WO2008030184A1 - Improved authentication system - Google Patents

Improved authentication system Download PDF

Info

Publication number
WO2008030184A1
WO2008030184A1 PCT/SG2007/000177 SG2007000177W WO2008030184A1 WO 2008030184 A1 WO2008030184 A1 WO 2008030184A1 SG 2007000177 W SG2007000177 W SG 2007000177W WO 2008030184 A1 WO2008030184 A1 WO 2008030184A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile phone
data
user
method
device
Prior art date
Application number
PCT/SG2007/000177
Other languages
French (fr)
Inventor
Khee Seng Chua
Poh Teck Alex Choong
Original Assignee
Khee Seng Chua
Poh Teck Alex Choong
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to SG200604513-2A priority Critical patent/SG131827A1/en
Priority to SG200604513-2 priority
Application filed by Khee Seng Chua, Poh Teck Alex Choong filed Critical Khee Seng Chua
Publication of WO2008030184A1 publication Critical patent/WO2008030184A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0861Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using biometrical features, e.g. fingerprint, retina-scan

Abstract

An authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by the inputs for the RSA algorithm obtained from a biometric source; storing of data encrypted using asymmetric cryptography on a RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography; the authentication of the encrypted data being carried out through verification means using both the public key and private key. Various devices using the improved authentication system are also proposed. Many uses and applications incorporating the devices with the improved authentication system are also proposed.

Description

IMPROVED AUTHENTICATION SYSTEM

TECHNICAL FIELD OF INVENTION

The present invention relates to an authentication system for storage and retrieval of encrypted data using a public key and a private key, both keys being generated by a RSA algorithm, the inputs for the RSA algorithm obtained from a biometric source.

The subject invention claims priority from Singapore Patent Application No. 2005 08498-3 for " IMPROVED AUTHENTICATION SYSTEM " filed on 25.10.2005.

BACKGROUND OF THE INVENTION

In the 1970s Martin Hellman, Whitfield Diffie, and, independently, Ralph Merkle invented a beautiful cryptographic idea. Their idea was to solve the key exchange and trust problems of symmetric cryptography by replacing the single shared secret key with a pair of mathematically related keys, one of which can be made publicly available and another that must be kept secret by the individual who generated the key pair. The advantages are obvious. First, no key agreement is required in advance, since the only key that needs to be shared with the other party is a public key that can be safely shared with everyone. Second, whereas the security of a symmetric algorithm depends on two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly much less problematic. Third, the issue of trusting the other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others

Since the idea of using the RSA Algorithm was first taught in US Patent No. 4,200,770 and also in United States Patent No. 4,405,829, which is known as the "RSA Patent", RSA algorithm has been used in many instances for public key encryption and digital signatures. Both the Netscape Navigator and Microsoft Explorer web browsing programs use RSA algorithms in their implementations of the Secure Sockets Layer (SSL). Mastercard and VISA likewise use the RSA algorithm in the Secure Electronic Transactions (SET) protocol for credit card transactions. MEANS TO SOLVE THE PROBLEM

Although applications using RSA algorithm for public key encryption are many, it is still essential that a person's identity be authenticated for important occasions and for important documents. Mere possession of an important document e.g. passport or smart credit card purportedly belonging to a person is sometimes not sufficient. This can be even so if the purported document contains encrypted data which can verify the identity of the holder. There is a further requirement for the person to have a private key which can then be matched with the public key (stored and made available to an verifying party) to further establish that person's identity.

Use of the RSA algorithm alone to encrypt personal and business confidential data by itself is therefore not sufficient for authentication of important personal and commercial documents. What is required is an unique method of using the RSA algorithm to generate an unique pair of keys, preferably from the biometrics of the person. The biometrics could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The unique pair of keys as well as other personal and confidential data could be encrypted. What is equally important and needed is a secured storage medium for the encrypted data as well as a secured method of retrieval of the encrypted data in order to authenticate a document or verify the identity of a person.

The invention provides a method of asymmetric cryptography for generating random numbers by using biometric means, using images obtained from biometric means, wherein the 'p', 'q' and possibly 'e' are used inputs to a RSA Algorithm to generate the key pairs, encrypting the private and public keys and storing the encrypted data in a RFID chip.

SUMMARY OF INVENTION

A first object of the invention is an authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by an asymmetric algorithm such as a RSA algorithm, obtaining the prime numbers as inputs for the RSA asymmetric algorithm obtained from a biometric source; storing of data encrypted using asymmetric cryptography on a secondary storage device; and authenticating the stored data encrypted on in said secondary storage devices using asymmetric cryptography; the authentication of the encrypted data being carried out through verification means using both the public key and private key.

Preferably the verification means of an authentication system is a validation message or a rejection message.

Preferably, the inputs for the RSA algorithm obtained from a biometric source is an image of the biometric image.

Preferably, the biometric image used for an authentication system for storage and retrieval of encrypted data is that of a fingerprint or an iris scan or face recognition or vein scan or any part of the body.

Preferably the biometric image used for an authentication system being an image of the fingerprint, the iris or face or vein or any part of the body is processed by a computer, and saved into memory and then such data which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself, the random numbers generated are then put through an algorithm to test for primality testing and thereafter, the prime numbers generated after the primality testing will be fed as the input to the RSA algorithm to generate the key pairs.

Preferably the method for generating asymmetric keys (e.g. RSA) by using these methods: - i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number etc) iii) using the data on the RFID chip iv) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,

Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) v) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc), is used as the seed for the pseudo random number required for primality testing.

Preferably the method for generating asymmetric keys (e.g. RSA) by combining two or more of the below mentioned means:- i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,

Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc). is used as the seed for the pseudo random number for primality testing.

Preferably, the method for generating asymmetric keys (e.g. RSA) by using one or more of the methods specified i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,

Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc). is used as the seed for the pseudo random number and then to find a new random number for primality testing or to find new prime numbers by iterating the primality test using one or more of the methods specified above.

Preferably, the method for using biometric information (e.g. fingerprint recognition, facial recognition, voice recognition) is used to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC. Example: i) User and bank has previously exchanged the encryption keys (either symmetric or asymmetric) ii) Bank encrypts the token with the encryption key and sends it to the mobile phone either directly through GPRS or through a PC iii) User scans his finger on the fingerprint scanner on the mobile phone.

The mobile phone will match the fingerprint from the database on the mobile phone iv) Upon successful identification, it will decrypt the key from the file. v) Using the key it obtained, the mobile phone will then decrypt the token to extract the message vi) The message is then transferred to the PC which will in turn send it back to the bank for verification.

Preferably the method for using biometric information uses a portable consumer electronic device with storage capability (e.g. mobile phone, PDA, iPod, BlackBerry) to decrypt a RFID chip with data encrypted either using symmetric or asymmetric encryption or both.

Another object of the invention is a method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod, BlackBerry) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method for generating asymmetric keys and storing the keys on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication ) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (eg USB). Preferably the portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod) uses the multi-factor (defined as two or more) authentication device with asymmetric keys from the method for generating asymmetric keys on the fly as and when needed. The keys generated are not stored permanently on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB), thereby minimising the risk exposed to the user if the device is stolen or lost as the person who stole it would need to know how to get the seed to generate the asymmetric key.

Preferably the portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) uses a multi-factor authentication device in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).

Preferably the portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) uses a multi-factor authentication device from the method for generating asymmetric keys in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).

Preferably the portable consumer electronic device (e.g. mobile phone, PDAs, iPod) has a secondary storage device to perform as a two or more factor authentication device using symmetric and/or asymmetric keys in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS) or direct wired (e.g. USB).

Another object of the invention is for a method for use of a portable consumer electronic devices (e.g. mobile phone, PDA) as a means for transferring encrypted data (either asymmetric or symmetric) from a server to the portable consumer electronic device for decryption and then transfer the data to another system such as a PC in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).

The encrypted data can be send in any of the ways mention below i) Transfer an encrypted session token from the server to the portable consumer electronic device either directly via GPRS, SMS etc or via the primary computing device such as a PC to the portable consumer electronic device. The decrypted session token is then sent back either directly to the server or via the primary computing device. The server will then allow the primary computing device to access the data. ii) Transfer the encrypted data from the portable consumer electronic device either directly via GPRS etc or via the primary computing device such as a PC to the portable consumer electronic device. The data is decrypted on the portable consumer electronic device and sent to the primary computing device.

Example usage : i) User stores his personal information such as address, medical information, telephone number on the web and encrypts the data ii) When the user visits a clinic for the first time, the user will log in to the server through his mobile phone iii) The data downloaded from the server will be decrypted on the mobile phone and sent to the PC at the clinic. iv) The software on the PC will process the details of the user such as the address, the medical information and telephone number accordingly.

Preferably the portable devices use the biometric functions built in a portable consumer electronic device as means for authentication/identification in place of an external biometric reading machine. For example :

Instead of using a fingerprint scanner connected to a payment device, the user can use the fingerprint scanner on his mobile phone or PDA to authenticate his identity to the payment centre. This eliminates the risk of the fingerprint template being stored in the merchant's computer.

