WO2017143193A1 - Authentification à base de jetons vestimentaires pour des dispositifs tactiles - Google Patents

Authentification à base de jetons vestimentaires pour des dispositifs tactiles Download PDF

Info

Publication number
WO2017143193A1
WO2017143193A1 PCT/US2017/018374 US2017018374W WO2017143193A1 WO 2017143193 A1 WO2017143193 A1 WO 2017143193A1 US 2017018374 W US2017018374 W US 2017018374W WO 2017143193 A1 WO2017143193 A1 WO 2017143193A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
capacitive
touchscreen
wearable
authentication
Prior art date
Application number
PCT/US2017/018374
Other languages
English (en)
Inventor
Tam Vu
Phuc Nguyen
Original Assignee
The Regents Of The University Of Colorado, A Body Corporate
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Regents Of The University Of Colorado, A Body Corporate filed Critical The Regents Of The University Of Colorado, A Body Corporate
Publication of WO2017143193A1 publication Critical patent/WO2017143193A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/407Bus networks with decentralised control
    • H04L12/417Bus networks with decentralised control with deterministic access, e.g. token passing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • AHUMAN NECESSITIES
    • A44HABERDASHERY; JEWELLERY
    • A44CPERSONAL ADORNMENTS, e.g. JEWELLERY; COINS
    • A44C9/00Finger-rings
    • A44C9/0053Finger-rings having special functions

