WO2008030184A1 - Improved authentication system - Google Patents
Improved authentication system Download PDFInfo
- Publication number
- WO2008030184A1 WO2008030184A1 PCT/SG2007/000177 SG2007000177W WO2008030184A1 WO 2008030184 A1 WO2008030184 A1 WO 2008030184A1 SG 2007000177 W SG2007000177 W SG 2007000177W WO 2008030184 A1 WO2008030184 A1 WO 2008030184A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile phone
- data
- user
- consumer electronic
- portable consumer
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the present invention relates to an authentication system for storage and retrieval of encrypted data using a public key and a private key, both keys being generated by a RSA algorithm, the inputs for the RSA algorithm obtained from a biometric source.
- RSA algorithm Use of the RSA algorithm alone to encrypt personal and business confidential data by itself is therefore not sufficient for authentication of important personal and commercial documents. What is required is an unique method of using the RSA algorithm to generate an unique pair of keys, preferably from the biometrics of the person.
- the biometrics could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
- the unique pair of keys as well as other personal and confidential data could be encrypted.
- What is equally important and needed is a secured storage medium for the encrypted data as well as a secured method of retrieval of the encrypted data in order to authenticate a document or verify the identity of a person.
- the invention provides a method of asymmetric cryptography for generating random numbers by using biometric means, using images obtained from biometric means, wherein the 'p', 'q' and possibly 'e' are used inputs to a RSA Algorithm to generate the key pairs, encrypting the private and public keys and storing the encrypted data in a RFID chip.
- a first object of the invention is an authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by an asymmetric algorithm such as a RSA algorithm, obtaining the prime numbers as inputs for the RSA asymmetric algorithm obtained from a biometric source; storing of data encrypted using asymmetric cryptography on a secondary storage device; and authenticating the stored data encrypted on in said secondary storage devices using asymmetric cryptography; the authentication of the encrypted data being carried out through verification means using both the public key and private key.
- an asymmetric algorithm such as a RSA algorithm
- the verification means of an authentication system is a validation message or a rejection message.
- the inputs for the RSA algorithm obtained from a biometric source is an image of the biometric image.
- the biometric image used for an authentication system for storage and retrieval of encrypted data is that of a fingerprint or an iris scan or face recognition or vein scan or any part of the body.
- the biometric image used for an authentication system being an image of the fingerprint, the iris or face or vein or any part of the body is processed by a computer, and saved into memory and then such data which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself, the random numbers generated are then put through an algorithm to test for primality testing and thereafter, the prime numbers generated after the primality testing will be fed as the input to the RSA algorithm to generate the key pairs.
- the method for generating asymmetric keys by using these methods: - i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number etc) iii) using the data on the RFID chip iv) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
- biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc)
- the method for generating asymmetric keys by combining two or more of the below mentioned means:- i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
- device identification number e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc
- biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc). is used as the seed for the pseudo random number for primality testing.
- the method for generating asymmetric keys by using one or more of the methods specified i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
- device identification number e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc
- the data on the RFID chip iv) password
- pin number vi) file on the device (e.g. photos, data, mp3)
- identification number of add on accessories/gadgets used in conjunction with the device e.g. SIM card number of a SIM card used with a mobile phone
- biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
- the method for using biometric information is used to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC.
- biometric information e.g. fingerprint recognition, facial recognition, voice recognition
- the method for using biometric information is used to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC.
- biometric information e.g. fingerprint recognition, facial recognition, voice recognition
- the mobile phone will match the fingerprint from the database on the mobile phone iv) Upon successful identification, it will decrypt the key from the file. v) Using the key it obtained, the mobile phone will then decrypt the token to extract the message vi) The message is then transferred to the PC which will in turn send it back to the bank for verification.
- the method for using biometric information uses a portable consumer electronic device with storage capability (e.g. mobile phone, PDA, iPod, BlackBerry) to decrypt a RFID chip with data encrypted either using symmetric or asymmetric encryption or both.
- a portable consumer electronic device with storage capability e.g. mobile phone, PDA, iPod, BlackBerry
- Another object of the invention is a method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod, BlackBerry) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method for generating asymmetric keys and storing the keys on the device.
- the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication ) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (eg USB).
- the portable consumer electronic device with storage capability e.g.
- the mobile phone, PDAs, iPod uses the multi-factor (defined as two or more) authentication device with asymmetric keys from the method for generating asymmetric keys on the fly as and when needed.
- the keys generated are not stored permanently on the device.
- the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB), thereby minimising the risk exposed to the user if the device is stolen or lost as the person who stolen it would need to know how to get the seed to generate the asymmetric key.
- the portable consumer electronic devices e.g. mobile phone, PDA
- data encrypted with symmetric keys e.g. AES
- the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
- direct wireless communication e.g. Bluetooth, WiFi, Infrared, Near Field Communication
- a gateway e.g. GPRS, 3G, SMS
- direct wired e.g. USB
- the portable consumer electronic devices e.g. mobile phone, PDA
- data encrypted with symmetric keys e.g. AES
- direct wireless communication e.g. Bluetooth, WiFi, Infrared, Near Field Communication
- a gateway e.g. GPRS, 3G, SMS
- direct wired e.g. USB
- the portable consumer electronic device e.g. mobile phone, PDAs, iPod
- Another object of the invention is for a method for use of a portable consumer electronic devices (e.g. mobile phone, PDA) as a means for transferring encrypted data (either asymmetric or symmetric) from a server to the portable consumer electronic device for decryption and then transfer the data to another system such as a PC in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
- a portable consumer electronic devices e.g. mobile phone, PDA
- PDA portable consumer electronic devices
- the encrypted data can be send in any of the ways mention below i) Transfer an encrypted session token from the server to the portable consumer electronic device either directly via GPRS, SMS etc or via the primary computing device such as a PC to the portable consumer electronic device.
- the decrypted session token is then sent back either directly to the server or via the primary computing device.
- the server will then allow the primary computing device to access the data.
- the data is decrypted on the portable consumer electronic device and sent to the primary computing device.
- Example usage i) User stores his personal information such as address, medical information, telephone number on the web and encrypts the data ii) When the user visits a clinic for the first time, the user will log in to the server through his mobile phone iii) The data downloaded from the server will be decrypted on the mobile phone and sent to the PC at the clinic. iv) The software on the PC will process the details of the user such as the address, the medical information and telephone number accordingly.
- the portable devices use the biometric functions built in a portable consumer electronic device as means for authentication/identification in place of an external biometric reading machine.
- biometric functions built in a portable consumer electronic device as means for authentication/identification in place of an external biometric reading machine.
- the user can use the fingerprint scanner on his mobile phone or PDA to authenticate his identity to the payment centre. This eliminates the risk of the fingerprint template being stored in the merchant's computer.
- the method for using a portable storage device for authenticating and/or signing the message on the devices in situations where the primary device doesn't have access to the keys using the asymmetric keys generated by the method for generating asymmetric keys.
- the portable consumer electronic device with or without asymmetric keys can be used as a mode of payment and/or as a credit card in which the data is stored in the common memory area of the device and encrypted and/or on external commercially available memory storage devices.
- the portable consumer electronic devices e.g. mobile phone, PDA
- the portable consumer electronic devices are used as secondary storage devices with asymmetric keys stored in them/or asymmetric keys generated on the as a form of authentication device for use such as i) loyalty card ii) access card (eg proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (eg e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (eg receipts) xi) identity management on the Internet or Intranet
- the data on the loyalty card etc can be stored on the portable consumer electronic device, on an external server such as the web, or on the merchant's server (as in the case of loyalty cards).
- the portable consumer electronic devices e.g. mobile phone, PDA
- the portable consumer electronic devices are used as secondary storage devices as a form of identification device for use such as i) loyalty card ii) access card (e.g. proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
- the user identifies himself to the other party using asymmetric/symmetric keys. Therefore, using a portable consumer electronic device can hold multiple identities for a user.
- PDA personal digital assistant
- PDA personal digital assistant
- the operating system of computers can be customised to extract the user settings from the mobile phone or PDA upon startup or login.
- the portable consumer electronic device can store internet cookies, bookmarks etc with encryption or in plain text which the user can use to access websites on another device such as a PC.
