being a camera, which can be connected to an internet terminal.
  • the UID may be the phone number itself.
  • the images are uploaded to an image database S806 in the server.
  • the images can be saved with the UID in a non-relational database, but preferably are saved in a relational environment with each user having one or many images associated with themselves. Specifically each user is stored in the user database indicated by S810 and they have a relationship to their images in the image database at S806 defined by the step S808.
  • S814 indicates that at some later time, a user may wish to access the website of the ASP. This may be for authentication purposes, whereafter the relevant users are able to access the relevant sites they have been granted access rights to.
  • S814 shows the user uses an internet terminal to access a host web page of the ASP, which requests the user to enter his/her username (UID). This information is then sent at step S812 to the server.
  • UID can be cross-referenced with the username database at step S810 for identifying the user, and more specifically, the server is able to identify which images are associated with that particular user.
  • the images associated with the user are then sent at step S816 to a randomising engine S820.
  • the randomising engine is able to perform a number of randomising functions. Firstly it is able to perform a randomised selection of the images identified as being associated with the user. Secondly it is able to perform a randomised selection from the stock image database at step S830.
  • the stock image database comprising a plurality of stock images that are not associated with the user. Thirdly, it is able to perform a randomised selection in the ordering (or the location in a sequence) of the images that are presented to the user for their selection.
  • Step S834 indicates for example memory able to store the location of the user's image(s) in the set to be presented.
  • the set of random images being presented to the user, who makes his/her choice at step S826.
  • the user's choice is received for example by a comparison element S838 which checks whether the user's choice matches with the correct locations stored at S834.
  • the decision is then made and distributed via the server element S842 to the user who is informed of the decision at step S846. If the check was successful and the user's choice(s) matched then the user is authenticated and login to the site is permitted as indicated by step S850.
  • the user is also given the option of entering a traditional password (i.e. text-based as opposed to image-based) in case the image authentication process is not successful in the future.
  • stage one authentication will have failed. In such a case, the user is informed of this negative result at step S856 (shown in Figure 8b) and at step S858 is able to try and be authenticated using either stage two or stage three.
  • Step S860 indicates the route if the user tries to be authenticated using stage two.
  • the user will again have to enter their UID via an internet terminal, which is transmitted to the server and cross-referenced with the user database at step S880.
  • the server is able to select a new image(s) associated with the user, and one that hopefully the user can remember.
  • An algorithm for making such a selection can be programmed depending on the security requirements. For example, less images or more recent images, can be programmed to be selected for the second stage.
  • step S882 the randomising engine is shown at step S882 to draw random images from those provided by the user database via step S890 and those provided by the stock image database S886 via step S884, and to generate a randomised presentation order of these to the user for his selection at step S868.
  • step S894 The user's latest choices are thus received and compared at step S894 and a decision is reached at step S898 and sent to the user at step S870. If the user has selected incorrectly and the decision is "no", then the user's attempted authentication by image will have failed for the second time, and will be directed to stage three at step S874, where the user can only attempt to be subsequently authenticated using a traditional password mechanism (for example, text-based input).
  • a traditional password mechanism for example, text-based input.
  • Additional data may also be downloaded from the phone to the ASP such as the address book of the telephone.
  • the process could use simple SMS to maintain an up-to-date list on the ASP of the address book of the phone.
  • the phone could have a simple software device that sends an SMS (or VCard) to the ASP on a scheduled basis or each time a change was made.
  • the user could then log in using the process defined in this document to access the address book.
  • the user would simply access the ASP, enter the telephone number and the addresses could be sent by Vcard or SMS or another process in a batch or one-by-one manner.
  • the image repository can have backed up data storage
  • a device that can be located on a standard digital camera and read from the operating system of the camera to extract images on a automatic and/ or schedule way to be sent to the online image database;
  • the device can send an image to the online storage database without previously setting up an account
  • the login requires an image verification process and a username; where the mobile phone is contacted during the login process to ensure that the phone is in possession of the user and that a response is made from the phone to the online image database;
  • the login process is included as a part of the card design software to allow the user to log back in to the card design software without the need of setting up a username and password
  • image login is included as a part of a login process including using a URL with a username or session id;

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un procédé et un appareil d'authentification d'un utilisateur, l'appareil comprenant : un dispositif d'affichage pour afficher au moins une image utilisateur stockée dans une première mémoire et au moins une image non utilisateur stockée dans une seconde mémoire ; une interface utilisateur pour permettre à l'utilisateur de sélectionner l'une d'au moins une image utilisateur et l'une d'au moins une image non utilisateur ; et un dispositif d'authentification pour déterminer que l'utilisateur est un utilisateur authentique si l'utilisateur sélectionne l'image utilisateur. De préférence, l'interface utilisateur permet à l'utilisateur d'introduire un identificateur unique. Et de manière plus souhaitable, l'identificateur unique est associé à au moins une image utilisateur.
PCT/GB2007/000239 2006-01-25 2007-01-24 Système d'extraction d'images WO2007085824A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0601507.7 2006-01-25
GB0601507A GB0601507D0 (en) 2006-01-25 2006-01-25 Image retrieval system

Publications (2)

Publication Number Publication Date
WO2007085824A2 true WO2007085824A2 (fr) 2007-08-02
WO2007085824A3 WO2007085824A3 (fr) 2007-11-15

Family

ID=36060844

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2007/000239 WO2007085824A2 (fr) 2006-01-25 2007-01-24 Système d'extraction d'images

Country Status (2)