Definitions

  • the subject of this disclosure may relate generally to wearable token-based authentication systems, methods and devices.
  • wearable token-based user authentication for touch-enabled devices.
  • Some conventional approaches to proving possession of a security token include swiping a magnetic stripe card, bringing an RFID (radio frequency identification) or NFC (near-field communication) device in proximity of a reader, manually entering a one-time password (OTP) provided and/or generated by the token, etc.
  • OTP one-time password
  • Some such approaches e.g., manual OTP entry, card swiping, etc.
  • Other such approaches e.g., RFID, NFC, etc.
  • a token for performing multi-factor authentication with a device having a capacitive touchscreen.
  • the token comprises: a capacitive transmitter to capacitively communicate a token-based second credential to a touchscreen in conjunction with the entering of a first known factor.
  • the token facilitates single step, multi-factor authentication by the capacitive transmitter passing, from the token to the touchscreen, the token identifier while the user inputs the password.
  • the token further comprises an optical receiver to optically receive optical communications from the capacitive touchscreen enabling two-way communication between a wearable token and the capacitive touchscreen, and enabling challenge-response authentication.
  • the token is a wearable token.
  • a method for two-way communication between a token and a capacitive touchscreen comprises: transmitting a token identifier associated with the token capacitively from the token to the capacitive touchscreen; and receiving optical feedback information by the token from the capacitive touchscreen.
  • a token comprises: a capacitive transmitter to capacitively communicate with a capacitive touchscreen; and an optical receiver to optically receive communications from the capacitive touchscreen.
  • Figure 1 illustrates an example ring-shaped token being used to authenticate the wearer via a touchscreen device
  • Figure 2 illustrates an example token being used to enter a password on a touchscreen device while also providing a token identifier
  • Figure 3 illustrates an example embodiment of a token for implementing visual- assisted capacitive communication
  • Figure 4 illustrates an overview of an example one-step two factor authentication protocol
  • Figure 5 illustrates an overview of example visual-assisted capacitive communication in context of illustrative logical components inside a hardware token and touchscreen.
  • some embodiments include an authentication token that is designed to securely communicate identity, is easy to carry, and is highly energy-efficient.
  • Some embodiments of the invention are implemented in a form factor that is conveniently wearable, such as a ring. Such a form factor helps ensure that the token remains on the user's person substantially at all times and is difficult to lose, steal, etc.
  • implementing such a form factor can give rise to certain technical challenges, which implementations described herein seek to overcome.
  • One such challenge is that it can be desirable for the token to freely communicate with a wide variety of touch-enabled electronic devices, including mobile devices (e.g., smart phones, tablets, touchscreen computers), Internet of Things appliances, ATMs, car screens, etc.
  • some embodiments described herein include novel types of communication channels and/or communications protocols that facilitate the token securely proving its presence in a manner that consumes very little energy.
  • Embodiments described herein include a wearable, low-energy security token (e.g., a ring) for authentication with touch-screen devices such as phones, tablets, watches, cars, etc.
  • authentication of a user involves the user touching the token to a touchscreen, which can trigger an authentication protocol.
  • FIG. 1 shows a ring-shaped token being used to authenticate the wearer via a touchscreen device.
  • the ring token can support two-way communications (e.g., full-duplex) by capacitively communicating to the touchscreen, and optically receiving communications from the touchscreen.
  • an uplink can be provided from the token to the device by modulating capacitance through a capacitor switching technique.
  • a downlink can be provided by using a visible light communication (VLC) link from the screen pixels to an optical detector on the token.
  • VLC visible light communication
  • the downlink can facilitate identifying the device and providing feedback, which can be used to adjust transmission parameters, improve robustness in the authentication process, etc.
  • Some embodiments use such a token for multi-factor (e.g., two-factor) authentication.
  • the user can enter information with the token (e.g., enter a passcode, draw a partem, etc.) during the token-based authentication.
  • VCC visual-assisted capacitive communication
  • VLC visible light communication
  • the token can communicate a unique ID to the device when in contact with the device's touchscreen through capacitive communication, and can use a VLC link from the screen pixels to an optical receiver on the ring for feedback.
  • the token can use the feedback information to adjust its communication parameters. Such adjustment can minimize errors in the authentication process, minimize re-transmissions, and provide other features, which can improve energy efficiency.
  • implementations described herein further support a reasonably high data rate.
  • Some prior related approaches e.g., an approach referred to as capacitive touch communication (CTC)
  • CTC capacitive touch communication
  • approaches described herein can achieve high authentication accuracy with a low energy budget and a reasonably high data-rate capacity on the communication channel.
  • a higher data rate can be particularly useful in scenarios where a larger minimum ID length is desired. For example, for frequent access scenarios (e.g., phone unlocking), a short ID may suffice; but for less frequent access scenarios (e.g., ATM access), a longer ID may be required to ensure higher security.
  • a higher data rate can help ensure that the response time or latency for typical ID lengths remains within user acceptance limits.
