WO2019182545A1 - Système de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs - Google Patents

Système de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs Download PDF

Info

Publication number
WO2019182545A1
WO2019182545A1 PCT/UA2018/000054 UA2018000054W WO2019182545A1 WO 2019182545 A1 WO2019182545 A1 WO 2019182545A1 UA 2018000054 W UA2018000054 W UA 2018000054W WO 2019182545 A1 WO2019182545 A1 WO 2019182545A1
Authority
WO
WIPO (PCT)
Prior art keywords
specialist
users
data
user
specialized
Prior art date
Application number
PCT/UA2018/000054
Other languages
English (en)
Russian (ru)
Inventor
Елызавэта Валэриивна ЛАПИНА
Original Assignee
Елызавэта Валэриивна ЛАПИНА
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Елызавэта Валэриивна ЛАПИНА filed Critical Елызавэта Валэриивна ЛАПИНА
Publication of WO2019182545A1 publication Critical patent/WO2019182545A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/36Handling requests for interconnection or transfer for access to common bus or bus system
    • G06F13/362Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control
    • G06F13/364Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control using independent requests or grants, e.g. using separated request and grant lines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q90/00Systems or methods specially adapted for administrative, commercial, financial, managerial or supervisory purposes, not involving significant data processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the utility model relates to the field of information technology, in particular to data transmission systems in computer networks to serve a wide range of users, and can be used to collect, store and securely transmit data for verification of specialist users on specialized portals that are registered in the corresponding secure system , and to ensure integrity and protection against falsification of transmitted information.
  • a prior art user authentication system comprising an authentication server, an application server, to which a user access terminal is connected via a secure computer network, this authentication server contains a database of access identifiers, which is configured to store identification data, an access controller, which is configured to compare user credentials stored in the database access identifiers with user credentials during the procedure for user access to the computer network of a secure system, which differs in that the authentication server additionally contains a history database of the usual order performing actions by the user, in which the history data of the usual order of performing user actions generated by the access controller is stored, while the access controller is configured with a history analysis node of the usual order of performing actions by the user.
  • the known system does not preclude unauthorized access to stored information.
  • the means of the system do not provide the creation of secure communication channels through which there is a transfer and access to data associated with user accounts and a third-party web service system for
  • a known system for processing and secure data transmission in computer networks (Patent of Ukraine No123612, IPC G06Q 30/02, H04W 4/12, H04W 8/18, H04W 68/04, published on 02.26.2018), including at least one central server and at least one remote terminal.
  • At least one central server includes: a database of goods, a database of user-experts, a database of user-consumers, a computational module, a user authorization module associated with a database of user-experts, a database of user-consumers and a database of goods, a block authorization and providing access for specialist users to the database of goods, the block of authorization and providing access for consumer users to the module of your personal account, community sending module connected to the computing module and the database of user users, which includes an encryption unit, and at least one remote terminal is additionally equipped with a decryption unit and is configured to receive encrypted individual electronic messages from the message module and access the personal account module to based on the personal data of consumer users.
  • the known system In the known system is not implemented protection of the data stream through the data network from unauthorized access or other malicious actions, which can lead, for example, to the connection of another shell server to the system. Also, the known system does not provide for secure user verification. In addition, the means of the system do not provide the creation of secure communication channels, which allows the third-party web service system to access the data associated with the user account, and subsequently authorize them in their databases.
  • the technical result of the utility model is to increase the degree of protection of the exchange of data transmitted by the system by introducing a secure data transmission unit for verification of specialists, which will also reduce the vulnerability of the data stream through the data network for unauthorized access or other malicious actions, and ensuring the provision of data related to the user account of the specialist of the proposed system, the system of a third-party WEB service.
  • the proposed system for the collection, storage and secure data transfer for verification of specialist users on specialized portals which includes at least one central server connected via a data network to at least one remote specialist user terminal , a database of specialist users, an authorization module for specialized users, specialized portals containing databases of specialized products for the user - specialists, authorization and access block for specialist users to databases of goods of specialized portals, into which, according to a utility model, a security subsystem is additionally introduced, which includes a secure data transmission unit for verifying specialists, which is associated with at least one central server and at least one remote terminal of the specialist user, the module for authorization of specialist users is configured to generate a label in response to authorization of a request coming from a remote terminal of a specialist user, and the label contains the first data that anonymously authorizes the specialist user , and second data that identifies the action that the system is authorized to perform for users of specialized portals; in addition, the data transmission between the authorization block of specialist users and the database of specialist users and specialized portals is encrypted
  • the proposed system contains at least one central server, which is configured to maintain a connection with a plurality of remote terminals of professional users, which are connected to the central server via the Internet using wired and wireless communication channels.
  • Communication channels may be secure communication channels to ensure the integrity and confidentiality of transmitted information, for example, personal data.
  • the remote terminal of a specialist user can be a personal computer, laptop computer, tablet, mobile phone, smartphone, communicator, e-book and other electronic devices with the ability to access the network.
  • the database of user-specialists contains data on user-specialists of the system, which are associated with the specialty of professional activity of users.
  • the user-specialist At his first registration in the system, the user-specialist must provide documents confirming his specialization, respectively, data on his type of activity, for example, cosmetology, are entered into the database of user-specialists.
