New! Search for patents from more than 100 countries including Australia, Brazil, Sweden and more

WO2014167487A2 - A task completion authentication system and method - Google Patents

A task completion authentication system and method Download PDF

Info

Publication number
WO2014167487A2
WO2014167487A2 PCT/IB2014/060514 IB2014060514W WO2014167487A2 WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2 IB 2014060514 W IB2014060514 W IB 2014060514W WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
task
user identification
time
electronic device
Prior art date
Application number
PCT/IB2014/060514
Other languages
French (fr)
Other versions
WO2014167487A3 (en
Inventor
Andrew Keneth Anthony PAPASTEFANOU
Original Assignee
Prosense Technology (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to ZA201302509 priority Critical
Priority to ZA2013/02509 priority
Application filed by Prosense Technology (Proprietary) Limited filed Critical Prosense Technology (Proprietary) Limited
Publication of WO2014167487A2 publication Critical patent/WO2014167487A2/en
Publication of WO2014167487A3 publication Critical patent/WO2014167487A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Abstract

A method of authenticating the completion of a task includes receiving data including contextual data, user identification data and task completion data including information about a task that has been completed. A memory is accessed and retrieving previously stored contextual data and user identification data and the received contextual data and user identification data is stored with the previously stored contextual data and user identification data for future authenticating that the task described in the task completion data has been complete if required.

Description

A TASK COMPLETION AUTHENTICATION SYSTEM AND METHOD

BACKGROUND OF THE INVENTION

This patent application relates to a system and method of authenticating the completion of a task.

When users are allowed to use any device and/or platform application to update and execute tasks, it becomes increasingly important to the business process requesting the execution of the task to ensure that the intended task operator is indeed the one who executed or operated on the task. Since devices can be lost, stolen, misused and fraudulently accessed, a mechanism is required for authenticating the completion of the task including the user at the point where the task is released with an update or outcome back to the task issuer.

This patent application addresses these issues. SUMMARY OF THE INVENTION

According to a first aspect of the invention there is provided a method of authenticating the completion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.

The contextual data may include one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it,

The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a onetime-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.

According to a second aspect of the invention there is provided a system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 shows a schematic drawing of a system in accordance with an example embodiment;

Figure 2 shows a schematic drawing of the task proxy of Figure 1 in greater detail;

Figure 3 shows a flow diagram of a method in accordance with an example embodiment; and

Figure 4 shows a schematic structure of a data file stored in a memory.

DESCRIPTION OF PREFERRED EMBODIMENTS in the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of an embodiment of the present disclosure. It will be evident, however, to one skilled in the art that the present disclosure may be practiced without these specific details. Referring to the accompanying Figures an example system for authenticating the completion of a task is generally indicated by reference numeral 10.

The task to be completed will typically be sent to an electronic device 12 of a person to complete the task.

It will be appreciated that in Figure 1 there is illustrated a single user with three electronic devices 12, however, the system is able to cater for any number of users each having one or more devices 12. in any event, the devices 12 are electronic data communication devices such as a computer 12a, tablet 12b and mobile telephone 12c to name but a few examples.

There are many ways in which the task could be created and transmitted to the electronic device 12 and the methodology of the present invention could work with all of these. in one example embodiment, the task is created and transmitted to the device 12.

The user who will complete the task does so and then uploads data using the electronic device 12 by means of which the completion of the task by the correct individual can be authenticated.

In order to accomplish this, the system includes an authentication processor 14.

Associated with the authentication processor 14 is a communications module 16 for receiving data including contextual data, user identification data and task completion data including information about a task that has been complete. ln this regard, "module" in the context of the specification wiii be understood to include an identifiable portion of code, computational or executable instructions, data, or computational object to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into one device but may be spread across a plurality of devices. in one example embodiment the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion.

This information is captured by one or more executable applications running on the device that access existing device hardware and software, such as a GPS module, to obtain this information.

The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a video recording, a voice recording and an iris scan from a person that completed the task or taking a photo and/or voice recording of the subject in question using the device. This type of data is biometric type data used to identify the user.

This information is also captured by one or more executable applications running on the device that accesses existing device hardware and software. For example, many smart phones include a fingerprint sensor and the user's fingerprint can be read at the time of task completion. In another example, almost ail mobile phones and tablets include a camera and the user can take an appropriate photograph at the time of task completion.

Alternatively or in addition, the user identification could be performed by requesting a username/password or any other credential from the user, sending the subject a One Time Pin challenge response, requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user. it will be appreciated that other forms of contextual data and user identification data may be used.

The authentication processor 14 stores the received contextual data and user identification data with the previously stored contextual data and user identification data in the memory 18 for use at a later date if authenticating is required at the later date that the task described in the task completion data has been complete.

Since the device 12 may have different capabilities for authenticating users, in one example embodiment, authentications are classified and grouped according to levels. Interactions that require ievei 3 authentication for example may use any of the level 3 grouped authentication mechanisms that are available to the specific device/platform application.

This means that if a level 3 authentication is required on one kind of tablet this could mean taking the biometrics of a handwritten signature. On another tablet device this mechanism may be unavailable and an acceptable level 3 authentication replacement would be to take a photograph of the user in combination with their GPS position. Thus if level 3 authentication is required the devices pick from their available level 3 authentication mechanisms then enforce those.