Preferably the method for using a portable storage device for authenticating and/or signing the message on the devices (which is used as the secondary device) in situations where the primary device doesn't have access to the keys using the asymmetric keys generated by the method for generating asymmetric keys. Alternatively, the portable consumer electronic device with or without asymmetric keys can be used as a mode of payment and/or as a credit card in which the data is stored in the common memory area of the device and encrypted and/or on external commercially available memory storage devices.

Alternatively, the portable consumer electronic devices (e.g. mobile phone, PDA) are used as secondary storage devices with asymmetric keys stored in them/or asymmetric keys generated on the as a form of authentication device for use such as i) loyalty card ii) access card (eg proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (eg e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (eg receipts) xi) identity management on the Internet or Intranet

In the authentication process, the other party needs to know if the owner of the phone is authorised and does not need to know their identity. The data on the loyalty card etc can be stored on the portable consumer electronic device, on an external server such as the web, or on the merchant's server (as in the case of loyalty cards).

Alternatively the portable consumer electronic devices (e.g. mobile phone, PDA) are used as secondary storage devices as a form of identification device for use such as i) loyalty card ii) access card (e.g. proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet

In this identification process, the user identifies himself to the other party using asymmetric/symmetric keys. Therefore, using a portable consumer electronic device can hold multiple identities for a user.

For example : Assuming that the asymmetric keys have been generated and given to the respective parties, the user then proceed login to his intranet by placing his phone near the PC and generates the asymmetric key using Claims (6-8). The PC identities the user and allows him to log in. When the same user logs in to his email service provider, he generates another set of asymmetric key using Claims (6-8). In this way, the mobile phone hold multiple identities of the same person.

Alternatively mobile phone, personal digital assistant (PDA) can be used as an external storage device in the authentication process thereby allowing the user to save their documents and settings directly into the mobile phone or PDA which is mapped as a local drive on the computer and wherein the data on the mobile phone or PDA can be encrypted and decrypted on the fly thereby functioning as an encrypted external hard disk.

Preferably the method to store the user settings and user personal folder (such as C:\Documents and Settings\kschua in Windows XP or /usr/home/kschua in Linux) on the mobile phone, personal digital assistant (PDA) will preserve the settings for the user when he switches between computers.

Preferably the operating system of computers can be customised to extract the user settings from the mobile phone or PDA upon startup or login.

Preferably the portable consumer electronic device can store internet cookies, bookmarks etc with encryption or in plain text which the user can use to access websites on another device such as a PC. Example usage : i) A user's bookmarks, cookies and login user name and passwords are stored on the mobile phone ii) When the user access a PC, and launches the Internet browser, the Internet browser will load the bookmarks from the mobile phone iii) When the user logs in to read his email, the browser will pick up the user name and password from the mobile phone, thereby freeing the user from keying in the user name and password. This will prevent key loggers from stealing the user name and password.

Alternatively, the mobile phone, personal digital assistant (PDA) can be used to scan for virus on the PC and/or to act as a network gateway with firewall. This isolates virus scanning and firewall activities to an external device function and functions as a hardware virus scanner/firewall.

Alternatively, the mobile phone can function as a SecurlD token (by RSA Security).

Preferably the method to use the mobile phone to generate a new code at a specific interval e.g. 60 seconds) is combined for use with the PIN number/password at the primary computing device for multi factor authentication purposes wherein the resultant pin/password will be a one-time-use code that is used to positively identify or authenticate the user and upon which the server at the other end will be synchronised such that the new code generated by the mobile phone will be the same. Example usage

1 ) Upon logging in to an internet banking website, the mobile phone displays aaaaaa. The user's pin number is 222222. Therefore, when prompted to enter the password, the user enters aaaaa222222. The internet banking server need to be synchronised with the mobile phone such that at the specific time, it knows that the mobile phone has generated aaaaaa.

Alternatively the method stores the asymmetric data and any important data on the web and to broadcast change of keys and/or consumer electronic device to all parties involved, (e.g. banks, shops whom the user has a loyalty card with).

Preferably the method for storing personal information on the portable consumer electronic device with 1 ) symmetric encryption or/and 2) asymmetric encryption is used for ease of data entry and counter checking purposes (e.g. filling in of forms by transmitting the data to the PC or filling in of lottery coupons to purchase the tickets and later to check the numbers bought with the winning numbers). Preferably the portable consumer electronic device uses the method to store information encrypted with either symmetric and/or asymmetric keys pertaining to the user (e.g. address, medical records, dental records, drug allergies).

Preferably the portable consumer electronic device uses the method for encrypting data with symmetric and/or asymmetric key to protect the privacy of data on the portable consumer electronic device. An option may be included to allow the data to self destruct upon keying in a wrong decryption code.

A further object is for a method to use the mobile phone and/or PDA as a password management device for use with another device (e.g. PC) where i) The user name and/or password can be transmitted to the other device either in clear text form or in encrypted format or ii) The user name and/or password will be sent to a server (e.g. web based email) and the session token (such as a cookie) returned from the said server will be transmitted to the PC for use.

Another object is for the method to store personal details encrypted with asymmetric data of the owner on a server and allowing authorised personnel to access the data so that if the system is hacked, hackers will not be able to decrypt the person's information stored on the server and it will provide the convenience of allowing friends of the user to be able to have the latest personal details of the user. Example usage: Jack encrypts his mobile phone, address and email address with the public keys of Sally and Jane respectively on the web.

1 ) Sally and Jane's mobile phone will update Jack's mobile phone number from the web at regular intervals or as and when is required. This way, whenever Jack changes his telephone number, Sally and Jane's mobile phone data will be updated accordingly. If Jack decides to deny Sally from knowing his new mobile phone number, he simply encrypts his new mobile phone number on the web with Jane's public key. This way, only Jane will have the new number and Sally doesn't.

2) Jack changes his email address and updates the information on the web and encrypts it with Sally and Jane's public key. On Sally's and Jane's PC, this information will be downloaded and the changes made to the address book accordingly.

3) Jack shifts house and updates the information on the web and encrypts it with Sally and Jane's public key. If Sally or Jane wants to pay Jack a visit, they can check the web or use their PC to retrieve the latest information and check where Jack is staying. If Jack doesn't wish to let any of them know of his new address, he can just simply update the data encrypting it with other people's public key except Jane and Sally's.

Another object is a method for allowing identity providers to store tokens on portable consumer electronics. This token can then be forwarded to a third party who had initially requested for identity verification. Example usage

1 ) ABC Brewery sends identity verification token to verify that the owner is above the legal age limit to purchase liquor to the owner's mobile phone. The owner forwards the request to an identity provider (e.g. Immigration and Checkpoint Authority, ICA) to verify. The ICA acknowledges the identity and age of the owner and processes the token. It then digitally signs the token and sends it back to the owner's mobile phone. The owner then forwards the digitally signed token to ABC Brewery. ABC Brewery will then check to see if the token is authentic. If it is authentic, the owner is allowed to purchase liquor.

A further object is a method to update the phone number of a contact in the address book seamlessly either through accessing the web to retrieve the updated data or by changing the contact details stored in the mobile phone and/or PDA. Example usage : i) Jack calls John by selecting "John" in the address book ii) The mobile phone gets a message saying that the number dialled is no longer available iii) The mobile phone will then automatically check the web to search for

John's new number and dial that new number instead.

A further object is a method for using a portable consumer electronic device with asymmetric and/or symmetric key as a means to encrypt and decrypt data on the PC with hard disk at either bootup stage or sections of the hard disk.

Example usage : i) User powers up his PC and places the mobile phone next to the PC ii) At the bootup, a program will decrypt the rest of the hard disk with the key obtained from the mobile phone iii) Upon successful decryption, the Windows operating system and all other parts of the hard disk will be accessible to the user, therefore, Windows will be able to start up and proceed. Still another object is a method for using portable consumer electronic devices as a means for activating software applications to prevent piracy and/or as a licensing device.

Example usage : i) Before a software can run, it will check for credentials of the user through the mobile phone ii) After obtaining the credentials of the users, it will then determine whether the set of credentials is allowed to execute the program. If it is, the program will execute, otherwise it will inform the user that he does not have the licence to run the program.

Another object is a method for using the consumer electronic device as a means for digital rights management, (e.g. the DVD movie can only be played if the authorised mobile phone is placed near the DVD player). Another example usage : i) User purchases movie from the internet and passes his public key from his mobile phone to the service provider ii) Service provider will encrypt the movie with the user's public key and sends the movie to the user iii) When the user plays the movie on his home entertainment system such as a PC, the PC will check to ensure that the data can be successfully decrypted using the private key of the user's mobile phone iv) The decrypted data is then played.

Another object is a method for using the portable consumer electronic device to function as a storage to keep user preferences and credentials. The data can be encrypted with asymmetric and/or symmetric keys. An example would be to store users preference for shop. (e.g. clothes size, shoe size, food dishes). Example usage : i) User visits a restaurant and places the order via his mobile phone ii) On subsequent visits, he can review previously placed orders to determine if he wants to order the exact same dish again.

Still a further object is a method for using a portable consumer electronic device with or without asymmetric key as a means to store the user preferences of a home entertainment systems and home automation systems. Example usage : i) When Sam is listening to music, he places his mobile phone near the music player. It grabs Sam's preferences such as the equaliser settings, volume control and automatically adjust the sound system to it ii) Sam can also store the massage sequence on his mobile phone such that when he sits on the massage chair, the chair activates the massage sequence.

