WO2014167487A2 - A task completion authentication system and method - Google Patents
A task completion authentication system and method Download PDFInfo
- Publication number
- WO2014167487A2 WO2014167487A2 PCT/IB2014/060514 IB2014060514W WO2014167487A2 WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2 IB 2014060514 W IB2014060514 W IB 2014060514W WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- task
- user identification
- electronic device
- task completion
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000007246 mechanism Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/01—Social networking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- This patent application relates to a system and method of authenticating the completion of a task.
- a method of authenticating the completion of a task comprising: receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
- the contextual data may include one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it,
- the user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a onetime-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
- a system for managing tasks comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
- Figure 1 shows a schematic drawing of a system in accordance with an example embodiment
- Figure 2 shows a schematic drawing of the task proxy of Figure 1 in greater detail
- Figure 3 shows a flow diagram of a method in accordance with an example embodiment
- Figure 4 shows a schematic structure of a data file stored in a memory.
- the task to be completed will typically be sent to an electronic device 12 of a person to complete the task.
- the devices 12 are electronic data communication devices such as a computer 12a, tablet 12b and mobile telephone 12c to name but a few examples.
- the task could be created and transmitted to the electronic device 12 and the methodology of the present invention could work with all of these.
- the task is created and transmitted to the device 12.
- the user who will complete the task does so and then uploads data using the electronic device 12 by means of which the completion of the task by the correct individual can be authenticated.
- the system includes an authentication processor 14.
- a communications module 16 for receiving data including contextual data, user identification data and task completion data including information about a task that has been complete.
- module in the context of the specification wiii be understood to include an identifiable portion of code, computational or executable instructions, data, or computational object to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into one device but may be spread across a plurality of devices.
- the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion.
- This information is captured by one or more executable applications running on the device that access existing device hardware and software, such as a GPS module, to obtain this information.
- the user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a video recording, a voice recording and an iris scan from a person that completed the task or taking a photo and/or voice recording of the subject in question using the device.
- This type of data is biometric type data used to identify the user.
- This information is also captured by one or more executable applications running on the device that accesses existing device hardware and software.
- many smart phones include a fingerprint sensor and the user's fingerprint can be read at the time of task completion.
- almost ail mobile phones and tablets include a camera and the user can take an appropriate photograph at the time of task completion.
- the user identification could be performed by requesting a username/password or any other credential from the user, sending the subject a One Time Pin challenge response, requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user.
- a username/password or any other credential from the user
- sending the subject a One Time Pin challenge response requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user.
- the authentication processor 14 stores the received contextual data and user identification data with the previously stored contextual data and user identification data in the memory 18 for use at a later date if authenticating is required at the later date that the task described in the task completion data has been complete.
- authentications are classified and grouped according to levels. Interactions that require ievei 3 authentication for example may use any of the level 3 grouped authentication mechanisms that are available to the specific device/platform application.
- the task authentication history can be read back by a forensic investigator for auditing purposes and it can be proved that they have not been altered in any way.
- the stored data which for convenience can be referred to as a task container, is composed of the task information data, device contextual data and user authentication data.
- the task container also contains the context and information of the human task as it is not sufficient to rely on a link between the human task and the task unit alone.
- the task container must be able to represent the entire task context, data, outcome and authentication token as a single unit that may not be unpicked or separated.
- Such containers may be (but are not limited to) a PDF document for example.
- the container may also take the form of a proprietary machine readable object or document or any other secure non- divisible container of information.
- this is achieved by the authentication processor aigorithmically "signing" information as in PKI certificate signing.
- the authentication token, data and context data is combined into a file.
- a checksum of the file is calculated and hashed using SHA-2 and a certificate that is then attached to the signed package.
- the data that composes the container must not be transmitted or stored separately requiring a processor to compile the container and secure it in one action on the device/platform application at the time of authentication.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Economics (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Human Resources & Organizations (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
A method of authenticating the completion of a task includes receiving data including contextual data, user identification data and task completion data including information about a task that has been completed. A memory is accessed and retrieving previously stored contextual data and user identification data and the received contextual data and user identification data is stored with the previously stored contextual data and user identification data for future authenticating that the task described in the task completion data has been complete if required.
Description
A TASK COMPLETION AUTHENTICATION SYSTEM AND METHOD
BACKGROUND OF THE INVENTION
This patent application relates to a system and method of authenticating the completion of a task.
