WO2018212729A2 - Système d'authentification dans lequel la réalité augmentée est utilisée - Google Patents

Système d'authentification dans lequel la réalité augmentée est utilisée Download PDF

Info

Publication number
WO2018212729A2
WO2018212729A2 PCT/TR2017/000104 TR2017000104W WO2018212729A2 WO 2018212729 A2 WO2018212729 A2 WO 2018212729A2 TR 2017000104 W TR2017000104 W TR 2017000104W WO 2018212729 A2 WO2018212729 A2 WO 2018212729A2
Authority
WO
WIPO (PCT)
Prior art keywords
communication device
information
user
transaction information
transaction
Prior art date
Application number
PCT/TR2017/000104
Other languages
English (en)
Other versions
WO2018212729A3 (fr
Inventor
Saner ATEŞ
Original Assignee
Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇ filed Critical Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇
Publication of WO2018212729A2 publication Critical patent/WO2018212729A2/fr
Publication of WO2018212729A3 publication Critical patent/WO2018212729A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4015Transaction verification using location information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the present invention relates to a system for making OTP (One Time Password) authentication -which is used in transactions such as payment and log-in carried out online- on the basis of location and device and by using augmented reality.
  • OTP One Time Password
  • a one-time password application is used for identity authentication of the account holder.
  • one-time passwords sent over SMS (Short Message Service) or a mobile application or obtained through the medium of a mobile application are used.
  • SMS Short Message Service
  • a user is expected to complete the transaction by means of the password sent to the defined GSM (Global System for Mobile Communications) number of the user via short message for authentication.
  • GSM Global System for Mobile Communications
  • it is within the bounds of possibility to swindle by forwarding the password sent as a short message in this application.
  • risks, some like passwords obtained and/or displayed through a mobile application can be displayed by irrelevant people at a completely different location, are among risks brought about subsisting one-time password applications due to security vulnerabilities remaining in smart devices.
  • JP2009064400 an application in the state of the art, discloses a way of identity authentication with one-time password based upon a one-time password in an image format to be shown on a computer monitor to a user and to be displayed on a communication device via a camera for user carrying out online transactions.
  • Figure 1 is a schematic block diagram of the inventive system.
  • the inventive system (1) wherein one-time password-based authentication is made by augmented reality comprises:
  • - at least one communication device (2) which is in communication with the data network (V), whereon application can be run, which can determine location information and create augmented reality image on thereof, and includes at least one camera;
  • - at least one user database (3) which is keeps account, profile and financial records of users;
  • At least one transaction information authentication unit (4) which performs inquiry to the user database (3) in accordance with the transaction information received over the data network (V) and transmits the inquiry result to related units;
  • At least one application server (5) which receives the transaction information transmitted by the user (K) over the communication device (2), the introductory information of the communication device (2) and the location information of the communication device (2); prepares a visual content to be displayed only by the camera of the communication device (2) and only on the location of the communication device (2) and transmits it to the communication device (2) over the data network (V) by using the location information of the communication device (2) in the event that validity of the transaction information of the transaction information authentication unit
  • the communication device (2) included in the inventive system (1 ) is an electronic device whereon application can be run, which displays augmented reality contents and has at least one camera.
  • the communication device (2) can determine the location information where it is located by means of any location service. In one embodiment of the invention, the communication device (2) determines the location information by using GPS (Global Positioning System) service. In one preferred embodiment of the invention, the communication device (2) is an electronic device such as smart phone and tablet.
  • the user database (3) keeps users' information under record preferably according to the information of the transaction requested to be carried out by the user (K). Virtual account information, profile information and financial information of users are kept in the user database (3).
  • the transaction information authentication unit (4) included in the inventive system (1 ) is in communication with the application server (5).
  • the transaction information authentication unit (4) performs inquiry to the user database (3) by using the transaction information received from the application server (5).
  • the transaction information, the login request information of the user (K) and the user's (K) account information to be used in login transaction are username and password in one embodiment of the invention.
  • the transaction information, the payment request information of the user (K) and the payment information to be used in payment transaction are the user's (K) credit card information in another embodiment of the invention.
  • the transaction information authentication unit (4) makes notification to the application server (5) about the fact that the authentication transaction for the transaction information is completed.
  • the application server (5) included in the inventive system (1) is in communication with the communication device (2) and the transaction information authentication unit (4).
  • the application server (5) receives the transaction information, the location information and the communication device (2) definition information -that it transmits over the communication device (2)- over the data network (V).
  • the application server (5) transmits the transaction information to the transaction information authentication unit (4) for authentication of transaction information.
  • the application server (5) prepares an one-time password as a visual content.
  • the visual one-time password prepared by the application server (5) is an augmented reality image of a nature such that it can be displayed by means of the communication device (2) camera.
  • the image prepared by the application server (5) is an augmented reality image of a nature such that it can be displayed on a map displayed on the communication device (2), at the point where it is located while the transaction information of the communication device (2) are being transmitted.
