WO2011053208A1 - A method and an arrangement for performing an electronic activity involving a plurality of electronic equipments - Google Patents

A method and an arrangement for performing an electronic activity involving a plurality of electronic equipments Download PDF

Info

Publication number
WO2011053208A1
WO2011053208A1 PCT/SE2010/000258 SE2010000258W WO2011053208A1 WO 2011053208 A1 WO2011053208 A1 WO 2011053208A1 SE 2010000258 W SE2010000258 W SE 2010000258W WO 2011053208 A1 WO2011053208 A1 WO 2011053208A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
client
party entity
response
user interface
adapted
Prior art date
Application number
PCT/SE2010/000258
Other languages
French (fr)
Inventor
Thomas Berghemmer
Rickard Sohlberg
Mikael Edoff
Original Assignee
Invented In Sweden Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/18Network-specific arrangements or communication protocols supporting networked applications in which the network application is adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/34Network-specific arrangements or communication protocols supporting networked applications involving the movement of software or configuration parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0869Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Abstract

A method and arrangement for managing a requested electronic activity involving a first and a second client, where both clients are adapted to communicate with each other via a first communication link and with a trusted third party entity via a second and a third communication link, respectively. Both clients transmits requests for the activity to the third party entity, and receives a respective graphical user interface, where both user interfaces are associated with each other, such that a response transmitted to the third party entity from one of the clients has to correspond to the graphical user interface provided to the second client, in order for the third party entity to approve with the requested activity.

Description

A method and an arrangement for performing an electronic activity involving a plurality of electronic equipments

TECHNICAL FIELD

The present invention relates to a method and an arrangement for managing an electronic activity involving two clients.

BACKGROUND

Communication between electronic user devices, such as e.g. cellular telephones, automates, and computers, where one or both of the user devices may be wireless entities are becoming more and more common in a wide range of situations, such as monetary transactions, exchange of electronic documents etc.

In order to provide secure deliveries, transmission of personal data between interacting entities is often required.

In many situations the corresponding device is owned by a user with which the user of the initiating device has no strong

relationship, and as such, this device is considered as an un-trusted party. The requirement for transmitting sensitive information to an un- trusted device, may be an obstacle for some users to use this type of services, or a reason why services are not used so frequently and may even result in a user refusing to complete transactions.

SUMMARY

It is an object of the present invention to address at least some of the problems outline above. It is also an object of the present invention to provide various alternative means for improving security when executing electronic activities involving two or more users.

According to one aspect of the invention a method for managing a requested activity involving a first and a second client is provided, where both clients are adapted to communicate with each other via a first communication link and with a trusted third party entity via a second and a third communication link, respectively.

According to the method, which is executable on the third party entity, the entity first receives a first request for an electronic activity, which will involve both the first and a second client from the first client. The third party entity also receives a second request to participate in the activity from the second client.

On the basis of content of the requests, the third party entity identifies the first and the second client. Once both clients have been identified the third party entity generates and transmits a first graphical user interface to the first client, in response to the first request, and, in response to the second request, the third party entity also generates and transmits a second graphical user interface to the second client. The user interfaces are adapted such that the second user interface is associated with the first user interface such that is indicates to a user of the first client how to respond via the first user interface. Once the first user has responded by entering a response, and once such a response has been received by the third party client from the first client, the third party entity may evaluate the response and determine, on the basis of the correspondence between the response and the response indication provided to the second client, whether the electronic activity is to be executed or not. According to one alternative embodiment, an initial process for identifying other clients which are presently in the vicinity of a first client is suggested.

The third party entity first receives a request for clients which are within communication range of the first client, from the first client. In response to such a request, the third party entity selects one or more clients which are found to be within range of the first client, on the basis of the location of the first client. Once one or more clients have been selected, the third party entity transmits a range response, indicating the one or more selected clients, including the second client, to the first client.

The third party entity may also be adapted to transmit software code especially adapted for executing the requested activity on the respective client, to the first and/or the second client.

Each of the first and the second request comprise information which enables the third party entity to identify the first and the second client, respectively. In addition, the client response will typically comprise a code which enables the third party entity to verify the authenticity of the first client.

Typically, both the first and the second graphical user interface comprise a plurality of graphical symbols, where the symbols of the first graphical user interface are selectable, while the symbols of the second graphical user interface are instructive. Such graphical symbols may either consist of conventional keyboard symbols, or signs, such as e.g. 1 -9 and a-z, and/or other types of graphical symbols, such as e.g.

graphical pictures.