- Example usage i) A user's bookmarks, cookies and login user name and passwords are stored on the mobile phone ii) When the user access a PC, and launches the Internet browser, the Internet browser will load the bookmarks from the mobile phone iii) When the user logs in to read his email, the browser will pick up the user name and password from the mobile phone, thereby freeing the user from keying in the user name and password. This will prevent key loggers from stealing the user name and password.
- the mobile phone, personal digital assistant (PDA) can be used to scan for virus on the PC and/or to act as a network gateway with firewall. This isolates virus scanning and firewall activities to an external device function and functions as a hardware virus scanner/firewall.
- PDA personal digital assistant
- the mobile phone can function as a SecurlD token (by RSA Security).
- the method to use the mobile phone to generate a new code at a specific interval e.g. 60 seconds) is combined for use with the PIN number/password at the primary computing device for multi factor authentication purposes wherein the resultant pin/password will be a one-time-use code that is used to positively identify or authenticate the user and upon which the server at the other end will be synchronised such that the new code generated by the mobile phone will be the same.
- a specific interval e.g. 60 seconds
- the mobile phone Upon logging in to an internet banking website, the mobile phone displays aaaaaa.
- the user's pin number is 222222. Therefore, when prompted to enter the password, the user enters aaaaa222222.
- the internet banking server need to be synchronised with the mobile phone such that at the specific time, it knows that the mobile phone has generated aaaaaa.
- the method stores the asymmetric data and any important data on the web and to broadcast change of keys and/or consumer electronic device to all parties involved, (e.g. banks, shops whom the user has a loyalty card with).
- the method for storing personal information on the portable consumer electronic device with 1 ) symmetric encryption or/and 2) asymmetric encryption is used for ease of data entry and counter checking purposes (e.g. filling in of forms by transmitting the data to the PC or filling in of lottery coupons to purchase the tickets and later to check the numbers bought with the winning numbers).
- the portable consumer electronic device uses the method to store information encrypted with either symmetric and/or asymmetric keys pertaining to the user (e.g. address, medical records, dental records, drug allergies).
- the portable consumer electronic device uses the method for encrypting data with symmetric and/or asymmetric key to protect the privacy of data on the portable consumer electronic device.
- An option may be included to allow the data to self destruct upon keying in a wrong decryption code.
- a further object is for a method to use the mobile phone and/or PDA as a password management device for use with another device (e.g. PC) where i) The user name and/or password can be transmitted to the other device either in clear text form or in encrypted format or ii) The user name and/or password will be sent to a server (e.g. web based email) and the session token (such as a cookie) returned from the said server will be transmitted to the PC for use.
- a server e.g. web based email
- the session token such as a cookie
- Another object is for the method to store personal details encrypted with asymmetric data of the owner on a server and allowing authorised personnel to access the data so that if the system is hacked, hackers will not be able to decrypt the person's information stored on the server and it will provide the convenience of allowing friends of the user to be able to have the latest personal details of the user.
- Example usage Jack encrypts his mobile phone, address and email address with the public keys of Sally and Jane respectively on the web.
- Another object is a method for allowing identity providers to store tokens on portable consumer electronics. This token can then be forwarded to a third party who had initially requested for identity verification.
- ABC Brewery sends identity verification token to verify that the owner is above the legal age limit to purchase liquor to the owner's mobile phone.
- the owner forwards the request to an identity provider (e.g. Immigration and Checkpoint Authority, ICA) to verify.
- the ICA acknowledges the identity and age of the owner and processes the token. It then digitally signs the token and sends it back to the owner's mobile phone. The owner then forwards the digitally signed token to ABC Brewery.
- ABC Brewery will then check to see if the token is authentic. If it is authentic, the owner is allowed to purchase liquor.
- a further object is a method to update the phone number of a contact in the address book seamlessly either through accessing the web to retrieve the updated data or by changing the contact details stored in the mobile phone and/or PDA.
- Example usage i) Jack calls John by selecting "John" in the address book ii) The mobile phone gets a message saying that the number dialled is no longer available iii) The mobile phone will then automatically check the web to search for
- a further object is a method for using a portable consumer electronic device with asymmetric and/or symmetric key as a means to encrypt and decrypt data on the PC with hard disk at either bootup stage or sections of the hard disk.
- Example usage i) User powers up his PC and places the mobile phone next to the PC ii) At the bootup, a program will decrypt the rest of the hard disk with the key obtained from the mobile phone iii) Upon successful decryption, the Windows operating system and all other parts of the hard disk will be accessible to the user, therefore, Windows will be able to start up and proceed. Still another object is a method for using portable consumer electronic devices as a means for activating software applications to prevent piracy and/or as a licensing device.
- Example usage i) Before a software can run, it will check for credentials of the user through the mobile phone ii) After obtaining the credentials of the users, it will then determine whether the set of credentials is allowed to execute the program. If it is, the program will execute, otherwise it will inform the user that he does not have the licence to run the program.
- Another object is a method for using the consumer electronic device as a means for digital rights management, (e.g. the DVD movie can only be played if the authorised mobile phone is placed near the DVD player).
- Another example usage i) User purchases movie from the internet and passes his public key from his mobile phone to the service provider ii) Service provider will encrypt the movie with the user's public key and sends the movie to the user iii) When the user plays the movie on his home entertainment system such as a PC, the PC will check to ensure that the data can be successfully decrypted using the private key of the user's mobile phone iv) The decrypted data is then played.
- Another object is a method for using the portable consumer electronic device to function as a storage to keep user preferences and credentials.
- the data can be encrypted with asymmetric and/or symmetric keys.
- An example would be to store users preference for shop. (e.g. clothes size, shoe size, food dishes).
- Example usage i) User visits a restaurant and places the order via his mobile phone ii) On subsequent visits, he can review previously placed orders to determine if he wants to order the exact same dish again.
- Still a further object is a method for using a portable consumer electronic device with or without asymmetric key as a means to store the user preferences of a home entertainment systems and home automation systems.
- Example usage i) When Sam is listening to music, he places his mobile phone near the music player. It grabs Sam's preferences such as the equaliser settings, volume control and automatically adjust the sound system to it ii) Sam can also store the massage sequence on his mobile phone such that when he sits on the massage chair, the chair activates the massage sequence.
- Another object is a method for using the portable electronic consumer device to locate friends in the vicinity either by using direct wireless means (e.g. Bluetooth, WiFi) or via a gateway (e.g. wireless internet connection).
- direct wireless means e.g. Bluetooth, WiFi
- a gateway e.g. wireless internet connection.
- Example usage i) Jack and Sam are in the same building ii) Their mobile phones are turned on to scan for friends in the vicinity using the building WiFi access iii) Through the IP address provided, their respective mobile phone knows that they are both in the same building and trigger an alert to both of them informing them that they are in the same building.
- Another object is a method for using portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth, WiFi) as a walkie talkie or for conference calls.
- direct wireless capabilities e.g. Bluetooth, WiFi
- Example usage i) Jack decides to place a phone call to Sam ii) The mobile phone detects that both Jack and Sam are in a wireless environment and automatically uses the WiFi connection to establish the phone session thereby saving phone charges.
- a further object is a method for using asymmetric key to identify individual users in using the method using the portable consumer electronic device to function as a storage to keep user preferences and credentials wherein the keys can also be used to allow for secure mobile phone communication by using the portable consumer electronic device to function as a storage to keep user preferences and credentials.
- Another object is a method for using a Bluetooth earpiece or Bluetooth/WiFi enabled portable consumer electronic device with or without asymmetric key to function in place of a microphone. Another object is for a method to use the portable consumer electronic as a Bluetooth to WiFi converter and vice versa, allowing users who are using a voice chat system in their PC (e.g. MSN) to transfer the data via WiFi to the mobile phone and using the Bluetooth connection of the mobile phone to transfer the data to a Bluetooth earpiece, thereby facilitating the use of a Bluetooth earpiece to be used as an ordinary headphone with a PC.
- a voice chat system in their PC e.g. MSN
- Another object is a method for using a portable consumer electronic device to download information either in clear text or encrypted with asymmetric and/or symmetric key pertaining to an exhibit in places such as a museum or zoo onto the device.
