WO2014167487A2 - A task completion authentication system and method - Google Patents

A task completion authentication system and method Download PDF

Info

Publication number
WO2014167487A2
WO2014167487A2 PCT/IB2014/060514 IB2014060514W WO2014167487A2 WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2 IB 2014060514 W IB2014060514 W IB 2014060514W WO 2014167487 A2 WO2014167487 A2 WO 2014167487A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
task
user identification
electronic device
task completion
Prior art date
Application number
PCT/IB2014/060514
Other languages
French (fr)
Other versions
WO2014167487A3 (en
Inventor
Andrew Keneth Anthony PAPASTEFANOU
Original Assignee
Prosense Technology (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Prosense Technology (Proprietary) Limited filed Critical Prosense Technology (Proprietary) Limited
Publication of WO2014167487A2 publication Critical patent/WO2014167487A2/en
Priority to ZA2015/07793A priority Critical patent/ZA201507793B/en
Publication of WO2014167487A3 publication Critical patent/WO2014167487A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • This patent application relates to a system and method of authenticating the completion of a task.
  • a method of authenticating the completion of a task comprising: receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
  • the contextual data may include one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it,
  • the user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a onetime-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
  • a system for managing tasks comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
  • Figure 1 shows a schematic drawing of a system in accordance with an example embodiment
  • Figure 2 shows a schematic drawing of the task proxy of Figure 1 in greater detail
  • Figure 3 shows a flow diagram of a method in accordance with an example embodiment
  • Figure 4 shows a schematic structure of a data file stored in a memory.
  • the task to be completed will typically be sent to an electronic device 12 of a person to complete the task.
  • the devices 12 are electronic data communication devices such as a computer 12a, tablet 12b and mobile telephone 12c to name but a few examples.
  • the task could be created and transmitted to the electronic device 12 and the methodology of the present invention could work with all of these.
  • the task is created and transmitted to the device 12.
  • the user who will complete the task does so and then uploads data using the electronic device 12 by means of which the completion of the task by the correct individual can be authenticated.
  • the system includes an authentication processor 14.
  • a communications module 16 for receiving data including contextual data, user identification data and task completion data including information about a task that has been complete.
  • module in the context of the specification wiii be understood to include an identifiable portion of code, computational or executable instructions, data, or computational object to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into one device but may be spread across a plurality of devices.
  • the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion.
  • This information is captured by one or more executable applications running on the device that access existing device hardware and software, such as a GPS module, to obtain this information.
  • the user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a video recording, a voice recording and an iris scan from a person that completed the task or taking a photo and/or voice recording of the subject in question using the device.
  • This type of data is biometric type data used to identify the user.
  • This information is also captured by one or more executable applications running on the device that accesses existing device hardware and software.
  • many smart phones include a fingerprint sensor and the user's fingerprint can be read at the time of task completion.
  • almost ail mobile phones and tablets include a camera and the user can take an appropriate photograph at the time of task completion.
  • the user identification could be performed by requesting a username/password or any other credential from the user, sending the subject a One Time Pin challenge response, requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user.
  • a username/password or any other credential from the user
  • sending the subject a One Time Pin challenge response requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user.
  • the authentication processor 14 stores the received contextual data and user identification data with the previously stored contextual data and user identification data in the memory 18 for use at a later date if authenticating is required at the later date that the task described in the task completion data has been complete.
  • authentications are classified and grouped according to levels. Interactions that require ievei 3 authentication for example may use any of the level 3 grouped authentication mechanisms that are available to the specific device/platform application.
  • the task authentication history can be read back by a forensic investigator for auditing purposes and it can be proved that they have not been altered in any way.
  • the stored data which for convenience can be referred to as a task container, is composed of the task information data, device contextual data and user authentication data.
  • the task container also contains the context and information of the human task as it is not sufficient to rely on a link between the human task and the task unit alone.
  • the task container must be able to represent the entire task context, data, outcome and authentication token as a single unit that may not be unpicked or separated.
  • Such containers may be (but are not limited to) a PDF document for example.
  • the container may also take the form of a proprietary machine readable object or document or any other secure non- divisible container of information.
  • this is achieved by the authentication processor aigorithmically "signing" information as in PKI certificate signing.
  • the authentication token, data and context data is combined into a file.
  • a checksum of the file is calculated and hashed using SHA-2 and a certificate that is then attached to the signed package.
  • the data that composes the container must not be transmitted or stored separately requiring a processor to compile the container and secure it in one action on the device/platform application at the time of authentication.

Abstract

A method of authenticating the completion of a task includes receiving data including contextual data, user identification data and task completion data including information about a task that has been completed. A memory is accessed and retrieving previously stored contextual data and user identification data and the received contextual data and user identification data is stored with the previously stored contextual data and user identification data for future authenticating that the task described in the task completion data has been complete if required.

