WO2022172068A1 - System and method for user access control for accessing an authenticated entity - Google Patents

System and method for user access control for accessing an authenticated entity Download PDF

Info

Publication number
WO2022172068A1
WO2022172068A1 PCT/IB2021/052517 IB2021052517W WO2022172068A1 WO 2022172068 A1 WO2022172068 A1 WO 2022172068A1 IB 2021052517 W IB2021052517 W IB 2021052517W WO 2022172068 A1 WO2022172068 A1 WO 2022172068A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
control
user
password
accessing
Prior art date
Application number
PCT/IB2021/052517
Other languages
French (fr)
Inventor
Polu Vishwanath Reddy
Original Assignee
Polu Vishwanath Reddy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Polu Vishwanath Reddy filed Critical Polu Vishwanath Reddy
Publication of WO2022172068A1 publication Critical patent/WO2022172068A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • Embodiments of a present disclosure relate to accessing an authenticated entity, and more particularly to a system and method for user access control for accessing the authenticated entity.
  • User access control is a process of authenticating and/or authorizing a user against credentials stored locally on the device or a server.
  • a password, a pin, a pattern, a biometric, and the like are used as the user access control for accessing the device or implementing a process by unlocking the device via the access-control interface of the device.
  • the system includes scrambling the one or more keys displayed on the access-control interface of the device.
  • the system includes scrambling the one or more keys displayed on the access-control interface of the device.
  • a system for user access control for accessing an authenticated entity includes one or more processors.
  • the system also includes an access-control password creation module operable by the one or more processors.
  • the access-control password creation module is configured to receive one or more preferences related to a creation of an access- control password from a user via a password creation interface of a device upon registering the user on a centralized platform.
  • the access-control password creation module is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user.
  • the access-control password creation module is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user.
  • the system also includes an access-control interface controlling module operable by the one or more processors.
  • the access-control interface controlling module is configured to dynamically assign one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access- control password creation module.
  • the system also includes a verification module operable by the one or more processors.
  • the verification module is configured to receive one or more entries related to the access-control password created via the access-control password creation module, via the access -control interface from the user while accessing the authenticated entity.
  • the verification module is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access -control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity.
  • a method for user access control for accessing an authenticated entity includes receiving one or more preferences related to a creation of an access-control password from a user via a password creation interface of the device upon registering the user on a centralized platform.
  • the method also includes receiving one or more inputs from the user corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user.
  • the method also includes creating the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user.
  • the method also includes dynamically assigning one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access-control password creation module. Furthermore, the method also includes receiving one or more entries related to the access-control password created via the access-control password creation module, via the access-control interface from the user while accessing the authenticated entity. Furthermore, the method includes comparing each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created for generating a comparison result for verifying the one or more entries received for the user access control for accessing the authenticated entity.
  • FIG. 1 is a block diagram representation of a system for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure
  • FIG. 2 is a block diagram representation of an exemplary embodiment of the system for the user access control for accessing the authenticated entity of FIG. 1 in accordance with an embodiment of the present disclosure
  • FIG. 3 is a block diagram of an access-control computer or an access-control server in accordance with an embodiment of the present disclosure.
  • FIG. 4 is a flow chart representing steps involved in a method for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure.
  • elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale.
  • one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
  • Embodiments of the present disclosure relate to a system for user access control for accessing an authenticated entity.
  • the term “user access control” is defined as a process of authenticating and/or authorizing a user against credentials stored locally on the device or a server.
  • Authenticating a user may be defined as confirming an identity of the user while performing an operation or a process.
  • authorizing a user may be defined as providing the user permission to perform an operation upon authorization of the user.
  • a device may be locked by a user using an access-control password to prevent un-authenticated and un-authorized access to the content and functions of the device. In order to access the device, the user may have to be authenticated and authorized.
  • the user may have to be authenticated and authorized before performing the corresponding confidential operation.
  • the user may use the access-control password for security purpose.
  • the system described hereafter in FIG. 1 is the system for the user access control for accessing the device.
  • FIG. 1 is a block diagram representation of a system (10) for user access control for accessing an authenticated entity (20) in accordance with an embodiment of the present disclosure.
  • the system (10) includes one or more processors (30).
  • the system (10) herein represents a centralized platform.
  • the system (10) may be stored in a server.
  • the server may include one of a local server and a cloud server. Basically, for the user to be able to use the system (10) for the user access control for accessing the authenticated entity (20), the user may have to register on the centralized platform.
  • the system (10) may also include a registration module (as shown in FIG. 2) operable by the one or more processors (30).
  • the registration module may be configured to register the user on the centralized platform upon receiving a plurality of user details via a device (35).
  • the plurality of user details may include a username, a contact number, an E-mail Identifier (ID), and the like.
  • the plurality of user details may be stored in a database (as shown in FIG. 2).
  • the database may include one of a local database and a cloud database.
  • the device (35) may include a mobile phone, a tablet, a laptop, an automated teller machine (ATM), or the like.
  • a visual display linked to the device (35) may have to be touch- enabled.
  • the authenticated entity (20) may refer to the device (35) which belongs to the user.
  • accessing the authenticated entity (20) may refer to an unlocking of the device (35) using the access-control password.
  • the authenticated entity (20) may refer to an operation which requires the authentication and the authorization of the user before permitting the user to proceed with the performing of the corresponding operation.
  • accessing the authenticated entity (20) may refer to verifying the access-control password in order to perform the corresponding operation.
  • the operation may be performed on the device (35).
  • the operation may include performing a monetary transaction, withdrawing money from the ATM, accessing a digital wallet, or the like.
  • the system (10) also includes an access- control password creation module (40) operable by the one or more processors (30).
  • the access-control password creation module (40) may be operatively coupled to the registration module.
  • the access-control password creation module (40) is configured to receive one or more preferences related to the creation of the access-control password from the user via a password creation interface of the device (35) upon registering the user on the centralized platform. The user may have to provide the one or more preferences before creating the access-control password.
  • the access-control password creation module (40) is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user.
  • the one or more keys are displayed on the password creation interface based on the one or more preferences of the user.
  • the one or more inputs may include one of one or more alphanumeric characters, one or more colors, one or more patterns, one or more symbols, one or more animated pictures, one or more blank spaces, pressing of one or more hard-keys, and the like, or a combination thereof.
  • the one or more hard-keys may include a power key, a volume up key, a volume down key, or the like.
  • the access-control password creation module (40) is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity (20) upon receiving the one or more inputs from the user.
  • the term “access-control password” is defined as one of a password, a pin, a pattern, a color, or a combination thereof which is unique and personalized to a user who is using it to access an authenticated entity.
  • a count of one or more positions in the access-control password may be a predefined value that may be fixed by the user.
  • the access- control password may be case-sensitive.
  • the system (10) also includes an access-control interface controlling module (50) operable by the one or more processors (30).
  • the access-control interface controlling module (50) is operatively coupled to the access-control password creation module (40).
  • the access-control interface controlling module (50) is configured to dynamically assign the one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity (20) based on the one or more preferences received by the access-control password creation module (40). Basically, whenever the user tries to access the authenticated entity (20), a way in which the one or more keys may be displayed on the access-control interface may be based on the one or more preferences.
  • the one or more preferences may include a selection of at least one of one or more access-control modes, one or more access-control password types, an alternative access-control means setup, and the like, or a combination thereof.
  • the one or more access-control modes may include one of an option to enable the user to select from one of a safe mode and an unsafe mode via the access-control interface while accessing the authenticated entity (20), an option to enable the system (10) to select from one of the safe mode and the unsafe mode while accessing the authenticated entity (20) based on one or more parameters, an option to fix to the safe mode, an option to fix to the unsafe mode, and the like, or a combination thereof.
  • the user may have to select at least one of the one or more access -control modes via the password creation interface so that the corresponding access-control mode may be activated on the device (35) while accessing the authenticated entity (20) by the user.
  • safety mode is defined as an access-control mode which if activated, an order of an arrangement of the one or more keys displayed on the access- control interface may remain conventional and a color allocated to each of the one or more keys remains the same every time the user tries to access the authenticated entity (20).
  • unsafe mode is defined as an access- control mode which if activated, the one or more keys displayed on the access -control interface may be scrambled, and a color allocated to each of the one or more keys vary every time the user tries to access the authenticated entity (20).