- the method for using a portable consumer electronic device with or without asymmetric key with a Bluetooth earpiece is used to obtain voice information on an item (e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).
- an item e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).
- Another object is a method of using a portable consumer electronic device as a travel journal so that when payment is made using the mobile phone or when the tourist visits a place of interest and establishes a connection, these data are stored in the users mobile phone for his own record purposes and pictures taken between sites will be organised accordingly.
- Another object is a method for using a portable consumer electronic device with camera and location tracking service (e.g. GPS, mobile phone base station) to capture the image with location coordinates (e.g. GPS coordinate) into in portable consumer electronic device or directly into a web page.
- location coordinates e.g. GPS coordinate
- the coordinates can be tagged to the image or embedded in the image file. It can also include the date and time embedded in the image or tagged to the image. This can be used to serve as a travel journal, evidence of crime, diary etc.
- Example usage i) A person witness a burglary and take out his mobile phone with GPS and camera to take a picture of the crime scene; ii) The coordinates is embedded into the image and the image transferred to the police website; iii) The website will record the date and time the image was received which can then be admitted as evidence in court.
- Yet another object is a method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation.
- the voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
- Still another object is a method to allow portable consumer electronic devices (eg mobile phone, PDA) to use its direct wireless capabilities as a remote control to control Bluetooth enabled or WiFi consumer electronic devices.
- portable consumer electronic devices eg mobile phone, PDA
- Another object is for a method to use a portable consumer electronic device to store aging data which may be digitally signed or digitally encrypted or in clear text (eg warranty cards, e-tickets, receipts, promotion coupons) and upon the expiry date being reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.
- aging data may be digitally signed or digitally encrypted or in clear text (eg warranty cards, e-tickets, receipts, promotion coupons) and upon the expiry date being reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.
- Another object is a method for using the direct wireless capabilities of the portable consumer electronic device to submit digitally signed questions and answers during a forum or speech or lecture or classroom lessons.
- Another object is a method for enabling portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth or WiFi) with or without encryption (such as asymmetric and/or symmetric key encryption) to function as means for receiving data such as presentation slides from the speaker in a speech or lecture and which can be used to distribute handouts in a meeting or at a lecture.
- Example usage i) When going for a lecture, the user signs his attendance using his mobile phone public key before entering the room ii) When the lecturer decides to disseminate the information, he clicks a button which will encrypt the slides with the public key of the user and transmit it to everyone in the room iii) Only the user will be able to decrypt the slide and the information will be junk to the other people in the room.
- Another object is a method for printing documents, spreadsheets or presentation slides from mobile phone or PDA with direct wireless capabilities to the printer directly, therefore I allowing users to print a Word document directly to a printer.
- Another object is a method for displaying documents, spreadsheets or presentation slides from a mobile phone or PDA with direct wireless capabilities directly to a projector so that with this means, the user does not need to carry a notebook when conducting presentation.
- Another object is a method for using the portable consumer electronic device with asymmetric encryption as a chequebook.
- Example usage i) ' Bank issues digitally signed chequebook to the user and the user stores it in their mobile phone ii) When the user wishes to pay another party in the form of a cheque, he transmit the digitally signed (from the bank) cheque book and digitally signs it himself. iii) He then transmit this data to the other party who will forward it to his bank to honor the cheque. In this way, the pay does not need to know the payee's bank account number which is the case in internet banking.
- a further object is a method for using the direct wireless capabilities of the portable consumer electronic device (e.g. mobile phone, PDA) with or without asymmetric keys as a means of voting for AGM where the individual members will cast their vote and digitally sign it for auditing purposes.
- Example usage in an AGM i) Members register their public key at the reception and obtain the public key of the returning officer ii) When it is time to cast their votes, they can key in their votes which will be encrypted with the public key of the returning officer and then digitally signed by them iii) This data will be stored for auditing purposes and the vote will be kept secret because no one can decrypt the returning officers data iv) This same data will be decrypted in memory to obtain the vote and add it to the counter.
- the portable consumer electronic device e.g. mobile phone, PDA
- Another object is a method for using a portable consumer electronic device with direct wireless access capabilities (e.g. Bluetooth) to identify the location of a person.
- a portable consumer electronic device with direct wireless access capabilities e.g. Bluetooth
- Example usage i) Child turns on the Bluetooth feature in mobile phone in a shopping centre ii) His movement is captured at every intersection thereby providing his parents his whereabouts on their mobile phone.
- Another object is a method for writing the asymmetric and/or symmetric key data onto the RFID chip on the phone as and when is required for the purpose of authentication.
- the method for using the mobile phone with data encrypted using symmetric and/or asymmetric keys can be used as a means for operating machinery (e.g. starting cars, playing arcade games machine).
- a further object is for the device to generate the asymmetric keys using biometric information of a person to have the option of keeping a copy of the keys generated and then using the keys when required, or generating the keys on the fly as and when it is required and where the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS).
- a gateway e.g. GPPRS, 3G, SMS
- the direct wireless communication devices e.g. Bluetooth, InfraRed, WiFi, NFC
- the direct wireless communication device can convert WiFi signals to infra red for use as a remote control thereby enabling the portable consumer electronic devices with WiFi capabilities to be used as a remote control.
- the direct wireless communication device allows for card authentication (e.g. credit card, loyalty card, ATM cards) using the methods of generating asymmetric keys stored in secondary storage devices such as portable consumer electronic devices through direct wired and wireless means which will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity using the portable consumer electronic device and the public key from the portable electronic devices can be stored on the card itself, thereby if it can be unlocked with the private key on such portable storage devices, the transaction is deemed authentic.
- card authentication e.g. credit card, loyalty card, ATM cards
- secondary storage devices such as portable consumer electronic devices
- direct wired and wireless means which will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity using the portable consumer electronic device and the public key from the portable electronic devices can be stored on the card itself, thereby if it can be unlocked with the private key on such portable storage devices, the transaction is deemed authentic.
- the direct communication device enables existing projects to receive data (such as a Power point presentation) from a portable consumer electronic device to display directly onto the projector without the need for a notebook or PC.
- data such as a Power point presentation
- a further object is for a device to convert data from Bluetooth to WiFi .
- This can be used in conjunction with portable consumer devices with direct wireless capabilities or as a remote control device to control Bluetooth enabled or WiFi consumer electronic devices and as a replacement for microphone.
- a further object is a massage chair which has the capabilities to identify the person through the portable electronic consumer device with or without asymmetric key as a means to store the user preferences of the person.
- the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document using the data owner's private key (i.e. digital signing) and the information stored in a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.
- a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.
- the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document has this process of authentication of the secured document :-
- the secured document is authenticated.
- the authentication system for storage and retrieval of encrypted data for generation of a public and private key for authenticating stored data encrypted on secured documents uses asymmetric cryptography whereby the stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts, credit cards and other commercially important documents, the stored data being personal and business information of a data owner and meant to be disclosed only to users of the data authorised with a public key issued by the data owner.
- the secured document issued by an agency using the authentication system for storage and retrieval of encrypted data uses a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by
- the authentication of the encrypted data being carried out through verification means using both the public key and private key.
- the secured document obtained from the authentication system is verified according to these steps:-
- the verification agency decrypts the encrypted data on the RFID chip with the document holder's public key and obtains a validation message such as "This document is valid" but gets an incoherent message when the encrypted data is decrypted with the verification agency's public key, indicating the document was not genuine.
- the verification agency decrypts the encrypted data on the RFID chip with the verification agency's public key and obtains a validation message such as "This document is valid", but also obtains a validation message when the encrypted data is decrypted using the document holder's public key. This would mean that the secured document is genuine.
- the secured document for recording, storage and retrieval of encrypted data using the authentication system using a public key and a private key both the public key and private key are generated by a RSA algorithm, the secured document obtained by the following steps:-
- the authentication of the encrypted data being carried out through verification means using both the public key and private key.
- the secured document for recording, storage and retrieval of encrypted data obtained using a public key and a private key, wherein both the public key and private key are generated by a RSA algorithm
- the encrypted data includes data such as " date, time, location and other pertinent information relating to authentication of the document " which is then stored in a RFID chip and affixed to the important document.