  • Various implementations can communicate authentication credentials via the token in different ways.
  • touching the token to the touchscreen can cause the token to capacitively communicate a token identifier (i.e., a user credential) to the device via the touchscreen.
  • the token identifier is not transmitted from the token until another action is detected.
  • the token can wait for a visual cue from the touchscreen (e.g., a particular shape, pattem, color, etc.) prior to communicating the token identifier.
  • the visual cue can be communicated in response, for example, to another type of authentication (e.g., a manually entered personal identification number (PIN), a biometric, login to an application, etc.).
  • PIN personal identification number
  • the token identifier can be transmitted in chunks, along with other triggers.
  • FIG. 2 illustrates such an implementation.
  • a user wearing a ring token keys in a PIN, "0315.”
  • a corresponding chunk of the token identifier (“1101101010110010"
  • visual feedback from the touchscreen triggers the token to transmit a first chunk of the token identifier (" 1101").
  • Remaining chunks of the token identifier can be transmitted in response to visual cues generated after each other digit of the PIN is keyed in using the token.
  • accurately keying in the PIN or tracing out a path, etc.
  • the token can optically receive the cue and capacitively transmit the token identifier in response thereto.
  • a token-based approach as described herein can permit single-step, multi -factor authentication.
  • a wearable ring-like token can communicate identity information, such as a unique token ID or a code generated by the token (i.e., a first authentication factor), to a device's touchscreen; while the user inputs a second authentication factor, such as a password or a swipe partem on the touchscreen.
  • the device can authenticate the user upon successful verification and validation of the token ID and the second factor (e.g., concurrently).
  • the token ID can already have been communicated and recovered by the touchscreen device. Because the device is informed of both authentication factors at substantially the same time, two-factor authentication can be realized through a single step. This can help make the authentication process more convenient and faster, while maintaining the benefits of multi-factor security.
  • VCC visual-assisted capacitive communication
  • a novel communication technique that includes a novel capacitive communication technique with a visual feedback channel.
  • the capacitive communication channel allows a wearable token to communicate with the touch-enabled device, while the visual channel provides a medium for the device to communicate back to the token.
  • the visual channel can be used as a feedback channel that assists in improving the communication performance of the capacitive communication.
  • FIG. 3 shows an illustrative embodiments of a ring-shaped token for implementing VCC.
  • the token includes an outer conductive layer and an inner insulative layer. When worn by a user, the insulative layer is effectively sandwiched as a dielectric layer between the skin of the user and the conductive surface, thereby forming a capacitor.
  • An electrical switch can be coupled across the capacitor and controlled by a microcontroller.
  • the microcontroller can have one or more codes (e.g., n-bit binary codes) stored thereon (or in communication therewith), and the "capacitor" of the token can be switched according to the code(s) to generate a modulated capacitance signal.
  • the modulated capacitance signal can be used as a transmission (e.g., uplink) signal to a capacitive touchscreen device.
  • the token can also include an optical detector (e.g., one or more photodiodes, charge coupled devices, etc.) for receiving optical feedback from the touchscreen device.
  • the screen pixels can be used to communicate via color, brightness, pattern, optical modulation, and/or in any other suitable manner.
  • Some implementations of the token also include a mechanical switch to actuate the other functions of the token. For example, when the ring is pressed against the touchscreen, the mechanical switch can be depressed, which can initiate an authentication protocol using the VCC communications.
  • communications from the token to the touchscreen can be capacitive.
  • capacitive communication can effectively turn any capacitive touchscreen into a communication medium through which a hardware token can transmit a data sequence to the device.
  • the hardware token can stimulate the touchscreen to generate a series of touchscreen events (e.g., repetitive and irregular touch events in a certain pattern).
  • the pattern can be controlled and modulated by the token, so that it carries the data sequence to be transmitted, which is then decoded and received by the touch-enabled device.
  • the particular types of CC described herein can increase data transmission rates by up to lOx over many traditional approaches (i.e., more than 40 bits per second).
  • CC cardiovascular disease
  • CC link Some implementations of the CC link are essentially unidirectional, where the token is the transmitter and the touchscreen is the receiver.
  • an optical channel can be added to enable bi-directional communication.
  • two-way communications can facilitate challenge-response authentication, whereby a "response" from the authenticating device is part of the authentication.
  • VCC novel visual-assisted capacitive communication
  • VLC visible light communication
  • Implementations can use a visual communication channel as a feedback link to acknowledge and communicate screen specific parameters to the token.
  • Such feedback can be used in many ways, including, for example, to assist in improving capacitive communication quality.
  • information in the form of bits can be communicated from the screen by modulating the ON and OFF state of a rectangular block of screen pixels at high frequency (e.g., imperceptible to the eye), which can be received by a photodetector receiver on the token.