The electronic activity may be any of: an execution of a monetary transaction, or a transmittal of a valuable document, a software, a music tune or a game. According to another aspect a trusted third party entity for

managing a requested electronic activity involving a first and a second client, where both clients are adapted to communicate with each other via a first communication link and with said third party entity via a second and a third communication link, is also provided.

The suggested entity comprises receiving means for receiving, a first request for an electronic activity, involving the first and the second client, from the first client, and for receiving a second request to

participate in the requested electronic activity, from the second client.

The third party entity also comprises processing means for identifying the first and the second client on the basis of content of the requests. In addition, the third party entity comprises transmitting means for transmitting a first graphical user interface to the first client, in response to the first request, and for transmitting a second graphical user interface to the second client, in response to the second request.

The processing means of the third party entity is adapted to assure that the second user interface is associated with the first user interface, such that it indicates to a user how to respond via the first user interface.

The receiving means is further adapted to receive a client response from the first client, wherein the processing means is further adapted to determine whether a client response corresponds to a received response indication, and to execute the electronic activity, in case the client response corresponds to the response indication in a satisfying way.

In order to provide a client with other client with which electronic activities may be initiated, the receiving means may also be adapted to respond to such a request received from the first client by selecting, on the basis of the location of the first client, one or more clients which are within range of the first client, and to transmit a range response, indicating the one or more selected clients, including the second client, to the first client.

The processing means may also be adapted to select software code, especially adapted for executing the requested activity on the first and/or second client, and to transmit selected code to the respective client via the transmitting means.

The processing means is adapted to identify the first and the second client on the basis of content of the first and second request, respectively.

During such a process, the processing means is typically further adapted to verify the authenticity of the first client by analysing a code entered via the first user interface and received in the client response by the receiving means.

The processing means may also be adapted to generate the first graphical user interface, such that is comprise a plurality of selectable graphical symbols, and the second graphical user interface, such that is comprises at least one graphical symbol, wherein the graphical symbols may be represented by conventional keyboard signs, symbols other than conventional keyboard symbols, or signs, or by a combination of both.

In order to enable improved security while handling symbols provided by the third party entity, the processing means may be adapted to create unique graphical symbols. Such a processing means is provided with functionality which is adapted to generate a plurality of graphical symbols, by creating a symbol comprising a unique picture, and to later analyse one or more such graphical symbols received as a code from a client, in order to verify whether a received symbol is identical to the originally created one, or whether the symbol has been manipulated. For such a purpose the processing means may be adapted to combining a picture with a unique pattern during picture generation. The trusted third party entity may typically be a server, which is adapted to execute one or more of the processes suggested above to registered users, or clients.

For that purpose, a first client and a second client will be adapted for such an interaction, i.e. for enabling mutual communication between the two clients via a first communication link, typically provided via a short range communication protocol, such as e.g. Bluetooth, and for enabling communication with the third party entity via a communication link, provided via a communication protocol, other than the first

communication link. A suggested client may be configured as an integrated part of any: of a cellular telephone; a laptop; a computer; a music player, a game console, or a cash register. By adapting entities so that they can interact according to the suggested mechanism, no critical information will have to be transmitted to an un-trusted party, here represented by another client. Instead all such information may be transmitted from the respective client to a trusted third party entity.

In addition, by using graphical symbols, which can be provided as unique symbols, security in association with electronic transactions may be increased even further.

Further possible features and benefits of the invention will become apparent from the detailed description below.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described in more detail by means of exemplary embodiments and with reference to the accompanying drawings, in which: - Fig. 1 is a schematic overview describing how a first client and a second client, may participate in the execution of an electronic activity managed by a third party entity.

- Fig. 2 is a schematic block diagram illustrating the third party entity according to one exemplary embodiment.

- Figure 3 is a schematic block diagram illustrating a symbol generating means according to one exemplary embodiment.

- Figure 4 is a schematic block diagram illustrating a symbol analyzing means according to one exemplary embodiment.

DETAILED DESCRIPTION

The present document refers to a communication mechanism which enables an electronic equipment, from hereinafter referred to as a first client, such as e.g. a mobile telephone, a laptop, a computer, music player, gaming console, or a cash register, to initiate an activity, such as an e.g. execution of a monetary transaction, or an exchange of e.g. a valuable document, a software, a music tune or a game, involving another electronic equipment, from hereinafter referred to as a second client, which may e.g. be residing in a device of any of the types mentioned above.