- Fig. 1 is a flow chart of the first part of the invention which provides for generation of the random numbers obtained by using biometric means.
- Fig. 2 is a flowchart of the storing of data encrypted using asymmetric cryptography on an RFID chip.
- Fig. 3 is a flowchart is the authentication of the stored data encrypted on documents containing said RFID chip using asymmetric cryptography.
- the invention relies on the use of two keys, one public and one private , both of which are generated by asymmetric algorithm.
- Asymmetric algorithm has advantages in that firstly, no key agreement is required in advance, since the only key that needs to be shared with the other party is a public key that can be safely shared with everyone.
- the security of a symmetric algorithm depends on two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly much less problematic.
- the issue of trusting the other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others.
- prime numbers p and q Randomly select two prime numbers p and q. For the algebra to work properly, these two prime numbers must not be equal. To make the cipher strong, these prime numbers should be large, and they should be in the form of arbitrary precision integers with a size of at least 1024 bits.11.
- the invention provides another method for generating the random numbers by using biometric means.
- An image of the biometric information is first obtained.
- the biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
- the image(s) obtained from the biometric means will give the value for 'p', 'q' and possibly 'e'.
- the process is as follows 1 ) An image of the biometric information is obtained.
- the image can be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
- This image is then saved as an image file (e.g. JPEG, Bitmap, GIF or any image file in use under current convention).
- the image can be saved into memory or a secondary storage.
- the next step is storing of data encrypted using asymmetric cryptography on a RFID chip.
- the algorithm can be either the RSA or any other algorithm.
- the data can be encrypted by using programs which are publicly available (e.g. electronics communication encryption program, Pretty Good Privacy (PGP), available from www.pgp.com).
- PGP Pretty Good Privacy
- Encrypted Data is retrieved from the RFID chip.
- Decrypted data can be stored in memory, secondary storage or written back to the RFID chip.
- the third step of the invention is authenticating the stored data encrypted on documents using asymmetric cryptography.
- the stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts etc.
- the stored data could be data relating to the data owner's personal and business information, which is vital to the data owner and meant to be disclosed only to authorised users of the data allowed by the data owner.
- the data owner e.g. a government agency or a company creates their key pairs using asymmetric algorithms (e.g. RSA) through publicly available programs (e.g. PGP).
- asymmetric algorithms e.g. RSA
- PGP publicly available programs
- the information is stored into the identification document, either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag.
- the document is authentic.
- the invention can be used to authenticate important documents such as those used for identification. There are two ways of doing this. The first way can be done in the following steps.
- Step 2 Using the method described in Step 1 (Generation of random numbers using biometric means), we can digitally sign the checksum using the private key of all the parties involved, including the lawyer.
- the public key can be stored in a repository in a website on the Internet.
- the keys are reproduced every time the biometrics is obtained.
- the biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
- the same set of random numbers should theoretically be obtained and the same set of prime numbers will also be obtained.
- the initial prototype will involve a fingerprint reader to obtain the public and private keys.
- the public key will then be stored in a repository for the world to use.
- data or a message such as "This passport is valid" will be encrypted using the passport holder's private key and the government body's (ICA) private key.
- ICA government body's
- the immigration authority decrypts the encrypted data on the RFID chip with the passport holder's public key and sees the phrase "This passport is valid" but gets garbage when he decrypts the data with the government body's public key. This would mean that the passport wasn't issued by the legitimate government body.
- the immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid", but gets garbage when he decrypts the data using the passport holder's public key. This would mean that the passport doesn't belong to the holder.
- the immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid” and also gets the same word when he decrypts using the passport holder's public key. This means that the passport is legitimate.
- a fingerprint reader is used to obtain the public and private keys.
- the public key will then be kept by an authorised party for the world to use.
- the authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and sees the authentication data " data, time, location and other pertinent information relating to the authentication of the document " but gets garbage when he decrypts the data with the authorised party's public key. This would mean that the document wasn't issued by the legitimate holder.
- the authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and gets all the pertinent information and also gets the same pertinent information when he decrypts using the document holder's public key. This means that the document is genuine.
- the keys could be encrypted using symmetric or asymmetric keys
- the invention also envisage the asymmetric keys generated by the methods of the invention on secondary storage devices such as the portable consumer electronic device (eg mobile phone, PDAs, Blackberry) be further used as:-
- the portable consumer electronic device eg mobile phone, PDAs, Blackberry
- Gadgets incorporating the devices of the invention include:- o Device to generate asymmetric keys on the fly o Lock with direct wireless capabilities o WiFi to Infrared device for remote control o Credit card/ATM authentication for digital signing from mobile phone o Device to enable direct transmission from phone to projector o Device to convert Bluetooth to WiFi converter o Massage chair with capabilities to recognise the user
- the invention makes use of biometrics of a person which is unique to the person for generation of an algorithm to output a private key and public key, storing encrypted data and the keys in a RFID chip, for authentication purpose.
- Another advantage is that compared to existing biometrics means, the template of the fingerprint etc is stored in a server, hence if the server is compromised, all the templates of the fingerprints stored will be at risk of being stolen and used. In this invention, even if the server is compromised, the public keys stored in there would be useless to the person who compromised the server.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biodiversity & Conservation Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
An authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by the inputs for the RSA algorithm obtained from a biometric source; storing of data encrypted using asymmetric cryptography on a RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography; the authentication of the encrypted data being carried out through verification means using both the public key and private key. Various devices using the improved authentication system are also proposed. Many uses and applications incorporating the devices with the improved authentication system are also proposed.
Description
IMPROVED AUTHENTICATION SYSTEM
TECHNICAL FIELD OF INVENTION
The present invention relates to an authentication system for storage and retrieval of encrypted data using a public key and a private key, both keys being generated by a RSA algorithm, the inputs for the RSA algorithm obtained from a biometric source.
The subject invention claims priority from Singapore Patent Application No. 2005 08498-3 for " IMPROVED AUTHENTICATION SYSTEM " filed on 25.10.2005.
BACKGROUND OF THE INVENTION
In the 1970s Martin Hellman, Whitfield Diffie, and, independently, Ralph Merkle invented a beautiful cryptographic idea. Their idea was to solve the key exchange and trust problems of symmetric cryptography by replacing the single shared secret key with a pair of mathematically related keys, one of which can be made publicly available and another that must be kept secret by the individual who generated the key pair. The advantages are obvious. First, no key agreement is required in advance, since the only key that needs to be shared with the other party is a public key that can be safely shared with everyone. Second, whereas the security of a symmetric algorithm depends on two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly much less problematic. Third, the issue of trusting the other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others
Since the idea of using the RSA Algorithm was first taught in US Patent No. 4,200,770 and also in United States Patent No. 4,405,829, which is known as the "RSA Patent", RSA algorithm has been used in many instances for public key encryption and digital signatures. Both the Netscape Navigator and Microsoft Explorer web browsing programs use RSA algorithms in their implementations of the Secure Sockets Layer (SSL). Mastercard and VISA likewise use the RSA algorithm in the Secure Electronic Transactions (SET) protocol for credit card transactions.
MEANS TO SOLVE THE PROBLEM
Although applications using RSA algorithm for public key encryption are many, it is still essential that a person's identity be authenticated for important occasions and for important documents. Mere possession of an important document e.g. passport or smart credit card purportedly belonging to a person is sometimes not sufficient. This can be even so if the purported document contains encrypted data which can verify the identity of the holder. There is a further requirement for the person to have a private key which can then be matched with the public key (stored and made available to an verifying party) to further establish that person's identity.
Use of the RSA algorithm alone to encrypt personal and business confidential data by itself is therefore not sufficient for authentication of important personal and commercial documents. What is required is an unique method of using the RSA algorithm to generate an unique pair of keys, preferably from the biometrics of the person. The biometrics could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The unique pair of keys as well as other personal and confidential data could be encrypted. What is equally important and needed is a secured storage medium for the encrypted data as well as a secured method of retrieval of the encrypted data in order to authenticate a document or verify the identity of a person.