  • the optical signal on the receiver With the token in extreme close proximity to the visual transmitter (e.g., with the ring touching the screen), the optical signal on the receiver can be a relatively low-noise signal, which can permit a simple, easily integrated receiver design.
  • some implementations use an off-the-shelf photodetector (that detects visible light wavelengths), without any filtering and/or amplification components.
  • the received optical signal can be decode by the microcontroller and/or any other suitable component of the token.
  • the visual channel allows the touch-enabled device to communicate screen parameters and received signal quality metrics back to the token. For example, upon receipt of the signal through capacitive communication, the device can relay back to the token the number of touch-events registered on the device, and the refresh (clock) frequency of the screen, and/or any other suitable information.
  • the feedback information can be used to adapt transmission parameters on the token, to help validate the token identifier(s) based on acknowledgment via the screen, etc.
  • the visual feedback design can effectively provide an additional dimension for authentication information verification.
  • the feedback link can also help achieve virtual synchronization between the screen and ring, which can facilitate appreciably higher data-rate capacity in VCC as compared to traditional CC approaches.
  • Some embodiments include a novel protocol for one-step two-factor authentication (2FA).
  • a threat model is envisioned.
  • the information from a lost or compromised device may be used to authenticate to another device.
  • the signal from the wearable device is captured (or sniffed), it may be used to authenticate to devices (a "replay" attack).
  • the device may be authenticated by an unauthorized individual.
  • the one-step 2FA protocol described herein can address such a threat model.
  • the authentication protocol can involve only a single step of data entry from the user (e.g., password/PIN), while requests for transmissions, transaction of a token identifier, and the acknowledgements can happen in the background through VCC. Accordingly, the second authentication factor can effectively be realized in a manner that is transparent to the user and concurrent with the first authentication factor.
  • FIG. 4 shows an overview of an embodiment of the one-step 2FA protocol.
  • the authentication token can first send its ID and an authentication request to the mobile device via a CC channel.
  • the mobile device can use the visual channel to send back its device ID and/or a set of parameters and specifications of the screen.
  • the first piece of information, the device ID can help the token to decide which password to send for authentication (e.g., where the token has multiple stored codes for different devices, applications, etc.).
  • the second piece of information, the screen specifications can help the token to decide on the key parameters of the CC channel.
  • An example of the screen parameter can be the maximum touch detection rate of the screen (i.e., a maximum number of touch events the screen can recognize per second).
  • This parameter can allow the token to adapt its transmission rate to optimize for the CC channel.
  • the token can compute a one-time password (e.g., specifically) for that mobile device (or application, etc.), based on the device's ID and/or other parameters.
  • the one-time password can be sent to the mobile device for authentication using the CC channel.
  • the result of the authentication can be returned to the token by the mobile device via the visual channel.
  • the authentication protocol includes a preset procedure where the token and the device agree (the two devices will be registered to a secure server) on a hash function that both will be using during the validation process of the two IDs; the token ID and password/PIN.
  • the validation can be performed at both devices, and different pairs of token-device can use different hash functions. For example, if a device is compromised or lost to an adversary, the information on that device may not be usable to authenticate on other devices.
  • FIG. 5 shows an overview of visual-assisted capacitive communication (VCC) in context of illustrative logical components inside a hardware token and touchscreen.
  • VCC visual-assisted capacitive communication
  • One aspect of VCC is capacitive communication, which effectively transmits to capacitive touchscreens by "spoofing" the screen's touch detection algorithm to generate a of sequence touch and no-touch events.
  • the capacitive communication of VCC uses capacitive modulation to generate a capacitive transmission signal that stimulates touchscreen events.
  • Capacitive touchscreens typically include an array of conducting electrodes behind a transparent, insulating glass layer, which can detect a touch by measuring additional capacitance of a human body through a touch point.
  • the finger acts as the second electrode in a capacitor; the internal electrode, the finger, and a glass layer in between constitute the virtually modified capacitor.
  • This new capacitor and the user's body (that has a certain capacitance) is connected to the electrode circuit that is detected by a voltage integration circuitry inside the screen.
  • the change in voltage measured at one or more screen electrodes is then passed to the screen controller for processing to conclude the presence or absence of human finger.
  • detected touch events are each represented by a 6-tuple structure, including touch event timestamps, touch event screen coordinates, transmitted ID, touch size, touch amplitude, and type of touch.
  • the timestamp information of these series of events can be used to reconstruct originally transmitted data.
  • a transmitter can send an unsynchronized low- frequency signal at relatively high voltage, and the signal can charge and discharge the screen capacitor based on the pulse patterns embedded on the signal.
  • the wearable device can affect the internal voltage measurement process by injecting a high-voltage signal through the screen, thereby creating artificial touch events.
  • This technique of generating touch events is based on high-voltage injection into the screen, referred to herein as "voltage- injection CC.”