  • registration specialist users can be implemented both on the system’s website by the users themselves, and the telephone manager can register the specialist in the database after receiving a photo or scan of a copy of the specialist’s documents confirming his specialization.
  • the main data that is entered into the database during registration is - name, date of birth, phone, e-mail, photo of diplomas confirming specialization.
  • Databases of specialized products for professional users contain data that includes information about products and their availability, including product categories (for example, cosmetology, medicine, home care, etc.), a list of specialists' specializations who are given access to each category, images goods, including photographic images, a detailed description, the cost of goods and the maximum possible discount on goods.
  • product categories for example, cosmetology, medicine, home care, etc.
  • specialists' specializations who are given access to each category
  • images goods including photographic images, a detailed description, the cost of goods and the maximum possible discount on goods.
  • a specialized portal (hereinafter referred to as the WEB service) in the context of this description, we mean a server with databases on which the partner’s WEB site with a specific URL is located.
  • Such portals for example, can be specialized online stores for professional users, or any users of the B2B segment.
  • the authorization module for professional users contains tools for storing data about specialized users in a database of professional users, means for exchanging data with the specified database, and means for transmitting (exchanging) data with WEB services of partners.
  • the authorization module for specialist users is configured to generate a label during the first registration of a specialist user for which a remote terminal is used, the label containing the first data that anonymously authorizes the specialist user and second data identifying the action that the system authorized to execute for users of specialized portals.
  • specialist users who have submitted documents confirming their qualification level the means of the authorization of specialist users form and store in the database of specialist users the automatically generated virtual card number (first data), and only its presence gives the user access to the type of database data of specialized goods for professional users on WEB services.
  • the authorization module while saving the generated virtual card number (label with the first data), the authorization module generates a unique id code for the specialist user and a label with the second data and data for the new specialist user is transferred to the database of specialist users for storage.
  • a label with other data acts as a limiter of access to the data of each specialist user, which is defined as confidential (such data may be: the history of the user's financial activity in the system, code word, and other data) by other WEB services.
  • the label with the second data is intended so that extraneous WEB services provide the user with the ability to perform actions only with that data that relates to his specialization.
  • a cosmetologist user can access the database section of specialized products of the type (category) "cosmetology" only and does not have access to other types of professional goods.
  • This also applies to specialists of other activities. That is, the user's specialization, which is associated with the specialist user account using the generated tag, determines his access to other data, for example, data on prices and assortment of goods that are stored in the databases of specialized portals of system partners. Labels generated by means of the authorization module for specialist users are not visible to the user, and they are used only for data exchange and authorization between the central server and WEB services.
  • such a solution allows a system user to perform an action in an extraneous WEB service system, excluding the access of an extraneous WEB service system to data that is defined as being confidential using a label with second data.
  • the authorization module for user-specialists and the database of user-users exchange information with a certain frequency, for example, every 5 minutes. Customer data both in the database and in the authorization module are always up-to-date almost online.
  • the exchange of user data between the authorization module and the database and partner sites is implemented using the htmls protocol in the Json format. Communication channel - Internet. Data transmission is encrypted using an SSL certificate. Data is stored on an encrypted drive.
  • the security subsystem includes a secure data transmission unit for verification of specialist users on specialized portals, which contains means for secure data exchange between a specialist user and a central server and partner sites.
  • the server identifies a specialist user, not limited to one protection, namely a password.
  • an id code can be used, which is automatically assigned during registration of a specialist user in the system databases.
  • the secure data transfer unit allows the server and the specialist user to verify each other before coordinating information interaction, agree on an encryption algorithm, and generate common cryptographic keys.
  • the unit uses two-key cryptosystems, in particular RSA.
  • the confidentiality of the data transmitted over the established secure connection is ensured by encrypting the data stream on the generated shared key using symmetric cryptographic algorithms, and the integrity of the transmitted data blocks through the use of so-called message authentication codes.
  • the secure data transfer unit makes it impossible to replace data in all cases when a specialist user connects to the central server, that is, logs into the system, and the advantage of the proposed system is that all users of the system are sure that they are exchanging information not with the fake server, but with the system server.
  • a specialist user logs on to any site of the system’s partners — the WEB service, and logs on to the system.
  • the specialist enters the login and password that was provided to him during pre-registration and / or a one-time code from the email message, SMS message, message in the messenger, which he receives on his personal number after entering it into the login form (if this number saved in the database upon pre-registration).
  • the authorization module tools process the entered data and provide access in accordance with the generated label to the product databases that correspond to the specialist’s specialization specified during registration, which is stored on the server of the specialized portal.
  • the specified means of the authorization module provide access to the profile of a specialist user (only to the data that is defined as non-confidential, for example, a questionnaire, training information) to partner sites.
  • the partner site WEB service
  • WEB service has access only to user purchases on its website, user purchases on other partner sites are considered confidential information.
  • the system sets up access groups to the database of specialist users, depending on the scope of the partner site.
  • the proposed system of collection, storage and secure data transfer for verification of user-specialists on specialized portals provides an increase in the degree of protection exchange of data that is transmitted by the system through the introduction of a secure data transmission unit for verification of specialists.
  • the system allows to reduce the vulnerability of the data stream through the data network from unauthorized access or other malicious actions and to provide limited access to the data of professional users.