The suggested mechanism enables two or more clients to participate in an execution of a requested activity when they are in close vicinity of each other, without having to exchange any critical information between two respective, typically mutually un-trusted clients. Instead a third party entity, with which both clients have a service agreement, and, which is constituting a trusted party to both clients, is responsible for managing the requested activity as well as to handle all processing of personal information which needs to be exchanged, e.g. for

authentication reasons or for any other kind of security aspects. Consequently, critical information will only be exchanged between a first client and the third party entity, and between the second client and the third party entity, in case two clients are involved in the activity.

Although described as an exchange between two clients, it is to be understood that the described mechanism may be executed also between three or more clients. Also in this case, no client will have to exchange any critical information with any other, potentially un-trusted client, but only with the trusted third party entity.

In general terms a trusted third party entity adapted to manage an electronic activity involving a first and a second client where both clients are registered with the trusted third party entity may be adapted to communicate with the first and the second client via different

communication links, while the clients are adapted to communicate via a communication link provided via another communication protocol, than the one supporting the communication links used by the third party entity. The third party entity receiving a first request for an electronic activity from a first client and a second request for the activity from a second client may be able to manage the electronic activity, such as e.g. a monetary transaction, after having identified the clients on the basis of content provided in the requests, and after having determined, on the basis of additional content provided from the first and the second client whether to approve or deny the requested activity. This is achieved by transmitting a first response to the first client, and a second response to the second client, thereby enabling the first and second client to

participate in the requested activity, in case the requested activity is approved. Following such a procedure, the third party entity may

continue managing the initiated electronic activity, e.g. by contacting external servers. A trusted communication mechanism, such as the one mentioned above, will now be described in more detail with reference to figure 1.

In figure 1 a user of a first client 100 has been made aware of a second client 101. Being in the vicinity of the first client 100, he is also somehow made aware of that both the first client 100 and the second client 101 have access to one or more common services, provided by a third party entity 102.

Via a first communication link, the clients 100,101 may execute a conventional handshaking procedure, where e.g. the first client 100 may transmit a request to perform a specific activity, involving the second client 101 , as indicated with a first step 1 :1. The request will comprise some kind of identification of the first client 100. The requested activity activity may e.g. involve a payment from the first client 100, which may e.g. be a cellular telephone to the second client 101 , which may be e.g. a cash register. The second client 101 typically responds by providing some non-critical information, identifying itself as a potential responding client for the requested monetary transaction, as indicated with a second step 1 :2. The described communication link may e.g. supported by any type of conventional short range communication protocol, such as e.g. Bluetooth, and has as its main purpose to enable two or more clients to initiate communication, but only to the extent that the purpose of an intended interaction is initiated, and such that both clients are provided with information for enabling identifying of another client acting as a counterparty at the third party entity 102.

Once the two clients 100,101 are aware of each other, each of them can establish a respective communication link, typically via another means of communication than the short range communication protocol used for the initial communication between clients. Depending on whether the respective client is a fixed device or a mobile device, any type of conventional fixed or a wireless communication link may be applied for the communication links between the third party entity 102 and a client 100,101.

In another step 1 :3, the first client 100, requests for the requested activity from the third party entity 102, requesting to involve the first and the second client in the requested activity. In another step 1 :4, the second client 101 transmits a corresponding request to the third party entity 102, requesting that it wants to participate in an activity, initiated by the first client 100.

Although not shown in the figure, at this stage the third party entity 102 may perform an authentication procedure with either one of the involved clients or separate authentication procedures with both clients, in order to verify the authenticity of the respective client, typically by exchanging electronic keys and/or signatures, according to any

conventional procedure. Alternatively, such an authentication procedure may include an exchange of a code, as will be indicated in further detail below.

In order to enable the first client 100 and the second client 101 to come to an agreement on the requested activity without having to mutually exchange any critical information, a process which may be referred to as a double feedback process will now commence. In subsequent associated steps 1 :5 and 1 :6, a first graphical user interface and an associated second graphical user interface are created. The first graphical user interface will typically comprise options which are necessary for selecting the requested activity, typically as one or more selectable icons, together with a plurality of selectable options, displayed as symbols, to be used when entering a code into an input field, also provided in the graphical user interface of the first client 100. The associated second graphical user interface will comprise some kind of indication, displayable to the user of the first client 100 as to how the user is supposed to verify its authenticity by entering a specific code into the first graphical user interface. While e.g. numbers 0-9 may be displayed as the selectable options in the first graphical user interface, the second user interface may e.g. comprise an indication that the specific four digit code "9049" is to be entered by the user via the first graphical user interface.

