WO2022071720A1 - Method and electronic device for performing authentication of user - Google Patents

Method and electronic device for performing authentication of user Download PDF

Info

Publication number
WO2022071720A1
WO2022071720A1 PCT/KR2021/013246 KR2021013246W WO2022071720A1 WO 2022071720 A1 WO2022071720 A1 WO 2022071720A1 KR 2021013246 W KR2021013246 W KR 2021013246W WO 2022071720 A1 WO2022071720 A1 WO 2022071720A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
electronic device
user
user input
sub
Prior art date
Application number
PCT/KR2021/013246
Other languages
French (fr)
Inventor
Vijay Bollineni
Kishore Babu CHINTAGINJALA
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Publication of WO2022071720A1 publication Critical patent/WO2022071720A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4018Transaction verification using the card verification value [CVV] associated with the card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the disclosure relates to a near field communication (NFC) money transfer (NMT) communication, and more specifically related to a method and an electronic device for performing authentication of a user.
  • NFC near field communication
  • NMT money transfer
  • PDA personal digital assistant
  • the multi-function electronic devices typically access internet to send and receive emails through a cellular network and/or a wireless local area network (WLAN).
  • WLAN wireless local area network
  • Some of the electronic devices incorporate contactless card technology and/or NFC technology.
  • the NFC technology is widely used for contactless short-range communication based on radio frequency identification (RFID) standards, using magnetic field induction to allow communication between the electronic devices.
  • RFID radio frequency identification
  • the NFC technology has high-frequency, short-range wireless communication exchanges data (e.g. sharing a media file, performing NMT/ making financial transactions, etc.) over a short distance, such as just a few centimeters, between the electronic devices.
  • NMT protocol/NFC technology As per NFC forum version 1.0, using NMT protocol, the existing electronic devices can negotiate and determine a specific payment application for the financial transactions (i.e. NMT payment) with a simple NFC tap instead of multiple manual operations (e.g. require PIN/signature to authenticate the user for the money transfer transaction).
  • a mechanism for authentication of a payer in NMT payments by configuring one new byte in an NMT protocol.
  • One new byte indicate a type of authentication and sub-authentication in an MT method record of an MT request/response message.
  • the type of authentication comprises an inherence based authentication, a knowledge-based authentication, and a possession-based authentication.
  • a method for performing an authentication of a user of a first electronic device includes receiving, by the first electronic device, a payment request message including at least one enforced authentication parameter from a second electronic device. Further, the method includes performing, by the first electronic device, the authentication of the user of the first electronic device based on the at least one enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message including an authentication status to the second electronic device. The authentication status indicates one of an authentication success and an authentication failure. Further, the method includes sending, by the first electronic device, a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication.
  • a first electronic device including a transceiver and at least one processor.
  • the at least one processor is configured to control the transceiver to receive a payment request message including at least one enforced authentication parameter from a second electronic device. Further, the at least one processor is configured to perform an authentication of a user of the first electronic device based on the at least one enforced authentication parameter. Further, the at least one processor is configured to control the transceiver to send a payment response message including an authentication status to the second electronic device. The authentication status indicates one of an authentication success and an authentication failure. Further, the at least one processor is configured to control the transceiver to send a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication status.
  • a method for providing authentication to a user of a first electronic device during anNMT communication with a second electronic device includes receiving, by the first electronic device, a payment request message with an enforced authentication parameter from the second electronic device. Further, the method includes performing, by the first electronic device, an authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message with an authentication status to the second electronic device. The authentication status is one of successful and fail. Further, the method includes completing, by the first electronic device, the NMT communicationbased on the successful authentication by sending a request.
  • the enforced authentication parameter comprises a 3-bit binary value of the authentication and a 5-bit binary value of the sub-authentication in a payload of an MT method record of an NMT protocol.
  • the 3-bit binary value of the authentication and the 5-bit binary value of the sub-authentication are pre-configured by one of the user of the first electronic device, a user of the second electronic device, and a third entity (e.g. Original Equipment Manufacturer (OEM) of NMT device defines any default authentication methods subject to institutional & privacy standards that can be changed by one of the user of the first electronic device and the user of the second electronic device are specified by the NMT Device OEM, respective institutionalmandate a specific setting for NMT payments that cannot be modified by the user of the first electronic device and the user of the second electronic device, etc.).
  • OEM Original Equipment Manufacturer
  • the request sends by the one of the first electronic device and the second electronic device to a server to complete the NMT communication.
  • a type of authentication includes a default authentication, a possession-based authentication, a knowledge-based authentication, and an inherence-based authentication.
  • the sub-authentication of the possession-based authentication includes a One Time Password (OTP), and a Card Verification Value (CVV) associated with the user of the first electronic device.
  • OTP One Time Password
  • CVV Card Verification Value
  • the sub-authentication of the knowledge-based authentication includes a password, a Personal Information Number (PIN), a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device.
  • PIN Personal Information Number
  • the sub-authentication of the inherence-based authentication includes a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device.
  • the method further includesperforming the authentication of the user of the first electronic device as per the enforced authentication parameter includes detecting, bythe first electronic device, a user input at the first electronic device and determining, by the first electronic device, whether the user input matches with stored user input.
  • the user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device.
  • the method includes updating, by the first electronic device, the authentication status as a successful authentication in response to determining that the user inputmatches with stored user input.
  • the method includes updating, by the first electronic device, the authentication status as a failure of authentication in response to determining that the user inputdoes not match with stored user input.
  • the first electronic device for providing authentication to the user of the first electronic device during the NMT communicationwith the second electronic device.
  • the first electronic device includes an NMT authentication engine coupled with a processor and a memory.
  • the NMT authentication engine is configured to receive the payment request message with the enforced authentication parameter from the second electronic device. Further, the NMT authentication engine is configured to perform the authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the NMT authentication engine is configured to send the payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the NMT authentication engine is configured to complete the NMT communicationbased on the successful authentication by sending the request.
  • FIG. 1A illustrates a general negotiated money transfer message sequence
  • FIG. 1B illustrates a general strucure of a money transfer request message or a money transfer response message.
  • FIG. 2A illustrates a block diagram of a system for providing an authentication to a user of a first electronic device during an NMT communication, according to an embodiment as disclosed herein;
  • FIG. 2B illustrates a block diagram of the first electronic device for providing the authentication during theNMT communication, according to an embodiment as disclosed herein;
  • FIG. 3 is a flow diagram illustrating a method for providing the authentication during the NMT communication, according to an embodiment as disclosed herein;
  • FIG. 4 is a sequence diagram illustrating a method for providing the authentication during the NMT communication by configuringa type of authentication and sub-authentication in an MT method record of anMT request/response message, according to the embodiments as disclosed herein;
  • FIG. 5 illustrates a payload of the MT method record of the MT request/response message, according to the embodiments as disclosed herein;
  • FIG. 6 is an example scenario in which the first electronic device performsthe authentication of the user using an inherence based authentication method based on keystroke dynamics while conducting an NMT communication, according to the embodiments as disclosed herein;
  • FIG. 7 is an example scenario in which the first electronic device performsthe authentication of the user using an interactive knowledge-based authentication based on a knowledge-based challenge-response while conducting the NMT communication, according to the embodiments as disclosed herein.
