WO2014053172A1

WO2014053172A1 - Method and system for securely authenticating entities

Info

Publication number: WO2014053172A1
Application number: PCT/EP2012/069528
Authority: WO
Inventors: Luc Buntinx
Original assignee: Buntinx Bvba
Priority date: 2012-10-03
Filing date: 2012-10-03
Publication date: 2014-04-10

Abstract

In the proposed method users (A, B) are provided with sets of authentication codes (3, 4, 5), each set comprising at least one secret (3), said at least one secret comprising a predefined encryption rule, a private key container (4) and a matching public key container (5), the private and public key container generated from respectively a first string (1) comprising a domain name of an authentication server system (10) and a private key and a second string (2) comprising the same domain name and a matching public key. Upon receipt on the authentication server system (10) of one of the first strings (1) as a result of a first user reading the respective private key container (4), an action definition procedure is performed in which the first user is requested to enter a secret (3) of the same set of authentication codes (3, 4, 5) taking into account the predefined encryption rule. A decryption operation is applied on the received secret corresponding to the predefined encryption rule. If a check returns a positive result, the first user can define a set of actions to be performed upon receipt of the second string (2) belonging to the same set of authentication codes on the authentication server system (10).

Description

Method and System for Securely Authenticating Entities Field of the invention

[0001] The present invention is related to the field of methods and systems for authenticating entities by means of terminals in a secure way.

Background of the invention

[0002] Q -codes are known. A QR-code (Quick Response code, ISO/IEC 18004:2006), herein also called QR-tag, is a specific matrix barcode (or two-dimensional code), readable by camera phones equipped with a QR barcode reader. The QR-code comprises coloured modules (mostly black) arranged in a square pattern on a white background. The information encoded can comprise an URL.

[0003] Many QR-code reading applications are known, which can be executed on smart phones and by means of which the user can scan a QR-code and is automatically directed to the web page at the URL encoded in the QR-code. This avoids that the user has to key in the URL on his smart phone in order to access the service behind a web page. All information in the QR-codes is parsed to the web page, making it easy for someone to parse complex alphanumerical string (e.g. codes) to a service without entering them manually.

[0004] A Public Key Infrastructure (PKI) is a combination of hardware and software used to issue and verify digital certificates, in particular PKI public and private key pairs, for the purposes of security or authentication, for example to encrypt information or to authenticate users. PKI generally comprises a certification authority (CA) which generates PKI public and private key pairs to users, a registration authority (RA) where the users can register their PKI public and private key pairs and a validation authority (VA) which validates PKI public and private key pairs.

[0005] As PKI public and private keys can be relatively long strings of characters, it is not easy for users to enter these keys on their smart phone. When these keys are stored on the device, they can be misused when the smart phone is stolen, or information is copied from. As a result, PKI security solutions are nowadays not suitable for use on communication devices like smart phones.

[0006] In the paper 'Dynamic 2D-barcodes for multi-device web session migration including mobile phones' (A. Alapetite, Personal and Ubiquitous computing, vol.14, no.l, April 2009, pp.45-52) 2D barcodes or QR-codes are used to store sessions information in order to handover sessions from a web browser on one terminal to a web browser on another terminal.

[0007] In JP2008/048135 a two-dimensional code is used to transfer the results of an encryption of an (access) address with a private key to a terminal that can read and decode the two- dimensional code. Next that retrieve address is decrypted with the public key and can give access to that decrypted address.

[0008] Application JP2008/090512 discloses a two-dimensional code used to transfer information (an URL and a password) from a content display to a smart phone, sending that information to a content distribution system. That system calculates the correlation between URL and password and decides if the smart phone should receive (additional) information about the (items) in the content display associated with the two-dimensional code.

[0009] A pin code, pass key or password can be transmitted in various possible ways, depending on the circumstances of the particular application. When deciding on which system or method to employ, considerations concerning the situation, the available means, security etc...need to be taken into account.

[0010] A one-time password (OTP) is a password that is valid for only one login session or transaction. This way it gets more difficult to obtain in an unauthorised way access to confidential digital sources like e.g. a computer account. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to reply attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction, will not be able to abuse it, since it will be no longer valid. Only man-in-the-middle attacks from a phishing site still form a threat. Three types of OTP can be distinguished :

- Type 1 uses a mathematical algorithm to generate a new password based on the previous one

Type 2 is based on a time synchronization mechanism between an authentication server and a client to provide a password

Type 3 also relies on a mathematical algorithm whereby a new password is based on a question about the identity (e.g. an arbitrary number determined by the authentication server or derived from transaction details) and a counter-question based on the previous password. This strategy is sometimes referred to as challenge type OTP.

[0011] OTP is the simplest way to convey a password. However, all of the above-mentioned techniques have their drawbacks. The first type of OTP makes use of an algorithm that needs to be installed on a client's device. Hence, installation of that software on the device is required. In case of theft the algorithm can be used by a non-authorised person. Usually access to the application is protected by means of a fixed password. This shifts the problem towards the end user. Still a shoulder surfer can retrieve the password and apply it when the device is stolen. Consequently there are several problems involved when software needs to be placed on the device itself. When employing the second type of OTP, again software is installed on the user device. It is further assumed that there is at most a small deviation between the clocks of the authentication server and the user device. The same drawbacks as for the first solution can be identified. The third type (challenge OTP) is a somewhat better solution, but it makes the authentication process longer. Note that also here software is needed on the device that contains knowledge of the transaction details or that contains enough intelligence to remember the previous password. The user device still plays an important role in the authentication process.

[0012] Consequently, there is a need for a solution where there is no need for software installation on the end user's device and that leaves no useful data after termination of the authentication process. Further the solution must be suitable for use on an unsecured channel.

Summary of the invention

[0013] It is an aim of the present invention to provide a more user-friendly authentication system and method which is suitable for secure use on various kinds of terminals.

[0014] This aim is achieved according to the invention with the method/system showing the technical steps/features of the independent claims.

[0015] The invention makes use of sets of authentication codes in order to authenticate a particular entity. These authentication codes are in the proposed solution attached as properties of that particular entity. A set of authentication codes according to the invention is the combination of a private key container, a matching public key container and one or more "secrets", such as for example alphanumerical passwords or pin codes. With 'container' is meant something that can contain a key (private key, public key or any string alphanumerical characters). In practice a container may be a Q -code, a RFID tag, a Near Field Communication tag etc... The private key container is generated from a first string comprising a domain name of an authentication server system, a private key and possibly one or more parameters or identifiers constituting a valid URL. The public key container is generated from a second string comprising same domain name of an authentication server system as in the first string), the matching public key and possibly one or more parameters or identifiers constituting a valid URL.

[0016] To make a secure transaction, it is considered to be safe if it comprises of something you have and something you know (e.g. a bankcard and a pin-code to retrieve money from your bank account, an e-mail address and a password to download information from a web site, an alarm system and a pin-code to disarm the surveillance). Therefore the present invention combines the keys under the form of key containers (e.g. QR-codes) with one or more secrets (e.g. passwords). With the invention, it can be avoided that the keys and the secrets are stored on the terminal. The security is enhanced by using one-time passwords. These one-time passwords are obtained by applying to the 'real' password one or more encryption rules that have been agreed upon between the user and the authentication server system. The result of this further encryption then constitutes the secret passed to the authentication server over the network. As a result, the authentication system and method is device independent and can assure a high degree of security.

[0017] The invention comprises an action definition procedure in which a first user can define a set of actions to be performed when the authentication server system receives the second string (encoded in the public key container) of one of the sets of authentication codes which has been provided to the first user. In order to trigger the action definition procedure, the first user reads (for example, by scanning) the private key container of his set of authentication codes by means of his terminal (optionally a mobile terminal). As a result of this reading operation, the authentication server system receives the first string which is encoded in the private key container (e.g. Q -code). The first user is then taken through the action definition procedure. He is first requested to enter the secret taking into account a previously defined encryption rule. Next a decryption operation is applied on the received secret corresponding to that predefined encryption rule. The authentication server system then checks if the decrypted secret and the first string received earlier belong to the same set of authentication codes and if they meet predefined constraints (e.g. were they received within a predefined time-frame from each other and from the same terminal, e.g. by means of checking IP- address, session id, etc.). If the check returns a positive result, the first user is then requested to define the set of actions which are to be performed upon receipt of the second string (encoded in the public key container) belonging to the same set of authentication codes on the authentication server system.