Another object is a method for using the portable electronic consumer device to locate friends in the vicinity either by using direct wireless means (e.g. Bluetooth, WiFi) or via a gateway (e.g. wireless internet connection). Example usage i) Jack and Sam are in the same building ii) Their mobile phones are turned on to scan for friends in the vicinity using the building WiFi access iii) Through the IP address provided, their respective mobile phone knows that they are both in the same building and trigger an alert to both of them informing them that they are in the same building.

Another object is a method for using portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth, WiFi) as a walkie talkie or for conference calls.

Example usage : i) Jack decides to place a phone call to Sam ii) The mobile phone detects that both Jack and Sam are in a wireless environment and automatically uses the WiFi connection to establish the phone session thereby saving phone charges.

A further object is a method for using asymmetric key to identify individual users in using the method using the portable consumer electronic device to function as a storage to keep user preferences and credentials wherein the keys can also be used to allow for secure mobile phone communication by using the portable consumer electronic device to function as a storage to keep user preferences and credentials.

Another object is a method for using a Bluetooth earpiece or Bluetooth/WiFi enabled portable consumer electronic device with or without asymmetric key to function in place of a microphone. Another object is for a method to use the portable consumer electronic as a Bluetooth to WiFi converter and vice versa, allowing users who are using a voice chat system in their PC (e.g. MSN) to transfer the data via WiFi to the mobile phone and using the Bluetooth connection of the mobile phone to transfer the data to a Bluetooth earpiece, thereby facilitating the use of a Bluetooth earpiece to be used as an ordinary headphone with a PC.

Another object is a method for using a portable consumer electronic device to download information either in clear text or encrypted with asymmetric and/or symmetric key pertaining to an exhibit in places such as a museum or zoo onto the device.

Preferably the method for using a portable consumer electronic device with or without asymmetric key with a Bluetooth earpiece is used to obtain voice information on an item (e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).

Another object is a method of using a portable consumer electronic device as a travel journal so that when payment is made using the mobile phone or when the tourist visits a place of interest and establishes a connection, these data are stored in the users mobile phone for his own record purposes and pictures taken between sites will be organised accordingly.

Another object is a method for using a portable consumer electronic device with camera and location tracking service (e.g. GPS, mobile phone base station) to capture the image with location coordinates (e.g. GPS coordinate) into in portable consumer electronic device or directly into a web page. The coordinates can be tagged to the image or embedded in the image file. It can also include the date and time embedded in the image or tagged to the image. This can be used to serve as a travel journal, evidence of crime, diary etc. Example usage: i) A person witness a burglary and take out his mobile phone with GPS and camera to take a picture of the crime scene; ii) The coordinates is embedded into the image and the image transferred to the police website; iii) The website will record the date and time the image was received which can then be admitted as evidence in court.

Yet another object is a method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.

Still another object is a method to allow portable consumer electronic devices (eg mobile phone, PDA) to use its direct wireless capabilities as a remote control to control Bluetooth enabled or WiFi consumer electronic devices.

Another object is for a method to use a portable consumer electronic device to store aging data which may be digitally signed or digitally encrypted or in clear text (eg warranty cards, e-tickets, receipts, promotion coupons) and upon the expiry date being reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.

Another object is a method for using the direct wireless capabilities of the portable consumer electronic device to submit digitally signed questions and answers during a forum or speech or lecture or classroom lessons.

Another object is a method for enabling portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth or WiFi) with or without encryption (such as asymmetric and/or symmetric key encryption) to function as means for receiving data such as presentation slides from the speaker in a speech or lecture and which can be used to distribute handouts in a meeting or at a lecture. Example usage : i) When going for a lecture, the user signs his attendance using his mobile phone public key before entering the room ii) When the lecturer decides to disseminate the information, he clicks a button which will encrypt the slides with the public key of the user and transmit it to everyone in the room iii) Only the user will be able to decrypt the slide and the information will be junk to the other people in the room. Another object is a method for printing documents, spreadsheets or presentation slides from mobile phone or PDA with direct wireless capabilities to the printer directly, therefore I allowing users to print a Word document directly to a printer.

Another object is a method for displaying documents, spreadsheets or presentation slides from a mobile phone or PDA with direct wireless capabilities directly to a projector so that with this means, the user does not need to carry a notebook when conducting presentation.

Another object is a method for using the portable consumer electronic device with asymmetric encryption as a chequebook.

Example usage : i) ' Bank issues digitally signed chequebook to the user and the user stores it in their mobile phone ii) When the user wishes to pay another party in the form of a cheque, he transmit the digitally signed (from the bank) cheque book and digitally signs it himself. iii) He then transmit this data to the other party who will forward it to his bank to honour the cheque. In this way, the pay does not need to know the payee's bank account number which is the case in internet banking.

A further object is a method for using the direct wireless capabilities of the portable consumer electronic device (e.g. mobile phone, PDA) with or without asymmetric keys as a means of voting for AGM where the individual members will cast their vote and digitally sign it for auditing purposes. Example usage in an AGM i) Members register their public key at the reception and obtain the public key of the returning officer ii) When it is time to cast their votes, they can key in their votes which will be encrypted with the public key of the returning officer and then digitally signed by them iii) This data will be stored for auditing purposes and the vote will be kept secret because no one can decrypt the returning officers data iv) This same data will be decrypted in memory to obtain the vote and add it to the counter.

This will ensure that the vote remains secret and yet can be subjected to auditing. Another object is a method for using a portable consumer electronic device with direct wireless access capabilities (e.g. Bluetooth) to identify the location of a person. Example usage : i) Child turns on the Bluetooth feature in mobile phone in a shopping centre ii) His movement is captured at every intersection thereby providing his parents his whereabouts on their mobile phone.

Another object is a method for writing the asymmetric and/or symmetric key data onto the RFID chip on the phone as and when is required for the purpose of authentication.

Preferably the method for using the mobile phone with data encrypted using symmetric and/or asymmetric keys can be used as a means for operating machinery (e.g. starting cars, playing arcade games machine).

A further object is for the device to generate the asymmetric keys using biometric information of a person to have the option of keeping a copy of the keys generated and then using the keys when required, or generating the keys on the fly as and when it is required and where the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS).

Preferably the direct wireless communication devices (e.g. Bluetooth, InfraRed, WiFi, NFC) locks with asymmetric and/or symmetric encryption capabilities for use with the devices for generation of the asymmetric keys.

Preferably the direct wireless communication device can convert WiFi signals to infra red for use as a remote control thereby enabling the portable consumer electronic devices with WiFi capabilities to be used as a remote control.

Preferably the direct wireless communication device allows for card authentication (e.g. credit card, loyalty card, ATM cards) using the methods of generating asymmetric keys stored in secondary storage devices such as portable consumer electronic devices through direct wired and wireless means which will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity using the portable consumer electronic device and the public key from the portable electronic devices can be stored on the card itself, thereby if it can be unlocked with the private key on such portable storage devices, the transaction is deemed authentic.

Preferably the direct communication device enables existing projects to receive data (such as a Power point presentation) from a portable consumer electronic device to display directly onto the projector without the need for a notebook or PC.

A further object is for a device to convert data from Bluetooth to WiFi . This can be used in conjunction with portable consumer devices with direct wireless capabilities or as a remote control device to control Bluetooth enabled or WiFi consumer electronic devices and as a replacement for microphone.

A further object is a massage chair which has the capabilities to identify the person through the portable electronic consumer device with or without asymmetric key as a means to store the user preferences of the person.

Preferably the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document using the data owner's private key (i.e. digital signing) and the information stored in a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.

Preferably, the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document has this process of authentication of the secured document :-

a. Public key of the data owner involved is obtained. b. Data on the secured document is decrypted.

and if the data could be read, the secured document is authenticated.

Preferably the authentication system for storage and retrieval of encrypted data for generation of a public and private key for authenticating stored data encrypted on secured documents uses asymmetric cryptography whereby the stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts, credit cards and other commercially important documents, the stored data being personal and business information of a data owner and meant to be disclosed only to users of the data authorised with a public key issued by the data owner.

Preferably the secured document issued by an agency using the authentication system for storage and retrieval of encrypted data uses a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by

obtaining the inputs for the RSA algorithm from a biometric source; storing of data encrypted using asymmetric cryptography on an RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography;

the authentication of the encrypted data being carried out through verification means using both the public key and private key.

Preferably the secured document obtained from the authentication system is verified according to these steps:-

The verification agency decrypts the encrypted data on the RFID chip with the document holder's public key and obtains a validation message such as "This document is valid" but gets an incoherent message when the encrypted data is decrypted with the verification agency's public key, indicating the document was not genuine.

The verification agency decrypts the encrypted data on the RFID chip with the verification agency's public key and obtains a validation message such as "This document is valid", but also obtains a validation message when the encrypted data is decrypted using the document holder's public key. This would mean that the secured document is genuine.