  • Voltage-injection CC can be limited in various ways. Because the technique to generate touch events in voltage-injection CC can only indirectly affect the capacitance measurement of the screen (i.e., not the capacitance itself), it can be highly inefficient and ineffective in many contexts.
  • the generated event sequence might not follow the transmitted bit sequence partem, making it, in many cases, hard to detect the signals and reconstruct the original bit sequence.
  • This can limit the ability of voltage-injection CC to demodulate a bit sequence with a random (or non-deterministic) length and/or bit order. Instead, it typically can only transmit short bit sequences with a length that is known to the transmitter and receiver.
  • the capacitive communication approaches described herein can provide an efficient and accurate way of effecting touch events, along with an appreciable increase in data communication rate and an appreciable reduction in power consumption as compared to voltage-injection CC.
  • the CC approach described herein involves changing the capacitance of a token surface, with respect to a screen controller, by selectively connecting and disconnecting the token surface to the wearer's skin (e.g., finger).
  • the conductive token surface can be isolated from the wearer's skin via an insulative (dielectric) layer, so that providing a switchable path between the conductive surface and the skin effectively creates a switchable capacitor.
  • the sequence of artificial events generated can follow bit patterns (Ts and O's) that correspond the information to be transmitted to the touchscreen.
  • Implementing the bit pattem can involve a novel modulation technique that defines how a bit sequence can be represented in terms of artificial touch events.
  • designing such a modulation scheme compatible with the artificial touch events can present various challenges. For example, if the period duration is improperly selected, the number of events generated during a switch ON time period can be unpredictable. Implementations design the ON time- duration to match with an internal touch sampling frequency of the screen.
  • the ON time-duration can be dynamically set based on feedback from the screen, as described above. Another challenge to such a modulation scheme is that, even though the screen controller can capture all events generated by the token, drifts in the arrival time of stimulated events (e.g., due to random delay and workload of the touchscreen device) can lead to errors in a demodulation process.
  • embodiments identifying an optimal ON/OFF duration for the token to generate events that will be correctly recognized by the touchscreen design a mapping of the ones and zeros from the bit sequence to "Touch" and "No Touch” states to overcome the challenges caused by the inconsistency of time arrival of registered events.
  • the ON time is the period during which the screen controller can capture the change in capacitance and record touch events. A smaller ON period can reduce the number of unexpected registered touch events.
  • Some implementations can determine an optimal ON duration through an empirical approach, for example, by iterating from a largest ON duration to a smallest ON duration, while recording the total number of registered events on the screen.
  • An optimal ON duration can be determined as the one where the number of events registered are equal to the number of ON durations in the token's signal.
  • the OFF time is the period during which no event should be registered to the screen controller. In some implementations, particularly where the screen can only distinguish two different events (captured on two different scanning times), a small OFF time can be selected so that the sum of events recognized during ON time and OFF time is at least greater than a scanning rate of the screen (e.g., obtained from manufacturer specifications).
  • embodiments can map a bit sequence to the ON/OFF (Touch/No- Touch) states of the pulse in any suitable manner.
  • a Manchester encoding scheme can be used, in which a T is modulated by generating an event during one ON time duration and a no-event in one OFF time duration; and a '0' is modulated by generating no- events during one ON (or OFF) time duration.
  • Such a mapping can allow for a stipulated interval between two successive touch events such that they are distinguishable by the touch controller.
  • Using a minimal number of ON states can also minimize energy consumption of the transmitter (token).
  • the communication payload can also include "pilot" bits.
  • One implementation includes preamble pilots (e.g., 1-bit long) that are appended at the start and the end of the payload bits to guarantee that the system is able to detect bit zero if the sequence starts or ends with 0s.
  • Another implementation includes identification, or mid- amble, pilots (e.g., 1-bit long) that are placed in the middle of the payload (e.g., midway in the bit-sequence) to separate different bit chunks, helping the receiver eliminate time drift of multiple similar touch events.
  • Some embodiments further include a demodulation scheme for demodulating the artificial touch events and recovering the bit sequence transmitted by the token.
  • the scheme described herein assumes a typical 6-tuple data structure for recording touch events, and the scheme uses event-type and arrival time-stamp properties to recover the bit sequence.
  • a touchscreen controller differentiates finger interactions with screen through the event-type property; finger touch down (DOWN), finger lift up (UP event), finger move across the screen (MOVE), etc.
  • a human touch interaction with the screen includes one DOWN event and one UP event. As described above, such human touch interactions can be spoofed by OPEN and CLOSE operations (or the like) of a hardware switch in a token transmitter.
  • the switch when the switch transitions from OPEN state to CLOSE state, it can create a DOWN event on the screen; and when the switch transitions from CLOSE state to OPEN state, the screen can record an UP event.
  • the receiver can maps a DOWN-then-UP event as bit T, and an UP -then-DOWN event as bit ⁇ '.