  • embodiments may be described and illustrated in terms of blocks which carry out a described function or functions.
  • These blocks which may be referred to herein as managers, units, modules, hardware components,or the like, are physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and may optionally be driven by firmware.
  • the circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
  • circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block.
  • a processor e.g., one or more programmed microprocessors and associated circuitry
  • Each block of the embodiments may be physically separated into two or more interacting and discrete blocks without departing from the scope of the disclosure.
  • the blocks of the embodiments may be physically combined into more complex blocks without departing from the scope of the disclosure.
  • the terms “Money transfer selector” and “first electronic device” are used interchangeably and mean the same.
  • the terms “Money transfer requester” and “second electronic device” are used interchangeably and mean the same.
  • the terms “payment server” and “server” are used interchangeably and mean the same.
  • the proposed method allows the electronic device to provide a mechanism for authentication of the user in the NMT communication by configuring one new byte in the NMT protocol.
  • the one new byte indicates a type of authentication and sub-authentication in an MT method record of an MT request (e.g. payment request message)/an MT response message (e.g. payment response message). So, anonymous users unable to perform any financial transactions during the NMT communication.
  • the proposed method allows the electronic device to make NMT payments more secure by making user authentication as the fundamental step before initiating a payment. Furthermore, the proposed method allows the electronic device to provide lays foundation for new use cases by defining payment authentication methods specific to following NMT payment method types such as PAYMENT_APP_ACCOUNT_TYPE and BANK_ACCOUNT_TYPE of the existing NFC forum.
  • the embodiment herein is to provide a method for providing authentication to a user of a first electronic device during an NMT communication with a second electronic device.
  • the method includes receiving, by the first electronic device, a payment request message with an enforced authentication parameter from the second electronic device. Further, the method includes performing, by the first electronic device, an authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the method includes completing, by the first electronic device, the NMT communication based on the successful authentication by sending a request.
  • the embodiments herein provide the first electronic device for providing authentication to the user of the first electronic device during the NMT communication with the second electronic device.
  • the first electronic device includes an NMT authentication engine coupled with a processor and a memory.
  • the NMT authentication engine is configured to receive the payment request message with the enforced authentication parameter from the second electronic device. Further, the NMT authentication engine is configured to perform the authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the NMT authentication engine is configured to send the payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the NMT authentication engine is configured to complete the NMT communication based on the successful authentication by sending the request.
  • FIGS. 1 through 7 where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
  • FIG. 1A illustrates a general negotiated money transfer message sequence (10).
  • the general negotiated money transfer message sequence is performed based on the existing NMT protocol.
  • a money transfer requester (21) sends a money transfer request message to a money transfer selector (41).
  • the money transfer selector (41) sends a money transfer respose message to the money transfer requester (21).
  • the money transfer requester (21) sends a money transfer request message to the money transfer selector (41).
  • the money transfer selector (41) sends a money transfer respose message to the money transfer requester (21).
  • either the money transfer requester (21) or the money transfer selector (41) submits a money transfer transaction request to a corresponding payment server to complet a money transfer process.
  • FIG. 1B illustrates a general strucure of a money transfer request message or a money transfer response message.
  • a money transfer request message (20) includes one or more MT method records that indicate the MT method type it supports.
  • An MT method record (30) is used to describe a single set of money transfer information (MTI) options for the money transfer transaction. This record shall be used in a global money transfer record that is sent either by the money transfer requester (21) or by the money transfer selector (41).
  • the MT method record (30) includes an MT_method_type field, an account_info field (Acct_F), a transaction_amount_info field (Amnt_F Field), an auxiliary_info_reference field (Aux_F Field), an account_info field, a transaction_amount_info field, an auxiliary_info_reference_count field, and an auxiliary_info_reference field.
  • an account_info field (Acct_F)
  • Amnt_F Field a transaction_amount_info field
  • Aux_F Field auxiliary_info_reference field
  • FIG. 2A illustrates a block diagram of a system (1000) for providing an authentication to a user of a first electronic device (100) during an NMT communication, according to an embodiment as disclosed herein.
  • the system (1000) includes a first electronic device (100), a second electronic device (200), and a server (300).
  • the first electronic device (100) and the second electronic device (200) can be, for example, but not limited, to a smartphone, a laptop, a smart television (TV), or the like.
  • the first electronic device (100) is configured to receive a payment request message with an enforced authentication parameter from the second electronic device (200).
  • the enforced authentication parameter includes a 3-bit binary value of the authentication and a 5-bit binary value of the sub-authentication in a payload of an MT method record of an NMT protocol.
  • the 3-bit binary value of the authentication and the 5-bit binary value of the sub-authentication are pre-configured by one of the user of the first electronic device (100), a user of the second electronic device (200), and a third entity.
  • a type of authentication includes a default authentication, a possession-based authentication, a knowledge-based authentication, and an inherence-based authentication.
  • the sub-authentication of the possession-based authentication includes an OTP and a CVV associated with the user of the first electronic device (100).
  • the sub-authentication of the knowledge-based authentication includes a password, a PIN, a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device (100).
  • the sub-authentication of the inherence-based authentication includes a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device (100).
  • the first electronic device (100) is configured to perform an authentication of the user of the first electronic device (100) based on the enforced authentication parameter. Further, the first electronic device (100) is configured to send a payment response message including an authentication status to the second electronic device (200), where the authentication status is one of successful and fail. Further, the first electronic device (100) is configured to complete the NMT communication based on the successful authentication by sending a request to the server to complete the NMT communication. The request sends by the one of the first electronic device (100) and the second electronic device (200) to a server (300) to complete the NMT communication.
  • the first electronic device (100) is configured to detect a user input at the first electronic device (100).
  • the user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device (100).
  • the first electronic device (100) is configured to determine whether the user input matches with stored user input. Further, the first electronic device (100) is configured to update the authentication status as a successful authentication in response to determining that the user input matches with a stored user input. Further, the first electronic device (100) is configured to update the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
  • FIG. 2B illustrates a block diagram of the first electronic device (100) for providing the authentication during the NMT communication, according to an embodiment as disclosed herein.
  • the first electronic device (100) includes a memory (110), a processor (120), a transceiver (130), an NMT authentication engine (140), and an input detector (150).
  • the memory (110) is configured to store the user input.
  • the user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device (100).
  • the memory (110) stores instructions to be executed by the processor (120).
  • the memory (110) may include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories.
  • the memory (110) may, in some examples, be considered a non-transitory storage medium.
  • the term “non-transitory” may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term “non-transitory” should not be interpreted that the memory (110) is non-movable.
  • a non-transitory storage medium may store data that can, over time, change (e.g., in random access memory (RAM) or cache).
  • the memory (110) can be an internal storage unit or it can be an external storage unit of the second electronic device (200), a cloud storage, or any other type of external storage.
  • the processor (120) communicates with the memory (110), the transceiver (130), the NMT authentication engine (140), and the input detector (150).
  • the processor (120) is configured to execute instructions stored in the memory (110) and to perform various processes.
  • the processor (120) may include one or a plurality of processors, may be a general-purpose processor, such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an artificial intelligence (AI) dedicated processor such as a neural processing unit (NPU).