[0018] The advantages of the invention are the following. The use of one-time passwords composed by applying some encryption rule(s), which were previously agreed between user and the authentication server, to a fixed password provides additional security. The use of containers like e.g. QR-codes is advantageous since nowadays smart phones are equipped with a camera and as such are able to read these QR-codes. QR-reading software is freely available, so that users can use their smart phones to visit web sites by simply scanning QR-codes. So, no dedicated user devices are necessary to implement the invention. The invention uses in one embodiment QR-codes containing the public and private keys, but is nonetheless secure since the set of authentication codes further comprises one or more secrets which are only known to the user. Similarly, RFID tags can be used or even SMS. For RFID tags in general, a string can be programmed into a tag. On activation of that tag, the string is sent out encoded in a radio signal. A device capable of capturing that radio signal (i.e. a RFID reading device) can extract the string from the radio signal. Next that string can be parsed to the Internet and the solution according to the invention can be applied. NFC tags (a subdivision of RFID tags, but with possibly two-directional communication) can also be used in the same manner. When questioned/activated by a suitable reading device, the NFC tags can return a string that can be submitted to the Internet and the solution according to the invention can be applied. Another example is a simple SMS, which can contain a string and transmit that string to another GSM. If the receiving GSM is equipped with a procedure for parsing a string to the Internet, the methods according to the present invention can be used. In general, any container capable of transporting an alphanumerical string and fitting reading device capable of reading the string from the container and parsing that string to the Internet, can be used to carry out the method as described in the present invention. The invention is further made secure by imposing predefined constraints, which can for example be a predefined time frame within which subsequent operations need to occur and/or requiring that the subsequent operations come from the same terminal. Optionally, the security can be further enhanced by using https connections to send the information over the internet to the authentication server system.

[0019] In preferred embodiments of the invention, multiple consecutive reading operations can be combined, on the same terminal device, within a predefined time frame, of public key containers and/or private key containers in combination with their secrets and this from keys belonging to different entities. By such combinations a wide variety of action schemes can be created and/or executed.

[0020] In preferred embodiments of the invention, each set of authentication codes comprises additional user-definable secrets and the action definition procedure comprises the step of associating a predefined procedure to each of the additional user-definable secrets. Advantageously, also to these secrets encryption rules are applied to order to obtain increased security. Upon receiving one of the additional user-definable secrets on the authentication server system, the associated predefined procedure is then performed. This can be used for example to set a password a user can enter when under threat, the associated procedure then being for example to notify emergency services. Another example is to create a user-definable secret which can be seen as a 'negative' result, thus for example only notifying emergency services, but not performing an action like opening a door or transferring information or transferring e-money.

[0021] In preferred embodiments of the invention, the action definition procedure comprises the further steps of creating a temporary key in the form of a container for the first user, said temporary key having a predetermined validity term, and defining a set of actions which are to be performed upon receipt of the temporary key on the authentication server system. This container can for example be generated from respectively a string comprising a domain name of the authentication server system and a string of alphanumerical characters and one or more delimiters in between, thus constituting a valid URL.

[0022] In preferred embodiments of the invention an entity set of authentication codes can be assigned to the first user, said entity set being one of said sets of authentication codes of which the public key container is provided for attachment to, association with or virtual representation of an entity of the first user. This entity set can for example be used to authenticate lost objects which are found: by attaching the public key container to an object, anyone who finds it can simply read this public-key container to trigger a set of actions by which for example the owner is notified, the finder is notified who the owner is or where the object has to be taken to, etc. This entity set can for example also be used to secure a location, e.g. an agent visiting a location first has to read the public key container attached to that location and perform an authentication procedure before he is allowed to enter the premises. For handing over entities, ownership of the entity can be transferred from the set of authentication codes of the first user to the set of authentications codes of the second user.

[0023] In preferred embodiments of the invention, the definition of the set of actions comprises the steps of: requesting the first user to define a set of logical expressions with conditions to be evaluated upon the receipt of the second string on the authentication server system, and to define a first set of actions to be performed if the evaluation of the logical expression returns "true" and a second set of actions to be performed if the evaluation of the logical expression returns "false". These logical expressions can be built with definable attributes (variables) that can be given a value upon definition or upon evaluation, and predefined function-calls on the authentication server system. The logical expression may contain computations and encryptions in which user defined values and/or properties are combined/encrypted with public keys or other sets of authentication codes.

[0024] For purposes of summarizing the invention and the advantages achieved over the prior art, certain objects and advantages of the invention have been described herein above. Of course, it is to be understood that not necessarily all such objects or advantages may be achieved in accordance with any particular embodiment of the invention. Thus, for example, those skilled in the art will recognize that the invention may be embodied or carried out in a manner that achieves or optimizes one advantage or group of advantages as taught herein without necessarily achieving other objects or advantages as may be taught or suggested herein.

[0025] The above and other aspects of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter. Brief description of the drawings

[0026] The invention will now be described further, by way of example, with reference to the accompanying drawings, in which:

[0027] Fig.l represents an overview of a preferred embodiment of an authentication system according to the invention.

[0028] Fig.2 represents a preferred embodiment of a set of authentication codes according to the invention.

[0029] Fig.3 represents an example of a procedure according to the invention for creating the first authentication codes for a user.

[0030] Fig.4 shows an example of a procedure according to the invention for changing attributes of the authentication codes and/or defining actions for the authentication codes.

[0031] Fig.5 represents an example of a procedure according to the invention of creating/assigning an entity set of authentication codes to a user.

[0032] Fig.6 shows an example of a procedure according to the invention of creating/assigning a temporary Q -code to a user.

[0033] Fig.7 shows an example of a procedure according to the invention of authentication of a second user upon scanning a public key QR-code.

[0034] Fig.8 shows an example of a procedure in which a first user sends an encrypted and signed document to a second user, both users being authenticated according to the invention.

[0035] Figs 9 shows the application of the invention to a first case.

[0036] Figs 10 shows the application of the invention to a second case.

[0037] Figs 11 shows the application of the invention to a third case.

Detailed description of illustrative embodiments

[0038] The present invention will be described with respect to particular embodiments and with reference to certain drawings but the invention is not limited thereto but only by the claims.

[0039] Furthermore, the terms first, second and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequence, either temporally, spatially, in ranking or in any other manner. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.

[0040] It is to be noticed that the term "comprising", used in the claims, should not be interpreted as being restricted to the means listed thereafter; it does not exclude other elements or steps. It is thus to be interpreted as specifying the presence of the stated features, integers, steps or components as referred to, but does not preclude the presence or addition of one or more other features, integers, steps or components, or groups thereof. Thus, the scope of the expression "a device comprising means A and B" should not be limited to devices consisting only of components A and B. It means that with respect to the present invention, the only relevant components of the device are A and B.

[0041] Reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.

[0042] Similarly it should be appreciated that in the description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.

[0043] Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.

[0044] It should be noted that the use of particular terminology when describing certain features or aspects of the invention should not be taken to imply that the terminology is being re- defined herein to be restricted to include any specific characteristics of the features or aspects of the invention with which that terminology is associated.

[0045] In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

[0046] The invention relates to a method and system to provide authentication of an entity by using terminals, preferably mobile terminals. A first person stores irrefutable "event" information about an entity (e.g. an object, human, animal, plant, place, task, service, state, ...) to be queried by a second person, who can then can act upon the retrieved "event result". The first person can be notified when a query is executed by a second person. Parameters which are sent can be e.g. time, location, person, IP-address, device, or other. An example is to make absolutely sure that a police officer calling at a home is indeed a legitimate police officer.