When users are allowed to use any device and/or platform application to update and execute tasks, it becomes increasingly important to the business process requesting the execution of the task to ensure that the intended task operator is indeed the one who executed or operated on the task. Since devices can be lost, stolen, misused and fraudulently accessed, a mechanism is required for authenticating the completion of the task including the user at the point where the task is released with an update or outcome back to the task issuer.
This patent application addresses these issues.
SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of authenticating the completion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
The contextual data may include one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it,
The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a onetime-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
According to a second aspect of the invention there is provided a system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task
completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a schematic drawing of a system in accordance with an example embodiment;
Figure 2 shows a schematic drawing of the task proxy of Figure 1 in greater detail;
Figure 3 shows a flow diagram of a method in accordance with an example embodiment; and
Figure 4 shows a schematic structure of a data file stored in a memory.
DESCRIPTION OF PREFERRED EMBODIMENTS in the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of an embodiment of the present disclosure. It will be evident, however, to one skilled in the art that the present disclosure may be practiced without these specific details.
Referring to the accompanying Figures an example system for authenticating the completion of a task is generally indicated by reference numeral 10.
The task to be completed will typically be sent to an electronic device 12 of a person to complete the task.
It will be appreciated that in Figure 1 there is illustrated a single user with three electronic devices 12, however, the system is able to cater for any number of users each having one or more devices 12. in any event, the devices 12 are electronic data communication devices such as a computer 12a, tablet 12b and mobile telephone 12c to name but a few examples.
There are many ways in which the task could be created and transmitted to the electronic device 12 and the methodology of the present invention could work with all of these. in one example embodiment, the task is created and transmitted to the device 12.
The user who will complete the task does so and then uploads data using the electronic device 12 by means of which the completion of the task by the correct individual can be authenticated.
In order to accomplish this, the system includes an authentication processor 14.
Associated with the authentication processor 14 is a communications module 16 for receiving data including contextual data, user identification data and task completion data including information about a task that has been complete.
ln this regard, "module" in the context of the specification wiii be understood to include an identifiable portion of code, computational or executable instructions, data, or computational object to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into one device but may be spread across a plurality of devices. in one example embodiment the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion.
This information is captured by one or more executable applications running on the device that access existing device hardware and software, such as a GPS module, to obtain this information.
The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a video recording, a voice recording and an iris scan from a person that completed the task or taking a photo and/or voice recording of the subject in question using the device. This type of data is biometric type data used to identify the user.
This information is also captured by one or more executable applications running on the device that accesses existing device hardware and software. For example, many smart phones include a fingerprint sensor and the user's fingerprint can be read at the time of task completion. In another example, almost ail mobile phones and tablets include a camera and the user can take an appropriate photograph at the time of task completion.
Alternatively or in addition, the user identification could be performed by requesting a username/password or any other credential from the user,
sending the subject a One Time Pin challenge response, requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user. it will be appreciated that other forms of contextual data and user identification data may be used.
The authentication processor 14 stores the received contextual data and user identification data with the previously stored contextual data and user identification data in the memory 18 for use at a later date if authenticating is required at the later date that the task described in the task completion data has been complete.
Since the device 12 may have different capabilities for authenticating users, in one example embodiment, authentications are classified and grouped according to levels. Interactions that require ievei 3 authentication for example may use any of the level 3 grouped authentication mechanisms that are available to the specific device/platform application.
This means that if a level 3 authentication is required on one kind of tablet this could mean taking the biometrics of a handwritten signature. On another tablet device this mechanism may be unavailable and an acceptable level 3 authentication replacement would be to take a photograph of the user in combination with their GPS position. Thus if level 3 authentication is required the devices pick from their available level 3 authentication mechanisms then enforce those.
It will be appreciated that using the method described above, the task authentication history can be read back by a forensic investigator for auditing purposes and it can be proved that they have not been altered in any way.
Referring to Figure 4, a schematic of the stored data is shown.
The stored data, which for convenience can be referred to as a task container, is composed of the task information data, device contextual data and user authentication data. Thus the task container also contains the context and information of the human task as it is not sufficient to rely on a link between the human task and the task unit alone. The task container must be able to represent the entire task context, data, outcome and authentication token as a single unit that may not be unpicked or separated.
This ensures the validity of the task container to the process and is sufficient proof of the identity of the user who invoked or executed an action upon a specific task. Such containers may be (but are not limited to) a PDF document for example. The container may also take the form of a proprietary machine readable object or document or any other secure non- divisible container of information.
In one example, this is achieved by the authentication processor aigorithmically "signing" information as in PKI certificate signing. The authentication token, data and context data is combined into a file. Next a checksum of the file is calculated and hashed using SHA-2 and a certificate that is then attached to the signed package.
