WO2014063363A1 - Method and system for authenticating computing devices - Google Patents

Method and system for authenticating computing devices Download PDF

Info

Publication number
WO2014063363A1
WO2014063363A1 PCT/CN2012/083606 CN2012083606W WO2014063363A1 WO 2014063363 A1 WO2014063363 A1 WO 2014063363A1 CN 2012083606 W CN2012083606 W CN 2012083606W WO 2014063363 A1 WO2014063363 A1 WO 2014063363A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing device
sound
validation code
server
user
Prior art date
Application number
PCT/CN2012/083606
Other languages
French (fr)
Inventor
Lei Niu
Jishu LV
Baideng TIAN
Qi Luo
Yu Wang
Original Assignee
Baina Innovation (Chengdu) Technology Co., Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baina Innovation (Chengdu) Technology Co., Limited filed Critical Baina Innovation (Chengdu) Technology Co., Limited
Priority to PCT/CN2012/083606 priority Critical patent/WO2014063363A1/en
Publication of WO2014063363A1 publication Critical patent/WO2014063363A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

A method for authenticating computing devices to synchronize data, comprising the steps of associating a first computing device with a validation code, providing a sound to a second computing device as an input, comparing the sound with the validation code; and authenticating said second computing device to said first computing device if said sound matches with said validation code. Systems for authenticating computing devices are also disclosed. The present invention provides an authentication mechanism that does not requires user login process, which reduces the tabor of the user and also greatly increase the user experience.