[0047] The invention makes use of containers to represent the keys of a private key - public key pair. The private key can be seen as an ownership certificate, whereas the public key is used for communication with other users. A container is to be construed as a kind of data structure that carries a key. Practical implementations of a container can for example be a Q -code, a RFID tag or a NFC tag, or even a SMS message.

[0048] The invention further uses simple, common (mobile) terminals, e.g. smart phones able to read the data in the container and parse that data to the system, i.e. keys are not used or interpreted by the terminal. "Events" are created by combining several read operations performed on the container data within a predefined time frame. These events can later be executed by reading a tag that will evaluate and if needed execute action defined in the event.

[0049] As used herein, entities can for example be objects, persons, tasks, places, events, transactions or states, or anything else that can be defined and represented by the user. In the system, an entity is defined by one or more alphanumerical strings - to be used as encryption keys, part of the visual representation in the form of tags to handle those keys easily in daily life - and one or more secrets, also alphanumerical strings only known to the user defining the entity. The basic principle is to use private and public keys. This can be e.g. keys of a PKI (public key infrastructure) or some other type of code (e.g. simply an alphanumerical string). When technology for other tag readings becomes more generally available, tags wherein the keys are represented using techniques like e.g. RFID-codes or near-field communication (NFC) will also be available at large scale.

[0050] Services can be one or a combination of services like a notification from an entity or combination of entities, a secure authentication of an entity or combination of entities, an action derived from an entity or combination of entities. Notifications can be defined as sending or displaying a message (e.g. an e-mail, a SMS). Authentications can be defined as making sure the entity is authentic according to the rules the owner of the entity has defined (e.g. the document is authentic from the sender). Actions can be defined as any change in state of a device, object or situation that can be defined in the system and executed via electronic messaging from the system (e.g. SMS, connection to a CPU, relay with IP-address etc ...). Services and actions are selected as predefined Functions of the entity in the system. Attributes (variables) can be created and given a Value, logical Equations can be created using these Attributes and Functions. When an entity is activated - by parsing one of its keys to the system - the defined conditional rules of the Equation are evaluated, depending on the logical result, the defined services or actions for that result are executed.

[0051] Concerning the secrets and the passwords to protect them, the following is to be noted. As already mentioned in the background section it is desirable not to leave any useful data on the smartphone (or other device) used for execution of the transaction. Further the installation of the required software on the device should be avoided.

[0052] An element that makes it more difficult for humans to remember the password (PW) is the PW-length. For an authentication server, however, that is not a limitation. On the one hand the PW must be short and easy enough so that the user can remember it, while on the other hand, the PW must be long enough so that a shoulder surfer cannot easily remember or derive the combination. In order to make an automated attack (via the communication network or via the smartphone (browser)) more difficult, the communication between user and authentication server can be performed graphically, similar to a kind of captcha (an abbreviation of "completely automated public Turing test to tell computers and humans apart"). This complicates automation of the hacking process. For blind or visually impaired people, the "message" can also be conveyed in an auditory way instead of graphically.

[0053] A possible measure against shoulder surfing may consist in not showing the password on the screen, but to replace by asterisks, while only employing one-time passwords. In order to counter a brute-force attack a time limit can be installed : the time should be short enough to ensure a computer cannot guess the password. Moreover, the number of attempts should be limited. Elements to unmask and dissuade an aggressor can include capturing of his position and of the device used as the aggressor undertakes an attempt. Another desirable feature is to give notice to the rightful owner if an attempt (or multiple attempts) has occurred, so that appropriate action (e.g. change of the password) can be taken. One can readily assume the aggressor is well equipped to study the algorithms used and derive therefrom information to search/crack other passwords. This however clearly gets more difficult in case the user can decide on the settings and algorithms. Therefore the present invention follows an approach along these lines.

[0054] An authentication server (AS) is installed in the cloud (B) as a service to which a user/client (C) can log in to create an account (D). How to create the account or give access to the account is not described here in detail, any technique known in the art can be applied. When creating an account the user has to make a choice about the password or PIN (PW) as a set of numbers, letters, (read) characters or any combination thereof. The user can be guided to the number and type of characters in combination with the safety level of the PW itself. Strong passwords difficult to guess are obviously preferred and for their use the client determines the level of safety he wants (e.g. if the maximum transaction amount is only 2 euro a simple PW may suffice).

[0055] In addition, the authentication server (AS) is equipped with a number of schemes (S) to encrypt the PW using a "secret algorithm". This encryption aims to hide/mask/encrypt the real password PW when entering it on the (mobile) user device or when forwarding it over unsecured networks to the authentication server. The encryption algorithm turns the password PW into a onetime password. Instead of the real password, the user enters an encrypted version of the real password, said encrypted version being obtained by applying a encryption algorithm (or even several) that was previously agreed upon with the authentication server. It therefore increases the safety of the selected PW and makes it more difficult for outsiders, eavesdroppers or blackmailers to trace the correct PW. Both the PW and the schedule(s) are assumed to be known only by the authentication server and the client C.

[0056] These encryption schedules (SI, S2, S3, ... , Sx) realize a masking of the real password.

This can be done, for example, by adding supplementary characters in the password string, by replacing characters from the string PW by other characters according to one or more rules predefined by the user (after having agreed upon these rules with the authentication server), by permutation of the password string the user has chosen or by having the user carry out certain algorithms before composing the PW string. Hence, the user (C) selects a scheme to be taken into account when entering the PW. The authentication server is adapted to carry out the reverse operation on the received string (i.e. the encrypted version of the password) so as to compare it with the 'real' PW (or a hash of the password).

[0057] As a help the user could opt for exchanging information related to the selected rules to encrypt the real password with the authentication server by means of graphical elements (cf. captcha). For example, if the first password entered is incorrect, this may serve as fallback method to inform user C what to do. As the instructions (although in pixel format) are redirected, the latter approach is slightly less safe, but it may enhance the user experience.

[0058] The user can also determine in advance what actions the authentication server should undertake in case repeatedly a same password or a wrong password is offered. This may range from a non-authentication during a certain time frame (e.g. 1 minute ... or 1 day) until a permanent non- authentication until a reset occurs. Also, the user (C) can pass instructions to be carried out by the authentication server (AS) by adding previously agreed characters to the PW string, e.g. a code to warn, to alert, to block or unblock, ....

[0059] The way the invention is used comprises the consecutive reading, within a defined time frame, of one or more tags and entering one or more secrets on the communication device, to activate or to define the service depending on which type of key is read first. Two preferred embodiments are :

1) when a private key is read first, the corresponding password is asked for. When the password checks to be correct, the entity can be (re)defined, so properties, attributes, services, actions, variables and/or equations can be changed.

2) when a public key or a temporary key is read first, then a consecutive read of another tag can be required to evaluate the triggering of the defined action or to activate a temporary key.

[0060] The nature of tags in general is that the name of the service provider (a URL including a domain name) and one of the keys (private, public, temporary) is included in the tag, optional parameters (delimited by e.g. "/") can also passed on when the information is submitted to the string encoded in the tag. Some of that information is used to identify parameters like IP-address, session id, time/date, by them evaluating if the consecutive scans come from the same communication device. Besides the evaluation and possible execution of the predefined actions and services, the user can be notified on the communication device and the owner/creator of the tag can be notified as well upon execution.

[0061] The security schemes used to populate the public and private keys are in one embodiment keys according to a public key infrastructure or PKI. In other embodiments keys can be any secret code that is represented by a string of alphanumerical characters. Secrets can be simple alphanumerical passwords entered on the communication device or generated and entered by any other means like smartcards, keys or other devices. As set out above, the entered secret is obtained by applying to the real password an encryption schedule that was agreed upon between the user and the authentication server, hence, what is entered is actually an encrypted version of the password. In case QR codes are used as container, QR-PKI-tags can be applied, which are basically a subset of QR- tags in general and comprised of a service URL (e.g. https://qr-pki.com or https://qrpki.com, but also their http counterpart), a delimiter (e.g. "I"), the key in alphanumerical form and possibly some extra delimiters and extra parameters can be mixed in the QR-PKI-tag.