  • the transceiver (130) is configured for communicating internally between internal hardware components and with external devices (e.g. the second electronic device (200)) via one or more networks (e.g. internet, Wi-Fi, Bluetooth, NFC, etc.).
  • the transceiver (130) includes an electronic circuit specific to a standard that enables wired or wireless communication.
  • the NMT authentication engine (140) is implemented by processing circuitry such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, or the like, and may optionally be driven by firmware.
  • the circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
  • the NMT authentication engine (140) receives the payment request message including an enforced authentication parameter from the second electronic device (200). Further, the NMT authentication engine (140) performs the authentication of the user of the first electronic device (100) based on the enforced authentication parameter. Further, the NMT authentication engine (140) sends the payment response message including an authentication status to the second electronic device (200). Further, the NMT authentication engine (140) completes the NMT communication based on the successful authentication by sending the request to the server (300) to complete the NMT communication. Further, the NMT authentication engine (140) updates the authentication status as the successful authentication in response to determining that the user input matches with stored user input. Further, the NMT authentication engine (140) updates the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
  • the input detector (150) is implemented by processing circuitry such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, or the like, and may optionally be driven by firmware.
  • processing circuitry such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, or the like, and may optionally be driven by firmware.
  • the circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
  • the input detector (150) detects the user input at the first electronic device (100). Further, the input detector (150) determines whether the user input matches with stored user input. Further, the input detector (150) sends a result (input matched or not matched) to the NMT authentication engine (140).
  • FIG. 2B shows various hardware components of the first electronic device (100) but it is to be understood that other embodiments are not limited thereon.
  • the first electronic device (100) may include less or more number of components.
  • the labels or names of the components are used only for illustrative purpose and does not limit the scope of the invention.
  • One or more components can be combined together to perform same or substantially similar function to provide authentication to the user of the first electronic device (100) during the NMT communication with the second electronic device (200).
  • FIG. 3 is a flow diagram (320) illustrating a method for providing the authentication during the NMT communication, according to an embodiment as disclosed herein.
  • the operations (S302-S314) are performed by the first electronic device (100).
  • the method includes receiving the payment request message including the enforced authentication parameter from the second electronic device (200).
  • the method includes detecting the user input at the first electronic device (100).
  • the method includes determining whether the user input matches with the stored user input.
  • the method includes updating the authentication status as a successful authentication in response to determining that the user input matches with the stored user input.
  • the method includes updating the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
  • the method includes sending the payment response message including the authentication status to the second electronic device (200), where the authentication status is one of successful and fail.
  • the method includes completing the NMT communication based on the successful authentication by sending the request to the server (300) to complete the NMT communication.
  • FIG. 4 is a sequence diagram (420) illustrating a method for providing the authentication during the NMT communication by configuring a type of authentication and sub-authentication in the MT method record of the MT request/response message, according to the embodiments as disclosed herein.
  • the second electronic device (200) as an MT requester sends the MT request message including enforced user authentication to the first electronic device (100) as an MT selector (e.g. payer).
  • the detailed information regarding the enforced user authentication is given in the FIG. 5.
  • the NMT authenticating engine (140) performs the authentication of the first electronic device (100) based on the received enforced user authentication.
  • the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol.
  • the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the server (e.g. payment server) (300) to complete the NMT payments.
  • the server e.g. payment server
  • FIG. 5 illustrates a payload of the MT method record of the MT request message and MT response message, according to the embodiments as disclosed herein.
  • the proposed method provides a mechanism for authentication of the payer (e.g. the first electronic device (100), the user of the first electronic device (100)) in the NMT payments by configuring one new byte in the NMT protocol (502).
  • the one new byte indicates a type of authentication (Auth_ID_Method_Type) and sub-authentication (Auth_ID_Submethods) in the MT method record of the MT request message and MT response message.
  • the type of authentication field signifies the type of mechanism that has to be used to identify and authenticate the payer while performing the NMT payment. Further, the type of authentication field is a 3-bit field that signifies which base authentication method to be used for the authentication of the payer.
  • the sub-authentication field signifies the definitive method of authentication that has to be used as mentioned by a parent mechanism set for the Auth_ID_Method_Type field. Further, the sub-authentication field is a 5-bit field that signifies the definitive method to be used for the payer to identity and authentication. Further, the values of the sub-authentication field are dependent on the Auth_ID_Method_Type field and dependent on capabilities of the user of the first electronic device (100) as well.
  • the type of authentication includes an inherence based authentication method, a knowledge-based authentication method, and a possession-based authentication method as defined in Table 1.
  • the sub-authentication of the possession-based authentication method is defined in Table 2.
  • the sub-authentication of the knowledge-based authentication method is defined in Table 3.
  • the sub-authentication of the inherence-based authentication method is defined in Table 4.
  • FIG. 6 is an example scenario in which the first electronic device (100) performs the authentication of the user using the inherence based authentication method based on keystroke dynamics while conducting the NMT communication, according to the embodiments as disclosed herein.
  • the second electronic device (200) sends the MT request message and an authentication request message to the first electronic device (100).
  • the authentication request includes the Auth_ID_Method_Type and the Auth_ID_submethods, where the Auth_ID_Method_Type consists of "011" binary value, which signifies the inherence based authentication method as described in the Table 1.
  • the Auth_ID_submethods consist of "00111" binary value, which signifies the keystroke dynamics as described in the Table 4.
  • the NMT authenticating engine (140) determines whether a current keystroke of the user of the first electronic device (100) matches with the stored keystroke.
  • the NMT authenticating engine (140) updates the authentication status as a successful authentication in response to determining that the current keystroke of the user of the first electronic device (100) is matched with the stored keystroke or updates the authentication status as a failure of authentication in response to determining that the current keystroke of the user of the first electronic device (100) does not match with the stored keystroke.
  • the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol.
  • the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the payment server (300) to complete the NMT payments.
  • FIG. 7 is an example scenario in which the first electronic device (100) performs the authentication of the user using the interactive knowledge-based authentication based on the knowledge-based challenge-response while conducting theNMT communication, according to the embodiments as disclosed herein.
  • the second electronic device (200) sends the MT request message and an authentication request message to the first electronic device (100).
  • the authentication request includes the Auth_ID_Method_Type and the Auth_ID_submethods, where the Auth_ID_Method_Type consists of "010" binary value, which signifies the knowledge-based authentication method as described in the Table 1.
  • the Auth_ID_submethods consist of "00101" binary value, which signifies the knowledge-based challenge response as described in the Table 3.
  • the NMT authenticating engine (140) displays a message relates to requiring the user input to perform the authentication.
  • the input detector (150) receives the user input and determines whether the user input matches with the stored user input.
  • the NMT authenticating engine (140) updates the authentication status as a successful authentication in response to determining that the user input matches with the stored user input or updates the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
  • the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol.
  • the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the payment server (300) to complete the NMT payments.
  • the embodiments disclosed herein can be implemented using at least one hardware device and performing network management functions to control the elements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Telephone Function (AREA)