The invention provides a method of asymmetric cryptography for generating random numbers by using biometric means, using images obtained from biometric means, wherein the 'p', 'q' and possibly 'e' are used inputs to a RSA Algorithm to generate the key pairs, encrypting the private and public keys and storing the encrypted data in a RFID chip.
SUMMARY OF INVENTION
A first object of the invention is an authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by an asymmetric algorithm such as a RSA algorithm, obtaining the prime numbers as inputs for the RSA asymmetric
algorithm obtained from a biometric source; storing of data encrypted using asymmetric cryptography on a secondary storage device; and authenticating the stored data encrypted on in said secondary storage devices using asymmetric cryptography; the authentication of the encrypted data being carried out through verification means using both the public key and private key.
Preferably the verification means of an authentication system is a validation message or a rejection message.
Preferably, the inputs for the RSA algorithm obtained from a biometric source is an image of the biometric image.
Preferably, the biometric image used for an authentication system for storage and retrieval of encrypted data is that of a fingerprint or an iris scan or face recognition or vein scan or any part of the body.
Preferably the biometric image used for an authentication system being an image of the fingerprint, the iris or face or vein or any part of the body is processed by a computer, and saved into memory and then such data which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself, the random numbers generated are then put through an algorithm to test for primality testing and thereafter, the prime numbers generated after the primality testing will be fed as the input to the RSA algorithm to generate the key pairs.
Preferably the method for generating asymmetric keys (e.g. RSA) by using these methods: - i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number etc) iii) using the data on the RFID chip iv) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone)
v) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc), is used as the seed for the pseudo random number required for primality testing.
Preferably the method for generating asymmetric keys (e.g. RSA) by combining two or more of the below mentioned means:- i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc). is used as the seed for the pseudo random number for primality testing.
Preferably, the method for generating asymmetric keys (e.g. RSA) by using one or more of the methods specified i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone)
viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc). is used as the seed for the pseudo random number and then to find a new random number for primality testing or to find new prime numbers by iterating the primality test using one or more of the methods specified above.
Preferably, the method for using biometric information (e.g. fingerprint recognition, facial recognition, voice recognition) is used to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC. Example: i) User and bank has previously exchanged the encryption keys (either symmetric or asymmetric) ii) Bank encrypts the token with the encryption key and sends it to the mobile phone either directly through GPRS or through a PC iii) User scans his finger on the fingerprint scanner on the mobile phone.
The mobile phone will match the fingerprint from the database on the mobile phone iv) Upon successful identification, it will decrypt the key from the file. v) Using the key it obtained, the mobile phone will then decrypt the token to extract the message vi) The message is then transferred to the PC which will in turn send it back to the bank for verification.
Preferably the method for using biometric information uses a portable consumer electronic device with storage capability (e.g. mobile phone, PDA, iPod, BlackBerry) to decrypt a RFID chip with data encrypted either using symmetric or asymmetric encryption or both.
Another object of the invention is a method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod, BlackBerry) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method for generating asymmetric keys and storing the keys on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication ) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (eg USB).
Preferably the portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod) uses the multi-factor (defined as two or more) authentication device with asymmetric keys from the method for generating asymmetric keys on the fly as and when needed. The keys generated are not stored permanently on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB), thereby minimising the risk exposed to the user if the device is stolen or lost as the person who stole it would need to know how to get the seed to generate the asymmetric key.
Preferably the portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) uses a multi-factor authentication device in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
Preferably the portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) uses a multi-factor authentication device from the method for generating asymmetric keys in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
Preferably the portable consumer electronic device (e.g. mobile phone, PDAs, iPod) has a secondary storage device to perform as a two or more factor authentication device using symmetric and/or asymmetric keys in which the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS) or direct wired (e.g. USB).
Another object of the invention is for a method for use of a portable consumer electronic devices (e.g. mobile phone, PDA) as a means for transferring encrypted data (either asymmetric or symmetric) from a server to the portable consumer electronic device for decryption and then transfer the data to another system such as a PC in which the mode of transmission for the exchange of the data can be direct wireless
communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
The encrypted data can be send in any of the ways mention below i) Transfer an encrypted session token from the server to the portable consumer electronic device either directly via GPRS, SMS etc or via the primary computing device such as a PC to the portable consumer electronic device. The decrypted session token is then sent back either directly to the server or via the primary computing device. The server will then allow the primary computing device to access the data. ii) Transfer the encrypted data from the portable consumer electronic device either directly via GPRS etc or via the primary computing device such as a PC to the portable consumer electronic device. The data is decrypted on the portable consumer electronic device and sent to the primary computing device.
Example usage : i) User stores his personal information such as address, medical information, telephone number on the web and encrypts the data ii) When the user visits a clinic for the first time, the user will log in to the server through his mobile phone iii) The data downloaded from the server will be decrypted on the mobile phone and sent to the PC at the clinic. iv) The software on the PC will process the details of the user such as the address, the medical information and telephone number accordingly.
Preferably the portable devices use the biometric functions built in a portable consumer electronic device as means for authentication/identification in place of an external biometric reading machine. For example :
Instead of using a fingerprint scanner connected to a payment device, the user can use the fingerprint scanner on his mobile phone or PDA to authenticate his identity to the payment centre. This eliminates the risk of the fingerprint template being stored in the merchant's computer.
Preferably the method for using a portable storage device for authenticating and/or signing the message on the devices (which is used as the secondary device) in situations where the primary device doesn't have access to the keys using the asymmetric keys generated by the method for generating asymmetric keys.
Alternatively, the portable consumer electronic device with or without asymmetric keys can be used as a mode of payment and/or as a credit card in which the data is stored in the common memory area of the device and encrypted and/or on external commercially available memory storage devices.
Alternatively, the portable consumer electronic devices (e.g. mobile phone, PDA) are used as secondary storage devices with asymmetric keys stored in them/or asymmetric keys generated on the as a form of authentication device for use such as i) loyalty card ii) access card (eg proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (eg e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (eg receipts) xi) identity management on the Internet or Intranet
In the authentication process, the other party needs to know if the owner of the phone is authorised and does not need to know their identity. The data on the loyalty card etc can be stored on the portable consumer electronic device, on an external server such as the web, or on the merchant's server (as in the case of loyalty cards).
Alternatively the portable consumer electronic devices (e.g. mobile phone, PDA) are used as secondary storage devices as a form of identification device for use such as i) loyalty card ii) access card (e.g. proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet
ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
In this identification process, the user identifies himself to the other party using asymmetric/symmetric keys. Therefore, using a portable consumer electronic device can hold multiple identities for a user.
For example : Assuming that the asymmetric keys have been generated and given to the respective parties, the user then proceed login to his intranet by placing his phone near the PC and generates the asymmetric key using Claims (6-8). The PC identities the user and allows him to log in. When the same user logs in to his email service provider, he generates another set of asymmetric key using Claims (6-8). In this way, the mobile phone hold multiple identities of the same person.
Alternatively mobile phone, personal digital assistant (PDA) can be used as an external storage device in the authentication process thereby allowing the user to save their documents and settings directly into the mobile phone or PDA which is mapped as a local drive on the computer and wherein the data on the mobile phone or PDA can be encrypted and decrypted on the fly thereby functioning as an encrypted external hard disk.
Preferably the method to store the user settings and user personal folder (such as C:\Documents and Settings\kschua in Windows XP or /usr/home/kschua in Linux) on the mobile phone, personal digital assistant (PDA) will preserve the settings for the user when he switches between computers.
Preferably the operating system of computers can be customised to extract the user settings from the mobile phone or PDA upon startup or login.
Preferably the portable consumer electronic device can store internet cookies, bookmarks etc with encryption or in plain text which the user can use to access websites on another device such as a PC. Example usage : i) A user's bookmarks, cookies and login user name and passwords are stored on the mobile phone
ii) When the user access a PC, and launches the Internet browser, the Internet browser will load the bookmarks from the mobile phone iii) When the user logs in to read his email, the browser will pick up the user name and password from the mobile phone, thereby freeing the user from keying in the user name and password. This will prevent key loggers from stealing the user name and password.