[0062] Communication devices used according to the invention can in an advantageous embodiment be mobile terminals such as smartphones, laptops with wireless connectivity and the like, but also any other communication device connected in some way to the Internet, equipped with a reading device for the used container, like e.g. a camera, able to decode QR-tags and send the result to a browser, will qualify (e.g. an Internet connected PC with webcam, a smart phone, a GSM capable of connecting to the Internet and equipped with a camera, a tablet PC with built-in camera and Internet connection, ...). The communication device itself is interchangeable as it does not contain any secrets, codes or other information/data related to the system or method. The communication device is just used by the owner of the device for reading and decoding tags, to communicate bidirectionally between the owner/holder of the communication device and the said service for that particular entity. When images of tags are sent to the communication device's display, this display can be read by yet another communication device, interpreting the tag, thus passing information from one device to the other device without being directly in connection with each other. That way, a sequence of Events can be triggered between multiple participants using communication devices passing on information via QR-tags by using display and camera of the communication devices.

[0063] By entering/reading/scanning one or more predefined tags (e.g. QR-tags) and associated secrets within a (pre)defined time frame on the same communication device, the associated predefined service(s) is/are performed. The result is shown on the display of the used communication device, informing the owner, or querying the device owner to enter more input (e.g. by scanning yet another QR-tag, by entering passwords, by entering other data).

[0064] The proposed method and system is a practical solution to use codes and keys on (mobile) communications devices, it is a simple way to evaluate and execute secure services while mobile, without storing secrets on the used communication device.

[0065] In the embodiment shown in Fig. 1, wherein QR-codes are employed as containers, the keys are PKI keys. The "QR-PKI" system comprises a Certification Authority (CA) to generate the PKI-key-pairs, a Registration Authority (RA) to register PKI-key-pairs, a Validation Authority (VA) to validate PKI-keys and a new QR-PKI service (10) to transform PKI keys into QR-codes and keep track of additional data (e.g. attributes, passwords, actions, ...). Depending on the setup, the CA, RA, VA and the QR-PKI service can be one or multiple entities, called Trusted Third Parties (= TTP). A TTP can perform services and functions, some examples of which are the following :

• Create QR-PKI sets : PKI-key-pairs + passwords + attributes (see Fig. 3)

· Convert PKI-keys into QR-codes and vice-versa

• Create events by (reading) one QR-PKI key or linking two or more QR-PKI keys together

• Update, compare, certify and keep a database of QR-PKI sets

• Combine QR-PKI sets in a logical way (expert system)

• Evaluate equations built with Attributes and Values • Give out a "confirmed" or "negative" report upon challenging

• Communicate with mobile terminals via the Internet

• Log all transactions and send e-mails with status updates

• "Charge" a small amount of money for the QR-PKI service from an account that has been set up

The CA, RA, VA and QR-PKI together form an 'authentication server system' according to the invention, which means that the CA, RA, VA and QR-PKI can be implemented on one and the same server or on two or more separate servers. In the preferred embodiment, the QR-PKI is implemented on a separate server, so that use can be made of any existing PKI in combination with the QR-PKI server 10.

[0066] A person who for example has/owns an Entity (object) to tag, creates/receives a QR-

PKI-key-pair and password for that Entity (see Fig. 5), registers the QR-PKI-key-pair and password for that Entity and attaches the public QR-PKI key of the pair to that Entity. A second person can then take an action on the Entity by reading (scanning) the public QR-PKI key (see Fig.7), possibly authenticating himself with the private part of his own QR-PKI-key-pair and password. Optionally other persons can also join in; they all have their own QR-PKI-key-pairs and passwords.

[0067] The keys are combined with a service-URL to form strings of characters which are translated into QR-codes. The process of converting keys to QR-keys can be done at a service provider, the process can be reversed by the same service provider. More in particular, the QR-key can comprise a Service-URL (typically the URL of the service provider), all subsequent information separated with a delimiter like "/", an identifier, one or more keys (e.g. PKI-Keys or temporary keys), and additional info such as parameters.

[0068] The combination of a private key QR-code, a matching public key QR-code and one or more passwords is herein called a set of authentication codes. Fig. 2 shows a preferred embodiment of such a set of authentication codes. The set comprises at least one password 3, a private key QR- code 4 and a matching public key QR-code 5. The private key QR-code 4 is a QR-code generated from a first string 1 comprising the domain name of the authentication server 10, an identifier for efficiency purposes, a private key and possibly some parameters. The public key QR-code 5 is a QR-code generated from a second string 2 comprising the same domain name of the QR authentication server 10, an identifier for efficiency purposes, the matching public key and possibly some parameters.

[0069] The QR-PKI service can be used as some examples that follow to define actions, using a common smart phone:

1) Scan a private QR-PKI key as first scan and enter the password = settings up definitions on an entity Change/Add password(s)

Change/Add attribute(s) which can be given a value

Request new sets of PKI-QR-tags to stick on entities (object, documents, containers, ...) Entities are then owned by the first user.

Request temporary PKI-QR-tag (Fig. 6)

Subsequent scan a public QR-PKI key of another entity and link this with the current entity Depending on the service: add money to your account

Encrypt/decrypt something

Change ownership

2) Scan a public (or temporary) QR-PKI key as first scan = ask certification, retrieve info, ...: A public key scan is to inquire about an entity, ... or to act upon an event defined by the owner of the corresponding private QR-PKI key (first person)

When a temporary PKI-QR key is scanned for the first time, it is activated

A subsequent scan of the (in the event defined corresponding) private QR-PKI-key to identify that you are the second person qualified to handle or see the information

Subsequent enter the QR-PKI-PWord to certify that the second person is who he claims to be. Encrypt/decrypt/verify/authenticate something For security reasons, it can be imposed that subsequent scans or entering passwords should be done within : 1) a time frame of e.g. 60 seconds, 2) be executed with the same communication device and 3) that the user should not change networks or restart his communication device between subsequent readings.

[0070] A first possible application which makes use of the authentication system described above is sending of an encrypted e-Letter, which will be described with reference to Fig. 8. The following steps occur:

Setup

• A wants to send an e-Letter to receiver B

• A and B have QR-PKI-tag-sets via a QR-PKI service (see Fig. 3)

· A has a private A-PR-QR-PKI and public A-PU-QR-PKI

B has a private B-PR-QR-PKI and public B-PU-QR-PKI

A has a QR-Temp as a QR-tag/URL (see Fig. 6)

Define

• A scans/enters QR-Temp first time to activate • A scans private A-PR-QR-PKI, enters A-Password (A = Authentic)

• A uploads e-Letter and connects it to QR-Temp

A encrypts e-Letter with A-PR-QR-PKI

• A scans the public B-PU-QR-PKI of receiver B

· A encrypts e-Letter again with B-PU-QR-PKI

• A closes the QR-Temp event

A sends QR-Temp to B (mail, post, SMS, ...)

Execute

• B receives QR-Temp from A (mail, post, SMS, ...)

· B scans/enters QR-Temp (= link to e-Letter)

• B scans private B-PR-QR-PKI, enters B-Password (B = Authentic)

B decrypts e-Letter with B-PR-QR-PKI (e-Letter was for B only)

B scans the public A-PU-QR-PKI of A (A = sender)

• B decrypts e-Letter with A-PU-QR-PKI (A = only possible sender)

· B retrieves (the location of) the readable e-Letter

• B can read the e-Letter and is sure that it came from A

Notification

• A is informed that B has received e-Letter

• A is sure that only B can read the e-Letter

While this seems complex at first sight, both persons have in fact only to scan three QR-PKI keys and enter a password to send and receive the encrypted and signed electronic-Letter. In the end, to a high degree of certainty, B knows that the e-Letter can only have been sent by A and A knows that only B can read the e-Letter. If the signing and encrypting is not necessary, the number of scans for the sending party can be reduced to two and reduced to one scan by the receiving party.