Abstract

A method and an electronic device for performing authentication of a user are provided. The method includes receiving a payment request message including at least one enforced authentication parameter from a second electronic device. Further, the method includes performing the authentication of the user of the first electronic device based on the at least one enforced authentication parameter. Further, the method includes sending a payment response message including an authentication status to the second electronic device, the authentication status indicating one of an authentication success and an authentication failure. Further, the method includes sending a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication status.

Description

METHOD AND ELECTRONIC DEVICE FOR PERFORMING AUTHENTICATION OF USER
The disclosure relates to a near field communication (NFC) money transfer (NMT) communication, and more specifically related to a method and an electronic device for performing authentication of a user.
The popularity of mobile communication systems continues to expand and has become an important part of both personal and business communications. Various existing electronic devices now incorporate personal digital assistant (PDA) functions such as calendars, address books, task lists, electronic mail (email), calculators, memo and writing programs, media players, games, etc. For example, the multi-function electronic devices typically access internet to send and receive emails through a cellular network and/or a wireless local area network (WLAN). Some of the electronic devices incorporate contactless card technology and/or NFC technology. The NFC technology is widely used for contactless short-range communication based on radio frequency identification (RFID) standards, using magnetic field induction to allow communication between the electronic devices. The NFC technology has high-frequency, short-range wireless communication exchanges data (e.g. sharing a media file, performing NMT/ making financial transactions, etc.) over a short distance, such as just a few centimeters, between the electronic devices.
In the existing electronic devices, there are many authentication methods available to conduct financial transactions in long-range wireless communication, for example, many financial institutions (such as banks and creditcard providers) require that a user provide some form of authentication (such as a signature or a personal identification number (PIN)) that confirms the user's identity before the financial transaction can be completed. While in existing short range wireless communication such as NMT protocol/NFC technology, as per NFC forum version 1.0, using NMT protocol, the existing electronic devices can negotiate and determine a specific payment application for the financial transactions (i.e. NMT payment) with a simple NFC tap instead of multiple manual operations (e.g. require PIN/signature to authenticate the user for the money transfer transaction).
Consider a situation where the existing electronic device with NMT capabilities is in the wrong hands/anonymous users. In the existing NMT protocol, even anonymous users may use a quick NFC tap to make the financial transactions. Since there is no way for one party (i.e. payee) to request/enforce the authentication of a second party (i.e. payer) when carrying out the financial transactions under the existing NMT protocol. So, security is a major concern while using the NFC-technology to perform financial transactions.Thus, it is desired to at least provide a useful alternative for authentication in the existing NMT protocol.
Provided are a mechanism for authentication of a payer in NMT payments by configuring one new byte in an NMT protocol. One new byte indicate a type of authentication and sub-authentication in an MT method record of an MT request/response message. The type of authentication comprises an inherence based authentication, a knowledge-based authentication, and a possession-based authentication.
In accordance with an aspect of the disclosure, a method for performing an authentication of a user of a first electronic device is provided. The method includes receiving, by the first electronic device, a payment request message including at least one enforced authentication parameter from a second electronic device. Further, the method includes performing, by the first electronic device, the authentication of the user of the first electronic device based on the at least one enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message including an authentication status to the second electronic device. The authentication status indicates one of an authentication success and an authentication failure. Further, the method includes sending, by the first electronic device, a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication.
In accordance with an aspect of the disclosure, a first electronic device including a transceiver and at least one processor is provided. The at least one processor is configured to control the transceiver to receive a payment request message including at least one enforced authentication parameter from a second electronic device. Further, the at least one processor is configured to perform an authentication of a user of the first electronic device based on the at least one enforced authentication parameter. Further, the at least one processor is configured to control the transceiver to send a payment response message including an authentication status to the second electronic device. The authentication status indicates one of an authentication success and an authentication failure. Further, the at least one processor is configured to control the transceiver to send a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication status.
In accordance with an aspect of the disclosure, a method for providing authentication to a user of a first electronic device during anNMT communication with a second electronic device is provided. The method includes receiving, by the first electronic device, a payment request message with an enforced authentication parameter from the second electronic device. Further, the method includes performing, by the first electronic device, an authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message with an authentication status to the second electronic device. The authentication status is one of successful and fail. Further, the method includes completing, by the first electronic device, the NMT communicationbased on the successful authentication by sending a request.
In an embodiment, the enforced authentication parameter comprises a 3-bit binary value of the authentication and a 5-bit binary value of the sub-authentication in a payload of an MT method record of an NMT protocol.
In an embodiment, the 3-bit binary value of the authentication and the 5-bit binary value of the sub-authentication are pre-configured by one of the user of the first electronic device, a user of the second electronic device, and a third entity (e.g. Original Equipment Manufacturer (OEM) of NMT device defines any default authentication methods subject to institutional & privacy standards that can be changed by one of the user of the first electronic device and the user of the second electronic device are specified by the NMT Device OEM, respective institutionalmandate a specific setting for NMT payments that cannot be modified by the user of the first electronic device and the user of the second electronic device, etc.).
In an embodiment, the request sends by the one of the first electronic device and the second electronic device to a server to complete the NMT communication.
In an embodiment, a type of authentication includes a default authentication, a possession-based authentication, a knowledge-based authentication, and an inherence-based authentication.
In an embodiment, the sub-authentication of the possession-based authentication includes a One Time Password (OTP), and a Card Verification Value (CVV) associated with the user of the first electronic device.
In an embodiment, the sub-authentication of the knowledge-based authentication includes a password, a Personal Information Number (PIN), a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device.
In an embodiment, the sub-authentication of the inherence-based authenticationincludes a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device.