  • the unsafe mode may also be termed as a stealth mode as the unsafe mode is attempting to mislead the public about the access-control password used by the user to access the authenticated entity (20).
  • the option to enable the user to select from one of the safe mode and the unsafe mode via the access-control interface while accessing the authenticated entity (20) may be selected by the user while creating the access- control password via the password creation interface, an additional key may be displayed on the access-control interface.
  • either the safe mode or the unsafe mode may be activated upon pressing of the corresponding additional key by the user based on surrounding conditions of the user.
  • the surrounding conditions of the user may correspond to the user being at home, at an office, or at a place where it is safe for the user to enter the access- control password.
  • the safe mode may have to be activated by the user.
  • the surrounding conditions of the user may correspond to the user being surrounded by a crowd of people, the user is traveling, or at a place where it is unsafe for the user to enter the access-control password.
  • the unsafe mode may have to be activated by the user.
  • the system (10) may switch between the safe mode and the unsafe mode based in the one or more parameters.
  • the one or more parameters may include one of a geo-location of the user, a crowd detection around the user based on sound captured by the device (35), the one or more preferences of the user, and the like, or a combination thereof.
  • the safe mode when the option to fix to the safe mode may be selected by the user while creating the access-control password via the password creation interface, the safe mode may remain activated on the access-control interface, all the time the user may be trying to access the authenticated entity (20) via the access- control interface. Furthermore, in yet another exemplary embodiment, when the option to fix to the unsafe mode may be selected by the user while creating the access-control password via the password creation interface, the unsafe mode may remain activated on the access-control interface, all the time the user may be trying to access the authenticated entity (20) via the access-control interface.
  • the one or more access-control password types may include one of an alphanumeric type, a color type, a pattern type, a symbol type, an animated picture type, a user-defined type, or a combination thereof.
  • the user may have to select at least one of the one or more access-control password types via the password creation interface so that the corresponding one or more access-control password types may remain enabled on the device (35) while accessing the authenticated entity (20) by the user.
  • the user-defined type may be selected by the user
  • the one or more blank spaces, the pressing of the one or more hard-keys, and the like may be accepted by the one or more positions in the access-control password.
  • the alternative access-control means setup may include one of entering an answer for one or more system-generated questions, setting up an image- based second level access control, generating a one-time password, and the like, or a combination thereof.
  • the user may have to configure the alternative access-control means setup while creating the access-control password via the password creation interface to provide an alternative access control means for the user for accessing the authenticated entity (20) when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
  • the alternative access-control means setup may include the entering of the answer for the one or more system-generated questions
  • the answer entered by the user via the password creation interface for each of the one or more system-generated questions may be stored in the database of the system (10).
  • the answer stored in the database may be referred, when the user may fail to access the authenticated entity (20) using the access -control password via the access- control interface.
  • the one or more system-generated questions may include one of ‘what is your date-of-birth?’, ‘what is your birthplace?’, ‘what is your nickname?’, ‘what is your favorite color?’, and the like, or a combination thereof.
  • the alternative access-control means setup may include the setting up the image-based second level access control
  • at least one of one or more images displayed on the password creation interface may be selected by the user and stored in the database to be referred as the alternative access- control means when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
  • alternative access-control means setup may include the generating of the one-time password
  • the one-time password may be generated when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
  • the system (10) also includes a verification module (60) operable by the one or more processors (30).
  • the verification module (60) is operatively coupled to the access-control interface controlling module (50).
  • the verification module (60) is configured to receive one or more entries related to the access-control password created via the access-control password creation module (40), via the access-control interface from the user while accessing the authenticated entity (20).
  • the verification module (60) is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access- control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity (20).
  • the comparison result may include one of a positive comparison result and a negative comparison result.
  • the comparison result may include the positive comparison result, when the one or more entries matches with the one or more inputs in the respective position in the access-control password created by the user.
  • the comparison result may include the positive comparison result, the one or more entries received may get verified for the user access control, thereby enabling the user to access the authenticated entity (20).
  • the comparison result may include the negative comparison result, when the one or more entries mismatches with the one or more inputs in the respective position in the access-control password created by the user.
  • the comparison result may include the negative comparison result
  • the one or more entries received may fail to get verified for the user access control, thereby preventing the accessing of the authenticated entity (20).
  • the user may be provided with a threshold count of chances to re-enter the access-control password when the comparison result may include the negative comparison result.
  • the comparison result may include the negative comparison result and the count of the chances of re-entering the access -control password may be greater than the threshold count, then the alternative access -control means setup may get activated, thereby providing the user an alternative access control means for accessing the authenticated entity (20).
  • the system (10) may also include an alternative access-control module (as shown in FIG. 2) operable by the one or more processors (30).
  • the alternative access-control module may be operatively coupled to the verification module (60).
  • the alternative access-control module may be configured to initiate a randomized multi-stage access control process as the alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result including the negative comparison result is greater than the threshold count.
  • the alternative access-control means setup configured while creating the access-control password may include entering the answer for the one or more system-generated questions, then the randomized multi stage access control process initiated may display at least one of the corresponding one or more system-generated questions on the access-control interface. In such embodiment, the user may have to enter the answer for the corresponding one or more system-generated questions displayed on the access-control interface.
  • the alternative access-control module may receive the answer entered and compare the answer received with the answer pre-stored in the database. In such embodiment, when the answer entered is correct, then the user may be able to access the authenticated entity (20). In such another embodiment, when the answer entered is incorrect, then the user may not be able to access the authenticated entity (20).
  • the alternative access-control means setup configured while creating the access-control password may include setting up the image-based second level access control
  • the randomized multi-stage access control process initiated may display the one or more images on the access-control interface.
  • the user may have to select at least one of the one or more images displayed. Later, the corresponding at least one of the one or more images displayed selected by the user may be compared with the image pre-stored in the database. In such embodiment, when the image selected matches with the image pre stored, then the user may be able to access the authenticated entity (20). In such another embodiment, when the image selected mismatches with the image pre- stored, then the user may not be able to access the authenticated entity (20).
  • the alternative access-control means setup configured while creating the access-control password may include the generating of the one-time password
  • the randomized multi-stage access control process initiated may generate the one-time password and sent to the user via at least one communication means.
  • the at least one communication means may include a text message, a voice message, an E-mail, or the like.
  • the user may check for the one-time password via another device and then enter the one-time password via the access-control interface in the device (35), when the randomized multi-stage access control process is initiated on the device (35).
  • the one-time password entered matches with the one-time password generated, then the user may be able to access the authenticated entity (20).
  • the one-time password entered mismatches with the one-time password generated, then the user may not be able to access the authenticated entity (20).
  • the verification module (60) may include a fingerprint verification submodule (as shown in FIG. 2).
  • the fingerprint verification submodule may be configured to verify a fingerprint of the user received simultaneously while authenticating the one or more entries received via the access-control interface upon comparing the fingerprint received with a pre- stored fingerprint.
  • At least one fingerprint sensor (70) is operatively coupled to the one or more keys displayed on the device (35).
  • the access- control password creation module (40) may also receive the fingerprint of the user via the password creation interface as at least one fingerprint sensor (70) is operatively coupled to the one or more keys displayed on the password creation interface of the device (35).
  • the fingerprint captured by the at least one fingerprint sensor (70) may be stored in the database of the system (10) as the pre-stored fingerprint of the user.
  • the fingerprint of the user may also be received while accessing the authenticated entity (20) via the access-control interface. Further, the fingerprint received may be compared with the pre-stored fingerprint to verify the fingerprint received via the access-control interface by the fingerprint verification submodule simultaneously, while verifying the one or more entries received via the access-control interface.
  • FIG. 2 is a block diagram representation of an exemplary embodiment of the system (10) for the user access control for accessing the authenticated entity (20) of FIG. 1 in accordance with an embodiment of the present disclosure.
  • the system (10) includes the one or more processors (30).
  • a user ‘A’ (90) is willing to use the system (10) in a user’s mobile phone (100) for the user access control via the access-control interface (80) to unlock the user’s mobile phone (100).