Description

METHOD AND SYSTEM FOR AUTHENTICATING COMPUTING DEVICES
FIELD OF INVENTION
[0001 ] This invention relates to computer-implemented security mechanisms, and particularly, although not exclusively to a method and system for completing authentication of two or more computing devices for synchronizing data content between the two and more devices.
BACKGROUND OF INVENTION
[0002] Computer and communication technologies continue to advance at a rapid pace with computer and communication technologies being involved in many aspects of a person's day. Computers used by a user may include anything from hand-held computing devices to large multi-processor desktop computer system. Notably, smart phones and tablet computers equipped with miniaturized yet powerful processors and having access to the Internet, are more and more frequently used by user for completing sophisticated tasks that were previously only possible on desktop computers.
[0003] With a number of available personal computing devices, users may find it convenient to use different computing devices for different environments and occasions. For example, a user may use a desktop computer in his study, a tablet generally around the house, a smart phone when he or she goes out of his house, and a notebook for the workplace. During the transition of switching from one computing device to another, users would prefer their user experiences on these different computing devices to be as seamless and uninterrupted as possible. As a result, synchronization of data content between two or more computing devices is a necessary step in facilitating this seamless operation of many demands. However, known mechanisms developed for authenticating between two or more computing devices before synchronization of data, are tedious and time-consuming as well as being unsecure. This situation not only reduces the working efficiency of the user on the computing devices but also leads to deterioration of their use experiences. SUMMARY OF INVENTION
[0004] In the light of the foregoing background, it is an object of the at least one embodiment of the present invention to provide an alternate authenticating method and system for two or more computing devices. [0005] The above object is met by the combination of features of the main claim; the sub-claims disclose further advantageous embodiments of the invention.
[0006] One skilled in the art will derive from the following description other objects of the invention. Therefore, the foregoing statements of object are not exhaustive and serve merely to illustrate some of the many objects of the present invention. [0007] Accordingly, the present invention, in one aspect, is a method for authenticating computing devices to synchronize data, including the steps of associating a first computing device with a validation code; providing a sound to a second computing device as an input; comparing the sound with the validation code; and authenticating the second computing device to the first computing device if the sound matches with the validation code. [0008] In an exemplary embodiment of the present invention, the associating step further contains receiving the validation code on the first computing device from a remote server; the comparing step further comprises sending the sound to a remote server; matching the sound and the validation code on the server; and notifying the first computing device by said server that said second computing device has been authenticated. [0009] In another exemplary embodiment of the present invention, the associating step further includes generating the validation code on the First computing device; the comparing step further includes sending the sound from the second computing device; matching the sound and the validation code on the first computing device; and notifying the second computing device by the first computing device that the second computing device has been authenticated. [0010] Preferably, the step of providing the sound to the second computing device contains inputting the sound to the second computing device via a sound input means configured on the second computing device. [001 1] Preferably, the step of providing the sound to the second computing device further includes recognizing the sound by the second computing device to obtain a text string indicative of the sound, wherein the text string is adapted to be matched with the validation code.
[0012] In another implementation, the comparing step further contains considering relevance of 5 physical locations of said first computing device and said second computing device.
[0013] According to another aspect of the present invention, there is provided a system for authenticating computing devices, which includes a first computing device associated with a validation code; a second computing device adapted to receive a sound as an input; and a server, the server is adapted to communicate with the first computing device via a first communication i o network, and to communicate with the second computing device via a second communication network; wherein the server is adapted to receive the sound from the second computing device and compare the sound with the validation code; the second computing device authenticated to the first computing device if the server determines that the sound matches with the validation code.
15 [0014] According to a further aspect of the present invention, there is provided a system for authenticating computing devices, including a first computing device associated with a validation code; and a second computing device adapted to receive a sound as an input; wherein the first computing device is adapted to receive the sound from the second computing device and compare the sound with the validation code; the second computing device authenticated to the first
20 computing device if the first computing device determines that the sound matches with the validation code.
[001 5] In accordance with another aspect of the invention, there is provided a method for synchronizing a first computing device and a second computing device comprising the steps of generating an identifier arranged to identify an operating session of the first computing device; 25 communicating the identifier to a user; receiving an audio signal from the user using the second computing device; and processing the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device. [001 ] In one embodiment, the identifier is visual representation of a code or password.
[0017] In one embodiment, the audio signal is a voice representation from a user vocalization of the code or password.
[0018] In one embodiment, the audio signal is processed by a voice recognition routine to derive the data term.
[0019] In one embodiment, the data term is a textual representation of the user vocalization of the code or password.
[0020] In one embodiment, the operating session of the first computing device includes a list of one or more URLs. [0021 ] In accordance with another aspect of the invention, there is provided a system for synchronizing a first computing device and a second computing device comprising a generating module arranged to generate an identifier arranged to identify an operating session of the first computing device; an output function arranged to communicate the identifier to a user; an audio digitizer arranged to receive an audio signal from the user using the second computing device; and an audio processor arranged to process the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device.
