WO2013051916A1 - Method for determination of user's identity - Google Patents
Method for determination of user's identity Download PDFInfo
- Publication number
- WO2013051916A1 WO2013051916A1 PCT/LV2012/000015 LV2012000015W WO2013051916A1 WO 2013051916 A1 WO2013051916 A1 WO 2013051916A1 LV 2012000015 W LV2012000015 W LV 2012000015W WO 2013051916 A1 WO2013051916 A1 WO 2013051916A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- service provider
- user
- image
- mobile device
- access token
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/77—Graphical identity
Definitions
- the invention refers to the information protection in computer networks and systems.
- a user authentication method exists, using passwords where password fragments are taken from a predefined color image [1].
- This invention aims to devise user authentication method, ensuring trustful identity check, using mobile device, e.g. phone, without using a username and password.
- This aim is attained by user capturing on his mobile device a specifically crafted user enrollment image, e.g. barcode or QR-code, displayed by service provider, mobile device serializes data received from the photo-sensor into a structured data, extracting service provider identifier, service provider access point resource identifier and unique access token and/or other data embedded in this image, digitally signs unique access token and/or other data embedded in this image and submits to service provider access point accompanied by his public key/digital certificate used to sign that message.
- Service provider verifies digital signature of received message and, if successful, associates received public key/digital certificate with a profile that user has created.
- a specifically crafted login image e.g. barcode or QR-code
- This image captured by photo-sensor, gets serialized into a structured data, extracting service provider identifier, service provider access point resource identifier and unique access token and/or other data embedded in this image.
- User selects the same identity that he used during enrollment at this service provider, mobile device digitally signs unique access token and/or other data embedded into the login image, and submits to service provider access point accompanied by his public key/digital certificate used to sign that message.
- Service provider verifies digital signature of received message, matches user profile via public key/digital signature that was stored during enrollment and enables user session for received unique access token or other data embedded in login image.
- the user opens that service resource page from a computer or any other device.
- User creates a profile at this service provider, specifying any information that service provider asks specifically to render a particular service. If user has already created a profile at a particular service provider, users authenticates into that profile via any authentication means that he may have been using at the time of profile creation.
- Application serializes data captured by photo-sensor, into structured data, extracting service provider identifier, service provider access point resource identifier and unique access token and/or other data embedded in this image.
- Mobile device digitally signs a unique access token and/or other data embedded in this image and submits to service provider access point accompanied by his public key/digital certificate used to sign that message.
- Service provider verifies digital signature of received message and, if successful, associates received public key/digital certificate with a profile that user has created.
- Service provider may then present enrollment image to the user in person, for example, printing it on the service sign-up form, showing on a computer screen etc. User then captures this enrollment image with an app on his mobile device and proceeds with next enrollment steps as described above.
- a specifically crafted login image e.g. barcode or QR-code
- This image captured by photo-sensor, gets serialized into a structured data, extracting service provider identifier, service provider access point resource identifier and unique access token and/or other data embedded in this image.
- User selects the same identity that he used during enrollment at this service provider, mobile device digitally signs unique access token and/or other data embedded into the login image, and submits to service provider access point accompanied by his public key/digital certificate used to sign that message.
- Service provider verifies digital signature of received message, matches user profile via public key/digital signature that was stored during enrollment and enables user session for received unique access token or other data embedded in login image. This completes the user authentication process.
- service provider may register IP address of originating mobile device used to submit login request message and deploy geo-location restrictions for subsequently enabled user session. For example, service provider may allow accessing user session only from devices that are in close proximity to the IP address of the originating mobile device, making it more complicated to launch any identity theft attacks.
- Method and system for determination of user's identity described herein ensures a secure user authentication process using mobile device, e.g. a phone.