Country Link
GB (1) GB0601507D0 (fr)
WO (1) WO2007085824A2 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100186071A1 (en) * 2009-01-22 2010-07-22 Chunghwa Telecom Co., Ltd. Network authentication system and method
EP2405379A1 (fr) * 2008-06-16 2012-01-11 Intel Corporation Génération d'une image de réponse à un défi incluant une image reconnaissable
WO2017127757A1 (fr) * 2016-01-20 2017-07-27 FHOOSH, Inc. Systèmes et procédés destinés au stockage sécurisé et à la gestion de justificatifs d'identité et de clés de chiffrement
US10572682B2 (en) 2014-09-23 2020-02-25 Ubiq Security, Inc. Secure high speed data storage, access, recovery, and transmission of an obfuscated data locator
US10579823B2 (en) 2014-09-23 2020-03-03 Ubiq Security, Inc. Systems and methods for secure high speed data generation and access
US10614099B2 (en) 2012-10-30 2020-04-07 Ubiq Security, Inc. Human interactions for populating user information on electronic forms
US11349656B2 (en) 2018-03-08 2022-05-31 Ubiq Security, Inc. Systems and methods for secure storage and transmission of a data stream

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040093527A1 (en) * 2002-11-12 2004-05-13 Pering Trevor A. Method of authentication using familiar photographs

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040093527A1 (en) * 2002-11-12 2004-05-13 Pering Trevor A. Method of authentication using familiar photographs

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2405379A1 (fr) * 2008-06-16 2012-01-11 Intel Corporation Génération d'une image de réponse à un défi incluant une image reconnaissable
US8132255B2 (en) 2008-06-16 2012-03-06 Intel Corporation Generating a challenge response image including a recognizable image
US20100186071A1 (en) * 2009-01-22 2010-07-22 Chunghwa Telecom Co., Ltd. Network authentication system and method
US8510809B2 (en) * 2009-01-22 2013-08-13 Chunghwa Telecom Co., Ltd. Network authentication system and method
US10635692B2 (en) 2012-10-30 2020-04-28 Ubiq Security, Inc. Systems and methods for tracking, reporting, submitting and completing information forms and reports
US10614099B2 (en) 2012-10-30 2020-04-07 Ubiq Security, Inc. Human interactions for populating user information on electronic forms
US10572682B2 (en) 2014-09-23 2020-02-25 Ubiq Security, Inc. Secure high speed data storage, access, recovery, and transmission of an obfuscated data locator
US10579823B2 (en) 2014-09-23 2020-03-03 Ubiq Security, Inc. Systems and methods for secure high speed data generation and access
US10657283B2 (en) 2014-09-23 2020-05-19 Ubiq Security, Inc. Secure high speed data storage, access, recovery, transmission, and retrieval from one or more of a plurality of physical storage locations
US10657284B2 (en) 2014-09-23 2020-05-19 Ubiq Security, Inc. Secure high speed data storage, access, recovery, and transmission
US10298556B2 (en) 2016-01-20 2019-05-21 FHOOSH, Inc. Systems and methods for secure storage and management of credentials and encryption keys
WO2017127757A1 (fr) * 2016-01-20 2017-07-27 FHOOSH, Inc. Systèmes et procédés destinés au stockage sécurisé et à la gestion de justificatifs d'identité et de clés de chiffrement
US11349656B2 (en) 2018-03-08 2022-05-31 Ubiq Security, Inc. Systems and methods for secure storage and transmission of a data stream

Also Published As

Publication number Publication date
WO2007085824A3 (fr) 2007-11-15
GB0601507D0 (en) 2006-03-08

Similar Documents

Publication Publication Date Title
US10104074B2 (en) Independent biometric identification system
US10771256B2 (en) Method for generating an electronic signature
CN101127625B (zh) 一种对访问请求授权的系统及方法
RU2328085C2 (ru) Способ связывания устройств
EP1102157B1 (fr) Méthode et procédé pour un enregistrement protégé dans un système de télécommunications
EP2747374A1 (fr) Accès à un compte à base de jeton
US10834067B2 (en) Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network
US20140053251A1 (en) User account recovery
WO2007085824A2 (fr) Système d'extraction d'images
CN101103354A (zh) 基于对共享式数据的访问权限来提供服务
JP2012530311A (ja) 移動無線機の移動無線網へのログイン方法
JP2002055955A (ja) 本人認証方法および本人認証システム
CN105009123A (zh) 用于请求及提供对与图像相关联的信息的存取的方法及设备
CN106416336B (zh) 识别和/或认证系统和方法
US20030177366A1 (en) Method and apparatus for dynamic personal identification number management
JP2009020650A (ja) 個人認証方法および個人認証システム
US20090165098A1 (en) method of and system for conducting a trusted transaction and/or communication
CN103457954A (zh) 用户密码管理方法和装置
US20140033284A1 (en) Method for user authentication
JP2017102842A (ja) 本人認証システム、本人認証用情報出力システム、認証サーバー、本人認証方法、本人認証用情報出力方法及びプログラム
JP4718917B2 (ja) 認証方法およびシステム
US20080301800A1 (en) System and method for creating a virtual private network using multi-layered permissions-based access control
KR101831381B1 (ko) 메신저서비스를 이용한 스마트 로그인 방법 및 그 장치
EP2234423A1 (fr) Indentification sécurisée sur un réseau de communication
JP2005182212A (ja) 情報処理方法、情報処理システム、プログラムおよび記録媒体

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07705014

Country of ref document: EP

Kind code of ref document: A2