[0022] In one embodiment, the identifier is visual representation of a cede or password.
[0023] In one embodiment, the audio signal is a voice representation from a user vocalization of the code or password.
[0024] In one embodiment, the audio signal is processed by a voice recognition routine to derive the data term.
[0025] In one embodiment, the data term is a textual representation of the user vocalization of the code or password. [0026] In one embodiment, the operating session of the first computing device includes a list of one or more URLs.
[0027] There are many advantages to the present invention, one of which is that the conventional time-consuming and complicated process of using username / password to login to a certain account is avoided. By using voice recognition and matching of validation code with the voice command on the remote server, the user does not have to set up a special account for synchronization between two or more computing devices. The simple voice command given by the user to a computing device acts an effective token as the user's authorization that the computing device may be authorized for synchronizing data with another computing device. In this way, the interaction between the user and the computing devices in order for authenticating one computing device to another is simplified and greatly increases the user experiences during the authenticating process.
[0028] Another advantage of the present invention is that by generating a random validation code for authentication every time, the validation code is for one-time use only. The plain voice command sent by the user is hard to be interpreted by an external party. Without the presence of an account on the remote server and transmission of username / password during the authenticating process as in conventional methods, an external party would not gain any access right by the voice command alone even if external party is able to sniff the voice command from an Internet communication between the user's computing devices and the remote server.
BRIEF DESCRIPTION OF FIGURES
[0029] The foregoing and further features of the present invention will be apparent from the following description of preferred embodiments which are provided by way of example only in connection with the accompanying figures, of which: [0030] Fig. 1 illustrates a topological structure of a system for authenticating computing devices according to one embodiment of the present invention.
[0031 ] Fig. 2 is a flow chart showing the work principle of a method of authenticating computing devices according to one embodiment of the present invention, where a remote server is involved. [0032] Fig. 3a shows exemplary Graphic User Interface (GUI) of software modules shown to a user on a first computing device during the authenticating process in Fig. 2.
[0033] Fig. 3b shows exemplary Graphic User Interface (GUI) of software modules shown to a user on a second computing device during the authenticating process in Fig. 2. [0034] Fig. 4 is a flow chart showing illustrating further steps of user login after the authenticating process according to one embodiment of the present invention.
[0035] Fig. 5 illustrates another topological structure of a system for authenticating computing devices according to one embodiment of the present invention, where no remote server is involved. [0036] Fig, 6 is a flow chart showing the work principle of a method of authenticating computing devices according to another embodiment of the present invention, where no remote server is involved.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0037] In the claims which follow and in the preceding description of the invention, except where the context requires otherwise due to express language or necessary implication, the word "comprise" or variations such as "comprises" or "comprising" is used in an inclusive sense, i.e. to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention. [0038] Referring now to Fig. 1 , the first embodiment of the present invention is a system for authenticating computing devices which includes a remote server 20 connected to the Internet 22, and one or more computing devices, such as mobile phone or smart phone 26, notebook computer 28, tablet 30, and desktop computer 32, all of which are connected to the Internet 22. This computing device may for example includes a processor, memory, storage device, input/output devices, communication port, multimedia devices, and other components or controlled logic, which are arranged to process, store, input, output, transmit or communicate computing command, instruction, signals or code. The communication methods of these computing devices may include various methods of electronic communication and connectivity. For example the smart phone 26 may connect to the Internet 22 via a cellular data network operated by a telecommunication service provider, and the desktop computer 32 may connect to the internet 22 via an optical fiber broadband network, or ADSL network etc. Other possible Internet access connections of computing devices includes but not limited to WiFi hotspot, 4G LTE (Long Term Revolution) network, power line, DSL (Digital subscriber line), dial-up modem, Local Area Network (LAN) etc.
[0039] In the following descriptions an exemplary embodiment is described which is a method for authenticating a desktop computer 32 and a smart phone 26 using the server 20. Note that in this embodiment the desktop computer 32 and the smart phone 26 are located at proximate physical locations, for example within a same room 24 in a house. Those skilled in the art would understand in other embodiments of the present invention it is also possible to have different computing devices located at different locations, such as being placed over a great length of physical distance. The method described herein is to authenticate the desktop computer 32 with the smart phone 26 for purposes such as to facilitate data synchronization between the two.
[0040] Turning now to Fig. 2, which shows the process of authentications the desktop computer 32 with the smart phone 26 in Fig. 1 involving the remote server 20. At the start of the method, the desktop computer 32 requests the server 20 for a validation code (not shown) in Step 100. The validation code like an identifier is used for identifying the desktop computer 32 and it will be used to match with a sound received from the smart phone 26 which will be described later. In this embodiment, the desktop computer 32 may be referred to a first computing device, and the smart phone 26 may be referred to a second computing device for purpose of easy reference. The val idation code is generated on the server 20 and transmitted to the desktop computer 32 as machine readable code, preferably a text string. As the server 20 transmits the generated validation code to the desktop computer 32, the validation code is also associated with the desktop computer 32 by the server 20.