[0071] The invention will be further clarified by means of the following exemplary cases. The use of the invention is not limited to those cases, they just serve as examples of how to use the invention. By mixing certain method steps from one case with steps from another case, new cases can be created, all within the scope of the invention. In the various examples QR-codes are used as containers. However, as already mentioned above, QR-codes constitute just one possible implementation. Also RFID tags containing keys can be applied, as well as near-field communication (NFC) tags etc... Further, the public and private keys in the examples are PKI-pairs, although in other examples they could be alphanumeric strings as well. CASE 1 (see Fig. 9(a-c))

[0072] In this case remote access is granted to a facility. The visitor is uniquely defined, the window in time and date of possible access. The owner is notified when the visitor is entering and optionally leaving the facility.

SETUP : A facility owner (Own) wants to grant remote access to a visitor (Vi) at facility (Fac) within a certain time window, using a process according to the invention via a Trusted Third Party (TTP).

DEFINE PERSONS "OWN" AND "VI" : Both Own and Vi are accessing the website of TTP (e.g. https://qr-pki.com) and both registering themselves, creating a set of QR-PKI tags (a private QR-PKI- tag and a public QR-PKI-tag) and associated passwords (keys and QRtags can be copy/pasted from the browser or sent via e-mail). Depending on the TTP, at least the e-mail address has to be defined and checked (by e-mail confirmation), more information can be entered by means of attributes being defined and values entered (e.g. extra passwords, extra e-mail addresses).

Person Own now has a private QRtag "Own-PR-QR-PKI", a public QRtag "Own-PU-QR-PKI" and a secret master password "Own-PW". Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically). Person Vi now has a private QRtag "Vi-PR-QR-PKI", a public QRtag "Vi-PU-QR-PKI" and a secret master password "Vi-PW". Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically).

Person Own requests a new QRtag for the facility "Fac". Person Own logs in at the TTP using his Own- PR-QR-PKI and certifying with his Own-PW. Own requests a new QRtag for an object, thus creating a private QRtag "Fac-PR-QR-PKI", a public QRtag "Fac-PU-QR-PKI" and a secret master password "Fac- PW". Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically). The TTP has now registered that Own owns an entity Fac.

REQUEST access : if person Own wants to grant access to person Vi or Vi asks permission to enter facility Fac, Own retrieves the public QRtag of person Vi (Vi-PU-QR-PKI). If appropriate, time, date, duration of access can be negotiated and agreed upon.

DEFINE the event : access to the facility Fac by Vi. Own scans or sends the Fac-PR-QR-PKI of the facility to the TTP, identifying Own as owner. To prove this, Own is requested to enter the Fac-PW. Own can now define parameters, attributes, variables and set certain values (e.g. the code for the door at facility to open it, the time zones between which access is possible, the way to notify the owner on access, the way to notify the visitor on access). To identify the Vi, the QRtag Vi-PU-QR-PKI is sent or scanned. All consecutive scans, entries should be performed within a defined time frame and from the same said communication device. From all information, the event is created in the database and a random session key (SK) is generated and stored. That secret key is then encrypted by the Vi-PU-QR- PKI and stored (ESK). Depending on the functionality, that encrypted secret key ESK, is encrypted again by the key Fac-PR-QR-PKI and stored (CESK). The Own now places the Fac-PU-QR-PKI at the door of the facility. Depending on the functionality, that Fac-PU-QR-PKI can be fixed (e.g. printed on paper), or can be displayed on a screen on request of the visitor (when the doorbell is activated). In the latter case, the Fac-PU-QR-PKI can be extended with extra info (D) (e.g. a string with reference to the date and time, a secret). That extra info D can change at any moment, this prevents that the Fac- PU-QR-PKI is copied and scanned not at the entrance of the facility. The Fac owner can activate a "timed code function" - a service from the TTP - which sends regularly extended forms of the Fac-PU- QR-PKI, that is a QRtag with the service URL of the TTP, the public key and the extra parameter D containing which is related to a date and time of its creating.

EXECUTE the event, i.e. grant or deny access to facility. For the ease of use, mobile communication devices are being used. Vi is approaching the facility and scans the Fac-PU-QR-PKI (or extended Fac- PU-QR-PKI with the secret D included) at the entrance of the facility. When within the defined time zones, Vi is requested to read the Vi-PR-QR-PKI and enters the password Vi-PW, all within the defined time frame and on the same mobile device to be valid. If the entered password matches the Vi-PR- QR-PKI, the defined event is executed. If the extra info D is present in the scanned Fac-PU-QR-PKI, it is checked against the data stored. When both match, the content of CESK is decrypted with Fac-PU-QR- PKI and then decrypted again with Vi-PR-QR-PKI, as an alternative the content of ESK can be decrypted with Vi-PR-QR-PKI. If the results matches the secret key SK, the event is positive, the defined action(s) is/are executed (e.g. send the code to open the door). Optionally, the Vi scan repeats a similar procedure to exit. When Vi is trying the same procedure outside the defined times zones, the result will be negative, in this case the door will not open. If needed, a similar procedure can be setup when visitor leaves the facility.

NOTIFY : Depending on the setup, the owner, the visitor, a third party can be informed via e-mail, SMS (depending on what is defined in the Setup) stating the access or the denial of the access to the facility, including information on the visitor. All reasons for not terminating an event can be notified depending on the setup of the event.

USAGE : This typical setup of the QR-PKI system and method assures that - by using easy-to-produce QRtag - a great flexibility and security is obtained, the reading equipment being a said communication device or normal smartphone. This example can be extended not only to open doors, but to switch on or off anything that can be remotely controlled by commands sent via a computer. It can be used to monitor the inspection rounds of security agents and automatically report back every QRtag scan to the agency. Meanwhile the system creates a log of inspection points thus assuring that the agent is really on the spot. Those logs can be read by an expert system and used to alert when irregularities occur. The building owner whose building is being inspected can have logs of those inspection rounds e.g. for billing purposes. To make sure that "smart" agents don't just photograph the QRtag and use it the day after, the building owner can - at any moment - add extra info/parameters to the QRtag, info that is sent to the building owner to verify that inspection rounds really took place on the spot. Since a bidirectional communication is setup between the visitor/agent scanning the QRtag at certain points, it is simple to send that person an instruction video/audio fragment. Since the visitor/agent is known, the place, date and time of day in know, the information sent can be adapted to the specific needs (e.g. correct language, video/info with up to instructions, ...) without the need of notifying or instructing the visitor/agent first.

CASE 2 (see Fig. 10(a-b))

[0073] This case is concerned with locating and identifying (lost) objects and persons, or with having to send crucial information to such persons. Every object tagged with QR-PKI tags can be retrieved by an innocent bystander who happens to find the object or comes across a(n elderly) person having lost his way, or arriving at an accident location trying to identify or retrieve (emergency medical) information about that person.

SETUP : The owner (Own) of an object (or person responsible for another person) wants to locate the lost object or person, using a process according to the invention via a Trusted Third Party (TTP).

DEFINE THE OWNER : The owner has accessed the website of TTP (e.g. https://qr-pki.com) and has registered, creating a set of QR-PKI tags (a private QR-PKI-tag and a public QR-PKI-tag) and associated passwords (keys and QRtags can be copy/pasted from the browser or sent via e-mail). Depending on the TTP, at least the e-mail address has to be defined and checked (by e-mail confirmation), more information can be entered by means of attributes being defined and values entered (e.g. extra passwords, extra e-mail addresses).