Description

A TASK COMPLETION AUTHENTICATION SYSTEM AND METHOD
BACKGROUND OF THE INVENTION
This patent application relates to a system and method of authenticating the completion of a task.
When users are allowed to use any device and/or platform application to update and execute tasks, it becomes increasingly important to the business process requesting the execution of the task to ensure that the intended task operator is indeed the one who executed or operated on the task. Since devices can be lost, stolen, misused and fraudulently accessed, a mechanism is required for authenticating the completion of the task including the user at the point where the task is released with an update or outcome back to the task issuer.
This patent application addresses these issues. SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of authenticating the completion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
The contextual data may include one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it,
The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a onetime-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
According to a second aspect of the invention there is provided a system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a schematic drawing of a system in accordance with an example embodiment;
Figure 2 shows a schematic drawing of the task proxy of Figure 1 in greater detail;
Figure 3 shows a flow diagram of a method in accordance with an example embodiment; and
Figure 4 shows a schematic structure of a data file stored in a memory.
DESCRIPTION OF PREFERRED EMBODIMENTS in the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of an embodiment of the present disclosure. It will be evident, however, to one skilled in the art that the present disclosure may be practiced without these specific details. Referring to the accompanying Figures an example system for authenticating the completion of a task is generally indicated by reference numeral 10.
The task to be completed will typically be sent to an electronic device 12 of a person to complete the task.
It will be appreciated that in Figure 1 there is illustrated a single user with three electronic devices 12, however, the system is able to cater for any number of users each having one or more devices 12. in any event, the devices 12 are electronic data communication devices such as a computer 12a, tablet 12b and mobile telephone 12c to name but a few examples.
There are many ways in which the task could be created and transmitted to the electronic device 12 and the methodology of the present invention could work with all of these. in one example embodiment, the task is created and transmitted to the device 12.
The user who will complete the task does so and then uploads data using the electronic device 12 by means of which the completion of the task by the correct individual can be authenticated.
In order to accomplish this, the system includes an authentication processor 14.
Associated with the authentication processor 14 is a communications module 16 for receiving data including contextual data, user identification data and task completion data including information about a task that has been complete. ln this regard, "module" in the context of the specification wiii be understood to include an identifiable portion of code, computational or executable instructions, data, or computational object to achieve a particular function, operation, processing, or procedure. It follows that a module need not be implemented in software; a module may be implemented in software, hardware, or a combination of software and hardware. Further, the modules need not necessarily be consolidated into one device but may be spread across a plurality of devices. in one example embodiment the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion.
This information is captured by one or more executable applications running on the device that access existing device hardware and software, such as a GPS module, to obtain this information.
The user identification data may include one or more of a fingerprint, an electronic signature, a palm print, a photograph, a video recording, a voice recording and an iris scan from a person that completed the task or taking a photo and/or voice recording of the subject in question using the device. This type of data is biometric type data used to identify the user.
This information is also captured by one or more executable applications running on the device that accesses existing device hardware and software. For example, many smart phones include a fingerprint sensor and the user's fingerprint can be read at the time of task completion. In another example, almost ail mobile phones and tablets include a camera and the user can take an appropriate photograph at the time of task completion.
Alternatively or in addition, the user identification could be performed by requesting a username/password or any other credential from the user, sending the subject a One Time Pin challenge response, requesting a certificate or token of the subject or any other authentication mechanism not mentioned that can be used to identify the user. it will be appreciated that other forms of contextual data and user identification data may be used.
The authentication processor 14 stores the received contextual data and user identification data with the previously stored contextual data and user identification data in the memory 18 for use at a later date if authenticating is required at the later date that the task described in the task completion data has been complete.
Since the device 12 may have different capabilities for authenticating users, in one example embodiment, authentications are classified and grouped according to levels. Interactions that require ievei 3 authentication for example may use any of the level 3 grouped authentication mechanisms that are available to the specific device/platform application.
This means that if a level 3 authentication is required on one kind of tablet this could mean taking the biometrics of a handwritten signature. On another tablet device this mechanism may be unavailable and an acceptable level 3 authentication replacement would be to take a photograph of the user in combination with their GPS position. Thus if level 3 authentication is required the devices pick from their available level 3 authentication mechanisms then enforce those.
It will be appreciated that using the method described above, the task authentication history can be read back by a forensic investigator for auditing purposes and it can be proved that they have not been altered in any way.
Referring to Figure 4, a schematic of the stored data is shown. The stored data, which for convenience can be referred to as a task container, is composed of the task information data, device contextual data and user authentication data. Thus the task container also contains the context and information of the human task as it is not sufficient to rely on a link between the human task and the task unit alone. The task container must be able to represent the entire task context, data, outcome and authentication token as a single unit that may not be unpicked or separated.
This ensures the validity of the task container to the process and is sufficient proof of the identity of the user who invoked or executed an action upon a specific task. Such containers may be (but are not limited to) a PDF document for example. The container may also take the form of a proprietary machine readable object or document or any other secure non- divisible container of information.
In one example, this is achieved by the authentication processor aigorithmically "signing" information as in PKI certificate signing. The authentication token, data and context data is combined into a file. Next a checksum of the file is calculated and hashed using SHA-2 and a certificate that is then attached to the signed package.
The data that composes the container must not be transmitted or stored separately requiring a processor to compile the container and secure it in one action on the device/platform application at the time of authentication.
Thus it will be appreciated that by tying together the task information, user information and device information in one indivisible unit, this provides all of the necessary components to allow a task to be authenticated at a later date.