  • a contiguous sequence of bit O's is also represented as an UP- then-DOWN event; however, the UP duration is longer; UP event of the bit 1 right before the 0s and the DOWN event of the bit 1 that follows suit.
  • Detecting the UP-to-DOWN event sequences reliably and consistently can involve the receiver algorithm knowing precise arrival times of the touch events.
  • touchscreen controllers are typically designed primarily to detect touch events, but not to precisely capture the time at which a signal arrives on the screen. While the arrival times can be estimated from the event time-stamps generated by the controller, the timestamps can be inconsistent with the series of signals arriving on the screen due to time drifts. Accordingly, some implementations accommodate the transmitter to truncate longer bit sequences (for transmission) into smaller chunks. Some implementations also include pilot bits with each chuck to add reliability to detecting the chunks.
  • some implementations asymmetrically recover bit 'l's and 'O's based on the distribution of UP and DOWN events in each chunk duration. This process can enable the bit recovery process to be conducted in short time windows thus limiting errors and inconsistencies caused by time drifts.
  • the bits 'l's and 'O's can be recovered from the touch-events based on the event types and the arrival time. If tr(i) represents the arrival time of an event i, the bit-recovery mechanism in the token receiver can be described as a two-step procedure. In a first step, two successive events i and i +1 can represent a bit T if and only if: (a) the ith event type is DOWN and the (i + l)th event type is UP; and (b) the difference between arrival times of those events is less than the ON duration of the incoming signal.
  • the two events i and i +1 represent a sequence of N continuous 0s when the ith event type and the (i+l)th event type are UP and DOWN, respectively. Also, the inter-arrival times of the two events should be greater than the entire bit period. If these two conditions are met, determining the number of 0s between the two touch events can be straightforward; for example, equal to the ratio of the inter-arrival time, and the sum of ON and OFF durations.
  • embodiments further include an optical feedback channel.
  • some authentication procedures described herein involve recovering two forms of identity (i.e., two factors of authentication): one communicated from the token, and another manually input by the user. These can be authenticated against users stored in a database, or the like.
  • the database can be pre-loaded, or be downloaded from a server (using a wireless connection) upon authentication service initiation, accessed on the cloud, etc.
  • implementations permit the two forms of ID to be input at a same time.
  • the accuracy of such authentication in a one-step procedure can rely on the accurate recovery of the identity information.
  • the transmit parameters such as the length of bit sequence and the duration of ON and OFF states
  • the transmit parameters such as the length of bit sequence and the duration of ON and OFF states
  • knowledge of clock frequency of the screen at the transmitter can enable synchronous (coherent) communication between the token and the screen. Synchronization in the VCC process can significantly minimize (almost remove) inconsistency and irregularities in screen touch event generation.
  • Such feedback information can be provided by the optical feedback link. For example, upon first contact of the token with the touchscreen, the touch-enabled device can communicate its clock frequency, total number of events generated, and/or other information via its screen using a visible light communication (VLC) channel.
  • VLC visible light communication
  • VLC can provide a number of features.
  • One feature is that an implicit arrangement of screen as transmitter and a hardware receiver can present a VLC system where information can be transmitted by modulating the light intensity from the screen pixels to an optical receiver integrated into a wearable token.
  • Another feature is that the extreme close proximity between the transmitter (screen pixel) and the receiver can allow for reliable, high-data-rate communication as the distance based path loss and perspective issues are less of a concern.
  • Another feature is that, though both devices essentially are transceivers, the transmission and reception can be on orthogonal channels (i.e., CC and VLC), thereby avoiding scheduling mechanisms.
  • the VLC system can be implemented with communications between screen pixels of the touchscreen and photodiode (or similar) receiver circuitry of the token.
  • Information to be communicated encoded as bits, can be modulated as ON and OFF states of the screen pixels, or as any other optically detectable change in the screen pixels.
  • a white color or a black color can be displayed on the screen (in the region of the photodetector) representing the ON or OFF states, respectively. Transitioning between these states at a rate equal to the data rate can provide reliable detection of the ON-OFF states of the screen on the photodetector on the token.
  • the prototype environment includes a wearable hardware token and a software application on a smartphone device running Android OS.
  • the prototype token device consists of a micro-controller, powered by a coin-cell battery, which controls the ON- OFF operations of an electrical switch.
  • the switch along with an insulating layer, acts as the interface between the ring surface (the ring has a flat rectangular face on one end) and the ring's body.
  • a programmable chicken Pro Mini 3.37V generates electrical pulses based on the bit sequence, stored in its flash memory, using the modulation technique, as described above.
  • a mechanical switch is coupled with the surface of the ring, under the conductive layer on the surface.
  • the electrical pulses control a relay switch (one instance of the relay is reed relay) that helps to register capacitive touch events on the host device (i.e., receiver) when the ring is in contact with the host device's touch screen surface.
  • a capacitor can be placed in between the human finger and the relay switch.
  • the prototype design includes careful grounding (GND) so as to eliminate any extraneous and parasitic capacitance that can influence the capacitance changes in the circuit.