  • the user ‘A’ (90) registers on the centralized platform via the registration module (110) upon providing the plurality of user details.
  • the plurality of user details is stored in the database (120) of the system (10).
  • the accessing of the authenticated entity (20) may refer to the unlocking of the user’s mobile phone (100). Later, upon registration, the user ‘A’ (90) is able to use the system (10). As used herein, the user’s mobile phone (100) is substantially similar to the device (35) of FIG. 1.
  • the user ‘A’ (90) has to create the access-control password, so that next time when the user ‘A’ (90) tries to access the user’s mobile phone (100), uses the access- control password as the user access control via the access-control interface (80) to unlock the user’s mobile phone (100).
  • the user ‘A’ (90) provides the one or more preferences related to the creation of the access-control password by the access-control password creation module (40) of the system (10) via the password creation interface (130).
  • the one or more preferences provided by the user ‘A’ (90) includes selecting the option to enable the system (10) to select from one of the safe mode and the unsafe mode while accessing the user’s mobile phone (100) based on the one or more parameters, selecting the one or more access-control password types to be a combination of the alphanumeric type and the color type, and selecting the alternative access-control means setup to be entering the answer for the one or more system-generated questions such as one of ‘what is your date-of-birth?’, ‘what is your birthplace?’, or a combination thereof.
  • the count of the one or more positions in the access-control password be four such that the first two positions are of the alphanumeric type and the last two positions are of the color type.
  • the access-control password is created by the user ‘A’ (90) using the access-control password creation module (40) via the password creation interface (130).
  • the access-control password created includes ‘5’, ‘6’, ‘red color’, and ‘blue color’.
  • the one or more keys displayed on the access-control interface (80) of the user’s mobile phone (100) are dynamically assigned with the one or more colors as the background while unlocking the user’s mobile phone (100) by the access-control interface controlling module (50) of the system (10) based on the one or more preferences set.
  • the system (10) based on the geo-location of the user ‘A’ (90) and the crowd detected around the user ‘A’ (90), the unsafe mode gets activated.
  • the one or more keys displayed on the access-control interface (80) of the user’s mobile phone (100) appears scrambled, and suppose the color allocated to ‘5’ includes black and the color allocated to ‘6’ includes pink. Further, suppose the ‘red color’ is allocated to ‘G and the ‘blue color’ is allocated to ‘2’.
  • the access-control password entered is authenticated by the verification module (60) of the system (10) by generating the comparison result to unlock the user’s mobile phone (100).
  • the access-control password entered by the user ‘A’ (90) via the access-control interface (80) is wrong and it happens three times which is the threshold count of the maximum allowed chances of re-entering the access-control password.
  • the randomized multi-stage access control process as the alternative access control means is initiated by the alternative access-control module (140) of the system (10), and hence the one or more system-generated questions are displayed on the access-control interface (80). Upon providing the answer to the one or more system-generated questions which is correct, the user ‘A’ (90) will be able to unlock the user’s mobile phone (100).
  • the at least one fingerprint sensor (70) which is operatively coupled to the one or more keys displayed on the user’s mobile phone (100) is activated by the user ‘A’ (90) and the fingerprint of the user ‘A’ (90) is pre-stored by the user in the database (120).
  • the fingerprint of the user ‘A’ (90) is also captured by the fingerprint verification submodule (150) of the verification module (60) of the system (10) via the corresponding at least one fingerprint sensor (70) operatively coupled to the one or more keys displayed on the user’s mobile phone (100).
  • the fingerprint captured is also authenticated by the fingerprint verification submodule (150) simultaneously, while authenticating the access-control password entered by the user ‘A’ (90). Further, along with the access-control password being correct and the fingerprint captured also matching with the pre-stored fingerprint of the user ‘A’ (90), the user’s mobile phone (100) gets unlocked.
  • FIG. 3 is a block diagram of an access-control computer or an access-control server (160) in accordance with an embodiment of the present disclosure.
  • the access -control server (160) includes processor(s) (170), and memory (180) coupled to the bus (190).
  • the processor and memory are substantially similar to assurance computer device of FIG. 1.
  • the memory ( 180) is located in a local storage device.
  • the processor(s) (170), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
  • Computer memory elements may include any suitable memory device(s) for storing data and executable program, such as read only memory, random access memory, erasable programmable read only memory, electrically erasable programmable read only memory, hard drive, removable media drive for handling memory cards and the like.
  • Embodiments of the present subject matter may be implemented in conjunction with program modules, including functions, procedures, data structures, and application programs, for performing tasks, or defining abstract data types or low-level hardware contexts.
  • Executable program stored on any of the above-mentioned storage media may be executable by the processor(s) (170).
  • the memory (180) includes a plurality of modules stored in the form of executable program which instructs the processor (170) to perform method steps illustrated in FIG. 3.
  • the memory (180) has following modules: an access-control password creation module (40), an access-control interface controlling module (50), and a verification module (60).
  • the access-control password creation module (40) is configured to receive one or more preferences related to a creation of an access-control password from a user via a password creation interface (130) of the device (35) upon registering the user on a centralized platform.
  • the access-control password creation module (40) is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface (130) by the user, wherein the one or more keys are displayed on the password creation interface (130) based on the one or more preferences of the user.
  • the access-control password creation module (40) is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity (20) upon receiving the one or more inputs from the user.
  • the access-control interface controlling module (50) is configured to dynamically assign one or more colors as a background to the one or more keys displayed on the access-control interface (80) while accessing the authenticated entity (20) based on the one or more preferences received by the access-control password creation module (40).
  • the verification module (60) is configured to receive one or more entries related to the access-control password created via the access-control password creation module (40), via the access-control interface (80) from the user while accessing the authenticated entity (20).
  • the verification module (60) is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity (20).
  • FIG. 4 is a flow chart representing steps involved in a method (200) for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure.
  • the method (200) includes receiving one or more preferences related to a creation of an access-control password from a user via a password creation interface of the device upon registering the user on a centralized platform in step 210.
  • receiving the one or more preferences includes receiving the one or more preferences by an access-control password creation module (40).
  • the method (200) also includes receiving one or more inputs from the user corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user in step 220.
  • receiving the one or more inputs includes receiving the one or more inputs by the access-control password creation module (40).
  • the method (200) includes creating the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user in step 230.
  • creating the access-control password includes creating the access-control password by the access-control password creation module (40).
  • the method (200) also includes dynamically assigning one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access-control password creation module in step 240.
  • dynamically assigning the one or more colors as the background includes dynamically assigning the one or more colors as the background by an access-control interface controlling module (50).
  • the method (200) also includes receiving one or more entries related to the access-control password created via the access-control password creation module, via the access-control interface from the user while accessing the authenticated entity in step 250.
  • receiving the one or more entries includes receiving the one or more entries by a verification module (60).
  • the method (200) also includes comparing each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created for generating a comparison result for verifying the one or more entries received for the user access control for accessing the authenticated entity in step 260.
  • comparing each of the one or more entries with the corresponding one or more inputs includes comparing each of the one or more entries with the corresponding one or more inputs by the verification module (60).
  • the method (200) may further include initiating a randomized multi-stage access control process as an alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result including a negative comparison result is greater than a threshold count.
  • initiating the randomized multi-stage access control process includes initiating the randomized multi-stage access control process by an alternative access-control module (140).
  • the implementation time required to perform the method steps included in the present disclosure by the one or more processors of the system is very minimal, thereby the system maintains very effective operational speed.
  • Various embodiments of the present disclosure enable the user to access the authenticated entity with the access-control password which is unpredictable even when an unauthorized person has observed the access-control password being entered by the user while accessing the authenticated entity.
  • the one or more colors are dynamically assigned to the background to the one or more keys displayed on the device, it becomes difficult for the unauthorized person to predict the access-control password. Because the unauthorized person may not be aware of the fact that the color is also a part of the access-control password along with the values on the one or more keys displayed on the access-control interface of the device.
  • the system also provides a provision of displaying the one or more keys like the one or more animated pictures, the one or more blank spaces, pressing of the one or more hard-keys, and the like, or a combination thereof, in addition to conventional keys, thereby making the system more versatile, more flexible and more efficient in terms of creating the access-control password.
  • a provision of the randomized multi-stage access control process in the system as the alternative access control means for the user for accessing the authenticated entity acts as an added advantage in comparison to conventional systems, thereby making the system more secure and more reliable.
  • a provision of verifying the fingerprint of the user simultaneously via the one or more keys, while verifying the access-control password of the system makes the system more secure, because even when the access-control password is known to the unauthorized person, the authenticated entity cannot be accessed because of mismatch of the fingerprint.