  • the one-time password image comprises a text and/or a picture.
  • the communication device (2) is a device of a nature such that it enables the one-time password image -transmitted to itself- to be displayed on a map to be displayed on its screen, at the point whereto the current location of the communication device (2) corresponds on the map.
  • the application server (5) ensures that the visual password is displayed only by the communication device (2) camera belonging to the user (K) by using the introductory information of the communication device (2) as well while preparing the visual one-time password.
  • the application server (5) sets the visual one-time password, created by itself, so as to be displayed on the location where it is located while it is performing transmission of the transaction information of only the communication device (2) by using the location information received from the communication device (2).
  • the application server (5) transmits the visual one-time password, created by itself, to the communication device (2) of the user (K) over the data network (V).
  • the communication device (2) activates the camera located on thereof automatically when the application server (5) transmits the visual one-time password to the communication device (2).
  • the user sees the one-time password, which is dedicated to the communication device (2) and the location where s/he is located, over the camera that is activated automatically or opened by him/her or on a map displayed on the communication device (2) screen.
  • the user (K) transmits the password seen from the communication device (2) camera to the application server (5) over an application interface running on the communication device (2).
  • the application whereby the user (K) transmits the visual password to the application server (5) can be an application which is recorded on the communication device (2) and such as an operative bank application and it can also be an application such as a web browser which receives its interface from the application server (5) together with the visual one-time password.
  • the user (K) can perform text entry on the application interface or can transmit it to the application server (5) over the data network (V) by defining the visual password upon choosing the augmented reality image that s/he sees from the communication device (2) among the options.
  • the application server (5) compares the visual one-time password, which is transmitted by the user (K), with the visual one-time password created and transmitted to the communication device (2) by itself. In the event that the passwords match, the user (K) directs the user (K) to related units in order to carry out online transactions, upon completing the identity authentication by one-time password.
  • identity authentication is realized by using a onetime password display of which is provided by augmented reality in transactions carried out online.
  • the user (K) transmits his/her online transaction request to the application server (5) by means of the interface provided by the application running on the communication device (2) at first.
  • the application server (5) receives the transaction information, the location information of the communication device (2) and the definition information of the communication device (2) together with the transaction request.
  • the application server (5) transmits the transaction information received to the transaction information authentication unit (4).
  • the transaction information authentication unit (4) performs inquiry to the user database (3) together with the account information received. In the event that there is a matchup between the transaction information and the data recorded in the user database (3) as a result of the inquiry, the transaction information authentication unit (4) makes notification to the application server (5) by realizing the authentication of the transaction information.
  • the application server (5) receiving the notification that the authentication of the transaction information has been realized, creates an augmented reality image which is possible to be displayed only over the communication device (2) camera of the user (K) by using the introductory information of the communication device (2) and only on the location where it is located while it is transmitting the transaction information of the user (K).
  • the application server (5) transmits the image created by itself to the communication device (2) over the data network (V) as an one-time password.
  • the application server (5) ensures that the visual password, which is created by itself by using the location data of the communication device (2), is only displayed on the location where it is located while the communication device (2) is transmitting the transaction information.
  • the application server (5) ensures that the camera on the communication device (2) is activated when it transmits the visual password or the user (K) opens the camera over the communication device (2) manually.
  • the user (K) sees the visual password dedicated to the communication device (2) and the location on the camera that is activated automatically or opened manually or on a map displayed on the communication device (2) screen and creates input or selection in order to authenticate the password that s/he sees by means of the interface provided by the application running on the communication device (2).
  • the communication device (2) transmits the visual password authentication input or selection received from the user (K), to the application server (5) over the data network (V).
  • the application server (5) compares the user input or selection, transmitted by the communication device (2), with the augmented reality image created and transmitted to the communication device (2) by itself.
  • the application server (5) directs the user (K) to related units in order to carry out his/her online transaction, upon completing the identity authentication by one-time password. It is possible to develop various embodiments of the inventive system (1), the invention cannot be limited to examples disclosed herein and it is essentially according to claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un système (1) pour réaliser une authentification OTP (par mot de passe à usage unique) - qui est utilisée dans des transactions, telles qu'un paiement et une ouverture de session réalisées en ligne, sur la base de l'emplacement et du dispositif et par utilisation de la réalité augmentée. Le système (1) selon l'invention comprend un dispositif de communication (2), une base de données d'utilisateur (3), une unité d'authentification d'informations de transaction (4) et un serveur d'application (5).
PCT/TR2017/000104 2016-09-30 2017-09-29 Système d'authentification dans lequel la réalité augmentée est utilisée WO2018212729A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2016/13715A TR201613715A2 (tr) 2016-09-30 2016-09-30 Artirilmiş gerçekli̇k kullanilan bi̇r doğrulama si̇stemi̇
TR2016/13715 2016-09-30