[0041] The validation code may be provided to the server 20 by a third party. On the other hand, preferably the validation code is randomly selected from a database (not shown) located on the server 20. The database contains many different text strings or say candidates, for example vocabularies of different languages. Preferably, each validation code generated on the server 20 contains two parts. This includes a prefix and a code body. The code body is a word randomly selected from the database as mentioned above while the prefix is selected from a relatively smaller number of words. The use of the prefix in the validation code is for a voice recognition module in computing devices to identify if a voice command is for the purpose of authenticating computing devices. In one embodiment both the code body and the prefix may be in different languages for different targeting users of the computing devices.
[0042] To ensure security of the authenticating process, the validation code is preferably a onetime validation code that is only effective for the use of a single user for a predetermined period of time, say 120 seconds. Another validation code for a different user or the same user after expiry of the determined time period, will be generated again from the database as mentioned above. This mechanism ensures that no single validation code would be used for at the same time.
[0043] In the process of transmitting the validation code from the server 20 to the desktop computer 32, there may be unexpected circumstances which prevent the successful transmission of the validation code, such as communication path interruption, over!ong network delay, high packet loss rate, etc. The desktop computer 32 therefore makes a determination as whether a valid validation code has been received from the server 20 in Step 102. If the desktop computer 32 fails to receive a valid validation code, then the desktop computer 32 makes a request to the server 20 for a new validation code. If the desktop computer 32 manages to receive a valid validation code in Step 102, then the validation code will be displayed on a display device of the desktop computer 32.
[0044] In this exemplary embodiment, the software module for requesting and receiving a validation code from the server 20 is a plug-in or extension of a web browser installed in the desktop computer 32. Fig. 3a shows screenshots of the web browser plug- in installed in the desktop computer 32 in one implementation. When the user click a button in the GUI of the web browser, a waiting pop-up 150 shows up and notifies the user that the plug-in is waiting for the transmission of the validation code from the server 20. If a valid validation code is successfully received at the desktop computer 32, a validation code pop-up 152 shows up prompting the user to input a voice command by reading the validation code shown in the pop-up 152 (Step 104 in Fig. 2). However, if no valid validation code has been successfully received at the desktop computer 32, an error code pop-up 154 shows up telling the user that the plug-in of the web browser fails to retrieve a validation code and reasons thereof. The user then requests a validation code again by clicking on the "Refresh" button on the error code pop-up 154. Note that at any time during the validation code requesting process, the user has the freedom to clicking on the "Refresh" button that appears in each of the waiting pop-up 150, validation code pop-up 152, and error code pop-up 154 to request a new validation code from the server 20.
[0045] Returning to Fig. 2, after a valid validation code has been retrieved by the desktop computer 32 and displayed to the user, the user now turns to operate on the smart phone 26 with which he wants to authenticate the desktop computer 32. The next step is for the user to provide a sound to the smart phone 26 as an input. In this embodiment the user is required to give a voice input to the smart phone 26 as a second computing device by reading the validation code displayed by the plug-in of the web browser on the desktop computer 32 as the first computing device. As such, the validation code displayed on the display device (i.e. a screen) of the desktop computer 32 is also called a voice command. The smart phone 26 has a sound input means (not shown) configured thereon for receiving the voice command from the user. The sound input means is preferably a microphone installed on the smart phone 26. In the smart phone 26, there is also installed a voice recognition module (not shown) which is able to recognize the sound / voice captured by the microphone of the smart phone 26 as a text in natural language. To start the voice recognition process, the user preferably presses a button or touches a specific area on the screen of the smart phone 26 to activate the voice recognition module. In one implementation the voice recognition module is an embedded component of a web browser installed in the smart phone 26. Once the voice recognition module is activated, the user can read out the voice command / validation code that is seen on the desktop computer 32. The voice of the user is captured by the microphone of the smart phone 26, and analyzed by the voice recognition module in an attempt to recover a text that the user has read. If the recognition is successful, the process goes to the next Step 108. However, if the recognition is not successful, the process goes back to Step 104 where the user gives a voice input to the smart phone 26 again. [0046] Fig. 3b as a continuation of the process in Fig. 3a further shows the screenshots of the mobile web browser installed in the smart phone 26 in one implementation. When the user presses a button or touches a specific area on the screen of the smart phone 26 to activate the voice recognition module as mentioned above, a voice input interface 156 shows up on the screen of the smart phone 26 prompting the user to speak out a voice. After the user reads out the validation code, the recognition module analyzes the received voice command. As mentioned previously, each validation code read by the user contains a prefix. The' prefix is used to indicate type of command that the user is given, for example the user wants to authenticate another computing device with the smart phone. If the recognition module is able to recognize the voice command of the user, a confirmation screen 160 is shown on the smart phone 26 notifying the user that the speech recognition is successful. On the other hand, if the recognition module fails to recognize what the user said, for example due to loud noise in the background, or no meaningful word can be identified, a failure screen 160 is shown on the smart phone 26 prompting the user to repeat the voice command, or try a different voice command. This corresponds to the process returning from Step 106 to Step 104 in Fig. 2.