Preferably the secured document for recording, storage and retrieval of encrypted data using the authentication system using a public key and a private key, both the public key and private key are generated by a RSA algorithm, the secured document obtained by the following steps:-

obtaining the inputs for the RSA algorithm from a biometric source;

recording and storing of data encrypted using asymmetric cryptography on an RFID chip; and

authenticating the stored data encrypted on documents using asymmetric cryptography;

the authentication of the encrypted data being carried out through verification means using both the public key and private key.

Preferably, the secured document for recording, storage and retrieval of encrypted data obtained using a public key and a private key, wherein both the public key and private key are generated by a RSA algorithm, the encrypted data includes data such as " date, time, location and other pertinent information relating to authentication of the document " which is then stored in a RFID chip and affixed to the important document.

BRIEF DESCRIPTION OF DRAWINGS

Fig. 1 is a flow chart of the first part of the invention which provides for generation of the random numbers obtained by using biometric means.

Fig. 2 is a flowchart of the storing of data encrypted using asymmetric cryptography on an RFID chip.

Fig. 3 is a flowchart is the authentication of the stored data encrypted on documents containing said RFID chip using asymmetric cryptography.

DESCRIPTION OF MAIN EMBODIMENT

The invention relies on the use of two keys, one public and one private , both of which are generated by asymmetric algorithm. Asymmetric algorithm has advantages in that firstly, no key agreement is required in advance, since the only key that needs to be shared with the other party is a public key that can be safely shared with everyone. Secondly, whereas the security of a symmetric algorithm depends on two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly much less problematic. Thirdly, the issue of trusting the other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others.

The steps for generation of the key pairs using the RSA Algorithm (as taught in US Patent Number 4,200,770 and United States Patent No. 4,405,829) is first described.

Randomly select two prime numbers p and q. For the algebra to work properly, these two prime numbers must not be equal. To make the cipher strong, these prime numbers should be large, and they should be in the form of arbitrary precision integers with a size of at least 1024 bits.11.

Calculate the product: n = p q.

Calculate the Euler totient12 for these two primes, which is represented by the Greek letter φ. This is easily computed with the formula φ = (p - 1 ) (q - 1 ).

1. Now that we have the values n and φ, the values p and q will no longer be useful to us. However, we must ensure that nobody else will ever be able to discover these values. Destroy them, leaving no trace behind so that they cannot be used against us in the future. Otherwise, it will be very easy for an attacker to reconstruct our key pair and decipher our ciphertext.

2. Randomly select a number e (the letter e is used because we will use this value during encryption) that is greater than 1 , less than φ, and relatively prime to φ. Two numbers are said to be relatively prime if they have no prime factors in common. Note that e does not necessarily have to be prime. The value of e is used along with the value n to represent the public key used for encryption.

3. Calculate the unique value d (to be used during decryption) that satisfies the requirement that, if d e is divided by φ, then the remainder of the division is 1. The mathematical notation for this is d e = 1(mod φ). In mathematical jargon, we say that d is the multiplicative inverse of e modulo φ. The value of d is to be kept secret. If you know the value of φ, the value of d can be easily obtained from e using a technique known as the Euclidean algorithm. If you know n (which is public), but not p or q (which have been destroyed), then the value of φ is very hard to determine. The secret value of d together with the value n represents the private key.

Once the public/private key pair is generated, we can encrypt a message (or even confidential personal and business data) with the public key with the following steps.

1. Take a positive integer m to represent a piece of plaintext message. In order for the algebra to work properly, the value of m must be less than the modulus n, which was originally computed as p q. Long messages must therefore be broken into small enough pieces that each piece can be uniquely represented by an integer of this bit size, and each piece is then individually encrypted.

2. Calculate the ciphertext c using the public key containing e and n. This is calculated using the equation c = me (mod n).

Finally, we can perform the decryption procedure with the private key using the following steps.

1. Calculate the original plaintext message from the ciphertext using the private key containing d and n. This is calculated using the equation m = cd (mod n).

2. Compare this value of m with the original m, and you should see that they are equal, since decryption is the inverse operation to encryption.

Referring to the flowchart displayed at Fig. 1 , the invention provides another method for generating the random numbers by using biometric means. An image of the biometric information is first obtained. The biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The image(s) obtained from the biometric means, will give the value for 'p', 'q' and possibly 'e'.

The process is as follows 1 ) An image of the biometric information is obtained. The image can be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.

2) Some computer processing may be required to align the image captured.

3) This image is then saved as an image file (e.g. JPEG, Bitmap, GIF or any image file in use under current convention). The image can be saved into memory or a secondary storage.

4) The data of the image which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself.

5) The random numbers generated are then put through an algorithm to test for primality testing. Examples of such algorithms are Lucas-Lehmer, Miller-Rabin test etc.

6) The random numbers generated by using the seed number or the random number itself will be fed as the input to the RSA Algorithm to generate the key pairs.

Referring to Fig. 2, the next step is storing of data encrypted using asymmetric cryptography on a RFID chip.

The process is as follows

1 ) If the key pairs have not been generated, generate the key pair. The algorithm can be either the RSA or any other algorithm.

2) If there is encrypted data on the RFID chip, retrieve the encrypted data on the RFID chip into a device for authentication (e.g. upload to a computer or download to a PDA) using the appropriate reader.

3) Encrypt the data using either the private key (for digital signing) or another party/parties public key or both. The data can be encrypted by using programs which are publicly available (e.g. electronics communication encryption program, Pretty Good Privacy (PGP), available from www.pgp.com).

4) Write the encrypted data back onto the RFID chip for storage.

For retrieval of the stored data, the process is as follows:

1 ) Encrypted Data is retrieved from the RFID chip.

2) Encrypted Data is decrypted using the private key.

3) If the data decrypted is "garbage", it implies that either the information is digitally signed or it was not intended for the recipient.

4) Retrieve the public key of the authorised user of encrypted data. 5) Data is decrypted using the public key of the authorised user of encrypted data.

6) Decrypted data can be stored in memory, secondary storage or written back to the RFID chip.

Referring to Fig. 3, the third step of the invention is authenticating the stored data encrypted on documents using asymmetric cryptography. The stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts etc. The stored data could be data relating to the data owner's personal and business information, which is vital to the data owner and meant to be disclosed only to authorised users of the data allowed by the data owner.

The process from the data owner's perspective is as follows.

1 ) The data owner e.g. a government agency or a company creates their key pairs using asymmetric algorithms (e.g. RSA) through publicly available programs (e.g. PGP).

2) The data is encrypted using the data owner's private key (i.e. digital signing).

3) The information is stored into the identification document, either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag.

The process from the party who is conducting verification is as follows.

1 ) Public key of the data owner e.g. government agency or company involved is obtained.

2) Data on the identification document is decrypted.

If the data could be read, the document is authentic.

From the above, it can be seen that the invention can be used to authenticate important documents such as those used for identification. There are two ways of doing this. The first way can be done in the following steps.

1 ) Calculate the checksum of the documents. This could be done in either: -

i. Calculating the checksum of the scanned image of the document or ii. Calculating the checksum of all the letters in the documents. 2) Writing the checksum obtained into the RFID chip embedded in the document. The data on this RFID chip can only be written once.

When the need arises, the authenticity of the document is verified as follows.

1 ) The checksum of the document is obtained.

2) Verify the checksum obtained with the checksum stored on the RFID chip.

The second way of doing this is as follows.

1 ) Calculate the checksum of the documents.

2) Using the method described in Step 1 (Generation of random numbers using biometric means), we can digitally sign the checksum using the private key of all the parties involved, including the lawyer. The public key can be stored in a repository in a website on the Internet.

3) The digitally signed checksum (or encrypted checksum) is then written onto a normal RFID chip embedded in the document.

When the need arises, the authenticity of the document is verified as follows

1 ) Obtain the checksum of the document.

2) Obtain the public key of all the parties from the repository.

3) Decrypt the checksum stored in the RFID chip with the public key of all parties individually.

4) If the individual checksums tally with the checksum obtained in Step 3, we can safely assumed that they are definitely from the parties involved in Step 2.

It should be noted the data which has been encrypted using the public key can only be decrypted by the private key and vice versa.

Another illustration of another working of the invention is now given. The keys are reproduced every time the biometrics is obtained. The biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The same set of random numbers should theoretically be obtained and the same set of prime numbers will also be obtained.

The initial prototype will involve a fingerprint reader to obtain the public and private keys. The public key will then be stored in a repository for the world to use. Using the example of passports, what may happen is that data or a message such as "This passport is valid" will be encrypted using the passport holder's private key and the government body's (ICA) private key.

When the passport holder visits another country, e.g. USA, the immigration authorities at USA will then obtain public key of the passport holder and the ICA from the repository and decrypt the data. There are three possible scenarios in this instance:-

1 ) The immigration authority decrypts the encrypted data on the RFID chip with the passport holder's public key and sees the phrase "This passport is valid" but gets garbage when he decrypts the data with the government body's public key. This would mean that the passport wasn't issued by the legitimate government body.

2) The immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid", but gets garbage when he decrypts the data using the passport holder's public key. This would mean that the passport doesn't belong to the holder.

3) The immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid" and also gets the same word when he decrypts using the passport holder's public key. This means that the passport is legitimate.

A further working of the invention is now given in the example of wills and important commercial documents. The keys are reproduced every time the fingerprint is obtained. The same set of random numbers should theoretically be obtained and the same set of prime numbers will also be obtained.