  • the design leads to primarily three GND points: Battery's GND, Mobile device's GND, and Human's GND. Due to the multiple distributed GNDs, the prototype can have unstable signals when operating over different environments. For example, the GND value (voltage or reference capacitance) when a user operates the ring from 8th floor of a building can be different from that on the 1st floor.
  • the anomaly can be eliminated by ensuring that GNDs across different components of the circuit are carefully connected to a single, common, GND point. For example, all GNDs can be wired together to a single point that connects to a virtual common reference point on the human body. Treating the common ground electrical value as reference, signals from the prototype are more tractable and stable across different environments.
  • the photodetector receiver is implemented as an off-the-shelf photodetector (BPV10) that connects in series to a 1 ohm resistor and then to the digital IN pin of the chicken on the ring.
  • a script on the chicken can detect the light intensity and demodulate Is and 0s based on simple thresholding.
  • the sampling rate of the photodetector is set to the maximum clock frequency of the chicken, which is significantly higher than the transmission rate of 60bps.
  • the prototype also includes an Android application to read the token IDs communicated by the token device.
  • the IDs are pre-populated and an array of ID options are stored in the flash memory of the tokens.
  • the application contains a JAVA implementation of VCC's demodulation algorithm and the One-step 2FA protocol.
  • the user tap the ring surface on the numbers displayed on the screen to key in their unique PIN codes (the code will be known to the user and the app on the device).
  • the app Upon completion of the PIN code input, the app simultaneously verifies the PIN number and the ring's ID, emulating the 2FA in single-step.
  • the screen is also set to modulate the screen pixels through VLC using white and black colors as ON and OFF states. A 10x 10 screen pixel region is used where the ring makes contact in this case.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • FPGAs field programmable gate arrays
  • PLD programmable logic devices
  • steps of methods or algorithms, or other functionality described in connection with embodiments can be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two.
  • a software module may reside in any form of tangible storage medium.
  • storage media examples include random access memory (RAM), read only memory (ROM), flash memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM and so forth.
  • RAM random access memory
  • ROM read only memory
  • flash memory EPROM memory
  • EEPROM memory electrically erasable programmable read-only memory
  • registers a hard disk, a removable disk, a CD-ROM and so forth.
  • a storage medium may be coupled to a processor such that the processor can read information from, and write information to, the storage medium.
  • the storage medium may be integral to the processor.
  • a software module may be a single instruction, or many instructions, and may be distributed over several different code segments, among different programs, and across multiple storage media.
  • a computer program product may perform operations presented herein.
  • such a computer program product may be a computer readable tangible medium having instructions tangibly stored (and/or encoded) thereon, the instructions being executable by one or more processors to perform the operations described herein.
  • the computer program product may include packaging material.
  • Software or instructions may also be transmitted over a transmission medium.
  • software may be transmitted from a website, server, or other remote source using a transmission medium such as a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology such as infrared, radio, or microwave.
  • a transmission medium such as a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology such as infrared, radio, or microwave.
  • the methods disclosed herein include one or more actions for achieving the described method.
  • the method and/or actions can be interchanged with one another without departing from the scope of the claims.
  • the order and/or use of specific actions can be modified without departing from the scope of the claims.
  • the various operations of methods and functions of certain system components described above can be performed by any suitable means capable of performing the corresponding functions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Cette invention concerne un jeton conçu pour effectuer une authentification à plusieurs facteurs au moyen d'un dispositif comprenant un écran tactile capacitif. Selon un mode de réalisation donné à titre d'exemple, le jeton comprend : un émetteur capacitif pour transmettre de manière capacitive un second justificatif d'identité basé sur un jeton à un écran tactile conjointement avec l'entrée d'un premier facteur connu. Selon des modes de réalisation donnés à titre d'exemple, le jeton facilite une authentification à plusieurs facteurs, en une seule étape, il comprend un récepteur optique pour recevoir optiquement des communications optiques à partir de l'écran tactile capacitif, et/ou il s'agit d'un jeton vestimentaire. L'invention concerne en outre un procédé de communication bidirectionnelle entre un jeton et un écran tactile capacitif, comprenant : la transmission d'un identifiant de jeton associé au jeton de manière capacitive du jeton à l'écran tactile capacitif; et la réception d'informations optiques de réponse par le jeton à partir de l'écran tactile capacitif. L'invention concerne en outre un jeton qui comprend : un émetteur capacitif pour communiquer de manière capacitive avec un écran tactile capacitif; et un récepteur optique pour recevoir optiquement des communications provenant de l'écran tactile capacitif.
PCT/US2017/018374 2016-02-19 2017-02-17 Authentification à base de jetons vestimentaires pour des dispositifs tactiles WO2017143193A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662297654P 2016-02-19 2016-02-19
US62/297,654 2016-02-19