[0047] In the process shown in Fig. 2, if the voice recognition is successful in Step 106, the smart phone 26 then sends the recognized voice command to the server 20 through the Internet 22 in Step 108 for the comparison of the voice command with the validation code on the server 20 in Step 110. Optionally, only the code body of the voice command as mentioned above is required to be transmitted, or both the prefix and the code body of the voice command are transmitted to the server. In Step 110, the server 20 compares the received voice command from the smart phone 26 in text format with the validation code that was generated for the desktop computer 32. If the two are found to be matching with each other, then the authentication process is completed at Step 114. The server then notifies the desktop computer 32 and/or the smart phone 26 that they are authenticated with each other and synchronization of data may be initialized.
[0048] In addition, for authentication of the two computing devices, extra securities measures can be applied. In one implementation, the comparison of the validation code and the received voice command further takes into consideration of relevance of physical locations of the first computing device and the second computing device. In the exemplary system in Fig. 1 , the smart phone 26 and the desktop computer 32 are considered to be physically proximate to each other in a scenario when the user was doing his work on his desktop computer 32 but is going out of his house and would like to continue his work on the smart phone 26. As a result, the user wishes to synchronize the data on his desktop computer 32 related to his work with the smart phone 26 while he is still in his house. In practice, one way to determine the location proximity of two Internet connected devices is to consider the Internet Protocol (IP) addresses of the two computing devices. The IP addresses of the two computing devices would be similar if the two devices are connected to a same Wi-Fi network which is in turn connected to the Internet. Alternatively, as telecommunication service providers tend to assign similar IP addresses to client devices in a certain region of a building, a street, or a city, the location proximity of two computing devices may also be determined.
[0049] In the process shown in Fig. 2, optionally, after the authenticating process as mentioned above is complete but before starting data synchronization, a user login process is required on the smart phone 26 and/or the desktop computer 32. The login process further identifies the user of the two computing devices as a valid user for the synchronization process. The login process can be completed by using a peripheral user account database, or it can be completed by using a third party user account database such as that for Facebook® or Google®. However, it should be understood that the login process is not mandatory for the present invention but rather it is fully optional, as the login process is adopted solely for rendering additional protection against security risks during the synchronization process.
[0050] As shown in Fig. 4, after the authentication process has been completed at Step 114, the software module (e.g. the web browser) on the desktop computer 32 and/or the smart phone 26 determined whether the user has logged in at Step 116. If the user has not been logged in, the software module prompt the user to input a username and a password, where the username and the password will be transmitted to the server 22 in Fig. 1 or any other third-party account server for verification. Once the verification is completed, the user is logged in on the computing devices, and the synchronization of data begins at Step 118. However, if at Step 116 it is determined that the user has already been logged in, then the process jumps directly to Step 118 to begin the data synchronization. [0051] There are many applications of the data synchronization once two computing devices are authenticated with each other. One possible application is to synchronize the website browsing status of a user when he is switching from one computing device to another. In the scenario described above between the desktop computer and the smart phone, suppose the user surfing on the internet has opened several webpages for browsing which are for example represented by different tabs opened in a web browser. Now the user is going out of his house so he cannot use the web browser on the desktop computer anymore, but the user would like to continue browsing these web pages on the browser of the smart phone while he is on the go. A conventional way of doing this is that the user remembers the Universal Resource Locator (URL) of all these webpages on the desktop computer, and later he tries to input these URLs in the browser of the smart phone. This is however a laborious process as it is very difficult for the user to remember those meaningless URLs of webpages. However, by using the authenticating process in the present invention, once the two computing devices are authenticated with each other, the currently opened tabs in a web browser in the desktop computer can be sent to the smart phone. Note other kinds of browsing data such as bookmarks, histories, top sites, etc, can also be synchronized. The web browser module in the desktop computer contains at least one web link that link to the webpages opened in at least one tab, where the link is preferably a URL. The link is then synchronized to the smart phone. In turn, the link received by the smart phone is opened in a new tab in the web browser module configured in the smart phone. In this way, the user would enjoy a seamless and uninterrupted transition of his web browsing status from the desktop computer to the smart phone.
[0052] Turning now to Fig. 5, another embodiment of the present invention is a system for authenticating computing devices which does not include a remote server, but only one or more computing devices, such as mobile phone or smart phone 26, notebook computer 28, tablet 30, and desktop computer 32. These computing devices are capable of performing Personal Area Network (PAN) communication and / or ad hoc communications in a Wi-Fi network between each other. Some of the known techniques for PAN communication includes but not limited to Bluetooth, Zigbee, 802.1 1 , Near Field Communication (NFC), etc. For illustration purposes, assume that in this embodiment the computing devices are also located at proximate physical locations, for example within a same room 24 in a house. One can see that a major difference of this embodiment compared to that in Fig. I one is that no Internet connection of the computing devices are required and no remote server is required.