A fingerprint reader is used to obtain the public and private keys. The public key will then be kept by an authorised party for the world to use.

In the case of an important document, data such as " date, time, location and other pertinent information relating to authentication of the document " is encrypted using the holder's private key and the authorised party's private key. The data encrypted would be stored in a RFID chip and affixed to the important document. When the holder presents the important document to an authorised party, the authorised party checks on the important document and obtain public key of the document holder. The authorised party then decrypt the data using their public key. There are three possible scenarios in this instance:-

1 ) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and sees the authentication data " data, time, location and other pertinent information relating to the authentication of the document " but gets garbage when he decrypts the data with the authorised party's public key. This would mean that the document wasn't issued by the legitimate holder.

2) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and gets the pertinent information but gets garbage when he decrypts the data using the document holder's public key. This would mean that the document doesn't belong to the holder.

3) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and gets all the pertinent information and also gets the same pertinent information when he decrypts using the document holder's public key. This means that the document is genuine.

There are many methods of generating asymmetric keys and many applications for its uses can be envisaged.

Disclosed herein are methods for generating asymmetric keys:-

- Generation of the asymmetric keys on the fly

- Using the data on the RFID chip as a seed (to strengthen the case for prior filing date)

- Using biometric information to unlock keys stored in the keyfile. The keys could be encrypted using symmetric or asymmetric keys

- Using the portable mobile device to decrypt encrypted data on the RFID chip (to strength the case for prior filing date). The invention also envisage the asymmetric keys generated by the methods of the invention on secondary storage devices such as the portable consumer electronic device (eg mobile phone, PDAs, Blackberry) be further used as:-

« A two factor authentication device;

« A means to get encrypted information from the server, decrypt it and pass it to a PC

« A digital signing device

« Fingerprint verification to send from phone to payment centre ■* Using asymmetric data

* As credit card/cash payment (Claims 19). Current method uses an RFID chip add on to the phone. What we are trying to do is to use the memory area on the phone

* as an authentication device

* as an identification device

« as an external storage drive on Mobile phone and PDA only

« Storing of Windows/Linux/Apple desktop setting on the mobile phone

< An antivirus scanner/ firewall (Claims 25). Maybe we can include this in the other filing

Other Applications envisaged by the methods claimed in this invention includes:-

> SecurlD token

> Token for identity providers

> Broadcasting change of keys to all parties involved

> Personal information storage device

> Password storage

> Auto update of people's personal details

> Identity token which can be used to verify a person

> Updating phone records/personal particulars of friends from web to phone

> Encryption of data at bootup stage

> Licensing device/Software activation to combat software piracy

> Digital Rights Management

> Storing user preference/credentials

Shops etc

Home entertainment system

> Using the mobile phone to scan for friends in the vicinity > As a walkie talkie

> Bluetooth earpiece as a microphone

> WiFi to Bluetooth and vice versa converter

> Download of information from an exhibit or place to a mobile phone

> Tourism journal

> Bluetooth/WiFi remote control

> Aging data

> Submission of question and answers

> Receiving data from a speech

> Printing documents, spreadsheets to a printer directly

> Displaying the presentation slides to a project directly

> Electronic cheque

> Means of voting

> Location finder

> Writing the encrypted data onto the RFID chip on the mobile phone for verification (which has been discussed at some length herein).

> Using the mobile phone device to operate machineries

Gadgets incorporating the devices of the invention include:- o Device to generate asymmetric keys on the fly o Lock with direct wireless capabilities o WiFi to Infrared device for remote control o Credit card/ATM authentication for digital signing from mobile phone o Device to enable direct transmission from phone to projector o Device to convert Bluetooth to WiFi converter o Massage chair with capabilities to recognise the user

The description of the system, procedures and workings of the system and method of authentication has been given for purpose of illustration herein. The embodiments are merely preferred examples and not to be construed as limiting the scope of the present invention. It is therefore envisaged similar devices, processes and similar authentication systems could be used for many purposes where authentication or verification of a person's identity is necessary before certain transaction could be entered e.g. approval of financial transactions, authorization of entry into certain restricted areas, with or without modifications for the invention to work in such environments. Having described preferred embodiments of the invention with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes and modifications may be effected therein by one skilled in the art without departing from the scope or spirit of the invention as defined in the claims.

ADVANTAGEOUS EFFECTS OF THE INVENTION

It is essential in authenticate a person's identity and merely possession of a document purportedly to belong to the person is sometimes not sufficient. The invention makes use of biometrics of a person which is unique to the person for generation of an algorithm to output a private key and public key, storing encrypted data and the keys in a RFID chip, for authentication purpose.

Another advantage is that compared to existing biometrics means, the template of the fingerprint etc is stored in a server, hence if the server is compromised, all the templates of the fingerprints stored will be at risk of being stolen and used. In this invention, even if the server is compromised, the public keys stored in there would be useless to the person who compromised the server.

Many applications of the improved authentication system are proposed and discussed.