Claims

CLAI S:
1. A method of authenticating the compietion of a task, the method comprising: receiving data from a device, the data including contextual data, user identification data and task compietion data including information about a task that has been completed; accessing a memory; and storing in the memory the received contextual data, user identification data and task completion data for future authenticating that the task described in the task completion data has been complete if required.
2. The method of claim 1 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
3. The method of claim 1 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
4. A method according to claim 1 wherein the contextual data, user identification data and task completion data is stored in the memory in a combined data file or task container.
5. A method according to claim 4 wherein the combined data file is signed by attaching a data certificate and digital checksum to the combined file.
6. A system for managing tasks, the system comprising: a communications module for receiving data from a device, the data including contextual data, user identification data and task completion data including information about a task that has been completed; a memory; and an authentication processor for accessing the memory and storing the received contextual data and user identification data with the task completion data for future authenticating that the task described in the task completion data has been complete if required.
7. The system of claim 6 wherein the contextual data includes one or more of an identification of an electronic device used to complete the task, the location of the electronic device at the time of the task completion, and the date and time from the electronic device at the time of the task completion or any available information on the electronic device that may be used to uniquely identify it.
8. The system of claim 6 wherein the user identification data includes one or more of a fingerprint, an electronic signature, a palm print, a photograph, a voice recording, a one-time-pin and an iris scan or any biometric information that may be obtained from a person that completed the task.
9. A system according to claim 6 wherein the contextual data, user identification data and task completion data are secured and stored in the memory in a combined data file.
10. A system according to claim 9 wherein the authentication processor signs the combined data file by attaching a data certificate and digital checksum to the combined file.
PCT/IB2014/060514 2013-04-08 2014-04-08 A task completion authentication system and method WO2014167487A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
ZA2015/07793A ZA201507793B (en) 2013-04-08 2015-10-19 A task completion authentication system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2013/02509 2013-04-08
ZA201302509 2013-04-08

Publications (2)

Publication Number Publication Date
WO2014167487A2 true WO2014167487A2 (en) 2014-10-16
WO2014167487A3 WO2014167487A3 (en) 2015-12-03

Family

ID=51690080

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2014/060514 WO2014167487A2 (en) 2013-04-08 2014-04-08 A task completion authentication system and method

Country Status (2)

Country Link
WO (1) WO2014167487A2 (en)
ZA (1) ZA201507793B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060085245A1 (en) * 2004-10-19 2006-04-20 Filenet Corporation Team collaboration system with business process management and records management
US8495244B2 (en) * 2005-06-29 2013-07-23 Jumpstart Wireless Corporation System and method for dynamic automatic communication path selection, distributed device synchronization and task delegation
US8693993B2 (en) * 2008-12-24 2014-04-08 Microsoft Corporation Personalized cloud of mobile tasks

Also Published As

Publication number Publication date
WO2014167487A3 (en) 2015-12-03
ZA201507793B (en) 2016-09-28

Similar Documents

Publication Publication Date Title
US9531710B2 (en) Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication
US11270306B2 (en) Asset management method and apparatus, and electronic device
KR102596783B1 (en) Authentication methods, devices and servers for identity information
US20210286870A1 (en) Step-Up Authentication
US10440019B2 (en) Method, computer program, and system for identifying multiple users based on their behavior
US10205711B2 (en) Multi-user strong authentication token
KR102132507B1 (en) Resource management based on biometric data
US20160371438A1 (en) System and method for biometric-based authentication of a user for a secure event carried out via a portable electronic device
TWI612792B (en) Account login method and device
US9301140B1 (en) Behavioral authentication system using a secure element, a behaviometric server and cryptographic servers to authenticate users
CN101051908B (en) Dynamic cipher certifying system and method
JP6401784B2 (en) Payment authentication system, method and apparatus
US9165130B2 (en) Mapping biometrics to a unique key
US20140095870A1 (en) Device, method, and system for controlling access to web objects of a webpage or web-browser application
CN108964925B (en) File authentication equipment method, device, equipment and readable medium
US10938814B2 (en) Unified authentication software development kit
CN108964921A (en) Verification System, authentication method and service server
JP7151928B2 (en) AUTHENTICATION SERVER, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM
WO2020031429A1 (en) Terminal device, authentication server, control method for terminal device, authentication method, and program
KR102010764B1 (en) Computer security system and method using authentication function in smart phone
US11936649B2 (en) Multi-factor authentication
Sanchez-Reillo et al. Strengths, weaknesses and recommendations in implementing biometrics in mobile devices
WO2014167487A2 (en) A task completion authentication system and method
WO2023100362A1 (en) Authentication device, system, method, and program
US20240104223A1 (en) Portable verification context

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14782636

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/03/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14782636

Country of ref document: EP

Kind code of ref document: A2