In an embodiment, the method further includesperforming the authentication of the user of the first electronic device as per the enforced authentication parameter includes detecting, bythe first electronic device, a user input at the first electronic device and determining, by the first electronic device, whether the user input matches with stored user input.The user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device. Further, the method includes updating, by the first electronic device, the authentication status as a successful authentication in response to determining that the user inputmatches with stored user input. Further, the method includes updating, by the first electronic device, the authentication status as a failure of authentication in response to determining that the user inputdoes not match with stored user input.
In accordance with an aspect of the disclosure, the first electronic device for providing authentication to the user of the first electronic device during the NMT communicationwith the second electronic device is provided. The first electronic device includes an NMT authentication engine coupled with a processor and a memory. The NMT authentication engine is configured to receive the payment request message with the enforced authentication parameter from the second electronic device. Further, the NMT authentication engine is configured to perform the authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the NMT authentication engine is configured to send the payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the NMT authentication engine is configured to complete the NMT communicationbased on the successful authentication by sending the request.
These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein, and the embodiments herein include all such modifications.
These method and electronic deviceare illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
FIG. 1A illustrates a general negotiated money transfer message sequence;
FIG. 1B illustrates a general strucure of a money transfer request message or a money transfer response message.
FIG. 2A illustrates a block diagram of a system for providing an authentication to a user of a first electronic device during an NMT communication, according to an embodiment as disclosed herein;
FIG. 2B illustrates a block diagram of the first electronic device for providing the authentication during theNMT communication, according to an embodiment as disclosed herein;
FIG. 3 is a flow diagram illustrating a method for providing the authentication during the NMT communication, according to an embodiment as disclosed herein;
FIG. 4 is a sequence diagram illustrating a method for providing the authentication during the NMT communication by configuringa type of authentication and sub-authentication in an MT method record of anMT request/response message, according to the embodiments as disclosed herein;
FIG. 5 illustrates a payload of the MT method record of the MT request/response message, according to the embodiments as disclosed herein;
FIG. 6 is an example scenario in which the first electronic device performsthe authentication of the user using an inherence based authentication method based on keystroke dynamics while conducting an NMT communication, according to the embodiments as disclosed herein; and
FIG. 7 is an example scenario in which the first electronic device performsthe authentication of the user using an interactive knowledge-based authentication based on a knowledge-based challenge-response while conducting the NMT communication, according to the embodiments as disclosed herein.
Embodiments discussed herein and various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. The term "or" as used herein, refers to a non-exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
As is traditional in the field, embodiments may be described and illustrated in terms of blocks which carry out a described function or functions. These blocks, which may be referred to herein as managers, units, modules, hardware components,or the like, are physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and may optionally be driven by firmware. The circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like. The circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block. Each block of the embodiments may be physically separated into two or more interacting and discrete blocks without departing from the scope of the disclosure. Likewise, the blocks of the embodiments may be physically combined into more complex blocks without departing from the scope of the disclosure.
Throughout this disclosure, the terms "Money transfer selector" and "first electronic device" are used interchangeably and mean the same. The terms "Money transfer requester" and "second electronic device" are used interchangeably and mean the same. The terms "payment server" and "server" are used interchangeably and mean the same.
Unlike existing methods and systems, the proposed method allows the electronic device to provide a mechanism for authentication of the user in the NMT communication by configuring one new byte in the NMT protocol. The one new byte indicates a type of authentication and sub-authentication in an MT method record of an MT request (e.g. payment request message)/an MT response message (e.g. payment response message). So, anonymous users unable to perform any financial transactions during the NMT communication.
Unlike existing methods and systems, the proposed method allows the electronic device to make NMT payments more secure by making user authentication as the fundamental step before initiating a payment. Furthermore, the proposed method allows the electronic device to provide lays foundation for new use cases by defining payment authentication methods specific to following NMT payment method types such as PAYMENT_APP_ACCOUNT_TYPE and BANK_ACCOUNT_TYPE of the existing NFC forum.
Accordingly, the embodiment herein is to provide a method for providing authentication to a user of a first electronic device during an NMT communication with a second electronic device. The method includes receiving, by the first electronic device, a payment request message with an enforced authentication parameter from the second electronic device. Further, the method includes performing, by the first electronic device, an authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the method includes sending, by the first electronic device, a payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the method includes completing, by the first electronic device, the NMT communication based on the successful authentication by sending a request.
Accordingly, the embodiments herein provide the first electronic device for providing authentication to the user of the first electronic device during the NMT communication with the second electronic device. The first electronic device includes an NMT authentication engine coupled with a processor and a memory. The NMT authentication engine is configured to receive the payment request message with the enforced authentication parameter from the second electronic device. Further, the NMT authentication engine is configured to perform the authentication of the user of the first electronic device as per the enforced authentication parameter. Further, the NMT authentication engine is configured to send the payment response message with an authentication status to the second electronic device, where the authentication status is one of successful and fail. Further, the NMT authentication engine is configured to complete the NMT communication based on the successful authentication by sending the request.
Referring now to the drawings and more particularly to FIGS. 1 through 7, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
FIG. 1A illustrates a general negotiated money transfer message sequence (10). The general negotiated money transfer message sequence is performed based on the existing NMT protocol.
Referred to Fig. 1A, at S11, a money transfer requester (21) sends a money transfer request message to a money transfer selector (41). At S12, the money transfer selector (41) sends a money transfer respose message to the money transfer requester (21).
At S13, the money transfer requester (21) sends a money transfer request message to the money transfer selector (41). At S14, the money transfer selector (41) sends a money transfer respose message to the money transfer requester (21).
At S15, either the money transfer requester (21) or the money transfer selector (41) submits a money transfer transaction request to a corresponding payment server to complet a money transfer process.
FIG. 1B illustrates a general strucure of a money transfer request message or a money transfer response message.