Claims

1. An authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a asymmetric algorithm such as the RSA algorithm, characterised by
obtaining the prime numbers required for inputs for the RSA asymmetric algorithm from a biometric source;
storing of data encrypted using asymmetric cryptography on a secondary storage device; and
authenticating and retrieving of the encrypted data stored in said secondary storage devices using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
2. The verification means of an authentication system as claimed in Claim 1 , wherein the verification means is a validation message or a rejection message.
3. The inputs for the RSA algorithm obtained from a biometric source as claimed in Claim 1 , wherein the biometric source could be an image of the biometric image.
4. The biometric image used for an authentication system for storage and retrieval of encrypted data as claimed in Claim 1 , wherein the biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
5. The biometric image used for an authentication system as claimed in Claim 3, wherein the image of the fingerprint, the iris scan, face, vein or any part of the body is processed by a computer, and saved into memory and then such data which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself, the random numbers generated are then put through an algorithm to test for primality testing and thereafter, the prime numbers generated after the primality testing will be fed as the input to the RSA algorithm to generate the key pairs.
6 . Method for generating asymmetric keys (e.g. RSA) by using the methods mentioned below as the seed for the pseudo random number required for primality testing :- i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number etc) iii) using the data on the RFID chip iv) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) v) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
7. Method for generating asymmetric keys (e.g. RSA) by combining two or more of the below mentioned means as the seed for the pseudo random number for primality testing i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction; with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
8. Method for generating asymmetric keys (e.g. RSA) by using one or more of the methods specified below as the seed for the pseudo random number and then using one or more of the methods specified below to iterate and find a new random number for primality testing or to find new prime numbers by iterating the primality test using one or more of the methods specified below i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
9. Method for using biometric information (e.g. fingerprint recognition, facial recognition, voice recognition) to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC.
Example: i) User and bank has previously exchanged the encryption keys (either symmetric or asymmetric) ii) Bank encrypts the token with the encryption key and sends it to the mobile phone either directly through GPRS or through a PC iii) User scans his finger on the fingerprint scanner on the mobile phone.
The mobile phone will match the fingerprint from the database on the mobile phone iv) Upon successful identification, it will decrypt the key from the file v) Using the key it obtained, the mobile phone will then decrypt the token to extract the message vi) The message is then transferred to the PC which will in turn send it back to the bank for verification.
10. Method for using the portable consumer electronic device with storage capability (e.g. mobile phone, PDA, iPod, BlackBerry) to decrypt a RFID chip with data encrypted either using symmetric or asymmetric encryption or both.
11. Method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod, BlackBerry) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method generated from Claims 6 - 8 and storing the keys on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication ) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
12. Method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method generated from Claims 6 - 8 on the fly as and when needed. The keys generated are not stored permanently on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB), thereby minimising the risk exposed to the user if the device is stolen or lost as the person who stole it would need to know how to get the seed to generate the asymmetric key.
13. Method for using portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) as a multi-factor authentication device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (eg GPRS, 3G, SMS) or direct wired (e.g. USB).
14. Method for using portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) specified in Claims 9-10 as a multi-factor authentication device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi1 Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
15 Method for using a secondary storage device in a portable consumer electronic device (e.q. mobile phone, PDAs, iPod) to perform as a two or more factor authentication device using symmetric and/or asymmetric keys. The mode o transmission for the exchange of the data can be direct wireless communication (e.g Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS) or direct wired (e.g USB).
16, Method for using portable consumer electronic devices (e.g. mobile phone PDA) as a means for transferring encrypted data (either asymmetric or symmetric) frorr a server to the portable consumer electronic device for decryption and then transfer the data to another system such as a PC. The mode of transmission for the exchange o the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Neai Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g USB).
The encrypted data can be send in any of the ways mention below i) Transfer an encrypted session token from the server to the portable consumer electronic device either directly via GPRS, SMS etc or via the primary computing device such as a PC to the portable consumer electronic device. The decrypted session token is then sent back either directly to the server or via the primary computing device. The server will then allow the primary computinc device to access the data. ii) Transfer the encrypted data from the portable consumer electronic device either directly via GPRS etc or via the primary computing device such as a PC to the portable consumer electronic device. The data is decrypted on the portable consumer electronic device and sent to the primary computing device.
Example usage : i) User stores his personal information such as address, medica information, telephone number on the web and encrypt the data ii) When the user visits a clinic for the first time, the user will log in to the server through his mobile phone iii) The data downloaded from the server will be decrypted on the mobile phone and sent to the PC at the clinic iv) The software on the PC will process the details of the user such as the address, the medical information and telephone number accordingly.
17 Method for using the biometric functions built in a portable consumer electronk device as means for authentication/identification in place of an external biometrύ reading machine. For example : Instead of using a fingerprint scanner connected to a payment device, the user can use the fingerprint scanner on his mobile phone or PDA to authenticate his identity to the payment centre. This eliminates the risk of the fingerprint template being stored in the merchant's computer.
18 Method for authenticating and/or signing the message on the devices mentioned above (which is used as the secondary device) where the primary device doesn't have access to the keys using the asymmetric keys generated in Claims 6-10.
19 Method for using the portable consumer electronic device with or without asymmetric keys as a mode of payment and/or as a credit card. The data is stored in the common memory area of the device and encrypted and/or on external commercially available memory storage devices.
20 Method to use portable consumer electronic devices (eg mobile phone, PDA) as secondary storage devices with asymmetric keys stored in them/or asymmetric keys generated on the as a form of authentication device for use such as i) loyalty card ii) access card (e.g. proximity access card for access for offices); iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
In the authentication process, the other party needs to know if the owner of the phone is authorised and does not need to know their identity. The data on the loyalty card etc can be stored on the portable consumer electronic device, on an external server such as the web, or on the merchant's server (as in the case of loyalty cards).
21 Method to use portable consumer electronic devices (e.g. mobile phone, PDA) as secondary storage devices as a form of identification device for use such as h lovaltv card N) access card (e.g. proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
In this identification process, the user identifies himself to the other party using asymmetric/symmetric keys. Therefore, using a portable consumer electronic device can hold multiple identities for a user.
For example : Assuming that the asymmetric keys have been generated and given to the respective parties, the user then proceed login to his intranet by placing his phone near the PC and generates the asymmetric key using Claims (6-8). The PC identities the user and allows him to log in. When the same user logs in to his email service provider, he generates another set of asymmetric key using Claims (6-8). In this way, the mobile phone hold multiple identities of the same person.
22. Method to use the mobile phone, personal digital assistant (PDA) as an external storage device. This will allow the user to save their documents and setting directly into the mobile phone or PDA which is mapped as a local drive on the computer. The data on the mobile phone or PDA can be encrypted and decrypted on the fly thereby functioning as an encrypted external hard disk.
23. Method to store the user settings and user personal folder (such as C:\Documents and Settings\kschua in Windows XP or /usr/home/kschua in Linux) on the mobile phone, personal digital assistant (PDA). This will preserve the settings for the user when he switches between computers. In addition, operating system can be customised to extract the user settings from the mobile phone or PDA upon startup or login.
24. Method to store internet cookies, bookmarks etc with encryption or in plain text on the portable consumer electronic device which the user can use to access websites on another device such as a PC
Example usage : i) A user's bookmarks, cookies and login user name and passwords are stored on the mobile phone ii) When the user access a PC, and launches the Internet browser, the
Internet browser will load the bookmarks from the mobile phone iii) When the user logs in to read his email, the browser will pick up the user name and password from the mobile phone, thereby freeing the user from keying in the user name and password. This will prevent key loggers from stealing the user name and password.
25. Method to use the mobile phone, personal digital assistant (PDA) to scan for virus on the PC and/or to act as a network gateway with firewall. This isolates virus scanning and firewall activities to an external device function and functions as a hardware virus scanner/firewall.
26. Method for using the mobile phone to function as a SecurlD token (by RSA Security).
27. Method for using the mobile phone for generation of a new code at a specific interval (e.g. 60 seconds) to be combined for use with the PIN number/password at the primary computing device for multi factor authentication purposes. The resultant pin/password will be a one-time-use code that is used to positively identify or authenticate the user. The server at the other end will be synchronised such that the new code generated by the mobile phone will be the same.
Example usage
1 ) Upon logging in to an internet banking website, the mobile phone displays aaaaaa. The user's pin number is 222222. Therefore, when prompted to enter the password, the user enters aaaaa222222. The internet banking server need to be synchronised with the mobile phone such that at the specific time, it knows that the mobile phone has generated aaaaaa.
28 Method for storing the asymmetric data and any important data on the web and to broadcast change of keys and/or consumer electronic device to all parties involved, (e.g. banks, shops whom the user has a loyalty card with).
29 Method for storing personal information on the portable consumer electronic device with 1 ) symmetric encryption or/and 2) asymmetric encryption for the purpose of ease of data entry and counter checking purposes (e.g. filling in of forms by transmitting the data to the PC or filling in of lottery coupons to purchase the tickets and later to check the numbers bought with the winning numbers).
30 Method for using portable consumer electronic device to store information encrypted with either symmetric and/or asymmetric keys pertaining to the user (e.g. address, medical records, dental records, drug allergies).
31 Method for encrypting data on the portable consumer electronic device with symmetric and/or asymmetric key to protect the privacy of data on the portable consumer electronic device. An option may be included to allow the data to self destruct upon keying in a wrong decryption code.
32 Method for using the mobile phone and/or PDA as a password management device for use with another device (e.g. PC) where i) The user name and/or password can be transmitted to the other device either in clear text form or in encrypted format or ii) The user name and/or password will be sent to a server (e.g. web based email) and the session token (such as a cookie) returned from the said server will be transmitted to the PC for use.
33 Method for storing personal details encrypted with asymmetric data of the owner on a server and allowing authorised personnel to access the data. This will ensure that even if the system is hacked, hackers will not be able to decrypt the person's information stored on the server and it will provide the convenience of allowing friends of the user to be able to have the latest personal details of the user. Example usage : Jack encrypts his mobile phone, address and email address with the public keys of Sally and Jane respectively on the web.
1 ) Sally and Jane's mobile phone will update Jack's mobile phone number from the web at regular intervals or as and when is required. This way, whenever Jack changes his telephone number, Sally and Jane's mobile phone data will be updated accordingly. If Jack decides to deny Sally from knowing his new mobile phone number, he simply encrypts his new mobile phone number on the web with Jane's public key. This way, only Jane will have the new number and Sally doesn't 2) Jack changes his email address and updates the information on the web and encrypts it with Sally and Jane's public key. On Sally's and Jane's PC1 this information will be downloaded and the changes made to the address book accordingly.
3) Jack shifts house and updates the information on the web and encrypts it with Sally and Jane's public key. If Sally or Jane wants to pay Jack a visit, they can check the web or use their PC to retrieve the latest information and check where Jack is staying. If Jack doesn't wish to let any of them know of his new address, he can just simply update the data encrypting it with other people's public key except Jane and Sally's.
34. Method for allowing identity providers to store tokens on portable consumer electronics. This token can then be forwarded to a third party who had initially requested for identity verification. Example usage
1 ) ABC Brewery sends identity verification token to verify that the owner is above the legal age limit to purchase liquor to the owner's mobile phone. The owner forwards the request to an identity provider (eg Immigration and Checkpoint Authority, ICA) to verify. The ICA acknowledges the identity and age of the owner and processes the token. It then digitally signs the token and sends it back to the owner's mobile phone. The owner then forwards the digitally signed token to ABC Brewery. ABC Brewery will then check to see if the token is authentic. If it is authentic, the owner is allowed to purchase liquor.
35 Method of updating the phone number of a contact in the address book seamlessly either through accessing the web to retrieve the updated data or by changing the contact details stored in the mobile phone and/or PDA.
Example usage : i) Jack calls John by selecting "John" in the address book. ii) The mobile phone gets a message saying that the number dialled is no longer available. iii) The mobile phone will then automatically check the web to search for
John's new number and dial that new number instead.
36 Method for using a portable consumer electronic device with asymmetric and/or symmetric key as a means to encrypt and decrypt data on the PC with hard disk at either bootup stage or sections of the hard disk.
Example usage : i) User powers up his PC and places the mobile phone next to the PC. ii) At the bootup, a program will decrypt the rest of the hard disk with the key obtained from the mobile phone. iii) Upon successful decryption, the Windows operating system and all other parts of the hard disk will be accessible to the user, therefore, Windows will be able to start up and proceed.