Since the first client 100 and the second client 101 are in close vicinity of each other, a user of a first client may easily see the indication of the second graphic user interface, which may be displayed as a specific code of one or more positions, with or without a written

instruction. In subsequent respective steps 1 :7 and 1 :8, the respective created graphical user interfaces are transmitted to the respective clients 100,101 for display on a respective screen.

To exemplify, a user may e.g. initiate a monetary transaction with a cash register, comprising the second client 101 , from a cellular

telephone, comprising the first client 100. In such a scenario, a code to be entered by the user may be displayed on a screen of the cash register. In addition some indication, indicating that the ongoing

transaction is being executed between the first and the second client 100,101 may also be displayed on the screen. Such an indication may e.g. be provided together with the second graphical user interface in the form of a symbol, code or sign, which is representative of the first client. A corresponding indication may also be provided to the first client 100 via the first graphical user interface.

In a next step 1 :9, third party client 102 receives a client response transmitted from the first client 100, where the response comprises a code entered by the user. In a subsequent step 1 :10 third party entity 102 analyses the content of the received client response, and if it is found that the code corresponds to the indications given in step 1 :8, third party entity 102 executes the requested activity, while the activity is denied if the analysis of the response results in an inadequate

correspondence.

In the latter case, the third party entity 102 may respond by giving the user of the first client 100 a second chance to enter a correct code, typically after providing a graphical user interface comprising a randomly generated new code to the second client 101 , or terminate the procedure initiated by the first client 100. The execution commencing a successful analysis in step 1 :10, will typically comprise one or more additional steps, which may involve the first and/or the second client. In the case of a monetary transaction, the third party entity will typically comprise logic which is adapted to establish a secure connection with respective servers of the banks of the user of the first client 100 and the bank to which the cash register, hosting the second client 101 is registered. In figure 1 such an execution process is represented by final step 1 :11.

According to one exemplifying embodiment, the initial

communication between the first and the second clients 100,101 , executed with steps 1 :1 and 1 :2 above may typically comprise a

procedure for providing updated information on user devices/clients with which a client can initiate an activity, i.e. to verify that both

devices/clients are able to participate in a specific activity, involving some kind of electronic transfer. Such a procedure, which may be referred to as a client seeking procedure, may either be initiated

automatically at the third party entity 102, e.g. such that a client is presented with a message, indicating that a new client has been found in the vicinity of a respective client by the third party entity 102. Alternatively, such a client update may be transmitted to a client 100 only on request from the respective client. According to yet another embodiment, the third party entity 102 may be configured to make use of the result of another seeking procedures, made on behalf of another client also being located in close vicinity of client 100, such that, even though temporary out of range, client 100 may be provided with

information on a full range of other optional clients. The available clients are typically signaled to and displayed on a screen of the user device hosting the respective client.

Transmission of information between the different entities may be performed in a number of different ways. Information may e.g. be transmitted either unencrypted or encrypted via an encrypted

communication tunnel. Alternatively, the information may be transmitted encrypted via an unencrypted communication protocol.

In addition to providing especially adapted graphical user interfaces to clients involved in an activity requested by one of the clients, the third party entity may also be adapted to identify and provide software code, which may be necessary for enabling a client to execute a requested activity. Such software code may either be standardized or specially adapted for a particular apparatus.

As already indicated above the graphical user interfaces generated by the third party entity and provided to the clients, each comprise a plurality of selectable symbols. In a typical scenario the numbers 0-9 are applied as selectable options for generating and entering a code, respectively. If the alternative comprising numbers 0-9 is extended e.g. with functional keys of a conventional user interface , such a s e.g. "#" and "*", a four digit code providing 10*10*10*10, i.e. 10000 possible combinations, can be extended to 12*12*12*12, i.e.

20736 possible combinations. This means that for a device comprising two keys other than the 10 numerical keys, the possible combinations will be at least doubled.

According to another alternative embodiment, symbols, other than the conventional keyboard symbols which are normally available on a user interface in situations where entering of a code is requested, may instead be applied for the purpose of authenticating a client and/or a user One or more sets of graphical symbols, where each symbol is disclosing a picture, with or without a combined pattern, may be used instead of conventional symbols, such as numbers and/or functional keys.