It will be appreciated that using the method described above, the task authentication history can be read back by a forensic investigator for auditing purposes and it can be proved that they have not been altered in any way.

Referring to Figure 4, a schematic of the stored data is shown. The stored data, which for convenience can be referred to as a task container, is composed of the task information data, device contextual data and user authentication data. Thus the task container also contains the context and information of the human task as it is not sufficient to rely on a link between the human task and the task unit alone. The task container must be able to represent the entire task context, data, outcome and authentication token as a single unit that may not be unpicked or separated.

This ensures the validity of the task container to the process and is sufficient proof of the identity of the user who invoked or executed an action upon a specific task. Such containers may be (but are not limited to) a PDF document for example. The container may also take the form of a proprietary machine readable object or document or any other secure non- divisible container of information.

In one example, this is achieved by the authentication processor aigorithmically "signing" information as in PKI certificate signing. The authentication token, data and context data is combined into a file. Next a checksum of the file is calculated and hashed using SHA-2 and a certificate that is then attached to the signed package.

The data that composes the container must not be transmitted or stored separately requiring a processor to compile the container and secure it in one action on the device/platform application at the time of authentication.

Thus it will be appreciated that by tying together the task information, user information and device information in one indivisible unit, this provides all of the necessary components to allow a task to be authenticated at a later date.

Claims

CLAI S:
1. A method of authenticating the compietion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task compietion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
2. The method of claim 1 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
3. The method of claim 1 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
4. A method according to claim 1 wherein the contextual data, user identification data and task completion data is stored in the memory in a combined data file or task container.
5. A method according to claim 4 wherein the combined data file is signed by attaching a data certificate and digital checksum to the combined file.
6. A system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
7. The system of claim 6 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
8. The system of claim 6 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
9. A system according to claim 6 wherein the contextual data, user identification data and task completion data are secured and stored in the memory in a combined data file.
10. A system according to claim 9 wherein the authentication processor signs the combined data file by attaching a data certificate and digital checksum to the combined file.
PCT/IB2014/060514 2013-04-08 2014-04-08 A task completion authentication system and method WO2014167487A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
ZA201302509 2013-04-08
ZA2013/02509 2013-04-08

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
ZA2015/07793A ZA201507793B (en) 2013-04-08 2015-10-19 A task completion authentication system and method

Publications (2)

Publication Number Publication Date
WO2014167487A2 true WO2014167487A2 (en) 2014-10-16
WO2014167487A3 WO2014167487A3 (en) 2015-12-03

Family

ID=51690080

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2014/060514 WO2014167487A2 (en) 2013-04-08 2014-04-08 A task completion authentication system and method

Country Status (2)

Country Link
WO (1) WO2014167487A2 (en)
ZA (1) ZA201507793B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060085245A1 (en) * 2004-10-19 2006-04-20 Filenet Corporation Team collaboration system with business process management and records management
US8495244B2 (en) * 2005-06-29 2013-07-23 Jumpstart Wireless Corporation System and method for dynamic automatic communication path selection, distributed device synchronization and task delegation
US8693993B2 (en) * 2008-12-24 2014-04-08 Microsoft Corporation Personalized cloud of mobile tasks

Also Published As

Publication number Publication date
ZA201507793B (en) 2016-09-28
WO2014167487A3 (en) 2015-12-03

Similar Documents

Publication Publication Date Title
US8244211B2 (en) Mobile electronic security apparatus and method
US20070118891A1 (en) Universal authentication token
US20110113245A1 (en) One time pin generation
US20140020073A1 (en) Methods and systems for using derived credentials to authenticate a device across multiple platforms
US20140282945A1 (en) Technologies for secure storage and use of biometric authentication information
US20060112279A1 (en) Method and system for biometric identification and authentication having an exception mode
US20140101453A1 (en) Real identity authentication
US20130291056A1 (en) Quorum-based secure authentication
US20130160100A1 (en) Methods and systems for increasing the security of network-based transactions
US20140189350A1 (en) System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices
US20100134248A1 (en) Simplified biometric character sequence entry
US20090070860A1 (en) Authentication server, client terminal for authentication, biometrics authentication system, biometrics authentication method, and program for biometrics authentication
US20140139318A1 (en) Mapping Biometrics To A Unique Key
CN102567686A (en) Security authentication method of application software of mobile terminal based on human body stable characteristics
US20140109200A1 (en) Biometric identification for mobile applications
US20140189779A1 (en) Query system and method to determine authenticatin capabilities
WO2012120253A1 (en) Method and apparatus for transferring data
US20140189360A1 (en) System and method for implementing transaction signing within an authentication framework
US20110239281A1 (en) Method and apparatus for authentication of services
US20140093144A1 (en) More-Secure Hardware Token
US20160180068A1 (en) Technologies for login pattern based multi-factor authentication
US20130239205A1 (en) Method and apparatus for identifying and associating devices using visual recognition
US9301140B1 (en) Behavioral authentication system using a secure element, a behaviometric server and cryptographic servers to authenticate users
US20150358317A1 (en) Behavioral Authentication System using a biometric fingerprint sensor and User Behavior for Authentication
Siddiqui et al. Smart environment as a service: three factor cloud based user authentication for telecare medical information system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14782636

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/03/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14782636

Country of ref document: EP

Kind code of ref document: A2