Person Own now has a private QRtag "Own-PR-QR-PKI", a public QRtag "Own-PU-QR-PKI" and a secret master password "Own-PW". Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically). DEFINE THE OBJECT : Person Own requests a new QRtag for objects or persons to be marked. Person Own logs in at the TTP using his Own-PR-QR-PKI and certifying with his Own-PW. Own requests a new QRtag for an object, thus creating a private QRtag "Obj-PR-QR-PKI", a public "QRtag Obj-PU-QR-PKI" and a secret master password "Obj-PW". To prove authenticity, the owner enters an alphanumerical value A in the field "Authenticate string" for that object (e.g. WD6G 3US9 Q90D HT8X). Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically). The alphanumerical value A is printed in clear text under the QRtag image of the public QRtag Obj-PU-QR-PKI. When the Own scans the Obj- PR-QR-PKI and enters the Obj-PW, he defines what information is returned when the Obj-PU-QR-PKI is scanned under normal conditions (e.g. the value A, a general information video on the object, general information on what to do) and if he wants to be notified of every scan made. The TTP has now registered that Own owns an object Obj. Own puts the tag visible on the object or puts in on the clothing of the person, visible to others.

RETRIEVE : When the owner finds out the Obj is lost, he changes the parameters of the Obj by scanning the Obj-PR-QR-PKI key of the object and entering the correct password Obj-PW. Any innocent bystander (IB) scanning the Obj-PU-QR-PKI tag now, will see information on how to return the object to the Own or is asked to enter details of its location. Even an SMS can be sent to the Own if that is defined in the actions to be taking on scanning Obj-PU-QR-PKI from now on. IB can see that the tag is genuine because he is returned the alphanumerical value A printed under the QRtag. In this case, the IB does not need to have an account with the TTP.

USAGE : in this case, the QRtag is just used to activate an event created in the system, it does not use the method of 2 consecutive QRtag scanned within a limited time window. But the schema can be extended at any moment, making it mandatory to read a second - personal private QRtag - in order to activate the event. In this case, however, it might not be the desired effect, since, when an object is lost, it doesn't matter if the finder has a valid private QRtag or not and any said communication device should work.

CASE 3 (see Fig ll(a-b))

[0074] Authenticity is certified. Nowadays, many goods and objects are made in countries which do not make genuine products but counterfeits of existing products. This case demonstrates the use of QR-tags in the fight against counterfeit and to turn every citizen in a possible "snitch" for counterfeit products. As a side product, the original equipment manufacturer can set up "a relation" with anyone along the way between manufacturer and end-user of the product.

SETUP : A manufacturer wants to authenticate and trace its product, goods and packages using a process according to the invention via a Trusted Third Party (TTP). The authentication can be done in a quick way (one scan, create a trace, find duplicates) or in a complete way (double scan, to certify that the product is genuine).

DEFINE THE MANUFACTURER/PRODUCER : The manufacturer, producer (Prod) has accessed the website of TTP (e.g. https://qr-pki.com) and has registered, creating a set of QR-PKI tags (a private QR-PKI-tag and a public QR-PKI-tag) and associated passwords (keys and QRtags can be copy/pasted from the browser or sent via e-mail). Depending on the TTP, at least the e-mail address has to be defined and checked (by e-mail confirmation), more information can be entered by means of attributes being defined and values entered (e.g. special timed codes and the interval at which to send that information to Prod, additional information).

Producer now has a private QRtag "Prod-PR-QR-PKI", a public QRtag "Prod-PU-QR-PKI" and a secret master password "Prod-PW". Both QRtags are represented by an image (which can be read by said communication devices) and by an alphanumerical string (which can be sent electronically). Producer can publish the Prod-PU-QR-PKI, added with an extra periodically changing information only Producer knows and can therefore know when (a copy of) Prod-PU-QR-PKI is scanned and check against own notifications that are sent according to setup in the event when Prod-PU-QR-PKI is scanned.

DEFINE THE GOODS, PACKAGES : Producer Prod requests new sets of QR-PKI-tags for each good (Good) and for each package (Pack) to be marked, traced or proven its authenticity. Producer Prod logs in at the TTP using his Prod-PR-QR-PKI and certifying with his Prod-PW. Prod requests new sets of QR-PKI-tags for each Good and for each container of goods called Pack (e.g. by submitting a spreadsheet containing the details for the QR-PKI-tags to be created). Each QR-PKI-tag record has at least following Attributes created : 1) the public part of the QR-PKI-tag for each Good or Pack, (further called A), which is a reference to the product defined. 2) A random alphanumerical code string (further called B) in an easy readable form (e.g. "WD6G 3US9 Q90D HT8X"), which will be printed in clear text underneath the QR-Tag image. 3) A random, unique, secret code, including a reference to the date and time (further called T), 4) the private part of the QR-PKI-tag and 5) additional information like serial number, model, make, ... Thus one creates QR-PKI-tags called Good-PR-QR-PKI and Good-PU-QR-PKI with no password for goods, Pack-PR-QR-PKI and Pack-PU-QR-PKI with no password for packages. The fact that no password is provided, means that the information is not changeable once the events records are created. For both types of QR-PKI-tags, the private part is not represented by an image, but only as an alphanumerical string as it will not be available for scanning. For both types of QR-PKI-tags, the public part is represented by an image (which can be read by said communication devices) and by an alphanumerical string, both containing the service URL, an identifier (further called i), the value A (= public key of the QR-PKI-tag), an encrypted version of T (T encrypted with Prod-PR-QR-PKI next encrypted with A, further called U) (e.g. qrpki.com/i/A/U). The alphanumerical value B is printed in clear text under the QR-PKI-tags. Depending on the configuration, other information can be printed in clear text as well (e.g. serial number). The Prod attaches these Good-PU-QR-PKI and Pack-PU-QR-PKI to the correct goods and packages. The Prod defines on creation of the QR-PKI-tags what information is returned when a Good-PU-QR-PKI or Pack-PU-QR-PKI is scanned (e.g. information, the string B, a handling video, ...).

AUTHENTICATE/TRACE : when Good-PU-QR-PKI or Pack-PU-QR-PKI QRtags are scanned, the events are logged for later reference or data mining by Prod. As date, time and whereabouts (IP-address) are logged, Prod has an overview of where which products or goods are. On each scan of Good-PU-QR- PKI or Pack-PU-QR-PKI, A in the QR-PKI-tag is used to look up the record and the random code string B is returned to the mobile device of the person scanning the QR-PKI-tag. This is a first check to visually control if the product/good is possibly authentic. If the returned string B matches the printed string under the QR-PKI-tag, there is a good chance the product/good is authentic, possibly the scanned QR- PKI-tag is authentic, but still it can be an exact copy of an existing QR-PKI-tag, or clever people may have created an own "look-alike" tag with another service provider to cheat the user when returning the correct printed B value. If the same Good-PU-QR-PKI or Pack-PU-QR-PKI QRtags keeps popping up at different times and different locations (derived from the IP-address), then a counterfeit organization may have been duplicating that products and also the (same) QRtag. This is a first - one way - easy manner to start authenticating and tracking. This will not stop counterfeit companies from producing exact copies, but if several copied QRtags appear, it is clear that counterfeit is a fact and authorities can be sent to look for these product, starting from the first scan of that particular QRtag (and IP address).

For a more thorough check, the procedure above described can be extended. After scanning the Good-PU-QR-PKI or Pack-PU-QR-PKI, the person is asked to consecutively and within a defined time frame scan the published (extended) Prod-PU-QR-PKI on the corporate web site. From the (extended) Prod-PU-QR-PKI scan, the U part in the Good-PU-QR-PKI or Pack-PU-QR-PKI QRtag is decrypted with private key which can be retrieved when looking for the record which is identified in the A part of the QRtag. Next, the result is decrypted with the Prod-PU-QR-PKI key and the result is checked against T. If both match the QRtag, the product is definitely genuine and data is checked against the database of the Producer, with an up to date version when the extended version of Prod-PU-QR-PKI is used. If in the past there were no copies detected (multiple scan of the same Good-PU-QR-PKI or Pack-PU-QR- PKI QRtag), then it is reasonable to assume that no counterfeit products are equipped with Good-PU- QR-PKI or Pack-PU-QR-PKI QRtag.