Abstract

A system for user access control for accessing an authenticated entity is provided. The system includes an access-control password creation module (40) which receives preference(s) related to a creation of an access-control password, receives input(s) corresponding to at least one position in the access-control password, and creates the access-control password. The system also includes an access-control interface controlling module (50) which dynamically assigns color(s) as a background to the key(s) displayed on an access-control interface while accessing the authenticated entity. The system also includes a verification module (60) which receives entries related to the access-control password via the access-control interface while accessing the authenticated entity and compares each of the entries with the corresponding input(s) in the respective position in the access-control password to generate a comparison result to verify the entries received for the user access control for accessing the authenticated entity.

Description

SYSTEM AND METHOD FOR USER ACCESS CONTROL FOR ACCESSING AN AUTHENTICATED ENTITY
This Application claims priority from a patent application filed in India having Patent Application No. 202141005724, filed on February 10, 2021, and titled “SYSTEM AND METHOD FOR USER ACCESS CONTROL FOR ACCESSING AN AUTHENTICATED ENTITY”.
FIELD OF INVENTION
Embodiments of a present disclosure relate to accessing an authenticated entity, and more particularly to a system and method for user access control for accessing the authenticated entity.
BACKGROUND
As the technology is growing, there is an increasing demand for different types of user access control for accessing a device or implementing a process by unlocking the device via an access-control interface. User access control is a process of authenticating and/or authorizing a user against credentials stored locally on the device or a server. In conventional approaches, a password, a pin, a pattern, a biometric, and the like are used as the user access control for accessing the device or implementing a process by unlocking the device via the access-control interface of the device. In such approaches, when the password is used as the user access control, then there is a possibility of leakage or compromise of the password when seen by a third person standing next to the authorized user who is trying to access the device or implement a process, as the position of the keys displayed on the access-control interface is constant and predictable. The same problem may occur in case when the pattern is used as the user access control, as the pattern is also easily predictable when observed by a third person with or without the knowledge of the authorized user who is trying to access the device or implement the process.
Further, in one approach, the system includes scrambling the one or more keys displayed on the access-control interface of the device. However, in such an approach, even if once, accidentally, a third person observes the password being entered by an authorized user to access the device, then the password gets leaked, thereby making the approach less efficient, less reliable, and less secure.
Hence, there is a need for an improved system and method for user access control for accessing an authenticated entity which addresses the aforementioned issues.
BRIEF DESCRIPTION
In accordance with one embodiment of the disclosure, a system for user access control for accessing an authenticated entity is provided. The system includes one or more processors. The system also includes an access-control password creation module operable by the one or more processors. The access-control password creation module is configured to receive one or more preferences related to a creation of an access- control password from a user via a password creation interface of a device upon registering the user on a centralized platform. The access-control password creation module is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user. Further, the access-control password creation module is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user. Further, the system also includes an access-control interface controlling module operable by the one or more processors. The access-control interface controlling module is configured to dynamically assign one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access- control password creation module. Furthermore, the system also includes a verification module operable by the one or more processors. The verification module is configured to receive one or more entries related to the access-control password created via the access-control password creation module, via the access -control interface from the user while accessing the authenticated entity. The verification module is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access -control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity.
In accordance with another embodiment, a method for user access control for accessing an authenticated entity is provided. The method includes receiving one or more preferences related to a creation of an access-control password from a user via a password creation interface of the device upon registering the user on a centralized platform. The method also includes receiving one or more inputs from the user corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user. Further, the method also includes creating the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user. Furthermore, the method also includes dynamically assigning one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access-control password creation module. Furthermore, the method also includes receiving one or more entries related to the access-control password created via the access-control password creation module, via the access-control interface from the user while accessing the authenticated entity. Furthermore, the method includes comparing each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created for generating a comparison result for verifying the one or more entries received for the user access control for accessing the authenticated entity.
To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures. BRIEF DESCRIPTION OF THE DRAWINGS
The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
FIG. 1 is a block diagram representation of a system for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure;
FIG. 2 is a block diagram representation of an exemplary embodiment of the system for the user access control for accessing the authenticated entity of FIG. 1 in accordance with an embodiment of the present disclosure; FIG. 3 is a block diagram of an access-control computer or an access-control server in accordance with an embodiment of the present disclosure; and
FIG. 4 is a flow chart representing steps involved in a method for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure. Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAIFED DESCRIPTION
For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or sub-systems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
Embodiments of the present disclosure relate to a system for user access control for accessing an authenticated entity. As used herein, the term “user access control” is defined as a process of authenticating and/or authorizing a user against credentials stored locally on the device or a server. Authenticating a user may be defined as confirming an identity of the user while performing an operation or a process. Further, authorizing a user may be defined as providing the user permission to perform an operation upon authorization of the user. Basically, a device may be locked by a user using an access-control password to prevent un-authenticated and un-authorized access to the content and functions of the device. In order to access the device, the user may have to be authenticated and authorized. Also, while performing a confidential operation on the device, again the user may have to be authenticated and authorized before performing the corresponding confidential operation. Thus, in such scenario also, the user may use the access-control password for security purpose. Further, the system described hereafter in FIG. 1 is the system for the user access control for accessing the device.
FIG. 1 is a block diagram representation of a system (10) for user access control for accessing an authenticated entity (20) in accordance with an embodiment of the present disclosure. The system (10) includes one or more processors (30). The system (10) herein represents a centralized platform. In an embodiment, the system (10) may be stored in a server. In one exemplary embodiment, the server may include one of a local server and a cloud server. Basically, for the user to be able to use the system (10) for the user access control for accessing the authenticated entity (20), the user may have to register on the centralized platform. Thus, in one embodiment, the system (10) may also include a registration module (as shown in FIG. 2) operable by the one or more processors (30). The registration module may be configured to register the user on the centralized platform upon receiving a plurality of user details via a device (35). In one embodiment, the plurality of user details may include a username, a contact number, an E-mail Identifier (ID), and the like. In one embodiment, the plurality of user details may be stored in a database (as shown in FIG. 2). The database may include one of a local database and a cloud database. In one embodiment, the device (35) may include a mobile phone, a tablet, a laptop, an automated teller machine (ATM), or the like. A visual display linked to the device (35) may have to be touch- enabled. In one embodiment, the authenticated entity (20) may refer to the device (35) which belongs to the user. In such embodiment, accessing the authenticated entity (20) may refer to an unlocking of the device (35) using the access-control password. In another embodiment, the authenticated entity (20) may refer to an operation which requires the authentication and the authorization of the user before permitting the user to proceed with the performing of the corresponding operation. In such embodiment, accessing the authenticated entity (20) may refer to verifying the access-control password in order to perform the corresponding operation. The operation may be performed on the device (35). In one exemplary embodiment, the operation may include performing a monetary transaction, withdrawing money from the ATM, accessing a digital wallet, or the like. Further, upon the registration, the user may have to create an access-control password, so that next time when the user tries to access the authenticated entity (20), uses the access-control password as the user access control via an access-control interface to access the authenticated entity (20). Thus, the system (10) also includes an access- control password creation module (40) operable by the one or more processors (30). The access-control password creation module (40) may be operatively coupled to the registration module. The access-control password creation module (40) is configured to receive one or more preferences related to the creation of the access-control password from the user via a password creation interface of the device (35) upon registering the user on the centralized platform. The user may have to provide the one or more preferences before creating the access-control password.
