WO2018113803A1 - Multi-factor authentication method - Google Patents

Multi-factor authentication method Download PDF

Info

Publication number
WO2018113803A1
WO2018113803A1 PCT/CZ2017/050062 CZ2017050062W WO2018113803A1 WO 2018113803 A1 WO2018113803 A1 WO 2018113803A1 CZ 2017050062 W CZ2017050062 W CZ 2017050062W WO 2018113803 A1 WO2018113803 A1 WO 2018113803A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
image
mobile
biometric
scanned
Prior art date
Application number
PCT/CZ2017/050062
Other languages
English (en)
French (fr)
Inventor
Libor Neumann
Miroslav RIHAK
Original Assignee
Aducid S.R.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aducid S.R.O. filed Critical Aducid S.R.O.
Publication of WO2018113803A1 publication Critical patent/WO2018113803A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/161Detection; Localisation; Normalisation
    • G06V40/166Detection; Localisation; Normalisation using acquisition arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/14Image acquisition
    • G06V30/142Image acquisition using hand-held instruments; Constructional details of the instruments
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/22Character recognition characterised by the type of writing
    • G06V30/224Character recognition characterised by the type of writing of printed characters having additional code marks or containing code marks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/18Eye characteristics, e.g. of the iris
    • G06V40/19Sensors therefor