From hereinafter a graphical symbol is to be defined as a symbol which is generated and displayed as a picture with or without additional information. By combining a picture with additional information it is possible to make a digital distinction between two pictures which at first sight might seem to be identical by a spectator.

If e.g. a four position code can be selected from a set comprising 50 different graphical, mutually different symbols, 5*50*50*50*50, i.e. 31 250 000 possible combinations will be provided. Such a way of providing alternative options for a code extends a four position code having 0-9 as options by 3125 times. By combining use of graphical symbols and conventional keyboard symbols the number of possible combinations may be extended even more.

In addition to extending the number of possible combinations, in many situations a code made up of a series of pictures, such as e.g. 4 or 5 pictures, may be easier to remember, e.g. by imaging a story made of the respective sequence, compared to a code made up of the same amount of numbers.

In order to improve the security aspects even further during a verification or authentication procedure, the graphical symbols which are displayed as selectable options to a user, may be arranged such that each symbol of a set of selectable symbols is placed at a new random position e.g. in a 3x4, 4x4, 5x5 matrix, each time the set is displayed. Thereby it will not be possible by an unauthorized person or apparatus to determine which code that was entered, simply by observing the positions of a code entered to a graphical user interface.

In the technical field of encryption and/or when considering other security aspects relating to electronic transmissions it is commonly known that predictable data volumes which as a party of a data flow is protected e.g. by encryption may give rise to security problems due to its predictability, which makes it easier for an intruder to get hold of or manipulate information. In addition to the application suggested above, the suggested graphical symbols may therefore also be applied in a number of other electronic applications, where it may be advantageous to use a symbol as a unique identity mark. A specific graphical symbol can thereby be tied e.g. to a specific user, a specific activity, a specific electronic equipment, a specific session, or a specific geographical position or area.

A third party entity, such as the one describe above will now be described according to one exemplary embodiment with reference to figure 2. It is however to be understood that the third party entity described below merely describe an exemplified arrangements

comprising logical functions, which may be arranged in a number of alternative ways. It is also to be understood that the third party entity of figure 2 is a simplified configuration, wherein additional communication functionality which is typically required e.g. for providing access to bank servers, but which is not necessary for the understanding of the

invention, has been omitted for simplicity reasons.

Third party entity 102 of figure 2, which is typically a server, which is accessible to registered clients via a conventional communication link, comprise receiving means 200, which is configured to receive requests from clients (not shown), which are initiating an activity involving at least one other client, as well as from the one or more other client, involved in the activity. The third party entity 102 also comprises transmitting means 201 which is configured to enable the third party entity 102 to transmit information, such as e.g. graphical user interfaces, as well as any subsequent updates for an interface which has been configured for a specific requested activity/service.

Processing means 202 is configured to manage requested activities on the third party entity 102 by supervising any processes which are necessary for preparing for execution of a requested activity, as well as to execute the activity as such, once approved according to any predefined criteria, including one or more of the security aspects mentioned above.

Processing means 202 is interconnected with generating means 203, which is adapted to generate graphical user interfaces to clients participating in a requested activity. Unless conventional keyboard symbols are used in the graphical user interfaces provided by the third party entity 102, generating means 203 will also comprise especially adapted logic for generating graphical symbols. Exemplifying means especially adapted for this purpose will be described below with

reference to figure 3. Generating means 203 is adapted to generate associated graphical user interfaces, where a graphical user interface provided to one client will comprise a set of selectable graphical symbols, either provided as conventional keyboard objects, or as graphical objects, as suggested in the present document, and an input field, in which a predefined number of graphical objects may be entered, constituting a code. In addition the graphical user interface may comprise additional information and selectable options which are associated with the requested activity/service. It is to be understood that in order to enable different activities/services to be provided to users in a user friendly way, a graphical user interface may be split up into a number of subsequent displays, forming a logical sequence of options and instructions, which is configured to guide a user through from a first to a final step for

executing a requested activity.

Processing means 202 is also interconnected with an analyzing means 204, which is adapted to analyse a code receive from one client and compare it to an instruction, or indication, on how to enter the respective code, which have previously been provided to another client, as discussed above, with reference to figure 1. Processing means 202 is also adapted to execute a requested activity, typically by way of activating associated logic and by interacting with appropriate additional external and/or internal functionality. Since a plurality of such activation mechanisms and associated arrangements, which may e.g. perform the previously mentioned execution of a monetary transaction, are

commonly known, and since the details on how such execution

procedures are to be performed are out of the scope of the present invention, any functionality which may be necessary subsequent to a successful verification of a client has been omitted.