37. Method for using portable consumer electronic devices as a means for activating software applications to prevent piracy and/or as a licensing device. Example usage : i) Before a software can run, it will check for credentials of the user through the mobile phone. ii) After obtaining the credentials of the users, it will then determine whether the set of credentials is allowed to execute the program. If it is, the program will execute, otherwise it will inform the user that he does not have the licence to run the program.
38 Method for using the consumer electronic device as a means for digital rights management, (e.g. the DVD movie can only be played if the authorised mobile phone is placed near the DVD player).
Another example usage : i) User purchases movie from the internet and passes his public key from his mobile phone to the service provider. ii) Service provider will encrypt the movie with the user's public key and sends the movie to the user. iii) When the user plays the movie on his home entertainment system such as a PC, the PC will check to ensure that the data can be successfully decrypted using the private key of the user's mobile phone. iv) The decrypted data is then played.
39 Method for using the portable consumer electronic device to function as a storage to keep user preferences and credentials. The data can be encrypted with asymmetric and/or symmetric keys. An example would be to store users preference for shop. (e.g. clothes size, shoe size, food dishes).
Example usage : i) User visits a restaurant and places the order via his mobile phone. ii) On subsequent visits, he can review previously placed orders to determine if he wants to order the exact same dish again.
40 Method for using a portable consumer electronic device with or without asymmetric key as a means to store the user preferences of a home entertainment systems and home automation systems.
Example usage : i) When Sam is listening to music, he places his mobile phone near the music player. It grabs Sam's preferences such as the equaliser settings, volume control and automatically adjust the sound system to it. ii) Sam can also store the massage sequence on his mobile phone such that when he sits on the massage chair, the chair activates the massage sequence.
41 Method for using the portable electronic consumer device to locate friends in the vicinity either by using direct wireless means (e.g. Bluetooth, WiFi) or via a gateway (e.g. wireless internet connection).
Example usage i) Jack and Sam are in the same building. ii) Their mobile phones are turned on to scan for friends in the vicinity using the building WiFi access. iii) Through the IP address provided, their respective mobile phone knows that they are both in the same building and trigger an alert to both of them informing them that they are in the same building.
42 Method for using portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth, WiFi) as a walkie talkie or for conference calls.
Example usage : i) Jack decides to place a phone call to Sam. ii) The mobile phone detects that both Jack and Sam are in a wireless environment and automatically uses the WiFi connection to establish the phone session thereby saving phone charges.
43 Method for using asymmetric key to identify individual users in using the method specified in Claim 39. The keys can also be used to allow for secure mobile phone communication using the method specified in Claim 39.
44 Method for using a Bluetooth earpiece or Bluetooth/WiFi enabled portable consumer electronic device with or without asymmetric key to function in place of a microphone.
45. Method for using the portable consumer electronic as a Bluetooth to WiFi converter and vice versa. This will allow for users who are using a voice chat system in their PC (e.g. MSN) to transfer the data via WiFi to the mobile phone and using the Bluetooth connection of the mobile phone to transfer the data to a Bluetooth earpiece, thereby facilitating the use of a Bluetooth earpiece to be used as an ordinary headphone with a PC.
46 Method for using a portable consumer electronic device to download information either in clear text or encrypted with asymmetric and/or symmetric key pertaining to an exhibit in places such as a museum or zoo onto the device.
47 Method for using a portable consumer electronic device with or without asymmetric key with a Bluetooth earpiece as a means to obtain voice information on an item (e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).
48 Method of using a portable consumer electronic device as a travel journal. When payment is made using the mobile phone or when the tourist visits a place of interest and establishes a connection, these data are stored in the users mobile phone for his own record purposes. Pictures taken between sites will be organised accordingly.
49. Method for using a portable consumer electronic device with camera and location tracking service (e.g. GPS, mobile phone base station) to capture the image with location coordinates (e.g. GPS coordinate) into in portable consumer electronic device or directly into a web page. The coordinates can be tagged to the image or embedded in the image file. It can also include the date and time embedded in the image or tagged to the image. This can be used to serve as a travel journal, evidence of crime, diary etc. Example usage: i) A person witness a burglary and take out his mobile phone with GPS and camera to take a picture of the crime scene; ii) The coordinates is embedded into the image and the image transferred to the police website; iii) The website will record the date and time the image was received which can then be admitted as evidence in court.
50. Method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
51. Method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
52. Method to allow portable consumer electronic devices (e.g. mobile phone, PDA) to use its direct wireless capabilities as a remote control to control Bluetooth enabled or WiFi consumer electronic devices.
53. Method for using portable consumer electronic device to store aging data which may be digitally signed or digitally encrypted or in clear text (e.g. warranty cards, e- tickets, receipts, promotion coupons). When the expiry date is reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.
54. Method for using the direct wireless capabilities of the portable consumer electronic device to submit digitally signed questions and answers during a forum or speech or lecture or classroom lessons.
55. Method for enabling portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth or WiFi) with or without encryption (such as asymmetric and/or symmetric key encryption) to function as means for receiving data such as presentation slides from the speaker in a speech or lecture. This can also be used to distribute handouts in a meeting or at a lecture.
Example usage : i) When going for a lecture, the user signs his attendance using his mobile phone public key before entering the room; ii) When the lecturer decides to disseminate the information, he clicks a button which will encrypt the slides with the public key of the user and transmit it to everyone in the room; iii) Only the user will be able to decrypt the slide and the information will be junk to the other people in the room.
56. Method for printing documents, spreadsheets or presentation slides from mobile phone or PDA with direct wireless capabilities to the printer directly. This will allow users to print a Word document directly to a printer.
57. Method for displaying documents, spreadsheets or presentation slides from a mobile phone or PDA with direct wireless capabilities directly to a projector. With this means, the user does not need to carry a notebook when conducting presentation.
58. Method for using the portable consumer electronic device with asymmetric encryption as a chequebook.
Example usage : i) Bank issues digitally signed chequebook to the user and the user stores it in their mobile phone; ii) When the user wishes to pay another party in the form of a cheque, he transmit the digitally signed (from the bank) cheque book and digitally signs it himself; iii) He then transmit this data to the other party who will forward it to his bank to honour the cheque. In this way, the pay does not need to know the payee's bank account number which is the case in internet banking.
59. Method for using the direct wireless capabilities of the portable consumer electronic device (e.g. mobile phone, PDA) with or without asymmetric keys as a means of voting. This can happen in AGM where the individual members will cast their vote and digitally sign it for auditing purposes.
Example usage in an AGM i) Members register their public key at the reception and obtain the public key of the returning officer; ii) When it is time to cast their votes, they can key in their votes which will be encrypted with the public key of the returning officer and then digitally signed by them; iii) This data will be stored for auditing purposes and the vote will be kept secret because no one can decrypt the returning officers data; iv) This same data will be decrypted in memory to obtain the vote and add it to the counter.
This will ensure that the vote remains secret and yet can be subjected to auditing.
60. Method for using a portable consumer electronic device with direct wireless access capabilities (e.g. Bluetooth) to identify the location of a person.
Example usage : i) Child turns on the Bluetooth feature in mobile phone in a shopping centre; ii) His movement is captured at every intersection thereby providing his parents his whereabouts on their mobile phone.
61. Method for writing the asymmetric and/or symmetric key data onto the RFID chip on the phone as and when is required for the purpose of authentication.
62. Method for using the mobile phone with data encrypted using symmetric and/or asymmetric keys as a means for operating machinery (eg starting cars, playing arcade games machine).
63. Device to generate the asymmetric keys using the methods specified in Claim 6 - 9 with the option of keeping a copy of the keys generated and then using the keys when required, or generating the keys on the fly as and when it is required. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G1 SMS).
64. Direct Wireless (e.g. Bluetooth, InfraRed, WiFi, NFC) locks with asymmetric and/or symmetric encryption capabilities for use with the devices mentioned above.
65. Device for converting WiFi signals to infra red for use as a remote control. This will enable portable consumer electronic devices with WiFi capabilities to be used as a remote control.
66. Device to allow for the card authentication (e.g. credit card, loyalty card, ATM cards) using the methods specified above (Claims 20-21 ) through direct wired and wireless means. This will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity using the portable consumer electronic device. The public key from the mobile phone can be stored on the card itself, thereby if it can be unlocked with the private key on the mobile phone, the transaction is deemed authentic.
67. Device to enable existing projects to receive data (such as a Power point presentation) from a portable consumer electronic device to display directly onto the projector without the need for a notebook or PC.
68. Device to convert data from Bluetooth to WiFi. This can be used in conjunction with Claims 42, 49 and as a replacement for Claims 44.
69. Massage chair which has the capabilities to identify the person through the portable electronic consumer device specified in Claims 40.
70. The authentication system as claimed in Claim 1 wherein personal and commercially important data are encrypted into a secured document using the data owner's private key (i.e. digital signing) and the information stored in a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.
71 The authentication system as claimed in Claim 70 wherein the process of verification is as follows.
a. Public key of the data owner involved is obtained; b. Data on the secured document is decrypted.
and if the data could be read, the secured document is authenticated.
72. The authentication system as claimed in Claim 70 for authenticating stored data encrypted on secured documents using asymmetric cryptography whereby the stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts, credit cards and other commercially important documents, the stored data being personal and business information of a data owner and meant to be disclosed only to users of the data authorised with a public key issued by the data owner.
73. A secured document issued by an agency using the authentication system as claimed in Claim 70 for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by
obtaining the inputs for the RSA algorithm from a biometric source; storing of data encrypted using asymmetric cryptography on an RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
74 A secured document obtained from the authentication system as claimed in Claim 70 wherein the authenticity is verified according to these steps:-
The verification agency decrypts the encrypted data on the RFID chip with the document holder's public key and obtains a validation message such as "This document is valid" but gets an incoherent message when the encrypted data is decrypted with the verification agency's public key, indicating the document was not genuine.
The verification agency decrypts the encrypted data on the RFID chip with the verification agency's public key and obtains a validation message such as "This document is valid", but also obtains a validation message when the encrypted data is decrypted using the document holder's public key. This would mean that the secured document is genuine.
75. A secured document for recording, storage and retrieval of encrypted data using the authentication system as claimed in Claim 70, using a public key and a private key, both the public key and private key being generated by a RSA algorithm, the secured document obtained by the following steps:- obtaining the inputs for the RSA algorithm from a biometric source;
recording and storing of data encrypted using asymmetric cryptography on an RFID chip; and
authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
76. A secured document for recording, storage and retrieval of encrypted data obtained according to the steps in Claim 71 wherein the encrypted data includes data such as " date, time, location and other pertinent information relating to authentication of the document " which is then stored in a RFID chip and affixed to the important document.
77. Method for using the mobile phone as a password manager for another system/systems where the transmission of the password from the mobile phone to the system/systems can be, but not limited by, GPRS, Bluetooth, Wi-fi, Infra red, USB, or user input on the system keyboard.
An example would be where the user would key in a PIN number on the mobile phone to unlock the password for a PC running on Windows Operating System. The mobile phone would then transmit the password to the Windows system via another password stored in the mobile phone.
Another example would be where the user stores the log-in user name and password to a web site on his mobile phone. Upon unlocking the information on the mobile phone, the user name and password is transmitted to the computer system which does a log in to the web site without any further user intervention. This adds convenience to the user as well as provide the added security where the passwords are not stored on the system being used to access the web site as compared to existing password managers in which the passwords are stored on the PC itself. In addition, it gives the user the benefit of portability where he can carry his password manager with him. This also promotes strong passwords where the user just needs to remember a single simple password on his mobile phone to unlock various strong passwords to access the respective systems.
78. Method for directly or indirectly translating an email address to a telephone number on a mobile phone. This will allow the user of a mobile phone to call the other party using the other party's email address. The email address will then be either directly or indirectly translated to a telephone number either on the mobile phone or on a server.
The advantage is such that if a friend of the user changes his telephone number, the latter can update it onto the central database which can then either push the new contact number to the user's phone or be updated on the user's mobile phone when it is synchronised.
79. Method for using the mobile phone keyboard to function as the keyboard input of another device. For example, the mobile phone keypad can be used to key in the PIN number for an ATM card and then transmitted wirelessly to the ATM machine. This eliminates the risk of someone peeking at the ATM booth whilst the use is keying in the PIN number.
In addition, in place of a keyboard, the mobile keypad can serve to function as a keyboard for a computer system through Bluetooth, infra red etc.
PCT/SG2007/000177 2005-10-25 2007-06-25 Improved authentication system WO2008030184A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
SG200604513-2A SG131827A1 (en) 2005-10-25 2006-07-04 Improved authentication system
SG200604513-2 2006-07-04