Referred to Fig. 1B, a money transfer request message (20) includes one or more MT method records that indicate the MT method type it supports. An MT method record (30) is used to describe a single set of money transfer information (MTI) options for the money transfer transaction. This record shall be used in a global money transfer record that is sent either by the money transfer requester (21) or by the money transfer selector (41).
The MT method record (30) includes an MT_method_type field, an account_info field (Acct_F), a transaction_amount_info field (Amnt_F Field), an auxiliary_info_reference field (Aux_F Field), an account_info field, a transaction_amount_info field, an auxiliary_info_reference_count field, and an auxiliary_info_reference field. In the existing NMT protocol, there is no authentication mechanism/ field in the MT method record to identify and authenticate a customer/user/payee/payer during NMT payments.
FIG. 2A illustrates a block diagram of a system (1000) for providing an authentication to a user of a first electronic device (100) during an NMT communication, according to an embodiment as disclosed herein. The system (1000) includes a first electronic device (100), a second electronic device (200), and a server (300). The first electronic device (100) and the second electronic device (200) can be, for example, but not limited, to a smartphone, a laptop, a smart television (TV), or the like.
In an embodiment, the first electronic device (100) is configured to receive a payment request message with an enforced authentication parameter from the second electronic device (200). The enforced authentication parameter includes a 3-bit binary value of the authentication and a 5-bit binary value of the sub-authentication in a payload of an MT method record of an NMT protocol. The 3-bit binary value of the authentication and the 5-bit binary value of the sub-authentication are pre-configured by one of the user of the first electronic device (100), a user of the second electronic device (200), and a third entity. Further, a type of authentication includes a default authentication, a possession-based authentication, a knowledge-based authentication, and an inherence-based authentication.
In an embodiment, the sub-authentication of the possession-based authentication includes an OTP and a CVV associated with the user of the first electronic device (100).
In an embodiment, the sub-authentication of the knowledge-based authentication includes a password, a PIN, a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device (100).
In an embodiment, the sub-authentication of the inherence-based authentication includes a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device (100).
Further, the first electronic device (100) is configured to perform an authentication of the user of the first electronic device (100) based on the enforced authentication parameter. Further, the first electronic device (100) is configured to send a payment response message including an authentication status to the second electronic device (200), where the authentication status is one of successful and fail. Further, the first electronic device (100) is configured to complete the NMT communication based on the successful authentication by sending a request to the server to complete the NMT communication. The request sends by the one of the first electronic device (100) and the second electronic device (200) to a server (300) to complete the NMT communication.
Further, the first electronic device (100) is configured to detect a user input at the first electronic device (100). The user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device (100). Further, the first electronic device (100) is configured to determine whether the user input matches with stored user input. Further, the first electronic device (100) is configured to update the authentication status as a successful authentication in response to determining that the user input matches with a stored user input. Further, the first electronic device (100) is configured to update the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
FIG. 2B illustrates a block diagram of the first electronic device (100) for providing the authentication during the NMT communication, according to an embodiment as disclosed herein. In an embodiment, the first electronic device (100) includes a memory (110), a processor (120), a transceiver (130), an NMT authentication engine (140), and an input detector (150).
In an embodiment, the memory (110) is configured to store the user input. The user input includes the fingerprint, the face detection, the retina scan, the Gait analysis, the voice input, the vein input, the keystroke dynamics, the password, the PIN, the knowledge-based challenge, the lock pattern, the OTP, and the CVV associated with the user of the first electronic device (100). The memory (110) stores instructions to be executed by the processor (120). The memory (110) may include non-volatile storage elements. Examples of such non-volatile storage elements may include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. In addition, the memory (110) may, in some examples, be considered a non-transitory storage medium. The term "non-transitory" may indicate that the storage medium is not embodied in a carrier wave or a propagated signal. However, the term "non-transitory" should not be interpreted that the memory (110) is non-movable. In certain examples, a non-transitory storage medium may store data that can, over time, change (e.g., in random access memory (RAM) or cache). The memory (110) can be an internal storage unit or it can be an external storage unit of the second electronic device (200), a cloud storage, or any other type of external storage.
The processor (120) communicates with the memory (110), the transceiver (130), the NMT authentication engine (140), and the input detector (150). The processor (120) is configured to execute instructions stored in the memory (110) and to perform various processes. The processor (120) may include one or a plurality of processors, may be a general-purpose processor, such as a central processing unit (CPU), an application processor (AP), or the like, a graphics-only processing unit such as a graphics processing unit (GPU), a visual processing unit (VPU), and/or an artificial intelligence (AI) dedicated processor such as a neural processing unit (NPU).
The transceiver (130) is configured for communicating internally between internal hardware components and with external devices (e.g. the second electronic device (200)) via one or more networks (e.g. internet, Wi-Fi, Bluetooth, NFC, etc.). The transceiver (130) includes an electronic circuit specific to a standard that enables wired or wireless communication.
The NMT authentication engine (140) is implemented by processing circuitry such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, or the like, and may optionally be driven by firmware. The circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
In an embodiment, the NMT authentication engine (140) receives the payment request message including an enforced authentication parameter from the second electronic device (200). Further, the NMT authentication engine (140) performs the authentication of the user of the first electronic device (100) based on the enforced authentication parameter. Further, the NMT authentication engine (140) sends the payment response message including an authentication status to the second electronic device (200). Further, the NMT authentication engine (140) completes the NMT communication based on the successful authentication by sending the request to the server (300) to complete the NMT communication. Further, the NMT authentication engine (140) updates the authentication status as the successful authentication in response to determining that the user input matches with stored user input. Further, the NMT authentication engine (140) updates the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
The input detector (150) is implemented by processing circuitry such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits, or the like, and may optionally be driven by firmware. The circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
In an embodiment, the input detector (150) detects the user input at the first electronic device (100). Further, the input detector (150) determines whether the user input matches with stored user input. Further, the input detector (150) sends a result (input matched or not matched) to the NMT authentication engine (140).