The third party entity 102 may also comprise functionality which enables it to determine which clients which are in the vicinity of each other. For such a purpose, any type of conventional positioning

functionality, such as e.g. GPS, may be implemented on the third party entity 102. In figure 2 such functionality is integrated as positioning means 205. Processing means 202 may be adapted to invoke positioning means 205 in response to receiving a request from a first client for an updated listing of clients which are presently within communication range of the first client. In response to such a process, processing mean 202 may be further adapted to select, on the basis of the location of the first client, one or more clients which are within range of the first client, and to inform the requesting client of the selected clients. Alternatively, the processing means may be adapted to execute a corresponding process automatically. In addition a memory 206 may host e.g. software code, especially configured for execution of specific activities, wherein the processing means 202 may also be configured to, in the initial stages of the described activity initiation process, determine whether loading of code is required to a respective client.

In response to receiving respective requests from two or more clients via receiving means 200, processing means 202 is adapted to identify the respective clients on the basis of content of the respective requests, typically by determining that a respective client is registered to the third party entity 102.

Means suitable for applying an electronic mark concept comprising a visually perceptible stamp, which may be used both for identity mark purposes mentioned above, as well as for the generation of any of the graphical symbols, used in the double feedback concept, described with reference to figure 1 and 2 will now be described below with reference to figure 3.

Figure 3 illustrates an arrangement, which may be referred to as a symbol generating means 300, which is typically part of the generating means 203 described above with reference to figure 2, or in any other type of entity where improved security is to be obtained by providing a secure electronic identification mechanism. As indicated with a first step 3:1 a pattern generating means 301 is adapted to generate a pattern 302, comprising a picture, a plurality of random numbers, or random positions, comprising information on how to affect each of the random positions at a later stage. The associated information may e.g. indicate that the illumination, contrast or color of a respective random position is to be changed.

As indicated in a next step 3:2 an image processing means 303 combines the generated pattern 302 with a visually perceptible original picture 304, i.e. a picture which, from a user's point of view, is clearly distinctive from other pictures available from the same source. The picture 304 may either have been provided from another client/entity, or been generated by a picture generating means 305 of the symbol generating means 300.

The image processing may be obtained by applying any of a number of conventional image processing techniques, such as e.g.

transparence technique. If the pattern 302 comprises additional position related information, the respective positions of the original picture 304 is modified, according to the respective instructions, in combination step 3:2. As a result of the combination, a modified picture 306, which may visually look the same as picture 304, is derived. However, digitally the modified picture 306 will be different from picture 304. Such a picture may be very useful e.g. when representing an identity of an apparatus, since, due to the unique digital picture it will be easier to determine whether fraudulent abuse attempts involving a specific apparatus has occurred.

Analysing means 203 of figure 2 will typically comprise

corresponding symbol analyzing means. Symbol analyzing means according to one exemplary embodiment will therefore be described in further detail below, with reference to figure 4. A modified picture 401 , which may or may not be identical with picture 306, received by the symbol generating means 300 is being processed by image analyzing means 402 in a step 4:1 , wherein an original picture 403, which in case of modified picture 306, would be identical with original picture 304, is provided. If the picture also

comprises a pattern 404, this is also provided as a second end product from image analyzing means 402. By providing either both or one of the end products to a pattern/picture recognizing means 405, one or both of these graphical images can be compared to corresponding image/s, which may typically have been provided from another source, as indicated with another step 4:2. On the basis of such a pattern/picture recognition procedure it will be possible to determine whether any of the images have been manipulated, and, thus, to detect a fraudulent behavior, e.g. during a procedure for determining whether a requested activity is to be executed, as described in the example referred to above, by reference to figure 1.

While the invention has been described with reference to specific exemplary embodiments, the description is generally only intended to illustrate the inventive concept and should not be taken as limiting the scope of the invention. The invention is defined by the appended claims.