Definitions

  • the present invention relates to multi-factor authentication of a user and/or a mobile authentication device, wherein the use of a mobile telephone as the authentication device is particularly preferred.
  • an authentication object such as a smart card, an authentication calculator, a mobile device equipped with a suitable software
  • a biometric factor scanned by a specialized device (e.g., a fingerprint reader).
  • Secret information entered by the user such as PIN, password, touch screen pattern, or otherwise acquired from the environment is commonly used as a second factor. This information entered by the user or otherwise acquired from the environment is called the second factor.
  • the currently commercially available mobile devices such as phones or tablets, are equipped with two cameras, one camera being located on the side of the display (a so-called “selfie” camera), and the other camera being located on the opposite side of the device.
  • Some devices also feature stereo cameras.
  • the present invention provides a method for authenticating a user and/or a mobile device by means of an authentication image and of a mobile authentication device provided with a display and with at least two cameras located on mutually opposite sides of the mobile device, wherein the authentication image is scanned by a first camera of the mobile device located on a side which is opposite to the side comprising the mobile device display, and at the same time a biometric authentication factor from the head and/or body of the user is scanned/captured by a second camera of the mobile device located on the side comprising the mobile device display; the thus obtained data are then evaluated and, if the evaluation result is positive, the user and/or the mobile device are authenticated.
  • the authentication image is an image destined for machine reading, such as a barcode, a QR code.
  • the authentication image may be placed on a document or an object, or displayed on an electronic device display (e.g., a computer, a tablet, a mobile phone).
  • the authentication image for displaying on an electronic device display can be obtained, for example, by generating an image by a target application or by another computer program.
  • the user When scanning the authentication image, the user takes his mobile device and points its first camera to the authentication image to be scanned. Authentication software in the mobile device recognizes the image and initiates the authentication process. Softwares for scanning a machine-readable image, such as a QR code, usually display the image, which is being scanned, on the mobile device display, and the user visually checks on the display the correct location of the authentication image before and during scanning. This visual check is naturally performed by the user at roughly the same position of the body, head, face, eyes to the display and to the camera, respectively, to the entire device, while being in the field of vision of the second camera located on the side of the mobile device display.
  • Softwares for scanning a machine-readable image such as a QR code
  • the biometric authentication factor can be any biometric characteristic that can be scanned from the head and/or body of the user, in particular from the face or eyes of the user.
  • this biometric authentication characteristic is scanned together (at the same time) with scanning the authentication image
  • the present invention benefits from the fact that the user automatically assumes the same position of the body, the head, and parts thereof, such as the face and/or eyes while scanning the authentication image and checking its image and/or location on the mobile device display, and the user is in the field of vision of the second camera located on the side of the display.
  • the user does not have to focus or force himself to assume a special position to scan the biometric authentication factor.
  • the authentication mobile device is a mobile phone or a tablet.
  • a vast majority of commercially available mobile phones and tablets are currently provided with two cameras suitable for performing the method of the invention.
  • the biometric authentication factor and the authentication image can be scanned independently from each other in any suitable electromagnetic radiation wavelength range, i.e. visible light range, or invisible radiation such as IR, UV radiation.
  • electromagnetic radiation wavelength range i.e. visible light range, or invisible radiation such as IR, UV radiation.
  • Commercially available are also mobile devices equipped with stereo cameras for 3D image scanning. These cameras can also be advantageously used to scan both the biometric authentication factor and the authentication image.
  • the advantages of the present invention include the fact that commonly available mobile devices can be used as authentication devices. Therefore, the user does not need to purchase any especially dedicated single-use biometric factor scanning devices. The user's activity in scanning both factors at the same time is natural; the method prevents unnecessary burdening of the user during the scanning of the biometric factor and does not impose any additional requirements on the user. Furthermore, the security of authentication is increased, and the potential attacker is in a more complicated situation than when any other way of scanning biometric data is used for authentication. It will be apparent to those skilled in the art that this method can be combined with the use of other authentication factors.
  • the authentication image and the biometric factor, and optionally other authenticated factors scanned or inputted, are evaluated for authentication purposes by known methods. If the result of the evaluation is positive, the user is authenticated, i.e., it is confirmed that it is the authorized mobile device and that an authorized person operates the mobile device.
  • a positive result of evaluation can typically include: compliance with predetermined reference values, or a positive result of a cryptographic operation such as verification of electronic signature value, or a predetermined minimum compliance with predefined reference values, or a positive result of evaluation of various partial positive evaluations.
  • the authentication mobile device processes the biometric authentication factor data (e.g., the image of the head, face, eyes, or other part of the head, body, or a part thereof), and evaluates the processed data.
  • the authentication mobile device then transmits the result of the evaluation to the authentication server. This can be done using known algorithms and methods of evaluation of biometric data.
  • the authentication mobile device transmits the scanned image of the head, face, eyes, or other parts of the head, body, or a part thereof, carrying the biometric information, for processing to the authentication server as part of the authentication process.
  • the authentication server evaluates the scanned image, using known algorithms and methods of evaluation of biometric data.
  • the authentication mobile device processes the scanned image of the head, face, eyes, or other parts of the head, body, or a part thereof, carrying the biometric information, and performs a numerical transformation of the scanned image into a set of derived data, so-called descriptors.
  • descriptors Known algorithms and methods of transforming biometric data may be used for the transformation.
  • the computed descriptors are then transmitted by the authentication mobile device for evaluation to the authentication server as part of the authentication process.
  • the authentication mobile device processes the scanned image of the head, face, eyes, or other parts of the head, body or a part thereof, carrying biometric information, and performs numerical transformation of the scanned image into a set of descriptors.
  • the authentication mobile device modifies the computed descriptors by a pseudo-random authenticated shared secret and transmits the data resulting from the modification to the authentication server as part of the authentication process.
  • the authentication server uses the authenticated shared secret for evaluation of the descriptors.
  • the authentication mobile device processes the scanned image of the head, face, eyes or other parts of the head, body, or a part thereof, carrying biometric information, by means of a parametric transformation using a pseudo-random authenticated shared secret, and transmits the result of the transformation for processing to the authentication server as part of the authentication process.
  • the authentication server reconstructs the scanned image by means of inverse parametric transformation using the pseudo-random authenticated shared secret, and evaluates the scanned image data. This can be done by known algorithms and methods of evaluation of biometric data.
  • the authentication mobile device evaluates the scanned image of the head, face, eyes or other parts of the head, body, or a part thereof, carrying biometric information (this can be done by known algorithms and methods of evaluation of biometric data), and transmits the result of the evaluation to the authentication server.
  • the target application or service provider may allow the user, for example, to access data, perform secure operations, and/or transmit data by an authenticated channel.
  • the invention further includes a data processing device comprising means for carrying out the steps of the method of the invention.
  • the invention further includes a computer program product comprising instructions which, when the program is executed by a mobile authentication device and/or by an authentication server, cause the mobile authentication device and/or the authentication server to carry out the steps of the method of the invention. Example of carrying out the invention
  • a user uses as the authentication device a mobile phone with a display and two cameras located on mutually opposite sides of the mobile phone.
  • the authentication image is a QR code printed on a document.
  • the user launches on the mobile phone an authentication application that uses the QR Code Reader application.
  • the user then directs a first camera, located on the opposite side of the mobile device than the side on which the display is located, to the printed QR code.
  • the QR Code Reader application displays on the mobile device display the QR code and a frame in which the QR code must be placed during scanning.
  • the authentication application uses a second camera, located on the same side of the mobile phone as the display, scans/captures the image of the user's face and reads or calculates biometric characteristics from the face image.
  • the user naturally assumes the same face position to the mobile phone, so the scanning of the biometric characteristics does not imply any additional burden or any additional procedure for the user.
  • the data obtained by scanning the QR code and by scanning the biometric characteristics of the user's face are then evaluated by known means and, when the evaluation result is positive, the user and/or the mobile device is authenticated.
  • the present invention provides a method of multi-factor authentication of a user and/or a mobile authentication device, usable in particular when a mobile phone is used as the authentication means (or electronic identification means).
  • the application or service provider may allow the user, for example, to access data, perform secure operations, and/or transmit data by an authenticated channel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Ophthalmology & Optometry (AREA)
  • Collating Specific Patterns (AREA)
PCT/CZ2017/050062 2016-12-23 2017-12-20 Multi-factor authentication method WO2018113803A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CZPV2016-832 2016-12-23
CZ2016-832A CZ307156B6 (cs) 2016-12-23 2016-12-23 Způsob vícefaktorové autentizace