Furthermore, the access-control password creation module (40) is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user. The one or more keys are displayed on the password creation interface based on the one or more preferences of the user. In one embodiment, the one or more inputs may include one of one or more alphanumeric characters, one or more colors, one or more patterns, one or more symbols, one or more animated pictures, one or more blank spaces, pressing of one or more hard-keys, and the like, or a combination thereof. In one exemplary embodiment, the one or more hard-keys may include a power key, a volume up key, a volume down key, or the like.
Moreover, the access-control password creation module (40) is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity (20) upon receiving the one or more inputs from the user. As used herein the term “access-control password” is defined as one of a password, a pin, a pattern, a color, or a combination thereof which is unique and personalized to a user who is using it to access an authenticated entity. In one embodiment, a count of one or more positions in the access-control password may be a predefined value that may be fixed by the user. In one embodiment, the access- control password may be case-sensitive.
Subsequently, the system (10) also includes an access-control interface controlling module (50) operable by the one or more processors (30). The access-control interface controlling module (50) is operatively coupled to the access-control password creation module (40). The access-control interface controlling module (50) is configured to dynamically assign the one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity (20) based on the one or more preferences received by the access-control password creation module (40). Basically, whenever the user tries to access the authenticated entity (20), a way in which the one or more keys may be displayed on the access-control interface may be based on the one or more preferences. In one embodiment, the one or more preferences may include a selection of at least one of one or more access-control modes, one or more access-control password types, an alternative access-control means setup, and the like, or a combination thereof.
In one embodiment, the one or more access-control modes may include one of an option to enable the user to select from one of a safe mode and an unsafe mode via the access-control interface while accessing the authenticated entity (20), an option to enable the system (10) to select from one of the safe mode and the unsafe mode while accessing the authenticated entity (20) based on one or more parameters, an option to fix to the safe mode, an option to fix to the unsafe mode, and the like, or a combination thereof. The user may have to select at least one of the one or more access -control modes via the password creation interface so that the corresponding access-control mode may be activated on the device (35) while accessing the authenticated entity (20) by the user.
As used herein, the term “safe mode” is defined as an access-control mode which if activated, an order of an arrangement of the one or more keys displayed on the access- control interface may remain conventional and a color allocated to each of the one or more keys remains the same every time the user tries to access the authenticated entity (20). Furthermore, as used herein, the term “unsafe mode” is defined as an access- control mode which if activated, the one or more keys displayed on the access -control interface may be scrambled, and a color allocated to each of the one or more keys vary every time the user tries to access the authenticated entity (20). In one embodiment, the unsafe mode may also be termed as a stealth mode as the unsafe mode is attempting to mislead the public about the access-control password used by the user to access the authenticated entity (20). In one exemplary embodiment, when the option to enable the user to select from one of the safe mode and the unsafe mode via the access-control interface while accessing the authenticated entity (20) may be selected by the user while creating the access- control password via the password creation interface, an additional key may be displayed on the access-control interface. In such embodiment, upon pressing of the corresponding additional key by the user based on surrounding conditions of the user, either the safe mode or the unsafe mode may be activated. In one exemplary embodiment, the surrounding conditions of the user may correspond to the user being at home, at an office, or at a place where it is safe for the user to enter the access- control password. In such embodiment, the safe mode may have to be activated by the user. In another exemplary embodiment, the surrounding conditions of the user may correspond to the user being surrounded by a crowd of people, the user is traveling, or at a place where it is unsafe for the user to enter the access-control password. In such embodiment, the unsafe mode may have to be activated by the user.
In another exemplary embodiment, when the option to enable the system (10) to select from one of the safe mode and the unsafe mode while accessing the authenticated entity (20) based on the one or more parameters may be selected by the user while creating the access-control password via the password creation interface, the system (10) may switch between the safe mode and the unsafe mode based in the one or more parameters. In one exemplary embodiment, the one or more parameters may include one of a geo-location of the user, a crowd detection around the user based on sound captured by the device (35), the one or more preferences of the user, and the like, or a combination thereof.
In yet another exemplary embodiment, when the option to fix to the safe mode may be selected by the user while creating the access-control password via the password creation interface, the safe mode may remain activated on the access-control interface, all the time the user may be trying to access the authenticated entity (20) via the access- control interface. Furthermore, in yet another exemplary embodiment, when the option to fix to the unsafe mode may be selected by the user while creating the access-control password via the password creation interface, the unsafe mode may remain activated on the access-control interface, all the time the user may be trying to access the authenticated entity (20) via the access-control interface. In one embodiment, the one or more access-control password types may include one of an alphanumeric type, a color type, a pattern type, a symbol type, an animated picture type, a user-defined type, or a combination thereof. The user may have to select at least one of the one or more access-control password types via the password creation interface so that the corresponding one or more access-control password types may remain enabled on the device (35) while accessing the authenticated entity (20) by the user. In one exemplary embodiment, when the user-defined type may be selected by the user, the one or more blank spaces, the pressing of the one or more hard-keys, and the like may be accepted by the one or more positions in the access-control password.
In one embodiment, the alternative access-control means setup may include one of entering an answer for one or more system-generated questions, setting up an image- based second level access control, generating a one-time password, and the like, or a combination thereof. The user may have to configure the alternative access-control means setup while creating the access-control password via the password creation interface to provide an alternative access control means for the user for accessing the authenticated entity (20) when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
In one exemplary embodiment, when the alternative access-control means setup may include the entering of the answer for the one or more system-generated questions, then the answer entered by the user via the password creation interface for each of the one or more system-generated questions may be stored in the database of the system (10). The answer stored in the database may be referred, when the user may fail to access the authenticated entity (20) using the access -control password via the access- control interface. In one exemplary embodiment, the one or more system-generated questions may include one of ‘what is your date-of-birth?’, ‘what is your birthplace?’, ‘what is your nickname?’, ‘what is your favorite color?’, and the like, or a combination thereof.
In another exemplary embodiment, when the alternative access-control means setup may include the setting up the image-based second level access control, then at least one of one or more images displayed on the password creation interface may be selected by the user and stored in the database to be referred as the alternative access- control means when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
In yet another exemplary embodiment, when alternative access-control means setup may include the generating of the one-time password, then the one-time password may be generated when the user may fail to access the authenticated entity (20) using the access-control password via the access-control interface.