Abstract

L'invention concerne des systèmes de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs-spécialistes sur des portails spécialisés. Le système comprend un serveur central relié par un réseau de transmission de données à un terminal distant d'utilisateur-spécialiste, une base de données d'utilisateurs-spécialistes, un module d'autorisation d'utilisateurs-spécialistes, des portails spécialisés contenant des bases de données de produits spécialisés pour les utilisateurs-spécialistes, une unité d'autorisation et de fourniture d'accès pour les utilisateurs-spécialistes aux bases de données de produits des portails spécialisés, un sous-système de protection qui comprend une unité de transmission sécurisée de données pour la vérification des spécialistes, connectée au serveur central et au terminal distant d'utilisateur-spécialiste. Le module d'autorisation d'utilisateurs-spécialistes peut générer une marque en réponse à une autorisation de demande provenant du terminal distant d'utilisateur-spécialiste, laquelle marque comprend des première données qui autorisent de façon anonyme l'utilisateur-spécialiste, et des secondes données qui identifient une action que le système d'autorisation effectue pour les utilisateurs de potails spécialisés; la transmission de données entre l'unité d'autorisation d'utilisateurs-spécialistes et la base de données d'utilisateurs-spécialistes et de portails spécilisés est cryptée à l'aide d'un certificat SSI.
PCT/UA2018/000054 2018-03-22 2018-06-01 Système de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs WO2019182545A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
UAU201802924 2018-03-22
UAU201802924U UA126387U (uk) 2018-03-22 2018-03-22 Система збору, зберігання та захищеної передачі даних для верифікації користувачів-фахівців на спеціалізованих порталах