Publications (1)

Publication Number Publication Date
WO2017143193A1 true WO2017143193A1 (fr) 2017-08-24

Family

ID=59626383

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/018374 WO2017143193A1 (fr) 2016-02-19 2017-02-17 Authentification à base de jetons vestimentaires pour des dispositifs tactiles

Country Status (1)

Country Link
WO (1) WO2017143193A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3564837A1 (fr) 2018-05-04 2019-11-06 Telefonica Digital España, S.L.U. Système, procédé et programmes informatiques d'authentification et/ou d'autorisation d'utilisateur
CN111786733A (zh) * 2020-05-14 2020-10-16 上海易托邦规划建筑咨询有限公司 一种光交互系统及光交互控制方法
WO2020234459A1 (fr) * 2019-05-23 2020-11-26 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Procédé permettant l'authentification d'un utilisateur et système d'authentification
EP3792795A1 (fr) 2019-09-16 2021-03-17 Telefonica Cibersecurity & Cloud Tech S.L.U. Système et procédé d'authentification et/ou d'autorisation d'utilisateur

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120242603A1 (en) * 2011-03-21 2012-09-27 N-Trig Ltd. System and method for authentication with a computer stylus
US8371501B1 (en) * 2008-10-27 2013-02-12 United Services Automobile Association (Usaa) Systems and methods for a wearable user authentication factor
US20130257804A1 (en) * 2012-03-29 2013-10-03 Rutgers, The State University Of New Jersey Method, apparatus, and system for capacitive touch communication
US20140266624A1 (en) * 2013-03-15 2014-09-18 Motorola Mobility Llc Wearable Authentication Device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8371501B1 (en) * 2008-10-27 2013-02-12 United Services Automobile Association (Usaa) Systems and methods for a wearable user authentication factor
US20120242603A1 (en) * 2011-03-21 2012-09-27 N-Trig Ltd. System and method for authentication with a computer stylus
US20130257804A1 (en) * 2012-03-29 2013-10-03 Rutgers, The State University Of New Jersey Method, apparatus, and system for capacitive touch communication
US20140266624A1 (en) * 2013-03-15 2014-09-18 Motorola Mobility Llc Wearable Authentication Device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3564837A1 (fr) 2018-05-04 2019-11-06 Telefonica Digital España, S.L.U. Système, procédé et programmes informatiques d'authentification et/ou d'autorisation d'utilisateur
US10841300B2 (en) 2018-05-04 2020-11-17 Telefonica Digital España, S.L.U. System, method and computer programs for user authentication and/or authorization
WO2020234459A1 (fr) * 2019-05-23 2020-11-26 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Procédé permettant l'authentification d'un utilisateur et système d'authentification
EP3792795A1 (fr) 2019-09-16 2021-03-17 Telefonica Cibersecurity & Cloud Tech S.L.U. Système et procédé d'authentification et/ou d'autorisation d'utilisateur
CN111786733A (zh) * 2020-05-14 2020-10-16 上海易托邦规划建筑咨询有限公司 一种光交互系统及光交互控制方法

Similar Documents

Publication Publication Date Title
WO2017143193A1 (fr) Authentification à base de jetons vestimentaires pour des dispositifs tactiles
CN102663280B (zh) 一种身份认证装置及系统
CN107111388B (zh) 用于与数字化仪的通用触控笔通信的方法和设备
US20130257804A1 (en) Method, apparatus, and system for capacitive touch communication
US20200110482A1 (en) Method and apparatus for battery-free identification token for touch sensing devices
US10551967B2 (en) Two-way communication between an electronic card and a touchscreen device
CN105554035B (zh) 一种电子锁系统及其控制方法
US11516212B2 (en) Multi-functional authentication apparatus and operating method for the same
US20150188633A1 (en) Light signal-based information processing method and device
CN203361799U (zh) 一种带有无线通信元件的锁
US9722710B2 (en) Pairing device
CN110939328B (zh) 生物辨识智能电锁系统
CN105224236A (zh) 一种触摸键盘的滑动解锁系统及方法
US11469899B2 (en) System and a method for user authentication and/or authorization
CN113031825B (zh) 指纹事件处理装置及方法
CN107516215A (zh) 可安全输入pin码的智能pos终端及方法
CN105701383A (zh) 一种功能触发方法、装置及终端
CN109240559A (zh) 应用程序控制方法及电子装置
CN102983977B (zh) 基于光信号的授权方法和装置
US9984216B2 (en) Authentication device and method
CN108990041B (zh) 一种进行主副卡设置的方法和设备
US20180165900A1 (en) Intelligent authentication system and electronic key thereof
Vu et al. Personal touch-identification tokens
CN105373711A (zh) 一种移动终端屏幕解锁方法及装置
US20230020075A1 (en) Data transmission method, data transmission system, and processor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17753926

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17753926

Country of ref document: EP

Kind code of ref document: A1