In addition, the system (10) also includes a verification module (60) operable by the one or more processors (30). The verification module (60) is operatively coupled to the access-control interface controlling module (50). The verification module (60) is configured to receive one or more entries related to the access-control password created via the access-control password creation module (40), via the access-control interface from the user while accessing the authenticated entity (20). Further, the verification module (60) is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access- control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity (20). In one embodiment, the comparison result may include one of a positive comparison result and a negative comparison result.
In one exemplary embodiment, the comparison result may include the positive comparison result, when the one or more entries matches with the one or more inputs in the respective position in the access-control password created by the user. In an embodiment, when the comparison result may include the positive comparison result, the one or more entries received may get verified for the user access control, thereby enabling the user to access the authenticated entity (20).
In another exemplary embodiment, the comparison result may include the negative comparison result, when the one or more entries mismatches with the one or more inputs in the respective position in the access-control password created by the user. In an embodiment, when the comparison result may include the negative comparison result, the one or more entries received may fail to get verified for the user access control, thereby preventing the accessing of the authenticated entity (20). Further, the user may be provided with a threshold count of chances to re-enter the access-control password when the comparison result may include the negative comparison result. Later, in one embodiment, when the comparison result may include the negative comparison result and the count of the chances of re-entering the access -control password may be greater than the threshold count, then the alternative access -control means setup may get activated, thereby providing the user an alternative access control means for accessing the authenticated entity (20).
Thus, the system (10) may also include an alternative access-control module (as shown in FIG. 2) operable by the one or more processors (30). The alternative access-control module may be operatively coupled to the verification module (60). The alternative access-control module may be configured to initiate a randomized multi-stage access control process as the alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result including the negative comparison result is greater than the threshold count.
In one exemplary embodiment, when the alternative access-control means setup configured while creating the access-control password, may include entering the answer for the one or more system-generated questions, then the randomized multi stage access control process initiated may display at least one of the corresponding one or more system-generated questions on the access-control interface. In such embodiment, the user may have to enter the answer for the corresponding one or more system-generated questions displayed on the access-control interface. In one embodiment, the alternative access-control module may receive the answer entered and compare the answer received with the answer pre-stored in the database. In such embodiment, when the answer entered is correct, then the user may be able to access the authenticated entity (20). In such another embodiment, when the answer entered is incorrect, then the user may not be able to access the authenticated entity (20).
In another exemplary embodiment, when the alternative access-control means setup configured while creating the access-control password, may include setting up the image-based second level access control, then the randomized multi-stage access control process initiated may display the one or more images on the access-control interface. In such embodiment, the user may have to select at least one of the one or more images displayed. Later, the corresponding at least one of the one or more images displayed selected by the user may be compared with the image pre-stored in the database. In such embodiment, when the image selected matches with the image pre stored, then the user may be able to access the authenticated entity (20). In such another embodiment, when the image selected mismatches with the image pre- stored, then the user may not be able to access the authenticated entity (20).
In yet another exemplary embodiment, when the alternative access-control means setup configured while creating the access-control password, may include the generating of the one-time password, then the randomized multi-stage access control process initiated may generate the one-time password and sent to the user via at least one communication means. In one embodiment, the at least one communication means may include a text message, a voice message, an E-mail, or the like. In such embodiment, the user may check for the one-time password via another device and then enter the one-time password via the access-control interface in the device (35), when the randomized multi-stage access control process is initiated on the device (35). In one embodiment, when the one-time password entered matches with the one-time password generated, then the user may be able to access the authenticated entity (20). In another embodiment, when the one-time password entered mismatches with the one-time password generated, then the user may not be able to access the authenticated entity (20).
Further, in one embodiment, the verification module (60) may include a fingerprint verification submodule (as shown in FIG. 2). The fingerprint verification submodule may be configured to verify a fingerprint of the user received simultaneously while authenticating the one or more entries received via the access-control interface upon comparing the fingerprint received with a pre- stored fingerprint. At least one fingerprint sensor (70) is operatively coupled to the one or more keys displayed on the device (35).
Basically, in an embodiment, while creating the access-control password, the access- control password creation module (40) may also receive the fingerprint of the user via the password creation interface as at least one fingerprint sensor (70) is operatively coupled to the one or more keys displayed on the password creation interface of the device (35). The fingerprint captured by the at least one fingerprint sensor (70) may be stored in the database of the system (10) as the pre-stored fingerprint of the user. Eater, in one embodiment, when the at least one fingerprint sensor (70) may be enabled by the user while creating the access-control password, the fingerprint of the user may also be received while accessing the authenticated entity (20) via the access-control interface. Further, the fingerprint received may be compared with the pre-stored fingerprint to verify the fingerprint received via the access-control interface by the fingerprint verification submodule simultaneously, while verifying the one or more entries received via the access-control interface.
FIG. 2 is a block diagram representation of an exemplary embodiment of the system (10) for the user access control for accessing the authenticated entity (20) of FIG. 1 in accordance with an embodiment of the present disclosure. The system (10) includes the one or more processors (30). Suppose a user ‘A’ (90) is willing to use the system (10) in a user’s mobile phone (100) for the user access control via the access-control interface (80) to unlock the user’s mobile phone (100). Then, the user ‘A’ (90) registers on the centralized platform via the registration module (110) upon providing the plurality of user details. The plurality of user details is stored in the database (120) of the system (10). Thus, the accessing of the authenticated entity (20) may refer to the unlocking of the user’s mobile phone (100). Later, upon registration, the user ‘A’ (90) is able to use the system (10). As used herein, the user’s mobile phone (100) is substantially similar to the device (35) of FIG. 1.
Initially the user ‘A’ (90) has to create the access-control password, so that next time when the user ‘A’ (90) tries to access the user’s mobile phone (100), uses the access- control password as the user access control via the access-control interface (80) to unlock the user’s mobile phone (100). Before that, the user ‘A’ (90) provides the one or more preferences related to the creation of the access-control password by the access-control password creation module (40) of the system (10) via the password creation interface (130). Suppose, the one or more preferences provided by the user ‘A’ (90) includes selecting the option to enable the system (10) to select from one of the safe mode and the unsafe mode while accessing the user’s mobile phone (100) based on the one or more parameters, selecting the one or more access-control password types to be a combination of the alphanumeric type and the color type, and selecting the alternative access-control means setup to be entering the answer for the one or more system-generated questions such as one of ‘what is your date-of-birth?’, ‘what is your birthplace?’, or a combination thereof. Suppose the count of the one or more positions in the access-control password be four such that the first two positions are of the alphanumeric type and the last two positions are of the color type.
Further, upon providing the one or more preferences, the access-control password is created by the user ‘A’ (90) using the access-control password creation module (40) via the password creation interface (130). Suppose the access-control password created includes ‘5’, ‘6’, ‘red color’, and ‘blue color’. Moreover, the one or more keys displayed on the access-control interface (80) of the user’s mobile phone (100) are dynamically assigned with the one or more colors as the background while unlocking the user’s mobile phone (100) by the access-control interface controlling module (50) of the system (10) based on the one or more preferences set.
Suppose the user ‘A’ (90) is traveling in a bus and hence when the user ‘A’ (90) tries to unlock the user’s mobile phone (100), the system (10) based on the geo-location of the user ‘A’ (90) and the crowd detected around the user ‘A’ (90), the unsafe mode gets activated. Thus, the one or more keys displayed on the access-control interface (80) of the user’s mobile phone (100) appears scrambled, and suppose the color allocated to ‘5’ includes black and the color allocated to ‘6’ includes pink. Further, suppose the ‘red color’ is allocated to ‘G and the ‘blue color’ is allocated to ‘2’. Therefore, when the user ‘A’ (90) is entering the access-control password via the access-control interface (80), a third -person watching the user ‘A’ (90) enter the access-control password may think that the access-control password is ‘5612’ but the access-control password actually is ‘5’, ‘6’, ‘red color’ and ‘blue color’.