Publications (1)

Publication Number Publication Date
WO2019182545A1 true WO2019182545A1 (fr) 2019-09-26

Family

ID=62540585

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/UA2018/000054 WO2019182545A1 (fr) 2018-03-22 2018-06-01 Système de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs

Country Status (2)

Country Link
UA (1) UA126387U (fr)
WO (1) WO2019182545A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113724048A (zh) * 2021-09-02 2021-11-30 国泰新点软件股份有限公司 专家抽取系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040139001A1 (en) * 2001-03-02 2004-07-15 Peter Henriques Network based business to business portal for the retail convenience marketplace
EP1482404A2 (fr) * 2003-04-11 2004-12-01 Sun Microsystems, Inc. Systèmes, Procédé et produit manufacturé pour aligner des conteneurs de service
US6957199B1 (en) * 2000-08-30 2005-10-18 Douglas Fisher Method, system and service for conducting authenticated business transactions
RU2417448C2 (ru) * 2005-07-27 2011-04-27 Инджениа Холдингс Лимитед Верификация аутентичности

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6957199B1 (en) * 2000-08-30 2005-10-18 Douglas Fisher Method, system and service for conducting authenticated business transactions
US20040139001A1 (en) * 2001-03-02 2004-07-15 Peter Henriques Network based business to business portal for the retail convenience marketplace
EP1482404A2 (fr) * 2003-04-11 2004-12-01 Sun Microsystems, Inc. Systèmes, Procédé et produit manufacturé pour aligner des conteneurs de service
RU2417448C2 (ru) * 2005-07-27 2011-04-27 Инджениа Холдингс Лимитед Верификация аутентичности

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113724048A (zh) * 2021-09-02 2021-11-30 国泰新点软件股份有限公司 专家抽取系统

Also Published As

Publication number Publication date
UA126387U (uk) 2018-06-11

Similar Documents

Publication Publication Date Title
US11700257B2 (en) System and method for storing and distributing consumer information
US10887098B2 (en) System for digital identity authentication and methods of use
US11044087B2 (en) System for digital identity authentication and methods of use
US10574643B2 (en) Systems and methods for distribution of selected authentication information for a network of devices
US10509898B2 (en) Enhanced security authentication methods, systems and media
EP3509006B1 (fr) Système de partage d'informations
JP4776245B2 (ja) ユニバーサルパーベイシブトランザクションフレームワークのためのオピニオン登録アプリケーション
US11468176B2 (en) Computer method and graphical user interface for identity management using blockchain
US20220021537A1 (en) Privacy-preserving identity attribute verification using policy tokens
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US11588638B2 (en) Digital notarization using a biometric identification service
US20190303929A1 (en) Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions
US20140089189A1 (en) System, method, and apparatus to evaluate transaction security risk
US20220005039A1 (en) Delegation method and delegation request managing method
CN101944216A (zh) 双因子在线交易安全认证方法及系统
US9239936B2 (en) System, method, and apparatus to mitigaterisk of compromised privacy
WO2019182545A1 (fr) Système de collecte, de stockage et de transmission sécurisée de données pour la vérification d'utilisateurs
US20120290483A1 (en) Methods, systems and nodes for authorizing a securized exchange between a user and a provider site
CN105743883B (zh) 一种网络应用的身份属性获取方法及装置
US20200204377A1 (en) Digital notarization station that uses a biometric identification service
Arun et al. Authentication and Identity Validation Blockchain Application
CN117407907A (zh) 数据查询方法、装置、设备、存储介质及计算机产品
CN116961896A (zh) 基于区块链的投票方法、装置、电子设备和可读介质
Song et al. Healthcare system architecture, economic value, and policy models in large-scale wireless sensor networks
Wang E-Health Security and Privacy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18911189

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22.01.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18911189

Country of ref document: EP

Kind code of ref document: A1