Claims

CLAIMS 2 6 -10- 2010
1. A method for managing a requested electronic activity
involving a first and a second client, where both clients are adapted to communicate with each other via a first communication link and with a trusted third party entity via a second and a third
communication link, respectively, where said method which is executable on said third party entity is characterized by the
following steps:
- receiving, from the first client, a first request for said electronic activity
involving the first and the second client;
- receiving, from the second client, a second request to participate in said electronic activity;
- identifying the first and the second client on the basis of content of said requests;
- transmitting, in response to the first request, a first graphical user interface to the first client, and, in response to the second
request, transmitting a second graphical user interface to the second client, wherein the second user interface is associated with the first user interface and indicates how to respond via the first user interface;
- receiving a client response from the first client, and
- executing said electronic activity, in case the client response
corresponds to said response indication.
2. A method according to claim 1 , comprising the further initial
steps of:
- receiving, from the first client, a request for clients which are within communication range of said first client;
- selecting, on the basis of the location of the first client, one or more clients which are within range of said first client, and
- transmitting, to said first client in response to said range request, a range response indicating said one or more selected clients, including said second client.
3. A method according to claim 1 or 2, comprising the further step of:
- transmitting, to the first and/or second client software code especially adapted for executing the requested electronic activity on the respective client.
4. A method according to claim 1 , 2 or 3, wherein each of said first and second request comprise information which enables said third party entity to identify the first and the second client,
respectively.
5. A method according to any of claims 1-4, wherein said client response comprises a code which enables said third party entity to verify the authenticity of the first client.
6. A method according to claim 5, wherein said first and said
second graphical user interface each comprise a plurality of selectable graphical symbols, other than conventional keyboard symbols.
7. A method according to claim 6, wherein each of said graphical symbols comprises a unique picture. A method according to any of the preceding claims, wherein said electronic activity is any of: an execution of a monetary transaction, or a transmittal of a valuable document, a software, a music tune or a game.
8. A trusted third party entity for managing a requested electronic activity involving a first and a second client, where both clients are adapted to communicate with each other via a first communication link and with said third party entity via a second and a third
communication link, respectively, said entity being characterized by:
- receiving means for receiving, from the first client, a first request for said electronic activity, involving the first and the second client, and for receiving, from the second client, a second request to partyicipate in said electronic activity;
- processing means for identifying said first and second client on the basis of content of said requests;
- transmitting means for transmitting, in response to the first
request, a first graphical user interface to the first client, and for transmitting in response to the second request, a second
graphical user interface to the second client, wherein the second user interface is associated with the first user interface and indicates how to respond via the first user interface,
said receiving means being further adapted to receive a client response from the first client, and
said processing means being further adapted to determine whether a client response corresponds to a received response indication, and for executing said electronic activity, in case the client response corresponds to said response indication.
9. A trusted third party entity according to claim 8, wherein said receiving means is further adapted to, at an initial step, receive, from the first client, a request for clients which are within
communication range of said first client, said processing mean being further adapted to select, on the basis of the location of the first client, one or more clients which are within range of said first client, and wherein said transmitting means is further adapted to transmit, to said first client in response to said range request, a range response indicating said one or more selected clients, including said second client.
A trusted third party entity according to claim 8 or 9, said processing means being further adapted to select software code, especially adapted for executing the requested electronic activity on the first and/or second client, and to transmit selected code to the respective client via said transmitting means.
11. A trusted third party entity according to claim 8, 9 or 10,
wherein said processing means is adapted to identify the first and the second client on the basis of content of said first and second request, respectively.
12. A trusted third party entity according to any of claims 8-11 , wherein said processing means is further adapted to verify the authenticity of the first client by analysing a code entered via said first user interface and received in said client response by said receiving means.
13. A trusted third party entity according to any of claims 8-12, wherein said processing means is adapted to generate said first graphical user interface, comprising a plurality of selectable graphical symbols, and said second graphical user interface, comprising at least one graphical symbol, wherein said graphical symbols are represented by symbols other than conventional keyboard symbols.
14. A trusted third party entity according to claim 12, wherein said
processing means is adapted to:
- generate a plurality of graphical symbols, by creating a symbol comprising a unique picture, and to
- analyse one or more such graphical symbols received as a code from a client.
15. A trusted third party entity according to claim 14, wherein said
processing means is adapted to:
- generate said graphical symbols by combining said picture with a unique pattern, and
- analysing one or more received symbols by verifying that said pattern has not been manipulated.
16. A trusted third party entity according to claim 15, wherein said
processing means is adapted to:
- generate said graphical symbols by combining said picture with a unique pattern, and
- analysing one or more received symbols in order to verify whether said pattern has not been manipulated or not.
17. A trusted third party entity according to any of claims 9-16, wherein said trusted third party entity is a server.
18. A first client, which is adapted to initiate a transaction with a trusted third party entity according to any of claims 9-17.
19. A second client, which is adapted to participate in a transaction
with a trusted third party entity according to any of claims 9-18.
20. A first or second client, according to claim 18 or 19, wherein said client is an integrated party of any of a: cellular telephone; a laptop; a computer; a music player or a game console, or a cash register.
PCT/SE2010/000258 2009-10-26 2010-10-26 A method and an arrangement for performing an electronic activity involving a plurality of electronic equipments WO2011053208A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US25485009 true 2009-10-26 2009-10-26
SE0950792 2009-10-26
SE0950792-2 2009-10-26
US61/254,850 2009-10-26