- Method can be used with any service provider resource site, not limited to a website on Internet accessed from the personal computer. The only technological pre-requisite for such a resource site, is capability to display a dynamically generated login/enrollment image. Method can be implemented for any operating system, browser or software API. References: Patent RU 2348974, C2, G06K9/00, 2008
- Patent RU 2263341 CI, G06F1/00, 2005
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Facsimiles In General (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
UAA201314825A UA107302C2 (en) | 2011-10-04 | 2012-02-10 | METHOD OF DETERMINING USER ID |
US14/344,911 US20140359299A1 (en) | 2011-10-04 | 2012-10-02 | Method for Determination of User's Identity |
RU2014102590/08A RU2014102590A (en) | 2011-10-04 | 2012-10-02 | METHOD FOR DETERMINING USER IDENTIFICATION DATA |
EP12837931.0A EP2764655A4 (en) | 2011-10-04 | 2012-10-02 | Method for determination of user's identity |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
LVP-11-134A LV14456B (en) | 2011-10-04 | 2011-10-04 | Method for determination of user's identity |
LVP-11-134 | 2011-10-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013051916A1 true WO2013051916A1 (en) | 2013-04-11 |
Family
ID=48043956
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/LV2012/000015 WO2013051916A1 (en) | 2011-10-04 | 2012-10-02 | Method for determination of user's identity |
Country Status (6)
Country | Link |
---|---|
US (1) | US20140359299A1 (en) |
EP (1) | EP2764655A4 (en) |
LV (1) | LV14456B (en) |
RU (1) | RU2014102590A (en) |
UA (1) | UA107302C2 (en) |
WO (1) | WO2013051916A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105162774A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Virtual machine login method and device used for terminal |
WO2016013028A1 (en) * | 2014-07-21 | 2016-01-28 | Vishal Gupta | A contextual scanning device with pre-authenticated identity |
US20160098616A1 (en) * | 2014-10-02 | 2016-04-07 | Facebook, Inc. | Techniques for managing discussion sharing on a mobile platform |
EP3031206B1 (en) * | 2013-08-09 | 2020-01-22 | ICN Acquisition, LLC | System, method and apparatus for remote monitoring |
US20220337595A1 (en) * | 2021-04-14 | 2022-10-20 | Microsoft Technology Licensing, Llc | Entity authentication for pre-authenticated links |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10599828B2 (en) * | 2016-11-30 | 2020-03-24 | International Business Machines Corporation | Single key authentication method |
US10237258B2 (en) * | 2016-11-30 | 2019-03-19 | International Business Machines Corporation | Single key authentication method |
KR102530441B1 (en) * | 2018-01-29 | 2023-05-09 | 삼성전자주식회사 | Electronic device, external electronic device, system comprising the same and control method thereof |
CN109670290A (en) * | 2018-12-20 | 2019-04-23 | 南昌弘为企业管理有限公司 | The method for determining user identity |
CN113452687B (en) * | 2021-06-24 | 2022-12-09 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009101549A2 (en) * | 2008-02-11 | 2009-08-20 | Alberto Gasparini | Method and mobile device for registering and authenticating a user at a service provider |
US20090241175A1 (en) * | 2008-03-20 | 2009-09-24 | David Trandal | Methods and systems for user authentication |
US20100070759A1 (en) * | 2008-09-17 | 2010-03-18 | Gmv Soluciones Globales Internet, S.A. | Method and system for authenticating a user by means of a mobile device |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8239917B2 (en) * | 2002-10-16 | 2012-08-07 | Enterprise Information Management, Inc. | Systems and methods for enterprise security with collaborative peer to peer architecture |
US7594121B2 (en) * | 2004-01-22 | 2009-09-22 | Sony Corporation | Methods and apparatus for determining an identity of a user |
US20060069922A1 (en) * | 2004-09-30 | 2006-03-30 | Intel Corporation | Visual authentication of user identity |
US8661520B2 (en) * | 2006-11-21 | 2014-02-25 | Rajesh G. Shakkarwar | Systems and methods for identification and authentication of a user |
WO2008113951A2 (en) * | 2007-02-28 | 2008-09-25 | France Telecom | Method for the unique authentication of a user by service providers |
CN101836215B (en) * | 2007-10-22 | 2014-01-01 | 夏普株式会社 | Reproducing apparatus, mobile communication apparatus, management server, and content delivering system |
-
2011
- 2011-10-04 LV LVP-11-134A patent/LV14456B/en unknown
-
2012
- 2012-02-10 UA UAA201314825A patent/UA107302C2/en unknown
- 2012-10-02 EP EP12837931.0A patent/EP2764655A4/en not_active Withdrawn
- 2012-10-02 US US14/344,911 patent/US20140359299A1/en not_active Abandoned
- 2012-10-02 WO PCT/LV2012/000015 patent/WO2013051916A1/en active Application Filing
- 2012-10-02 RU RU2014102590/08A patent/RU2014102590A/en not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009101549A2 (en) * | 2008-02-11 | 2009-08-20 | Alberto Gasparini | Method and mobile device for registering and authenticating a user at a service provider |