[0053] In the following descriptions and referring to Fig. 6, an exemplary embodiment of a method for authenticating a desktop computer 32 with a smart phone 26. The method shown in Fig. 6 is generally similar to that shown in Fig. 2, and only the significant difference between them will be emphasized. In this embodiment, again the desktop computer 32 is sometimes called a first computing device, and the smart phone 26 is sometimes called a second computing device for the purpose of easy reference. At the start of the method, the desktop computer 32 generates a validation code (not shown) in Step 200 by itself, rather than requesting the validation code from a remote server. The validation code generated on the desktop computer 32 can also be randomly chosen from a plurality of candidates in a database. The user sees the validation code shown on a displace device of the desktop computer 32, for example in a pop-up of a plug-in of a web browser. The user then speaks out this validation code to the smart phone 26 in Step 202 where the smart phone 26 attempts to recognize the voice command given by the user in Step 204. If the recognition is successful, the process goes to the next Step 206. However, if the recognition is not successful, the process goes back to Step 202 where the user gives a voice input to the smart phone 26 again. In Step 206, the smart phone 26 sends the recognized voice command to the desktop computer 32 for comparing the validation code and the voice command on the desktop computer 32. One can see that this is different from the process shown in Fig. 2 where the validation code and the voice command are compared at a remote server rather than one of the computing devices being authenticated. The desktop computer 32 compares the voice command to see if it matches with the validation code generated by the desktop computer 32. If the answer is yes, then the smart phone 26 is authenticated to the desktop computer 32 for synchronizing data between them. The other optional implementations mentioned in the process of Fig. 2 are likewise applicable to the process of Fig. 6.
[0054] In a further modification of the invention, a method for synchronizing a first computing device and a second computing device contains the steps of generating an identifier arranged to identify an operating session of the first computing device; communicating the identifier to a user; receiving an audio signal from the user using the second computing device; and processing the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device. Similar to the embodiment mentioned above the identifier is visual representation of a code or password. The audio signal is a voice representation from a user vocalization of the code or password, and processed by a voice recognition routine to derive the data term. The data term is preferably a textual representation of the user vocalization of the code or password. The operating session of the first computing device includes a list of one or more URLs.
[0055] In accordance with the method introduced above, a system for synchronizing a first computing device and a second computing device includes a generating module arranged to generate an identifier arranged to identify an operating session of the first computing device; an output function arranged to communicate the identifier to a user; an audio digitizer arranged to receive an audio signal from the user using the second computing device; and an audio processor arranged to process the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device. In one embodiment, the identifier is visual representation of a code or password. The identifier is visual representation of a code or password. The audio signal is a voice representation from a user vocalization of the code or password, and processed by a voice recognition routine to derive the data term. The data term is preferably a textual representation of the user vocalization of the code or password. The operating session of the first computing device includes a list of one or more URLs.
[0056] The exemplary embodiments of the present invention are thus fully described. Although the description referred to particular embodiments, it will be clear to one skilled in the art that the present invention may be practiced with variation of these specific details. Hence this invention should not be construed as limited to the embodiments set forth herein.
[0057] While the invention has been illustrated and described in detail in the drawings and foregoing description, the same is to be considered as illustrative and not restrictive in character, it being understood that only exemplary embodiments have been shown and described and do not limit the scope of the invention in any manner. It can be appreciated that any of the features described herein may be used with any embodiment. The illustrative embodiments are not exclusive of each other or of other embodiments not recited herein. Accordingly, the invention also provides embodiments that comprise combinations of one or more of the illustrative embodiments described above. Modifications and variations of the invention as herein set forth can be made without departing from the spirit and scope thereof, and, therefore, only such limitations should be imposed as are indicated by the appended claims.
[0058] For example, in the above-mentioned embodiments the sound provided to a second computing device is by the user reading a text shown on a first computing device, which then undergoes a speech recognition process. However, those skilled in the art would recognize that other kinds of sound may also be used to be provided as a validation code for authenticating, such as mimicked natural sound such as that of birds, thunder, etc, or artificial sound such as certain musical notes, the sound of a robot, or sounds of music instruments, etc. The validation code sent by the server may be for example an instruction or prompt on how to produce the required sound for authenticating. The captured sound at the second computing device may be transmitted to the server for comparing with the sound associated the first computing device.
[0059] By utilizing a mimicked natural sound or artificial sound for authenticating purpose, the second computing device may be configured with a software module for extracting audio features of the sound provided by the user. The audio features for example are tones, frequency, pitch, timbre, loudness, etc of a sound. These audio features can be quantified and represented in machine readable codes which are transmitted to the server for comparison with a validation code generated by the server.
[0060] In the exemplary embodiments shown in Figs. 3a and 3b, the software module responsible for displaying or receiving voice inputs are plug-ins for web browsers or a mobile web browser installed on a smart phone. However, it is clear that other forms of software applications or program modules installed in computing devices may also be utilized to achieve the above functions. For example, a standalone desktop application, a flash object on a webpage, a Java applet, a system add-on, or a mobile app on smart phone, etc, can be used to carry out the functions of generating and/or displaying a validation code, or capture a user's voice input for voice recognition. [0061 ] In the embodiment shown in Fig. 1, the computing devices as well as the remote server are all connected to the Internet, so that the remote server is able to communicate with a first computing device or a second computing device when an authentication of the first computing device with the second computing device is desired. However, those skilled in the art would appreciate that in other embodiments the first computing device and the second computing device do not have to connect to a same communication netwoTk. The first computing device may be connected to the remote server via a first communication network, and the second computing device may be connected to the remote server via a second communication network, where the first communication network and the second communication network are different. Both computing devices being connected to the Internet is only an exemplary implementation of the present invention.