Suppose the user ‘A’ (90) has entered the access-control password via the access- control interface (80) in the user’s mobile phone (100). Later, the access -control password entered is authenticated by the verification module (60) of the system (10) by generating the comparison result to unlock the user’s mobile phone (100). Suppose the access-control password entered by the user ‘A’ (90) via the access-control interface (80) is wrong and it happens three times which is the threshold count of the maximum allowed chances of re-entering the access-control password. Now, the randomized multi-stage access control process as the alternative access control means is initiated by the alternative access-control module (140) of the system (10), and hence the one or more system-generated questions are displayed on the access-control interface (80). Upon providing the answer to the one or more system-generated questions which is correct, the user ‘A’ (90) will be able to unlock the user’s mobile phone (100).
Suppose later, the at least one fingerprint sensor (70) which is operatively coupled to the one or more keys displayed on the user’s mobile phone (100) is activated by the user ‘A’ (90) and the fingerprint of the user ‘A’ (90) is pre-stored by the user in the database (120). Thus, next time when the user ‘A’ (90) enters the access-control password via the access-control interface (80), the fingerprint of the user ‘A’ (90) is also captured by the fingerprint verification submodule (150) of the verification module (60) of the system (10) via the corresponding at least one fingerprint sensor (70) operatively coupled to the one or more keys displayed on the user’s mobile phone (100). The fingerprint captured is also authenticated by the fingerprint verification submodule (150) simultaneously, while authenticating the access-control password entered by the user ‘A’ (90). Further, along with the access-control password being correct and the fingerprint captured also matching with the pre-stored fingerprint of the user ‘A’ (90), the user’s mobile phone (100) gets unlocked.
FIG. 3 is a block diagram of an access-control computer or an access-control server (160) in accordance with an embodiment of the present disclosure. The access -control server (160) includes processor(s) (170), and memory (180) coupled to the bus (190). As used herein, the processor and memory are substantially similar to assurance computer device of FIG. 1. Here, the memory ( 180) is located in a local storage device.
The processor(s) (170), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
Computer memory elements may include any suitable memory device(s) for storing data and executable program, such as read only memory, random access memory, erasable programmable read only memory, electrically erasable programmable read only memory, hard drive, removable media drive for handling memory cards and the like. Embodiments of the present subject matter may be implemented in conjunction with program modules, including functions, procedures, data structures, and application programs, for performing tasks, or defining abstract data types or low-level hardware contexts. Executable program stored on any of the above-mentioned storage media may be executable by the processor(s) (170).
The memory (180) includes a plurality of modules stored in the form of executable program which instructs the processor (170) to perform method steps illustrated in FIG. 3. The memory (180) has following modules: an access-control password creation module (40), an access-control interface controlling module (50), and a verification module (60).
The access-control password creation module (40) is configured to receive one or more preferences related to a creation of an access-control password from a user via a password creation interface (130) of the device (35) upon registering the user on a centralized platform. The access-control password creation module (40) is also configured to receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface (130) by the user, wherein the one or more keys are displayed on the password creation interface (130) based on the one or more preferences of the user.
The access-control password creation module (40) is also configured to create the access-control password to be used by the user as the user access control while accessing the authenticated entity (20) upon receiving the one or more inputs from the user. The access-control interface controlling module (50) is configured to dynamically assign one or more colors as a background to the one or more keys displayed on the access-control interface (80) while accessing the authenticated entity (20) based on the one or more preferences received by the access-control password creation module (40).
The verification module (60) is configured to receive one or more entries related to the access-control password created via the access-control password creation module (40), via the access-control interface (80) from the user while accessing the authenticated entity (20). The verification module (60) is also configured to compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity (20).
FIG. 4 is a flow chart representing steps involved in a method (200) for user access control for accessing an authenticated entity in accordance with an embodiment of the present disclosure. The method (200) includes receiving one or more preferences related to a creation of an access-control password from a user via a password creation interface of the device upon registering the user on a centralized platform in step 210. In one embodiment, receiving the one or more preferences includes receiving the one or more preferences by an access-control password creation module (40).
The method (200) also includes receiving one or more inputs from the user corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user in step 220. In one embodiment, receiving the one or more inputs includes receiving the one or more inputs by the access-control password creation module (40).
Furthermore, the method (200) includes creating the access-control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user in step 230. In one embodiment, creating the access-control password includes creating the access-control password by the access-control password creation module (40).
Furthermore, the method (200) also includes dynamically assigning one or more colors as a background to the one or more keys displayed on an access-control interface while accessing the authenticated entity based on the one or more preferences received by the access-control password creation module in step 240. In one embodiment, dynamically assigning the one or more colors as the background includes dynamically assigning the one or more colors as the background by an access-control interface controlling module (50).
Furthermore, the method (200) also includes receiving one or more entries related to the access-control password created via the access-control password creation module, via the access-control interface from the user while accessing the authenticated entity in step 250. In one embodiment, receiving the one or more entries includes receiving the one or more entries by a verification module (60).
Furthermore, the method (200) also includes comparing each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created for generating a comparison result for verifying the one or more entries received for the user access control for accessing the authenticated entity in step 260. In one embodiment, comparing each of the one or more entries with the corresponding one or more inputs includes comparing each of the one or more entries with the corresponding one or more inputs by the verification module (60).
In one exemplary embodiment, the method (200) may further include initiating a randomized multi-stage access control process as an alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result including a negative comparison result is greater than a threshold count. In such embodiment, initiating the randomized multi-stage access control process includes initiating the randomized multi-stage access control process by an alternative access-control module (140).
Further, from a technical effect point of view, the implementation time required to perform the method steps included in the present disclosure by the one or more processors of the system is very minimal, thereby the system maintains very effective operational speed.
Various embodiments of the present disclosure enable the user to access the authenticated entity with the access-control password which is unpredictable even when an unauthorized person has observed the access-control password being entered by the user while accessing the authenticated entity. As the one or more colors are dynamically assigned to the background to the one or more keys displayed on the device, it becomes difficult for the unauthorized person to predict the access-control password. Because the unauthorized person may not be aware of the fact that the color is also a part of the access-control password along with the values on the one or more keys displayed on the access-control interface of the device.
Further, the system also provides a provision of displaying the one or more keys like the one or more animated pictures, the one or more blank spaces, pressing of the one or more hard-keys, and the like, or a combination thereof, in addition to conventional keys, thereby making the system more versatile, more flexible and more efficient in terms of creating the access-control password. Also, a provision of the randomized multi-stage access control process in the system as the alternative access control means for the user for accessing the authenticated entity, acts as an added advantage in comparison to conventional systems, thereby making the system more secure and more reliable.
Further, a provision of verifying the fingerprint of the user simultaneously via the one or more keys, while verifying the access-control password of the system, makes the system more secure, because even when the access-control password is known to the unauthorized person, the authenticated entity cannot be accessed because of mismatch of the fingerprint.
While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples.