Publications (1)

Publication Number Publication Date
WO2008030184A1 true WO2008030184A1 (en) 2008-03-13

Family

ID=39157514

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2007/000177 WO2008030184A1 (en) 2005-10-25 2007-06-25 Improved authentication system

Country Status (1)

Country Link
WO (1) WO2008030184A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2948519A1 (en) * 2009-07-24 2011-01-28 Mediscs Digital data ciphering and deciphering method, involves recovering single physical identification parameter at level of medium so as to introduce single physical identification parameter while ciphering and deciphering digital data
WO2011012788A1 (en) * 2009-07-29 2011-02-03 Mediscs Method for securely authenticating access to encrypted data
US8213614B2 (en) 2009-05-18 2012-07-03 Amadeus S.A.S. Distribution and printing of travel documents
CN103297416A (en) * 2012-02-27 2013-09-11 三星电子株式会社 Method and apparatus for two-way communication
US9077537B2 (en) 2008-11-13 2015-07-07 International Business Machines Corporation Generating secure private keys for use in a public key communications environment
US9111160B1 (en) 2014-06-25 2015-08-18 Tata Consultancy Services Limited Computer implemented non-intrusive remote monitoring and capturing system and a method thereof
US9819676B2 (en) 2012-06-29 2017-11-14 Apple Inc. Biometric capture for unauthorized user identification
US9832189B2 (en) 2012-06-29 2017-11-28 Apple Inc. Automatic association of authentication credentials with biometrics
US9959539B2 (en) 2012-06-29 2018-05-01 Apple Inc. Continual authorization for secured functions
US9992171B2 (en) 2014-11-03 2018-06-05 Sony Corporation Method and system for digital rights management of encrypted digital content
US10212158B2 (en) 2012-06-29 2019-02-19 Apple Inc. Automatic association of authentication credentials with biometrics
US10331866B2 (en) 2013-09-06 2019-06-25 Apple Inc. User verification for changing a setting of an electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044650A1 (en) * 2000-08-24 2002-04-18 Miaxis Biometrics Co. Identity credence and method for producing the same
WO2004008282A2 (en) * 2002-07-12 2004-01-22 Privaris, Inc. Personal authentication software and systems for travel privilege assignation and verification
US20050226411A1 (en) * 2002-06-19 2005-10-13 Gemplus Method of generating electronic keys for a public-key cryptography method and a secure portable object using said method
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020044650A1 (en) * 2000-08-24 2002-04-18 Miaxis Biometrics Co. Identity credence and method for producing the same
US20050226411A1 (en) * 2002-06-19 2005-10-13 Gemplus Method of generating electronic keys for a public-key cryptography method and a secure portable object using said method
WO2004008282A2 (en) * 2002-07-12 2004-01-22 Privaris, Inc. Personal authentication software and systems for travel privilege assignation and verification
US20060083370A1 (en) * 2004-07-02 2006-04-20 Jing-Jang Hwang RSA with personalized secret

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9077537B2 (en) 2008-11-13 2015-07-07 International Business Machines Corporation Generating secure private keys for use in a public key communications environment
US8213614B2 (en) 2009-05-18 2012-07-03 Amadeus S.A.S. Distribution and printing of travel documents
FR2948519A1 (en) * 2009-07-24 2011-01-28 Mediscs Digital data ciphering and deciphering method, involves recovering single physical identification parameter at level of medium so as to introduce single physical identification parameter while ciphering and deciphering digital data
WO2011012788A1 (en) * 2009-07-29 2011-02-03 Mediscs Method for securely authenticating access to encrypted data
FR2948839A1 (en) * 2009-07-29 2011-02-04 Mediscs Method for access to a secured authentication to encrypted data
CN103297416A (en) * 2012-02-27 2013-09-11 三星电子株式会社 Method and apparatus for two-way communication
EP2632156A3 (en) * 2012-02-27 2015-12-30 Samsung Electronics Co., Ltd Method and apparatus for two way communication
US9819676B2 (en) 2012-06-29 2017-11-14 Apple Inc. Biometric capture for unauthorized user identification
US9832189B2 (en) 2012-06-29 2017-11-28 Apple Inc. Automatic association of authentication credentials with biometrics
US9959539B2 (en) 2012-06-29 2018-05-01 Apple Inc. Continual authorization for secured functions
US10212158B2 (en) 2012-06-29 2019-02-19 Apple Inc. Automatic association of authentication credentials with biometrics
US10331866B2 (en) 2013-09-06 2019-06-25 Apple Inc. User verification for changing a setting of an electronic device
US9111160B1 (en) 2014-06-25 2015-08-18 Tata Consultancy Services Limited Computer implemented non-intrusive remote monitoring and capturing system and a method thereof
US9992171B2 (en) 2014-11-03 2018-06-05 Sony Corporation Method and system for digital rights management of encrypted digital content

Similar Documents

Publication Publication Date Title
US10007913B2 (en) Identity management service using a blockchain providing identity transactions between devices
US7278017B2 (en) Method and device for secure wireless transmission of information
US8327141B2 (en) Centralized authentication system with safe private data storage and method
CA2341784C (en) Method to deploy a pki transaction in a web browser
US6842628B1 (en) Method and system for event notification for wireless PDA devices
US8417643B2 (en) Trusted service manager (TSM) architectures and methods
US9600674B2 (en) Transaction system for business and social networking
US6948066B2 (en) Technique for establishing provable chain of evidence
US8127143B2 (en) Methods for secure enrollment of personal identity credentials into electronic devices
US6732278B2 (en) Apparatus and method for authenticating access to a network resource
EP1504561B1 (en) Methods and systems for secure transmission of information using a mobile device
US7181621B2 (en) Methods and device for digitally signing data
US9413753B2 (en) Method for generating a soft token, computer program product and service computer system
US9729537B2 (en) System and method for identity management for mobile devices
JP4553565B2 (en) Of electronic value authentication method and the authentication system and the device
US7024562B1 (en) Method for carrying out secure digital signature and a system therefor
US7475250B2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
US20020123967A1 (en) Methods of exchanging secure messages
US20050120201A1 (en) System and method for non-interactive human answerable challenges
US20130145173A1 (en) Token management
CN100374971C (en) Securing access to an application service based on a proximity token
US7028184B2 (en) Technique for digitally notarizing a collection of data streams
US6990444B2 (en) Methods, systems, and computer program products for securely transforming an audio stream to encoded text
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US6968453B2 (en) Secure integrated device with secure, dynamically-selectable capabilities

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07748722

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 570380

Country of ref document: NZ

NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct app. not ent. europ. phase

Ref document number: 07748722

Country of ref document: EP

Kind code of ref document: A1