Publications (1)

Publication Number Publication Date
WO2018113803A1 true WO2018113803A1 (en) 2018-06-28

Family

ID=61070240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CZ2017/050062 WO2018113803A1 (en) 2016-12-23 2017-12-20 Multi-factor authentication method

Country Status (2)

Country Link
CZ (1) CZ307156B6 (cs)
WO (1) WO2018113803A1 (cs)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312604A (zh) * 2021-05-31 2021-08-27 南京信息工程大学 一种基于区块链认证具备公共重建的分布式秘密图像分享方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014124014A1 (en) * 2013-02-05 2014-08-14 Vynca, L.L.C. Method and apparatus for collecting an electronic signature on a first device and incorporating the signature into a document on a second device
WO2016029853A1 (zh) * 2014-08-26 2016-03-03 腾讯科技(深圳)有限公司 一种身份认证方法、终端设备,及系统
US20160119317A1 (en) * 2013-05-22 2016-04-28 ADUCID s.r.o Secured data channel authentication implying a shared secret

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006093934A (ja) * 2004-09-22 2006-04-06 Nec Corp カメラ付き携帯電話端末及びその認証方法
CN103136551B (zh) * 2011-11-25 2016-03-23 唐智 第二代公民身份证信息验证仪及身份证和指纹验证系统
US9137246B2 (en) * 2012-04-09 2015-09-15 Brivas Llc Systems, methods and apparatus for multivariate authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014124014A1 (en) * 2013-02-05 2014-08-14 Vynca, L.L.C. Method and apparatus for collecting an electronic signature on a first device and incorporating the signature into a document on a second device
US20160119317A1 (en) * 2013-05-22 2016-04-28 ADUCID s.r.o Secured data channel authentication implying a shared secret
WO2016029853A1 (zh) * 2014-08-26 2016-03-03 腾讯科技(深圳)有限公司 一种身份认证方法、终端设备,及系统
US20170161750A1 (en) * 2014-08-26 2017-06-08 Tencent Technology (Shenzhen) Company Limited Identity Authentication Method, Terminal Device And System

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
S SUDHARSANAN: "Shared key encryption of JPEG color images", IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 51, no. 4, 1 November 2005 (2005-11-01), NEW YORK, NY, US, pages 1204 - 1211, XP055469191, ISSN: 0098-3063, DOI: 10.1109/TCE.2005.1561845 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312604A (zh) * 2021-05-31 2021-08-27 南京信息工程大学 一种基于区块链认证具备公共重建的分布式秘密图像分享方法
CN113312604B (zh) * 2021-05-31 2023-05-09 南京信息工程大学 一种基于区块链认证具备公共重建的分布式秘密图像分享方法

Also Published As

Publication number Publication date
CZ2016832A3 (cs) 2018-02-07
CZ307156B6 (cs) 2018-02-07

Similar Documents

Publication Publication Date Title
JP6938697B2 (ja) 認証システムにおいてユーザを登録および認証するための方法、顔認証システム、ならびに認証システムにおいてユーザを認証するための方法
EP3520026B1 (en) Facial recognition-based authentication
EP3061023B1 (en) A method and a system for performing 3d-based identity verification of individuals with mobile devices
EP3196801B1 (en) Face recognition method, device and computer readable storage medium
JP6444500B2 (ja) 可変キーパッドと生体認証を利用した本人認証方法及びシステム
US10108793B2 (en) Systems and methods for secure biometric processing
EP3807794B1 (en) Age verification
KR101675728B1 (ko) 정보처리기기를 이용한 사용자 인증 처리 방법 및 장치
WO2015130383A2 (en) Biometric identification system
US11373454B2 (en) Information processing apparatus and method and non-transitory computer readable medium storing information processing program
KR20170011305A (ko) 전자 신분증, 전자 신분증의 진위 확인 시스템 및 방법
KR101654520B1 (ko) 사용자 인증 처리 방법 및 장치
CN110651268B (zh) 认证用户的方法和电子设备
US20160125239A1 (en) Systems And Methods For Secure Iris Imaging
WO2018113803A1 (en) Multi-factor authentication method
CN106576093B (zh) 登记和认证的方法、登记和认证的系统
CN109299945B (zh) 一种基于生物识别算法的身份验证的方法及装置
US20240013574A1 (en) Age verification
TWM566371U (zh) Protection system
KR101786810B1 (ko) 듀얼 카메라를 이용한 특징 데이터 생성 시스템 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17837844

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17837844

Country of ref document: EP

Kind code of ref document: A1