The data that composes the container must not be transmitted or stored separately requiring a processor to compile the container and secure it in one action on the device/platform application at the time of authentication.
Thus it will be appreciated that by tying together the task information, user information and device information in one indivisible unit, this provides all of the necessary components to allow a task to be authenticated at a later date.
Claims
1. A method of authenticating the compietion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task compietion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
2. The method of claim 1 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
3. The method of claim 1 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
4. A method according to claim 1 wherein the contextual data, user identification data and task completion data is stored in the memory in a combined data file or task container.
5. A method according to claim 4 wherein the combined data file is signed by attaching a data certificate and digital checksum to the combined file.
6. A system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
7. The system of claim 6 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
8. The system of claim 6 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
9. A system according to claim 6 wherein the contextual data, user identification data and task completion data are secured and stored in the memory in a combined data file.
10. A system according to claim 9 wherein the authentication processor signs the combined data file by attaching a data certificate and digital checksum to the combined file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA2015/07793A ZA201507793B (en) | 2013-04-08 | 2015-10-19 | A task completion authentication system and method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA2013/02509 | 2013-04-08 | ||
ZA201302509 | 2013-04-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2014167487A2 true WO2014167487A2 (en) | 2014-10-16 |
WO2014167487A3 WO2014167487A3 (en) | 2015-12-03 |
Family
ID=51690080
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2014/060514 WO2014167487A2 (en) | 2013-04-08 | 2014-04-08 | A task completion authentication system and method |
Country Status (2)
Country | Link |
---|---|
WO (1) | WO2014167487A2 (en) |
ZA (1) | ZA201507793B (en) |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060085245A1 (en) * | 2004-10-19 | 2006-04-20 | Filenet Corporation | Team collaboration system with business process management and records management |
US8495244B2 (en) * | 2005-06-29 | 2013-07-23 | Jumpstart Wireless Corporation | System and method for dynamic automatic communication path selection, distributed device synchronization and task delegation |
US8693993B2 (en) * | 2008-12-24 | 2014-04-08 | Microsoft Corporation | Personalized cloud of mobile tasks |
-
2014
- 2014-04-08 WO PCT/IB2014/060514 patent/WO2014167487A2/en active Application Filing
-
2015
- 2015-10-19 ZA ZA2015/07793A patent/ZA201507793B/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2014167487A3 (en) | 2015-12-03 |
ZA201507793B (en) | 2016-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9531710B2 (en) | Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication | |
US11270306B2 (en) | Asset management method and apparatus, and electronic device | |
US20210286870A1 (en) | Step-Up Authentication | |
KR102596783B1 (en) | Authentication methods, devices and servers for identity information | |
US10440019B2 (en) | Method, computer program, and system for identifying multiple users based on their behavior | |
US10205711B2 (en) | Multi-user strong authentication token | |
KR102132507B1 (en) | Resource management based on biometric data | |
US20160371438A1 (en) | System and method for biometric-based authentication of a user for a secure event carried out via a portable electronic device | |
TWI612792B (en) | Account login method and device | |
JP6401784B2 (en) | Payment authentication system, method and apparatus | |
CN101051908B (en) | Dynamic cipher certifying system and method | |
US20140095870A1 (en) | Device, method, and system for controlling access to web objects of a webpage or web-browser application | |
US10938814B2 (en) | Unified authentication software development kit | |
JP7151928B2 (en) | AUTHENTICATION SERVER, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM | |
US10482225B1 (en) | Method of authorization dialog organizing | |
WO2020031429A1 (en) | Terminal device, authentication server, control method for terminal device, authentication method, and program | |
US11936649B2 (en) | Multi-factor authentication | |
CN108964921A (en) | Verification System, authentication method and service server | |
US20140215586A1 (en) | Methods and systems for generating and using a derived authentication credential | |
Sanchez-Reillo et al. | Strengths, weaknesses and recommendations in implementing biometrics in mobile devices | |
WO2014167487A2 (en) | A task completion authentication system and method | |
WO2023100362A1 (en) | Authentication device, system, method, and program | |
KR102454862B1 (en) | Method of Verifying Partial Data Based On Collective Certificate | |
JP7248184B2 (en) | Server, system, method and program | |
US20230186291A1 (en) | Apparatus and methods for non-fungible tokens as universal digital identification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14782636 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/03/2016) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14782636 Country of ref document: EP Kind code of ref document: A2 |