Although the FIG. 2B shows various hardware components of the first electronic device (100) but it is to be understood that other embodiments are not limited thereon. In other embodiments, the first electronic device (100) may include less or more number of components. Further, the labels or names of the components are used only for illustrative purpose and does not limit the scope of the invention. One or more components can be combined together to perform same or substantially similar function to provide authentication to the user of the first electronic device (100) during the NMT communication with the second electronic device (200).
FIG. 3 is a flow diagram (320) illustrating a method for providing the authentication during the NMT communication, according to an embodiment as disclosed herein. The operations (S302-S314) are performed by the first electronic device (100).
At S302, the method includes receiving the payment request message including the enforced authentication parameter from the second electronic device (200). At S304, the method includes detecting the user input at the first electronic device (100). At S306, the method includes determining whether the user input matches with the stored user input.
At S308, the method includes updating the authentication status as a successful authentication in response to determining that the user input matches with the stored user input. At S310, the method includes updating the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input.
At S312, the method includes sending the payment response message including the authentication status to the second electronic device (200), where the authentication status is one of successful and fail. At S314, the method includes completing the NMT communication based on the successful authentication by sending the request to the server (300) to complete the NMT communication.
The various actions, acts, blocks, steps, or the like in the flow diagram (320) may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.
FIG. 4 is a sequence diagram (420) illustrating a method for providing the authentication during the NMT communication by configuring a type of authentication and sub-authentication in the MT method record of the MT request/response message, according to the embodiments as disclosed herein.
At S401, the second electronic device (200) as an MT requester (e.g. payee) sends the MT request message including enforced user authentication to the first electronic device (100) as an MT selector (e.g. payer). The detailed information regarding the enforced user authentication is given in the FIG. 5.
At S402, the NMT authenticating engine (140) performs the authentication of the first electronic device (100) based on the received enforced user authentication. At S403 and S404, the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol. At S405, on successful authentication, either the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the server (e.g. payment server) (300) to complete the NMT payments.
FIG. 5 illustrates a payload of the MT method record of the MT request message and MT response message, according to the embodiments as disclosed herein.
In an embodiment, the proposed method provides a mechanism for authentication of the payer (e.g. the first electronic device (100), the user of the first electronic device (100)) in the NMT payments by configuring one new byte in the NMT protocol (502). The one new byte indicates a type of authentication (Auth_ID_Method_Type) and sub-authentication (Auth_ID_Submethods) in the MT method record of the MT request message and MT response message.
The type of authentication field signifies the type of mechanism that has to be used to identify and authenticate the payer while performing the NMT payment. Further, the type of authentication field is a 3-bit field that signifies which base authentication method to be used for the authentication of the payer.
The sub-authentication field signifies the definitive method of authentication that has to be used as mentioned by a parent mechanism set for the Auth_ID_Method_Type field. Further, the sub-authentication field is a 5-bit field that signifies the definitive method to be used for the payer to identity and authentication. Further, the values of the sub-authentication field are dependent on the Auth_ID_Method_Type field and dependent on capabilities of the user of the first electronic device (100) as well.
The type of authentication includes an inherence based authentication method, a knowledge-based authentication method, and a possession-based authentication method as defined in Table 1.
Figure PCTKR2021013246-appb-T000001
In an embodiment, the sub-authentication of the possession-based authentication method is defined in Table 2.
Figure PCTKR2021013246-appb-T000002
In an embodiment, the sub-authentication of the knowledge-based authentication method is defined in Table 3.
Figure PCTKR2021013246-appb-T000003
In an embodiment, the sub-authentication of the inherence-based authentication method is defined in Table 4.
Figure PCTKR2021013246-appb-T000004
FIG. 6 is an example scenario in which the first electronic device (100) performs the authentication of the user using the inherence based authentication method based on keystroke dynamics while conducting the NMT communication, according to the embodiments as disclosed herein.
At S601, the second electronic device (200) sends the MT request message and an authentication request message to the first electronic device (100). The authentication request includes the Auth_ID_Method_Type and the Auth_ID_submethods, where the Auth_ID_Method_Type consists of "011" binary value, which signifies the inherence based authentication method as described in the Table 1.The Auth_ID_submethods consist of "00111" binary value, which signifies the keystroke dynamics as described in the Table 4. At S602, the NMT authenticating engine (140) determines whether a current keystroke of the user of the first electronic device (100) matches with the stored keystroke.
At S603, the NMT authenticating engine (140) updates the authentication status as a successful authentication in response to determining that the current keystroke of the user of the first electronic device (100) is matched with the stored keystroke or updates the authentication status as a failure of authentication in response to determining that the current keystroke of the user of the first electronic device (100) does not match with the stored keystroke. At S604, the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol. At S605, on successful authentication, either the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the payment server (300) to complete the NMT payments.
FIG. 7 is an example scenario in which the first electronic device (100) performs the authentication of the user using the interactive knowledge-based authentication based on the knowledge-based challenge-response while conducting theNMT communication, according to the embodiments as disclosed herein.
At S701, the second electronic device (200) sends the MT request message and an authentication request message to the first electronic device (100). The authentication request includes the Auth_ID_Method_Type and the Auth_ID_submethods, where the Auth_ID_Method_Type consists of "010" binary value, which signifies the knowledge-based authentication method as described in the Table 1. The Auth_ID_submethods consist of "00101" binary value, which signifies the knowledge-based challenge response as described in the Table 3. At S702, the NMT authenticating engine (140) displays a message relates to requiring the user input to perform the authentication. At S703, the input detector (150) receives the user input and determines whether the user input matches with the stored user input.
At S704 and S705, the NMT authenticating engine (140) updates the authentication status as a successful authentication in response to determining that the user input matches with the stored user input or updates the authentication status as a failure of authentication in response to determining that the user input does not match with the stored user input. At S706, the NMT authenticating engine (140) sends the authentication status (success or fail) to the second electronic device (200), where the authentication status sends in the MT response message of the NMT protocol. At S707, on successful authentication, either the second electronic device (200) or the first electronic device (100) sends the MT transaction request to the payment server (300) to complete the NMT payments.
The embodiments disclosed herein can be implemented using at least one hardware device and performing network management functions to control the elements.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.