Publications (1)

Publication Number Publication Date
WO2011053208A1 true true WO2011053208A1 (en) 2011-05-05

Family

ID=43922330

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2010/000258 WO2011053208A1 (en) 2009-10-26 2010-10-26 A method and an arrangement for performing an electronic activity involving a plurality of electronic equipments

Country Status (1)

Country Link
WO (1) WO2011053208A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999045693A1 (en) * 1998-03-06 1999-09-10 Walker Digital, Llc Method and system for controlling authorization of credit card transactions
WO2001018720A1 (en) * 1999-09-07 2001-03-15 Epacific, Inc. Method of and system for authorizing purchases made over a computer network
US20050049929A1 (en) * 2003-08-29 2005-03-03 International Business Machines Corporation Method and apparatus for trading digital items in a network data processing system
US20060069658A1 (en) * 2004-09-28 2006-03-30 Jochen Haller Trust lookup protocol
WO2007053223A2 (en) * 2005-08-09 2007-05-10 Cardinalcommerce Corporation Web terminal and bridge that support passing of authentication data to acquirer for payment processing
EP1865656A1 (en) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Provision of secure communications connection using third party authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999045693A1 (en) * 1998-03-06 1999-09-10 Walker Digital, Llc Method and system for controlling authorization of credit card transactions
WO2001018720A1 (en) * 1999-09-07 2001-03-15 Epacific, Inc. Method of and system for authorizing purchases made over a computer network
US20050049929A1 (en) * 2003-08-29 2005-03-03 International Business Machines Corporation Method and apparatus for trading digital items in a network data processing system
US20060069658A1 (en) * 2004-09-28 2006-03-30 Jochen Haller Trust lookup protocol
WO2007053223A2 (en) * 2005-08-09 2007-05-10 Cardinalcommerce Corporation Web terminal and bridge that support passing of authentication data to acquirer for payment processing
EP1865656A1 (en) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Provision of secure communications connection using third party authentication

Similar Documents

Publication Publication Date Title
US20070088952A1 (en) Authentication device and/or method
US7073067B2 (en) Authentication system and method based upon random partial digitized path recognition
US20130124292A1 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US20040122774A1 (en) Method and system for executing applications on a mobile device
US20060123465A1 (en) Method and system of authentication on an open network
US20090205014A1 (en) System and method for application-integrated information card selection
US20060015358A1 (en) Third party authentication of an electronic transaction
US20080222417A1 (en) Method, System, And Apparatus For Nested Security Access/Authentication With Media Initiation
US20110173684A1 (en) Anytime validation for verification tokens
US20090106150A1 (en) Unified identity verification
US20040073813A1 (en) Establishing a secure channel with a human user
US20060037067A1 (en) Method of secure data communication
US20130191882A1 (en) Access control of remote communication interfaces based on system-specific keys
US20090328168A1 (en) Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
US20100122094A1 (en) Software ic card system, management server, terminal, service providing server, service providing method, and program
US20140012751A1 (en) Systems, methods, and computer program products for integrating third party services with a mobile wallet
US20080229411A1 (en) Chaining information card selectors
JP2003044436A (en) Authentication processing method, information processor, and computer program
US20130328801A1 (en) Software pin entry
US20090052745A2 (en) Personal identification system
US20130023240A1 (en) System and method for transaction security responsive to a signed authentication
CN101051907A (en) Safety certifying method and its system for facing signature data
US20140098141A1 (en) Method and Apparatus for Securing Input of Information via Software Keyboards
US8141134B2 (en) Authentication engine for enrollment into a computer environment
JP2007060172A (en) Authenticating device, authenticating method and authenticating program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10827224

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase

Ref document number: 10827224

Country of ref document: EP

Kind code of ref document: A1