USAGE : Through the whole chain of transport from factory to retail to end-user, scans can produce the trail of the products giving Producer insight in where the products are used, and if needed the Producer can interact with the persons scanning the tags or can send useful information like manuals, handling instructions or additional (brand) information. When incentives are involved to encourage end-users to scan the Good-PU-QR-PKI QRtags, that information can be used for life cycle management and even end-of-life processing and recycling. Meanwhile the Producer can track the whereabouts of its products, where possible counterfeits are and keep in touch with the end-user.

CASE 4

[0075] As explained in Wikipedia, in marketing a coupon is a ticket or document that can be exchanged for a financial discount or rebate when purchasing a product. Customarily, coupons are issued by manufacturers of consumer packaged goods or by retailers, to be used in retail stores as a part of sales promotions. They are often widely distributed through mail, coupon envelopes, magazines, newspapers, the Internet, directly from the retailer, and mobile devices such as cell phones.

This case describes the handling of electronic coupons or e-coupons through (mobile) terminals, i.e. virtual teleporting e-coupons via terminals between the issuer and the consumer. Coupons, created by the manufacturer or issuer, are distributed by the issuer or by a middle man, and transferred to the consumer. The consumer can redeem the coupon later to get the discount, rebate, service or product. This case combines methods described previously to constitute the handling of said e- coupons.

[0076] In the description below the issuer or manufacturer is called 'Iss' the distributer or merchant is further called 'Dis', the consumer receiving the coupon and redeeming it later is further called 'Con', the e-coupon or e-coupons themselves are further called 'E-c'.

Coupons themselves exist in four types (depending on the usage), the E-c handles accordingly:

1. One coupon for everyone, ownership is not transferred when the coupon is taken

o E-c can be "easily" copied, duplicated amongst friends = copy of original

o equals a paper leaflet or flyer, but in electronic version

o one friend can give to another the SAME E-c

o ex. a leaflet for a party, who has a copy on the mobile can enter with 10% off

2. Each coupon is unique, but ownership is not transferred when the coupon is taken o E-c can be copied, can be given to a friend, but it is NOT a duplicate

o equals a paper leaflet with something unique ex. number, barcode, ...

o one friend can give to another the NEXT coupon

o no problem when exact duplication occurs, they link anyway each time to a DIFFERENT number of E-c.

o ex. a limited number of leaflets for a party with limited places

3. One coupon for everyone, ownership is transferred when the coupon is taken

o E-c once transferred, is locked in with receiver, redeeming only by receiver o equals you subscribing to an offer from a magazine

o If one friend sends the original (ex. photo, URL) or the received E-c to another friend, that friend has to subscribe too.

o ex. an entry ticket for a park, identity is checked against when entering

4. Each coupon is unique, ownership is transferred when the coupon is taken

o E-c once transferred, is locked with receiver, redeeming only by receiver

o equals you buy a cinema ticket on-line, limited distribution as places are unique

o if one friend sends the original (ex. photo, URL) or the received E-c to another friend, that friend has to subscribe/pay too

o ex. an entry ticket to a movie or theatre with limited number of places

SETUP : Both Iss and Dis use Fig. 3 to create their own QRtags, and optionally configure their QRtags using Fig. 4, so that both have an online ID and can use this in their electronic communication via terminals to identify themselves irreversibly in the online world. To create the 'E-c', Iss is using Fig. 5 to create a desired number full QRtags that represent the 'E-c' and change the behaviour / properties of the 'E-c' using Fig. 4, or (alternative) uses Fig. 6 to create a desired number temporally QRtags with defined properties and behaviour that represent the 'E-c'. The difference between full and temporally 'E-c' is that the properties and behaviour of a full 'E-c' can be adjusted later, while with temporally Έ- c' said properties and behaviour are fixed on creation of the QRtags. For commercial reasons, the domain name part of the first string (1) and the second string (2), or the domain name in the temporally string, can be any domain name that can be forwarded to the authentication server system (10), licensed and capable of handling QRPKI tags (ex. QRPKI.COM). 'Iss' can now send a desired number of 'E-c' to a 'Dis' whereby the ownership of the 'E-c' is transferred to the receiver as part of the logical expressions executed when "true", or whereby a container is transferred or whereby an eWallet contains a set of 'E-c' and the action "payment" is replaced by an action that transfers ownership of the said set of 'E-c' to the 'Dis'.

DISTRIBUTION : The 'Dis' now has a number of 'E-c' at his disposal to distribute to 'Con'. 'Dis' now can create a new QRtag (see Fig. 5) in which actions are defined so that a 'E-c' (amongst other info) are issued and transferred when the public part of this new QRtag is scanned by a 'Con', 'Dis' can now use any way he sees fit to distribute the 'E-c', via printed media, flyers, stickers, billboards, TV-ads, web sites, ... in which he will display the public part of the new QRtag. The consumers/people reading/scanning the 'E-c' can be divided into three categories. The first category concerns consumers that do not have an own QRtag and do not want to create one now, that category of people can accept 'E-c' of type 1 and 2 (ownership not transferred) directly, or they can store the embedded link, copy the image of the Q tag and perform the acceptance later (if the actions defined behind the coupon-QRtag will allow this). A second category of people do not have own QRtags at the moment they are reading the coupon-QRtag, but are willing to create one electronic ID on the spot, that category of people can accept all types of 'E-c', but the 'E-c' that require transfer of ownership will remains unusable until they have performed the activation step in Fig. 3. The third category of people already having an online ID in the form of an own QRtag according to Fig. 3, can accept all types 'E-c'.

REDEEM AN E-COUPON : When a consumer accepts a 'E-c', this 'E-c' is attached to (the online representation of) that 'Con', depending on the type of 'E-c', ownership is transferred (types 3 and 4) or not (type 1 and 2). Redeeming the 'E-c' is the process in which the 'Con' presents the 'E-c' to a "certified or authorized assistant" of the 'Iss', who can exchange the 'E-c' for the promoted value, only then the 'E-c' is redeemed. After redeeming, the 'E-c' role is changed (actions to be performed when the QRtags are read), it can link to e.g. a promotion video or give out details for next products. [0077] While the invention has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive. The foregoing description details certain embodiments of the invention. It will be appreciated, however, that no matter how detailed the foregoing appears in text, the invention may be practiced in many ways. The invention is not limited to the disclosed embodiments.

[0078] Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single processor or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. A computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.

Claims

1. Method for authenticating an entity, comprising the steps of:

- providing first (A) and second (B) users with sets of authentication codes (3,4,5), each set comprising at least one secret (3), said at least one secret comprising a predefined encryption rule, a private key container (4) and a matching public key container (5), the private and public key containers being generated from respectively a first string (1) comprising a domain name of an authentication server system (10) and a private key and a second string (2) comprising the same domain name and a matching public key, said first (A) and second (B) users equipped with a terminal (101,102) arranged for reading said private and public key containers and/or for entering said first (1) and second (2) strings onto the Internet,

- receiving on the authentication server system (10) one of the first strings (1) as a result of a first user (A) reading the respective private key container (4) by means of said terminal (101), and performing the following action definition procedure:

a) requesting the first user to enter a secret (3) taking into account said predefined encryption rule,

b) receiving the secret entered by the first user on the authentication server system, c) applying a decryption operation on the received secret corresponding to said predefined encryption rule,

d) checking if the decrypted secret (3) and the received first string (1) belong to the same set of authentication codes (3,4,5) and if the decrypted secret and the received first string meet predefined constraints,

e) if the check returns a positive result, requesting the first user to define a set of actions which are to be performed upon receipt of the second string (2) belonging to the same set of authentication codes on the authentication server system (10).