Claims (14)

  1. A method for performing an authentication of a user of a first electronic device, comprising:
    receiving, by the first electronic device, a payment request message including at least one enforced authentication parameter from a second electronic device;
    performing, by the first electronic device, the authentication of the user of the first electronic device based on the at least one enforced authentication parameter;
    sending, by the first electronic device, a payment response message including an authentication status to the second electronic device, the authentication status indicating one of an authentication success and an authentication failure; and
    sending, by the first electronic device, a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication status.
  2. The method of claim 1, wherein the at least one enforced authentication parameter including type information of the authentication and sub-authentication information, the type information of the authentication indicating a type of mechanism to be used to identity and authentication the user of the first electronic device, and the sub-authentication information indicating an authentication method to be used for the user of the first electronic device to identity and authentication.
  3. The method of claim 2, wherein the authentication method indicated by the sub-authentication information includes a possession-based authentication method based on at least one of a one time password (OTP), and a card verification value (CVV) associated with the user of the first electronic device.
  4. The method of claim 2, wherein the authentication method indicated by the sub-authentication information includes a knowledge-based authentication method based on at least one of a password, a personal information number (PIN), a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device.
  5. The method of claim 2, wherein the authentication method indicated by the sub-authentication information includes an inherence-based authentication method based on at least one of a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device.
  6. The method of claim 1, wherein performing the authentication of the user of the first electronic devicebased on the at least one enforced authentication parameter comprises:
    detecting, by the first electronic device, at least one user input at the first electronic device;
    determining, by the first electronic device, whether the detected at least one user input matches with stored at least one user input; and
    performing, by the first electronic device, one of:
    updating, by the first electronic device, the authentication status as the authentication success in response to determining that the detected at least one user input matches with the stored at least one user input, and
    updating, by the first electronic device, the authentication status as the authentication failure in response to determining that the detected at least one user input does not match with the stored at least one user input.
  7. The method of claim 6, wherein the detected at least one user input includes a fingerprint, a face detection,a retina scan, a Gait analysis, a voice input, a vein input, a keystroke dynamics, a password, a personal information number (PIN), a knowledge-based challenge, a lock pattern, a one time password (OTP), and a card verification value (CVV) associated with the user of the first electronic device.
  8. A first electronic device, comprising:
    a transceiver: and
    at least one processor is configured to:
    control the transceiver to receive a payment request message including at least one enforced authentication parameter from a second electronic device,
    perform an authentication of a user of the first electronic device based on the at least one enforced authentication parameter,
    control the transceiver to send a payment response message including an authentication status to the second electronic device, the authentication status indicating one of an authentication success and an authentication failure, and
    control the transceiver to send a transaction request message to a money transfer communication with the second electronic device to a server based on the authentication status.
  9. The first electronic device of claim 8, wherein the at least one enforced authentication parameter including type information of the authentication and sub-authentication information, the type information of the authentication indicating a type of mechanism to be used to identity and authentication the user of the first electronic device, and the sub-authentication information indicating an authentication method to be used for the user of the first electronic device to identity and authentication.
  10. The first electronic device of claim 9, wherein the authentication method indicated by the sub-authentication information includes a possession-based authentication method based on at least one of a one time password (OTP), and a card verification value (CVV) associated with the user of the first electronic device.
  11. The first electronic device of claim 9, wherein the authentication method indicated by the sub-authentication information includes a knowledge-based authentication method based on at least one of a password, a personal information number (PIN), a knowledge-based challenge, and a lock pattern associated with the user of the first electronic device.
  12. The first electronic device of claim 9, wherein the authentication method indicated by the sub-authentication information includes an inherence-based authentication method based on at least one of a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, and a keystroke dynamics associated with the user of the first electronic device.
  13. The first electronic of claim 8, wherein the at least one processor is further configured to:
    detect at least one user input at the first electronic device,
    determine whether the detected at least one user input matches with stored at least one user input, and
    perform one of:
    update the authentication status as the authentication success in response to determining that the detected at least one user input matches with the stored at least one user input, and
    update the authentication status as the authentication failure in response to determining that the detected at least one user input does not match with the stored at least one user input.
  14. The first electronic device of claim 13, wherein the detected at least one user input includes a fingerprint, a face detection, a retina scan, a Gait analysis, a voice input, a vein input, a keystroke dynamics, a password, a personal information number (PIN), a knowledge-based challenge, a lock pattern, a one time password (OTP), and a card verification value (CVV) associated with the user of the first electronic device.
PCT/KR2021/013246 2020-09-30 2021-09-28 Method and electronic device for performing authentication of user WO2022071720A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202041043563 2020-09-30
IN202041043563 2021-01-21

Publications (1)

Publication Number Publication Date
WO2022071720A1 true WO2022071720A1 (en) 2022-04-07

Family

ID=80951924

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2021/013246 WO2022071720A1 (en) 2020-09-30 2021-09-28 Method and electronic device for performing authentication of user

Country Status (1)

Country Link
WO (1) WO2022071720A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150137380A (en) * 2014-05-29 2015-12-09 삼성에스디에스 주식회사 Server for payment authentication, system and method for mobile payment of using the same
KR20150142532A (en) * 2014-06-12 2015-12-22 서상욱 Method for Providing A Digital Wallet Service Using User Confirmation
US9589265B2 (en) * 2013-09-11 2017-03-07 Chien-Kang Yang Mobile payment method
KR20190090732A (en) * 2019-05-29 2019-08-02 엘지전자 주식회사 Method for payment based on biometrics, user equipment and system for payment using the same
US10607210B2 (en) * 2015-05-05 2020-03-31 Mastercard International Incorporated Systems, methods, devices, and computer readable media for enabling direct electronic payment transfers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9589265B2 (en) * 2013-09-11 2017-03-07 Chien-Kang Yang Mobile payment method
KR20150137380A (en) * 2014-05-29 2015-12-09 삼성에스디에스 주식회사 Server for payment authentication, system and method for mobile payment of using the same
KR20150142532A (en) * 2014-06-12 2015-12-22 서상욱 Method for Providing A Digital Wallet Service Using User Confirmation
US10607210B2 (en) * 2015-05-05 2020-03-31 Mastercard International Incorporated Systems, methods, devices, and computer readable media for enabling direct electronic payment transfers
KR20190090732A (en) * 2019-05-29 2019-08-02 엘지전자 주식회사 Method for payment based on biometrics, user equipment and system for payment using the same

Similar Documents

Publication Publication Date Title
WO2019177298A1 (en) Method and apparatus for managing user authentication in a blockchain network
WO2011118871A1 (en) Authentication method and system using portable terminal
WO2014051316A1 (en) Credit card payment system and credit card payment method using iris information
US10891599B2 (en) Use of state objects in near field communication (NFC) transactions
US9648013B2 (en) Systems, methods and devices for performing passcode authentication
BRPI0810369B1 (en) METHOD, COMPUTER-READABLE MEANS, DIRECTORY SERVER, AND, PHONE
WO2017043717A1 (en) Biometric user authentication method
US11070549B2 (en) Electronic mechanism to self-authenticate and automate actions
WO2014111888A1 (en) Mobile payment system
WO2018128237A1 (en) Identity authentication system and user equipment utilizing user usage pattern analysis
US20150006887A1 (en) System and method for authenticating public keys
WO2015064799A1 (en) Payment system using near field communication and payment method using same
WO2017052277A1 (en) Method and system for authenticating identity using variable keypad
WO2024090845A1 (en) Method for authenticating ownership of blockchain wallet without signature function, and system using same
WO2022071720A1 (en) Method and electronic device for performing authentication of user
WO2017111506A1 (en) Subject face-to-face confirmation verification system device
WO2017188747A1 (en) Pre-approval financial transaction providing system and method therefor
US20150382191A1 (en) Identification of call participants
CN101006461A (en) Electronic money system, information storage medium, and mobile terminal device
WO2022114413A1 (en) Virtual currency withdrawal-processing method and exchange system
WO2018074701A1 (en) Smart electronic health insurance card management system
JP7461241B2 (en) Customer information management server and customer information management method
WO2011034311A2 (en) Method for providing a security-enhanced card payment service
US20170286959A1 (en) Systems and methods for verifying an identity record
CN106657158B (en) A kind of system and method in equipment room progress data security transmission

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21875995

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21875995

Country of ref document: EP

Kind code of ref document: A1