US20090241175A1 (en) * | 2008-03-20 | 2009-09-24 | David Trandal | Methods and systems for user authentication |
US20100070759A1 (en) * | 2008-09-17 | 2010-03-18 | Gmv Soluciones Globales Internet, S.A. | Method and system for authenticating a user by means of a mobile device |
Non-Patent Citations (1)
Title |
---|
See also references of EP2764655A4 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11438553B1 (en) | 2013-08-09 | 2022-09-06 | Icn Acquisition, Llc | System, method and apparatus for remote monitoring |
US10645347B2 (en) | 2013-08-09 | 2020-05-05 | Icn Acquisition, Llc | System, method and apparatus for remote monitoring |
US11722806B2 (en) | 2013-08-09 | 2023-08-08 | Icn Acquisition, Llc | System, method and apparatus for remote monitoring |
US11432055B2 (en) | 2013-08-09 | 2022-08-30 | Icn Acquisition, Llc | System, method and apparatus for remote monitoring |
EP3031206B1 (en) * | 2013-08-09 | 2020-01-22 | ICN Acquisition, LLC | System, method and apparatus for remote monitoring |
US10841668B2 (en) | 2013-08-09 | 2020-11-17 | Icn Acquisition, Llc | System, method and apparatus for remote monitoring |
WO2016013028A1 (en) * | 2014-07-21 | 2016-01-28 | Vishal Gupta | A contextual scanning device with pre-authenticated identity |
GB2542740A (en) * | 2014-07-21 | 2017-03-29 | Vcare Tech Pvt Ltd | A contextual scanning device with pre-authenticated identity |
US10560418B2 (en) * | 2014-10-02 | 2020-02-11 | Facebook, Inc. | Techniques for managing discussion sharing on a mobile platform |
US20160098616A1 (en) * | 2014-10-02 | 2016-04-07 | Facebook, Inc. | Techniques for managing discussion sharing on a mobile platform |
CN105162774A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Virtual machine login method and device used for terminal |
US20220337595A1 (en) * | 2021-04-14 | 2022-10-20 | Microsoft Technology Licensing, Llc | Entity authentication for pre-authenticated links |
US11706224B2 (en) * | 2021-04-14 | 2023-07-18 | Microsoft Technology Licensing, Llc | Entity authentication for pre-authenticated links |
US20230370469A1 (en) * | 2021-04-14 | 2023-11-16 | Microsoft Technology Licensing, Llc | Entity authentication for pre-authenticated links |
Also Published As
Publication number | Publication date |
---|---|
US20140359299A1 (en) | 2014-12-04 |
RU2014102590A (en) | 2015-08-10 |
EP2764655A4 (en) | 2015-08-12 |
UA107302C2 (en) | 2014-12-10 |
LV14456A (en) | 2011-12-20 |
LV14456B (en) | 2012-04-20 |
EP2764655A1 (en) | 2014-08-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2013051916A1 (en) | Method for determination of user's identity | |
US11546756B2 (en) | System and method for dynamic multifactor authentication | |
US20200304491A1 (en) | Systems and methods for using imaging to authenticate online users | |
US10313881B2 (en) | System and method of authentication by leveraging mobile devices for expediting user login and registration processes online | |
JP6514337B2 (en) | Method and apparatus for securing mobile applications | |
US9577999B1 (en) | Enhanced security for registration of authentication devices | |
WO2015188426A1 (en) | Method, device, system, and related device for identity authentication | |
US20150222435A1 (en) | Identity generation mechanism | |
TW201108699A (en) | Authentication method and system | |
JP6538872B2 (en) | Common identification data replacement system and method | |
WO2015188424A1 (en) | Key storage device and method for using same | |
TW201816648A (en) | Business realization method and apparatus | |
US20150244695A1 (en) | Network authentication method for secure user identity verification | |
JP2014531070A (en) | Method and system for authorizing actions at a site | |
KR101392537B1 (en) | User memory method using plural one time password | |
WO2013118302A1 (en) | Authentication management system, authentication management method, and authentication management program | |
Malik et al. | Multifactor authentication using a QR code and a one-time password | |
KR102313868B1 (en) | Cross authentication method and system using one time password | |
WO2016013924A1 (en) | System and method of mutual authentication using barcode | |
WO2017046522A1 (en) | Method for website authentication and for securing access to a website | |
WO2016042473A1 (en) | Secure authentication using dynamic passcode | |
GB2522606A (en) | User authentication system | |
US20230284013A1 (en) | Mobile app login and device registration | |
CN109670290A (en) | The method for determining user identity | |
TW201437840A (en) | Method of performing validation through comparison of files |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12837931 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014102590 Country of ref document: RU Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14344911 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012837931 Country of ref document: EP |