Claims

A method for authenticating computing devices to synchronize data, comprising the steps of: a) associating a first computing device with a validation code;
b) providing a sound to a second computing device as an input;
c) comparing said sound with said validation code; and
d) authenticating said second computing device to said first computing device if said sound matches with said validation code.
The method of claim 1 , wherein said associating step further comprises receiving said validation code on said first computing device from a remote server; said comparing step further comprises:
a) sending said sound to a remote server;
b) matching said sound and said validation code on said server; and
c) notifying said first computing device by said server that said second computing device has been authenticated.
The method of claim 2, wherein said associating step further comprises generating said validation code on said server.
The method of claim 1 , wherein said associating step further comprises generating said validation code on said first computing device; said comparing step further comprises:
a) sending said sound from said second computing device;
b) matching said sound and said validation code on said first computing device; and c) notifying said second computing device by said first computing device that said second computing device has been authenticated.
The method of any one of claims , 2, 3 and 4, wherein said step of providing said sound to said second computing device comprises inputting said sound to said second computing device via a sound input means configured on said second computing device.
The method of claim 5, wherein said sound input means is a microphone.
The method of claim 5, wherein said step of providing said sound to said second computing device further comprises recognizing said sound by said second computing device to obtain a text string indicative of said sound, wherein said text string is adapted to be matched with said validation code.
8. The method of claim 5, wherein said step of providing said sound to said second computing device further comprises extracting an audio feature from said sound by said second computing device; said audio feature being indicative of said sound and adapted to be matched with said validation code.
9. The method of claim 3 or 4, wherein said step of generating said validation code comprises choosing said validation code from a plurality of candidates in a database.
10. The method of any one of claims 1, 2, 3 and 4, wherein said second computing device is a mobile phone, tablet or notebook computer.
1 1. The method of claim 10, wherein said first computing device is a desktop computer.
12. The method of any one of claims 1, 2, 3 and 4, wherein said comparing step further comprises considering relevance of physical locations of said first computing device and said second computing device.
13. The method of claim 12, wherein Internet Protocol (IP) addresses of said first computing device and said second computing device are used for considering said relevance of said physical locations of said first computing device and said second computing device.
14. The method of any one of claims 1, 2} 3 and 4, further comprises the step of synchronizing data content between said first computing device and said second computing device.
15. The method of claim 14, wherein one of said first computing device and said second computing device comprises a first web browser module; said first web browser module comprising at least one web link, said web link adapted to be synchronized to the other one of said first computing device and said second computing device.
16. The method of claim 15, wherein said at least one web link is a Universal Resource Locator (URL) of a webpage.
17. The method of claim 15, wherein when said at least one web link is synchronized to said other one of said first computing device and said second computing device, a second web browser module on said other one of said first computing device and said second computing device opens said at least one web link in at least one tab of said second web browser module.
18. A system for authenticating computing devices, comprising: a) a first computing device associated with a validation code;
b) a second computing device adapted to receive a sound as an input; and
c) a server, said server is adapted to communicate with said first computing device via a first communication network, and to communicate with said second computing device via a second communication network;
wherein said server is adapted to receive said sound from said second computing device and compare said sound with said validation code; said second computing device authenticated to said first computing device if said server determines that said sound matches with said validation code.
19. The system of claim 18, wherein said server is configured to notify said first computing device that said second computing device has been authenticated, if said server determines that said sound matches with said validation code.
20. The system of claim 18, wherein said validation code is generated by said server and associated with said first computing device by said server.
21 , The system of claim 18, wherein said second computing device comprises a sound input means configured for inputting said sound to said computing device.
22. The system of claim 21 , wherein said sound input means is a microphone.
23. The system of claim 21 , wherein said second computing device further comprises a voice recognition module configured to recognize said sound to obtain a text string indicative of said sound, wherein said text string is adapted to be matched with said validation code.
24. The system of claim 18, wherein said validation code is generated by choosing said validation code from a plurality of candidates in a database.
25. The system of claim 18, wherein said second computing device is a mobile phone, tablet or notebook computer.
26. The system of claim 18, wherein said server further considers relevance of physical locations of said first computing device and said second computing device when said server compares said sound with said validation code.
27. The system of claim 26, wherein Internet Protocol (IP) addresses of said first computing device and said second computing device are used for considering said relevance of said physical locations of said first computing device and said second computing device by said server.
28. The system of claim 18, wherein said first computing device and said second computing device are configured to synchronizing data content therebetween.
29. The system of claim 28, wherein one of said first computing device and said second computing device comprises a first web browser module; said first web browser module comprising at least one web link, said web link adapted to be synchronized to the other one of said first computing device and said second computing device.
30. The system of claim 29, wherein said at least one web link is a Universal Resource Locator (URL) of a webpage,
31. The system of claim 29, wherein when said at least one web link is synchronized to said other one of said first computing device and said second computing device, a second web browser module on said other one of said first computing device and said second computing device opens said at least one web link in at least one tab of said second web browser module.
32. A system for authenticating computing devices, comprising:
a) a first computing device associated with a validation code; and
b) a second computing device adapted to receive a sound as an input;
wherein said first computing device is adapted to receive said sound from said second computing device and compare said sound with said validation code; said second computing device authenticated to said first computing device if said first computing device determines that said sound matches with said validation code.
33. The system of claim 32, wherein said validation code is generated by said first computing device.
34. The system of claim 32, wherein said second computing device comprises a sound input means configured for inputting said sound to said computing device.
35. The system of claim 34, wherein said sound input means is a microphone.
36. The system of claim 34, wherein said second computing device Airther comprises a voice recognition module configured to recognize said sound to obtain a text string indicative of said sound, wherein said text string is adapted to be matched with said validation code.
37. The system of claim 33, wherein said validation code is generated by choosing said validation code from a plurality of candidates in a database.
38. The system of claim 32, wherein said second computing device is a mobile phone, tablet or notebook computer.
39. The system of claim 32, wherein said first computing device is adapted to further consider relevance of physical locations of said first computing device and said second computing device when comparing said sound with said validation code.
40. The system of claim 39, wherein Internet Protocol (IP) addresses of said first computing device and said second computing device are used for considering said relevance of said physical locations of said first computing device and said second computing device.
41. The system of claim 32, wherein said first computing device and said second computing device are configured to synchronizing data content therebetween.
42. The system of claim 41, wherein one of said first computing device and said second computing device comprises a first web browser module; said first web browser module comprising at least one web link, said web link adapted to be synchronized to the other one of said first computing device and said second computing device.
43. The system of claim 42, wherein said at least one web link is a Universal Resource Locator (URL) of a webpage.
44. The system of claim 42, wherein when said at least one web link is synchronized to said other one of said first computing device and said second computing device, a second web browser module on said other one of said first computing device and said second computing device opens said at least one web link in at least one tab of said second web browser module.
45. A method for synchronizing a first computing device and a second computing device comprising the steps of:
generating an identifier arranged to identify an operating session of the first computing device;
communicating the identifier to a user;
receiving an audio signal from the user using the second computing device; and processing the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device.
46. A method in accordance with claim 45, wherein the identifier is visual representation of a code or password.
47. A method in accordance with claim 46, wherein the audio signal is a voice representation from a user vocalization of the code or password.
48. A method in accordance with claim 47, wherein the audio signal is processed by a voice recognition routine to derive the data term.
49. A method in accordance with claim 48, wherein the data term is a textual representation of the user vocalization of the code or password.
50. A method in accordance with claim 45, wherein the operating session of the first computing device includes a list of one or more URLs,
51. A system for synchronizing a first computing device and a second computing device comprising:
a generating module arranged to generate an identifier arranged to identify an operating session of the first computing device;
an output function arranged to communicate the identifier to a user;
an audio digitizer arranged to receive an audio signal from the user using the second computing device; and
an audio processor arranged to process the audio signal to generate a data term for comparing with the identifier and where the data term matches with the identifier, synchronize the second computing device with the session of the first computing device.
52. A system in accordance with claim 51 , wherein the identifier is visual representation of a code or password.
53. A system in accordance with claim 52, wherein the audio signal is a voice representation from a user vocalization of the code or password.
54. A system in accordance with claim 53, wherein the audio signal is processed by a voice recognition routine to derive the data term.
55. A system in accordance with claim 54, wherein the data term is a textual representation of the user vocalization of the code or password.
50. A method in accordance with claim 45, wherein the operating session of the first computing device includes a list of one or more URLs.
PCT/CN2012/083606 2012-10-26 2012-10-26 Method and system for authenticating computing devices WO2014063363A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/083606 WO2014063363A1 (en) 2012-10-26 2012-10-26 Method and system for authenticating computing devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/083606 WO2014063363A1 (en) 2012-10-26 2012-10-26 Method and system for authenticating computing devices

Publications (1)

Publication Number Publication Date
WO2014063363A1 true WO2014063363A1 (en) 2014-05-01

Family

ID=50543908

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/083606 WO2014063363A1 (en) 2012-10-26 2012-10-26 Method and system for authenticating computing devices

Country Status (1)