Publications (2)

Publication Number Publication Date
WO2018212729A2 true WO2018212729A2 (fr) 2018-11-22
WO2018212729A3 WO2018212729A3 (fr) 2019-01-17

Family

ID=63579728

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2017/000104 WO2018212729A2 (fr) 2016-09-30 2017-09-29 Système d'authentification dans lequel la réalité augmentée est utilisée

Country Status (2)

Country Link
TR (1) TR201613715A2 (fr)
WO (1) WO2018212729A2 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009064400A (ja) 2007-09-04 2009-03-26 Quasar:Kk 携帯電話のカメラ機能を利用した個人認証方法。

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011032263A1 (fr) * 2009-09-17 2011-03-24 Meir Weis Système de paiement mobile avec authentification en deux points
US8549594B2 (en) * 2009-09-18 2013-10-01 Chung-Yu Lin Method of identity authentication and fraudulent phone call verification that utilizes an identification code of a communication device and a dynamic password
GB2495567B (en) * 2012-04-19 2013-09-18 Wonga Technology Ltd Method and system for user authentication
US20160048665A1 (en) * 2014-08-12 2016-02-18 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Unlocking an electronic device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009064400A (ja) 2007-09-04 2009-03-26 Quasar:Kk 携帯電話のカメラ機能を利用した個人認証方法。

Also Published As

Publication number Publication date
WO2018212729A3 (fr) 2019-01-17
TR201613715A2 (tr) 2018-04-24

Similar Documents

Publication Publication Date Title
US10277574B2 (en) Authentication through multiple pathways based on device capabilities and user requests
US8707048B2 (en) Dynamic pattern insertion layer
CN114143784B (zh) 使用无线信标提供对安全网络的接入证书
US10055736B2 (en) Dynamic authentication through user information and intent
AU2019236733A1 (en) Transaction Processing System and Method
US20160048836A1 (en) Secure payment transaction system
US12050957B2 (en) Augmented reality information display and interaction via NFC based authentication
US10692083B2 (en) Automatic authentication for a user with a service provider during a voice data connection to a merchant
US20170046712A1 (en) Enhancing information security via the use of a dummy credit card number
US20180034811A1 (en) Method and System for Authenticating a User with Service Providers Using a Universal One Time Password
CN113590930A (zh) 使用短程收发器进行数据访问控制的系统和方法
CN114846466A (zh) 用于使用短程收发器进行的安全存储器的数据访问控制的系统和方法
CN116057892A (zh) 经由短程收发器进行经验证的消息收发的系统和方法
JP6518378B1 (ja) 認証システム、認証方法、及び、認証プログラム
WO2018212729A2 (fr) Système d'authentification dans lequel la réalité augmentée est utilisée
US11941623B2 (en) Device manager to control data tracking on computing devices
CN115917537A (zh) 使用短程收发器对个人用户数据进行数据访问控制的系统和方法
KR101169181B1 (ko) 결제 처리 시스템 및 그 제어방법과 그 결제 처리 시스템에 포함되는 결제 처리 대행 서버와 그 제어방법
EP4423637A1 (fr) Procédé et système électronique pour permettre une opération à distance au moyen d'une connexion point à point
TWM658913U (zh) 自助繳款系統
KR20140104232A (ko) 에이알에스 결제 인증 및 결제 요청 방법
WO2018093258A1 (fr) Appareil, procédé et produit-programme informatique pour fournir un accès à un service numérique

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17901339

Country of ref document: EP

Kind code of ref document: A2