Alternatively, the mobile phone, personal digital assistant (PDA) can be used to scan for virus on the PC and/or to act as a network gateway with firewall. This isolates virus scanning and firewall activities to an external device function and functions as a hardware virus scanner/firewall.
Alternatively, the mobile phone can function as a SecurlD token (by RSA Security).
Preferably the method to use the mobile phone to generate a new code at a specific interval e.g. 60 seconds) is combined for use with the PIN number/password at the primary computing device for multi factor authentication purposes wherein the resultant pin/password will be a one-time-use code that is used to positively identify or authenticate the user and upon which the server at the other end will be synchronised such that the new code generated by the mobile phone will be the same. Example usage
1 ) Upon logging in to an internet banking website, the mobile phone displays aaaaaa. The user's pin number is 222222. Therefore, when prompted to enter the password, the user enters aaaaa222222. The internet banking server need to be synchronised with the mobile phone such that at the specific time, it knows that the mobile phone has generated aaaaaa.
Alternatively the method stores the asymmetric data and any important data on the web and to broadcast change of keys and/or consumer electronic device to all parties involved, (e.g. banks, shops whom the user has a loyalty card with).
Preferably the method for storing personal information on the portable consumer electronic device with 1 ) symmetric encryption or/and 2) asymmetric encryption is used for ease of data entry and counter checking purposes (e.g. filling in of forms by transmitting the data to the PC or filling in of lottery coupons to purchase the tickets and later to check the numbers bought with the winning numbers).
Preferably the portable consumer electronic device uses the method to store information encrypted with either symmetric and/or asymmetric keys pertaining to the user (e.g. address, medical records, dental records, drug allergies).
Preferably the portable consumer electronic device uses the method for encrypting data with symmetric and/or asymmetric key to protect the privacy of data on the portable consumer electronic device. An option may be included to allow the data to self destruct upon keying in a wrong decryption code.
A further object is for a method to use the mobile phone and/or PDA as a password management device for use with another device (e.g. PC) where i) The user name and/or password can be transmitted to the other device either in clear text form or in encrypted format or ii) The user name and/or password will be sent to a server (e.g. web based email) and the session token (such as a cookie) returned from the said server will be transmitted to the PC for use.
Another object is for the method to store personal details encrypted with asymmetric data of the owner on a server and allowing authorised personnel to access the data so that if the system is hacked, hackers will not be able to decrypt the person's information stored on the server and it will provide the convenience of allowing friends of the user to be able to have the latest personal details of the user. Example usage: Jack encrypts his mobile phone, address and email address with the public keys of Sally and Jane respectively on the web.
1 ) Sally and Jane's mobile phone will update Jack's mobile phone number from the web at regular intervals or as and when is required. This way, whenever Jack changes his telephone number, Sally and Jane's mobile phone data will be updated accordingly. If Jack decides to deny Sally from knowing his new mobile phone number, he simply encrypts his new mobile phone number on the web with Jane's public key. This way, only Jane will have the new number and Sally doesn't.
2) Jack changes his email address and updates the information on the web and encrypts it with Sally and Jane's public key. On Sally's and Jane's PC, this information will be downloaded and the changes made to the address book accordingly.
3) Jack shifts house and updates the information on the web and encrypts it with Sally and Jane's public key. If Sally or Jane wants to pay Jack a visit, they can check the web or use their PC to retrieve the latest information and check where Jack is staying.
If Jack doesn't wish to let any of them know of his new address, he can just simply update the data encrypting it with other people's public key except Jane and Sally's.
Another object is a method for allowing identity providers to store tokens on portable consumer electronics. This token can then be forwarded to a third party who had initially requested for identity verification. Example usage
1 ) ABC Brewery sends identity verification token to verify that the owner is above the legal age limit to purchase liquor to the owner's mobile phone. The owner forwards the request to an identity provider (e.g. Immigration and Checkpoint Authority, ICA) to verify. The ICA acknowledges the identity and age of the owner and processes the token. It then digitally signs the token and sends it back to the owner's mobile phone. The owner then forwards the digitally signed token to ABC Brewery. ABC Brewery will then check to see if the token is authentic. If it is authentic, the owner is allowed to purchase liquor.
A further object is a method to update the phone number of a contact in the address book seamlessly either through accessing the web to retrieve the updated data or by changing the contact details stored in the mobile phone and/or PDA. Example usage : i) Jack calls John by selecting "John" in the address book ii) The mobile phone gets a message saying that the number dialled is no longer available iii) The mobile phone will then automatically check the web to search for
John's new number and dial that new number instead.
A further object is a method for using a portable consumer electronic device with asymmetric and/or symmetric key as a means to encrypt and decrypt data on the PC with hard disk at either bootup stage or sections of the hard disk.
Example usage : i) User powers up his PC and places the mobile phone next to the PC ii) At the bootup, a program will decrypt the rest of the hard disk with the key obtained from the mobile phone iii) Upon successful decryption, the Windows operating system and all other parts of the hard disk will be accessible to the user, therefore, Windows will be able to start up and proceed.
Still another object is a method for using portable consumer electronic devices as a means for activating software applications to prevent piracy and/or as a licensing device.
Example usage : i) Before a software can run, it will check for credentials of the user through the mobile phone ii) After obtaining the credentials of the users, it will then determine whether the set of credentials is allowed to execute the program. If it is, the program will execute, otherwise it will inform the user that he does not have the licence to run the program.
Another object is a method for using the consumer electronic device as a means for digital rights management, (e.g. the DVD movie can only be played if the authorised mobile phone is placed near the DVD player). Another example usage : i) User purchases movie from the internet and passes his public key from his mobile phone to the service provider ii) Service provider will encrypt the movie with the user's public key and sends the movie to the user iii) When the user plays the movie on his home entertainment system such as a PC, the PC will check to ensure that the data can be successfully decrypted using the private key of the user's mobile phone iv) The decrypted data is then played.
Another object is a method for using the portable consumer electronic device to function as a storage to keep user preferences and credentials. The data can be encrypted with asymmetric and/or symmetric keys. An example would be to store users preference for shop. (e.g. clothes size, shoe size, food dishes). Example usage : i) User visits a restaurant and places the order via his mobile phone ii) On subsequent visits, he can review previously placed orders to determine if he wants to order the exact same dish again.
Still a further object is a method for using a portable consumer electronic device with or without asymmetric key as a means to store the user preferences of a home entertainment systems and home automation systems. Example usage :
i) When Sam is listening to music, he places his mobile phone near the music player. It grabs Sam's preferences such as the equaliser settings, volume control and automatically adjust the sound system to it ii) Sam can also store the massage sequence on his mobile phone such that when he sits on the massage chair, the chair activates the massage sequence.
Another object is a method for using the portable electronic consumer device to locate friends in the vicinity either by using direct wireless means (e.g. Bluetooth, WiFi) or via a gateway (e.g. wireless internet connection). Example usage i) Jack and Sam are in the same building ii) Their mobile phones are turned on to scan for friends in the vicinity using the building WiFi access iii) Through the IP address provided, their respective mobile phone knows that they are both in the same building and trigger an alert to both of them informing them that they are in the same building.
Another object is a method for using portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth, WiFi) as a walkie talkie or for conference calls.
Example usage : i) Jack decides to place a phone call to Sam ii) The mobile phone detects that both Jack and Sam are in a wireless environment and automatically uses the WiFi connection to establish the phone session thereby saving phone charges.
A further object is a method for using asymmetric key to identify individual users in using the method using the portable consumer electronic device to function as a storage to keep user preferences and credentials wherein the keys can also be used to allow for secure mobile phone communication by using the portable consumer electronic device to function as a storage to keep user preferences and credentials.
Another object is a method for using a Bluetooth earpiece or Bluetooth/WiFi enabled portable consumer electronic device with or without asymmetric key to function in place of a microphone.
Another object is for a method to use the portable consumer electronic as a Bluetooth to WiFi converter and vice versa, allowing users who are using a voice chat system in their PC (e.g. MSN) to transfer the data via WiFi to the mobile phone and using the Bluetooth connection of the mobile phone to transfer the data to a Bluetooth earpiece, thereby facilitating the use of a Bluetooth earpiece to be used as an ordinary headphone with a PC.