Country Link
WO (1) WO2014063363A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017510876A (en) * 2014-11-14 2017-04-13 シャオミ・インコーポレイテッド Authority verification method and apparatus
US10623403B1 (en) 2018-03-22 2020-04-14 Pindrop Security, Inc. Leveraging multiple audio channels for authentication
US10665244B1 (en) 2018-03-22 2020-05-26 Pindrop Security, Inc. Leveraging multiple audio channels for authentication
US10873461B2 (en) 2017-07-13 2020-12-22 Pindrop Security, Inc. Zero-knowledge multiparty secure sharing of voiceprints
CN112187463A (en) * 2019-06-18 2021-01-05 柯尼卡美能达株式会社 Information processing system, method and apparatus for controlling information processing system, and storage medium
CN113329013A (en) * 2021-05-28 2021-08-31 南京国网电瑞系统工程有限公司 Power dispatching data network security encryption method and system based on digital certificate
EP3934193A1 (en) * 2020-06-29 2022-01-05 Deutsche Telekom AG Authorisation of a user terminal using a service on the internet

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588322A (en) * 2009-06-18 2009-11-25 中山大学 Mailbox system based on speech recognition
CN102215110A (en) * 2011-06-28 2011-10-12 鸿富锦精密工业(深圳)有限公司 Identity authentication system and method
CN102333066A (en) * 2010-07-13 2012-01-25 朱建政 Network security verification method by employing combination of speaker voice identity verification and account number password protection in online game
CN102523282A (en) * 2011-12-14 2012-06-27 北京百纳威尔科技有限公司 Mobile terminal data sharing method, apparatus thereof and network server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588322A (en) * 2009-06-18 2009-11-25 中山大学 Mailbox system based on speech recognition
CN102333066A (en) * 2010-07-13 2012-01-25 朱建政 Network security verification method by employing combination of speaker voice identity verification and account number password protection in online game
CN102215110A (en) * 2011-06-28 2011-10-12 鸿富锦精密工业(深圳)有限公司 Identity authentication system and method
CN102523282A (en) * 2011-12-14 2012-06-27 北京百纳威尔科技有限公司 Mobile terminal data sharing method, apparatus thereof and network server

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017510876A (en) * 2014-11-14 2017-04-13 シャオミ・インコーポレイテッド Authority verification method and apparatus
US10873461B2 (en) 2017-07-13 2020-12-22 Pindrop Security, Inc. Zero-knowledge multiparty secure sharing of voiceprints
US10623403B1 (en) 2018-03-22 2020-04-14 Pindrop Security, Inc. Leveraging multiple audio channels for authentication
US10665244B1 (en) 2018-03-22 2020-05-26 Pindrop Security, Inc. Leveraging multiple audio channels for authentication
CN112187463A (en) * 2019-06-18 2021-01-05 柯尼卡美能达株式会社 Information processing system, method and apparatus for controlling information processing system, and storage medium
EP3934193A1 (en) * 2020-06-29 2022-01-05 Deutsche Telekom AG Authorisation of a user terminal using a service on the internet
WO2022002841A1 (en) * 2020-06-29 2022-01-06 Deutsche Telekom Ag Authorization of a user terminal when using a service on the internet
CN113329013A (en) * 2021-05-28 2021-08-31 南京国网电瑞系统工程有限公司 Power dispatching data network security encryption method and system based on digital certificate

Similar Documents

Publication Publication Date Title
WO2014063363A1 (en) Method and system for authenticating computing devices
JP7086994B2 (en) Secure authentication of BOT users
US10050952B2 (en) Smart phone login using QR code
JP6381599B2 (en) Calls answered to hover
JP4871885B2 (en) User verification using a web-based multi-mode interface
EP3053080B1 (en) Systems and methods for credential management between electronic devices
KR20060046771A (en) Securing audio-based access to application data
JP2006164237A (en) User authentication by combination of speaker reference and reverse turing test
CN103730120A (en) Voice control method and system for electronic device
TWI474703B (en) Method and computer system for providing time ratio-based password/challenge authentication
US20120204225A1 (en) Online authentication using audio, image and/or video
WO2003098456A1 (en) Method and system for multi-modal communication
CN107241306B (en) Man-machine identification method, server, client and man-machine identification system
Yan et al. A usable authentication system based on personal voice challenge
US20090129378A1 (en) Surreptitious web server bias towards desired browsers
JP2007140048A (en) Voice recognition system
US11184345B2 (en) Workflow service back end integration
JP2015130028A (en) Proxy log-in device, terminal, control method and program
JP3649681B2 (en) User authentication method, communication system, and server
JP2010033562A (en) Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method
WO2019194170A1 (en) Server implementing authentication using two-stage url, program recording medium, and method
JP2009098776A (en) Information acquisition system, portable terminal equipment, information acquisition method, and information acquisition program
CN104301285A (en) Method for logging in web system
KR20180111395A (en) Terminal with local web server function for biometric authentication and user authentication system and method using the same
WO2019156625A1 (en) Systems and methods for two-factor authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12887042

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 01.10.2015)

122 Ep: pct application non-entry in european phase

Ref document number: 12887042

Country of ref document: EP

Kind code of ref document: A1