2. Method according to claim 1, comprising a step of the authentication server system sending information related to said predefined encryption rule to said first user.

3. Method according to claim 1 or 2, wherein said decrypted secret also comprises instructions to be carried out by said authentication server system.

4. Method according to any of claims 1 to 3, wherein the predefined constraints comprise at least one of the following: a predefined time-frame within which the received first string (1) and the received secret (3) must have been received; that the received first string and the received secret were received from the same terminal (101); that the received first string and the received secret were sent from a same IP address; that the received first string and the received secret were entered during a same browser session.

5. Method according to any of the previous claims, wherein at least one of the first and second strings, from which the private and public key containers are generated, further comprises at least one parameter and/or identifier.

6. Method according to any of the previous claims, wherein each set of authentication codes comprises additional user-definable secrets, wherein the action definition procedure comprises the step of associating a predefined procedure to each of the additional user-definable secrets, and wherein the method further comprises the steps of: receiving one of the additional user-definable secrets on the authentication server system (10) and performing the associated predefined procedure.

7. Method according to any of the previous claims, wherein step d comprises the further steps of creating a temporary key in the form of a container for the first user, said temporary key having a predetermined validity term, and defining a set of actions which are to be performed upon receipt of the temporary key on the authentication server system (10).

8. Method according to any of the previous claims, wherein step d comprises the further steps of assigning an entity set of authentication codes to the first user, said entity set being one of said sets of authentication codes of which the public key container is provided for attachment to, association with or virtual representation of an entity of the first user.

9. Method according to any of the previous claims, wherein the definition of the set of actions in step d comprises the steps of: requesting the first user to define a set of logical expressions with conditions to be evaluated upon the receipt of the second string (2) on the authentication server system (10), and to define a first set of actions to be performed for each user-definable secret if the evaluation of the logical expression returns "true" and a second set of actions to be performed for each user-definable secret if the evaluation of the logical expression returns "false".

10. Method according to claim 9, wherein the method further comprises the step of receiving on the authentication server system (10) one of the second strings (2) as a result of a second user reading the respective public key container (5) by means of a further terminal (102) arranged for reading said private and public key containers and/or for entering said one second (2) string onto the Internet, and performing the following activation procedure:

a') retrieving the set of logical expressions and actions which has been defined for the received second string (2), and

b') evaluating the set of logical expressions and performing for each expression the first set of actions or the second set of actions depending on the result of the evaluation being "true" or "false".

11. Method according to claim 9, wherein the method further comprises the step of receiving on the authentication server system (10) one of the second strings (2) as a result of a second user reading the respective public key container (5) by means of a further terminal (102) arranged for reading said private and public key containers and/or for entering said one second (2) string onto the Internet, and performing the following authentication and activation procedure:

a') requesting the second user to read the private key container and enter a secret of the set of authentication codes which has been associated with set of authentication codes (3,4,5),

b') receiving the respective first string (1), as a result of the second user reading the requested private key container, and the secret (3) which the second user has entered, on the authentication server system (10),

c') checking if the received secret (3) and the received first string (1) of the second user belong to the same set of authentication codes (3,4,5), and if the received secret and the received first string meet predefined constraints,

d') depending on the result, retrieving the set of logical expressions and actions which have been defined for the received private key container (4) or the received first string (1)„ and

e') evaluating the set of logical expressions and performing for each expression the first set of actions or the second set of actions depending on the result of the evaluation.

12. Method according to any of the previous claims, wherein said container is a Q -code, a RFID tag, a NFC tag or a SMS or MMS message.

13. A program executable on a programmable device containing instructions, which, when executed, perform the method as in any of the previous claims.

14. System for authenticating an entity, comprising an authentication server system (10) provided with

- means for providing first (A) and second (B) users with sets of authentication codes (3,4,5), each set comprising at least one secret (3), said at least one secret comprising a predefined encryption rule, a private key container (4) and a matching public key container (5), the private and public key containers generated from respectively a first string (1) comprising a domain name of said authentication server system (10) and a private key and a second string (2) comprising the same domain name and a matching public key, said first (A) and second (B) users equipped with a terminal (101,102) arranged for reading said private and public key containers and/or for entering said first (1) and second (2) strings onto the Internet, - means for receiving one of the first strings (1) as a result of a first user (A) reading the respective private key container (4) by means of said terminal (101), and for performing upon said receipt the following action definition procedure:

a) requesting the first user to enter a secret (3), taking into account said predefined encryption rule,

b) receiving the secret entered by the first user on the authentication server system (10), c) applying a decryption operation on the received secret corresponding to said predefined encryption rule,

15. System according to claim 14, wherein the predefined constraints comprise at least one of the following: a predefined time-frame within which the received first string and the received secret must have been received; that the received first string and the received secret were received from the same terminal (101); that the received first string and the received secret were sent from a same IP address; that the received first string and the received secret were entered during the same browser session.

16. System according to claim 14 or 15, wherein at least one of the first and second strings, from which the private and public key containers are generated, further comprises at least one parameter and/or identifier.

17. System according to any of claims 14 to 16, wherein each set of authentication codes comprises additional user-definable secrets, wherein the action definition procedure comprises the step of associating a predefined procedure to each of the additional user-definable secrets, and wherein authentication server system (10) is further arranged for receiving one of the additional user- definable secrets and performing the associated predefined procedure.

18. System according to any one of the claims 14 to 17, further arranged for creating a temporary key in the form of a container for the first user, said temporary key having a predetermined validity term, and defining a set of actions which are to be performed upon receipt of the temporary key on the authentication server system (10).

19. System according to any of claims 14 to 18, further arranged for assigning an entity set of authentication codes to the first user, said entity set being one of said sets of authentication codes of which the public key container is provided for attachment to, association with or virtual representation of an entity of the first user.

20. System according to any of claims 14 to 19, wherein the definition of the set of actions comprises the steps of: requesting the first user to define a set of logical expressions with conditions to be evaluated upon the receipt of the second string (2) on the authentication server system (10), and to define a first set of actions to be performed for each user-definable secret if the evaluation of the logical expression returns "true" and a second set of actions to be performed for each user-definable secret if the evaluation of the logical expression returns "false".

21. System according to claim 20, wherein the authentication server system is further arranged for receiving one of the second strings (2) as a result of a second user reading the respective public key container (5) by means of a further terminal (102) arranged for reading said private and public key containers and/or for entering said one second (2) string onto the Internet, and performing the following activation procedure:

22. System according to any one of the claims 14 to 21, wherein the authentication server system (10) is further arranged for receiving one of the second strings (2) as a result of a second user scanning the respective public key container (5) by means of a further terminal (102) arranged for reading said private and public key containers and/or for entering said one second (2) string onto the internet, and performing the following authentication and activation procedure :

a') requesting the second user to scan the private key container and enter a secret of the set of authentication codes which has been associated with set of authentication codes

(3, 4, 5);

b') receiving the respective first string (1), as a result of the second user scanning the requested private key container, and the received secret (3) which the second user has entered, on the authentication server system (10),

c') checking if the received secret (3) and the received first string (1) of the second user belong to the same set of authentication codes (3,4,5), and if the received secret and the received secret and the received first string meet predefined constraints,

d') depending on the result, performing the set of logical expressions and actions which have been defined for the received private PKI key of the first string (1), and e') evaluating the set of logical expressions and performing for each expression the first set of actions or the second set of actions depending on the result of the evaluation.

23. Use of the method according to any one of the claims 1 to 12 or the system according to any of claims 14 to 22 for authenticating or securing at least one of the following group of entities: an object, a facility, an electronic payment, an authenticity certificate associated with a product, a shipping container, an encrypted and/or electronically signed correspondence, sensitive data to which access is to be restricted to a limited number of persons, a person, an agent or representative of a company visiting a premises, a customs agent, a police officer, a person with a mandate whereby that mandate needs to be authenticated by a second person, an electronic coupon or voucher.