Claims

I/WE CLAIM:
1. A system (10) for a user access control for accessing an authenticated entity (20), wherein the system (10) comprises: one or more processors (30); an access-control password creation module (40) operable by the one or more processors (30), wherein the access-control password creation module (40) is configured to: receive one or more preferences related to a creation of an access- control password from a user via a password creation interface (130) of a device (35) upon registering the user on a centralized platform; receive one or more inputs corresponding to at least one position in the access-control password upon pressing one or more keys displayed on the password creation interface (130) by the user, wherein the one or more keys are displayed on the password creation interface (130) based on the one or more preferences of the user; and create the access-control password to be used by the user as the user access control while accessing the authenticated entity (20) upon receiving the one or more inputs from the user; an access-control interface controlling module (50) operable by the one or more processors (30), wherein the access-control interface controlling module (50) is configured to dynamically assign one or more colors as a background to the one or more keys displayed on an access-control interface (80) while accessing the authenticated entity (20) based on the one or more preferences received by the access-control password creation module (40); and a verification module (60) operable by the one or more processors (30), wherein the verification module (60) is configured to: receive one or more entries related to the access password created via the access-control password creation module (40), via the access-control interface (80) from the user while accessing the authenticated entity (20); and compare each of the one or more entries with the corresponding one or more inputs in the respective position in the access-control password created to generate a comparison result to verify the one or more entries received for the user access control for accessing the authenticated entity
(20).
2. The system (10) as claimed in claim 1, wherein the one or more preferences comprise a selection of at least one of one or more access-control modes, one or more access-control password types, an alternative access-control means setup, or a combination thereof.
3. The system (10) as claimed in claim 2, wherein the one or more access- control modes comprise one of an option to enable the user to select from one of a safe mode and an unsafe mode via the access-control interface (80) while accessing the authenticated entity (20), an option to enable the system (10) to select from one of the safe mode and the unsafe mode via the access-control interface (80) while accessing the authenticated entity (20) based on one or more parameters, an option to fix to the safe mode, an option to fix to the unsafe mode, or a combination thereof. 4. The system (10) as claimed in claim 2, wherein the one or more access- control password types comprise one of an alphanumeric type, a color type, a pattern type, a symbol type, an animated picture type, a user-defined type, or a combination thereof.
5. The system (10) as claimed in claim 2, wherein the alternative access- control means setup comprises one of entering an answer for one or more system generated questions, setting up an image-based second level access control, generating a one-time password, or a combination thereof.
6. The system (10) as claimed in claim 1, wherein the one or more inputs comprise one of one or more alphanumeric characters, one or more colors, one or more patterns, one or more symbols, one or more animated pictures, one or more blank spaces, pressing of one or more hard-keys, or a combination thereof.
7. The system (10) as claimed in claim 1, wherein the verification module (60) comprises a fingerprint verification submodule (150) configured to verify a fingerprint of the user received simultaneously while verifying the one or more entries received via the access-control interface (80) upon comparing the fingerprint received with a pre- stored fingerprint, wherein at least one fingerprint sensor (70) is operatively coupled to the one or more keys displayed on the device (35).
8. The system (10) as claimed in claim 1, comprises an alternative access- control module (140) operable by the one or more processors (30), wherein the alternative access-control module (140) is configured to initiate a randomized multi-stage access control process as an alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result comprising a negative comparison result is greater than a threshold count.
9. A method (200) for a user access control via an access-control interface for accessing an authenticated entity, wherein the method (200) comprises: receiving, by an access-control password creation module (40), one or more preferences related to a creation of an access-control password from a user via a password creation interface of a device upon registering the user on a centralized platform; (210) receiving, by the access-control password creation module (40), one or more inputs from the user corresponding to at least one position in the access- control password upon pressing one or more keys displayed on the password creation interface by the user, wherein the one or more keys are displayed on the password creation interface based on the one or more preferences of the user; (220) creating, by the access-control password creation module (40), the access- control password to be used by the user as the user access control while accessing the authenticated entity upon receiving the one or more inputs from the user; (230) dynamically assigning, by an access-control interface controlling module (50), one or more colors as a background to the one or more keys displayed on the access-control interface while accessing the authenticated entity based on the one or more preferences received by the access-control password creation module; (240) receiving, by a verification module (60), one or more entries related to the access-control password created via the access-control password creation module, via the access-control interface from the user while accessing the authenticated entity; and (250) comparing, by the verification module (60), each of the one or more entries with the corresponding one or more inputs in the respective position in the access- control password created for generating a comparison result for verifying the one or more entries received for the user access control for accessing the authenticated entity (260). 10. The method (200) as claimed in claim 9, comprises initiating, by an alternative access-control module (140), a randomized multi-stage access control process as an alternative access control means for the user based on the one or more preferences of the user when a count of an occurrence of the comparison result comprising a negative comparison result is greater than a threshold count.
PCT/IB2021/052517 2021-02-10 2021-03-26 System and method for user access control for accessing an authenticated entity WO2022172068A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202141005724 2021-02-10
IN202141005724 2021-02-10

Publications (1)

Publication Number Publication Date
WO2022172068A1 true WO2022172068A1 (en) 2022-08-18

Family

ID=82838276

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/052517 WO2022172068A1 (en) 2021-02-10 2021-03-26 System and method for user access control for accessing an authenticated entity

Country Status (1)

Country Link
WO (1) WO2022172068A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5330567B2 (en) * 2006-01-25 2013-10-30 オラクル・インターナショナル・コーポレイション Computer-implemented authentication interface system
CN104584086A (en) * 2012-07-20 2015-04-29 利森提亚集团有限公司 Pin verification
EP1966682B1 (en) * 2005-12-22 2015-12-16 Telcordia Technologies, Inc. A method and system for password protocols in the bounded retrieval model with security against dictionary attacks and intrusions
WO2018130852A1 (en) * 2017-01-13 2018-07-19 University Of Surrey Improved authentication
US10419427B2 (en) * 2016-10-27 2019-09-17 Ca, Inc. Authenticating identity for password changes

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1966682B1 (en) * 2005-12-22 2015-12-16 Telcordia Technologies, Inc. A method and system for password protocols in the bounded retrieval model with security against dictionary attacks and intrusions
JP5330567B2 (en) * 2006-01-25 2013-10-30 オラクル・インターナショナル・コーポレイション Computer-implemented authentication interface system
CN104584086A (en) * 2012-07-20 2015-04-29 利森提亚集团有限公司 Pin verification
US10419427B2 (en) * 2016-10-27 2019-09-17 Ca, Inc. Authenticating identity for password changes
WO2018130852A1 (en) * 2017-01-13 2018-07-19 University Of Surrey Improved authentication

Similar Documents

Publication Publication Date Title
US20210400036A1 (en) Multi-level user device authentication system for internet of things (iot)
US10848304B2 (en) Public-private key pair protected password manager
US9871804B2 (en) User authentication
US9235715B1 (en) Techniques for increasing mobile device security
US20200120081A1 (en) User authentication based on biometric passwords
AU2020220152A1 (en) Interception-proof authentication and encryption system and method
AU2013205126A1 (en) Facial recognition streamlined login
Singh et al. A 3-level multifactor Authentication scheme for cloud computing
CN113826095A (en) Single click login process
US20160021102A1 (en) Method and device for authenticating persons
US20240022428A1 (en) Method for multi-party authentication using distributed identities
WO2022172068A1 (en) System and method for user access control for accessing an authenticated entity
WO2022175725A1 (en) System and method for managing user access to a personalized entity
Singh et al. Relevance of Multifactor Authentication for Secure Cloud Access
KR101632582B1 (en) Method and system for user authentication using password included random key
CN114900289B (en) Data security processing method, system, device and medium
US11689373B2 (en) Application module for creating an assured record of a user interaction
KR102168098B1 (en) A secure password authentication protocol using digitalseal
Venkatraman et al. Multilayered cloud security model using multifactor session-long biometrics access control
EP4091312A1 (en) Fraud resistant passcode entry system
KR100717959B1 (en) Electronic device and authentication method thereof
KR20220166556A (en) Physical OTP system for user authentication
KR200433767Y1 (en) Electronic device
MOSTAFA et al. THE LANDSCAPE OF AUTHENTICATION SYSTEMS: A COMPREHENSIVE SURVEY

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21925556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21925556

Country of ref document: EP

Kind code of ref document: A1