Another object is a method for using a portable consumer electronic device to download information either in clear text or encrypted with asymmetric and/or symmetric key pertaining to an exhibit in places such as a museum or zoo onto the device.
Preferably the method for using a portable consumer electronic device with or without asymmetric key with a Bluetooth earpiece is used to obtain voice information on an item (e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).
Another object is a method of using a portable consumer electronic device as a travel journal so that when payment is made using the mobile phone or when the tourist visits a place of interest and establishes a connection, these data are stored in the users mobile phone for his own record purposes and pictures taken between sites will be organised accordingly.
Another object is a method for using a portable consumer electronic device with camera and location tracking service (e.g. GPS, mobile phone base station) to capture the image with location coordinates (e.g. GPS coordinate) into in portable consumer electronic device or directly into a web page. The coordinates can be tagged to the image or embedded in the image file. It can also include the date and time embedded in the image or tagged to the image. This can be used to serve as a travel journal, evidence of crime, diary etc. Example usage: i) A person witness a burglary and take out his mobile phone with GPS and camera to take a picture of the crime scene; ii) The coordinates is embedded into the image and the image transferred to the police website;
iii) The website will record the date and time the image was received which can then be admitted as evidence in court.
Yet another object is a method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
Still another object is a method to allow portable consumer electronic devices (eg mobile phone, PDA) to use its direct wireless capabilities as a remote control to control Bluetooth enabled or WiFi consumer electronic devices.
Another object is for a method to use a portable consumer electronic device to store aging data which may be digitally signed or digitally encrypted or in clear text (eg warranty cards, e-tickets, receipts, promotion coupons) and upon the expiry date being reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.
Another object is a method for using the direct wireless capabilities of the portable consumer electronic device to submit digitally signed questions and answers during a forum or speech or lecture or classroom lessons.
Another object is a method for enabling portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth or WiFi) with or without encryption (such as asymmetric and/or symmetric key encryption) to function as means for receiving data such as presentation slides from the speaker in a speech or lecture and which can be used to distribute handouts in a meeting or at a lecture. Example usage : i) When going for a lecture, the user signs his attendance using his mobile phone public key before entering the room ii) When the lecturer decides to disseminate the information, he clicks a button which will encrypt the slides with the public key of the user and transmit it to everyone in the room iii) Only the user will be able to decrypt the slide and the information will be junk to the other people in the room.
Another object is a method for printing documents, spreadsheets or presentation slides from mobile phone or PDA with direct wireless capabilities to the printer directly, therefore I allowing users to print a Word document directly to a printer.
Another object is a method for displaying documents, spreadsheets or presentation slides from a mobile phone or PDA with direct wireless capabilities directly to a projector so that with this means, the user does not need to carry a notebook when conducting presentation.
Another object is a method for using the portable consumer electronic device with asymmetric encryption as a chequebook.
Example usage : i) ' Bank issues digitally signed chequebook to the user and the user stores it in their mobile phone ii) When the user wishes to pay another party in the form of a cheque, he transmit the digitally signed (from the bank) cheque book and digitally signs it himself. iii) He then transmit this data to the other party who will forward it to his bank to honour the cheque. In this way, the pay does not need to know the payee's bank account number which is the case in internet banking.
A further object is a method for using the direct wireless capabilities of the portable consumer electronic device (e.g. mobile phone, PDA) with or without asymmetric keys as a means of voting for AGM where the individual members will cast their vote and digitally sign it for auditing purposes. Example usage in an AGM i) Members register their public key at the reception and obtain the public key of the returning officer ii) When it is time to cast their votes, they can key in their votes which will be encrypted with the public key of the returning officer and then digitally signed by them iii) This data will be stored for auditing purposes and the vote will be kept secret because no one can decrypt the returning officers data iv) This same data will be decrypted in memory to obtain the vote and add it to the counter.
This will ensure that the vote remains secret and yet can be subjected to auditing.
Another object is a method for using a portable consumer electronic device with direct wireless access capabilities (e.g. Bluetooth) to identify the location of a person. Example usage : i) Child turns on the Bluetooth feature in mobile phone in a shopping centre ii) His movement is captured at every intersection thereby providing his parents his whereabouts on their mobile phone.
Another object is a method for writing the asymmetric and/or symmetric key data onto the RFID chip on the phone as and when is required for the purpose of authentication.
Preferably the method for using the mobile phone with data encrypted using symmetric and/or asymmetric keys can be used as a means for operating machinery (e.g. starting cars, playing arcade games machine).
A further object is for the device to generate the asymmetric keys using biometric information of a person to have the option of keeping a copy of the keys generated and then using the keys when required, or generating the keys on the fly as and when it is required and where the mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS).
Preferably the direct wireless communication devices (e.g. Bluetooth, InfraRed, WiFi, NFC) locks with asymmetric and/or symmetric encryption capabilities for use with the devices for generation of the asymmetric keys.
Preferably the direct wireless communication device can convert WiFi signals to infra red for use as a remote control thereby enabling the portable consumer electronic devices with WiFi capabilities to be used as a remote control.
Preferably the direct wireless communication device allows for card authentication (e.g. credit card, loyalty card, ATM cards) using the methods of generating asymmetric keys stored in secondary storage devices such as portable consumer electronic devices through direct wired and wireless means which will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity
using the portable consumer electronic device and the public key from the portable electronic devices can be stored on the card itself, thereby if it can be unlocked with the private key on such portable storage devices, the transaction is deemed authentic.
Preferably the direct communication device enables existing projects to receive data (such as a Power point presentation) from a portable consumer electronic device to display directly onto the projector without the need for a notebook or PC.
A further object is for a device to convert data from Bluetooth to WiFi . This can be used in conjunction with portable consumer devices with direct wireless capabilities or as a remote control device to control Bluetooth enabled or WiFi consumer electronic devices and as a replacement for microphone.
A further object is a massage chair which has the capabilities to identify the person through the portable electronic consumer device with or without asymmetric key as a means to store the user preferences of the person.
Preferably the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document using the data owner's private key (i.e. digital signing) and the information stored in a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.
Preferably, the authentication system for storage and retrieval of encrypted data for generation of a public and private key allows personal and commercially important data are encrypted into a secured document has this process of authentication of the secured document :-
a. Public key of the data owner involved is obtained. b. Data on the secured document is decrypted.
and if the data could be read, the secured document is authenticated.
Preferably the authentication system for storage and retrieval of encrypted data for generation of a public and private key for authenticating stored data encrypted on secured documents uses asymmetric cryptography whereby the
stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts, credit cards and other commercially important documents, the stored data being personal and business information of a data owner and meant to be disclosed only to users of the data authorised with a public key issued by the data owner.
Preferably the secured document issued by an agency using the authentication system for storage and retrieval of encrypted data uses a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by
obtaining the inputs for the RSA algorithm from a biometric source; storing of data encrypted using asymmetric cryptography on an RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
Preferably the secured document obtained from the authentication system is verified according to these steps:-
The verification agency decrypts the encrypted data on the RFID chip with the document holder's public key and obtains a validation message such as "This document is valid" but gets an incoherent message when the encrypted data is decrypted with the verification agency's public key, indicating the document was not genuine.
The verification agency decrypts the encrypted data on the RFID chip with the verification agency's public key and obtains a validation message such as "This document is valid", but also obtains a validation message when the encrypted data is decrypted using the document holder's public key. This would mean that the secured document is genuine.
Preferably the secured document for recording, storage and retrieval of encrypted data using the authentication system using a public key and a
private key, both the public key and private key are generated by a RSA algorithm, the secured document obtained by the following steps:-
obtaining the inputs for the RSA algorithm from a biometric source;
recording and storing of data encrypted using asymmetric cryptography on an RFID chip; and
authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
Preferably, the secured document for recording, storage and retrieval of encrypted data obtained using a public key and a private key, wherein both the public key and private key are generated by a RSA algorithm, the encrypted data includes data such as " date, time, location and other pertinent information relating to authentication of the document " which is then stored in a RFID chip and affixed to the important document.
BRIEF DESCRIPTION OF DRAWINGS
Fig. 1 is a flow chart of the first part of the invention which provides for generation of the random numbers obtained by using biometric means.
Fig. 2 is a flowchart of the storing of data encrypted using asymmetric cryptography on an RFID chip.
Fig. 3 is a flowchart is the authentication of the stored data encrypted on documents containing said RFID chip using asymmetric cryptography.
DESCRIPTION OF MAIN EMBODIMENT
The invention relies on the use of two keys, one public and one private , both of which are generated by asymmetric algorithm. Asymmetric algorithm has advantages in that firstly, no key agreement is required in advance, since the only
key that needs to be shared with the other party is a public key that can be safely shared with everyone. Secondly, whereas the security of a symmetric algorithm depends on two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly much less problematic. Thirdly, the issue of trusting the other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others.
The steps for generation of the key pairs using the RSA Algorithm (as taught in US Patent Number 4,200,770 and United States Patent No. 4,405,829) is first described.
Randomly select two prime numbers p and q. For the algebra to work properly, these two prime numbers must not be equal. To make the cipher strong, these prime numbers should be large, and they should be in the form of arbitrary precision integers with a size of at least 1024 bits.11.
Calculate the product: n = p • q.
Calculate the Euler totient12 for these two primes, which is represented by the Greek letter φ. This is easily computed with the formula φ = (p - 1 ) • (q - 1 ).
1. Now that we have the values n and φ, the values p and q will no longer be useful to us. However, we must ensure that nobody else will ever be able to discover these values. Destroy them, leaving no trace behind so that they cannot be used against us in the future. Otherwise, it will be very easy for an attacker to reconstruct our key pair and decipher our ciphertext.
2. Randomly select a number e (the letter e is used because we will use this value during encryption) that is greater than 1 , less than φ, and relatively prime to φ. Two numbers are said to be relatively prime if they have no prime factors in common. Note that e does not necessarily have to be prime. The value of e is used along with the value n to represent the public key used for encryption.
3. Calculate the unique value d (to be used during decryption) that satisfies the requirement that, if d • e is divided by φ, then the remainder of the division is 1. The
mathematical notation for this is d ■ e = 1(mod φ). In mathematical jargon, we say that d is the multiplicative inverse of e modulo φ. The value of d is to be kept secret. If you know the value of φ, the value of d can be easily obtained from e using a technique known as the Euclidean algorithm. If you know n (which is public), but not p or q (which have been destroyed), then the value of φ is very hard to determine. The secret value of d together with the value n represents the private key.
Once the public/private key pair is generated, we can encrypt a message (or even confidential personal and business data) with the public key with the following steps.
1. Take a positive integer m to represent a piece of plaintext message. In order for the algebra to work properly, the value of m must be less than the modulus n, which was originally computed as p • q. Long messages must therefore be broken into small enough pieces that each piece can be uniquely represented by an integer of this bit size, and each piece is then individually encrypted.
2. Calculate the ciphertext c using the public key containing e and n. This is calculated using the equation c = me (mod n).
Finally, we can perform the decryption procedure with the private key using the following steps.
1. Calculate the original plaintext message from the ciphertext using the private key containing d and n. This is calculated using the equation m = cd (mod n).
2. Compare this value of m with the original m, and you should see that they are equal, since decryption is the inverse operation to encryption.
Referring to the flowchart displayed at Fig. 1 , the invention provides another method for generating the random numbers by using biometric means. An image of the biometric information is first obtained. The biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The image(s) obtained from the biometric means, will give the value for 'p', 'q' and possibly 'e'.
The process is as follows
1 ) An image of the biometric information is obtained. The image can be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
2) Some computer processing may be required to align the image captured.
3) This image is then saved as an image file (e.g. JPEG, Bitmap, GIF or any image file in use under current convention). The image can be saved into memory or a secondary storage.
4) The data of the image which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself.
5) The random numbers generated are then put through an algorithm to test for primality testing. Examples of such algorithms are Lucas-Lehmer, Miller-Rabin test etc.
6) The random numbers generated by using the seed number or the random number itself will be fed as the input to the RSA Algorithm to generate the key pairs.
Referring to Fig. 2, the next step is storing of data encrypted using asymmetric cryptography on a RFID chip.
The process is as follows
1 ) If the key pairs have not been generated, generate the key pair. The algorithm can be either the RSA or any other algorithm.
2) If there is encrypted data on the RFID chip, retrieve the encrypted data on the RFID chip into a device for authentication (e.g. upload to a computer or download to a PDA) using the appropriate reader.
3) Encrypt the data using either the private key (for digital signing) or another party/parties public key or both. The data can be encrypted by using programs which are publicly available (e.g. electronics communication encryption program, Pretty Good Privacy (PGP), available from www.pgp.com).
4) Write the encrypted data back onto the RFID chip for storage.
For retrieval of the stored data, the process is as follows:
1 ) Encrypted Data is retrieved from the RFID chip.
2) Encrypted Data is decrypted using the private key.
3) If the data decrypted is "garbage", it implies that either the information is digitally signed or it was not intended for the recipient.
4) Retrieve the public key of the authorised user of encrypted data.
5) Data is decrypted using the public key of the authorised user of encrypted data.
6) Decrypted data can be stored in memory, secondary storage or written back to the RFID chip.
Referring to Fig. 3, the third step of the invention is authenticating the stored data encrypted on documents using asymmetric cryptography. The stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts etc. The stored data could be data relating to the data owner's personal and business information, which is vital to the data owner and meant to be disclosed only to authorised users of the data allowed by the data owner.
The process from the data owner's perspective is as follows.
1 ) The data owner e.g. a government agency or a company creates their key pairs using asymmetric algorithms (e.g. RSA) through publicly available programs (e.g. PGP).
2) The data is encrypted using the data owner's private key (i.e. digital signing).
3) The information is stored into the identification document, either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag.
The process from the party who is conducting verification is as follows.
1 ) Public key of the data owner e.g. government agency or company involved is obtained.
2) Data on the identification document is decrypted.
If the data could be read, the document is authentic.
From the above, it can be seen that the invention can be used to authenticate important documents such as those used for identification. There are two ways of doing this. The first way can be done in the following steps.
1 ) Calculate the checksum of the documents. This could be done in either: -
i. Calculating the checksum of the scanned image of the document or ii. Calculating the checksum of all the letters in the documents.
2) Writing the checksum obtained into the RFID chip embedded in the document. The data on this RFID chip can only be written once.
When the need arises, the authenticity of the document is verified as follows.
1 ) The checksum of the document is obtained.
2) Verify the checksum obtained with the checksum stored on the RFID chip.
The second way of doing this is as follows.
1 ) Calculate the checksum of the documents.
2) Using the method described in Step 1 (Generation of random numbers using biometric means), we can digitally sign the checksum using the private key of all the parties involved, including the lawyer. The public key can be stored in a repository in a website on the Internet.
3) The digitally signed checksum (or encrypted checksum) is then written onto a normal RFID chip embedded in the document.
When the need arises, the authenticity of the document is verified as follows
1 ) Obtain the checksum of the document.
2) Obtain the public key of all the parties from the repository.
3) Decrypt the checksum stored in the RFID chip with the public key of all parties individually.
4) If the individual checksums tally with the checksum obtained in Step 3, we can safely assumed that they are definitely from the parties involved in Step 2.
It should be noted the data which has been encrypted using the public key can only be decrypted by the private key and vice versa.
Another illustration of another working of the invention is now given. The keys are reproduced every time the biometrics is obtained. The biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body. The same set of random numbers should theoretically be obtained and the same set of prime numbers will also be obtained.
The initial prototype will involve a fingerprint reader to obtain the public and private keys. The public key will then be stored in a repository for the world to use.
Using the example of passports, what may happen is that data or a message such as "This passport is valid" will be encrypted using the passport holder's private key and the government body's (ICA) private key.
When the passport holder visits another country, e.g. USA, the immigration authorities at USA will then obtain public key of the passport holder and the ICA from the repository and decrypt the data. There are three possible scenarios in this instance:-
1 ) The immigration authority decrypts the encrypted data on the RFID chip with the passport holder's public key and sees the phrase "This passport is valid" but gets garbage when he decrypts the data with the government body's public key. This would mean that the passport wasn't issued by the legitimate government body.
2) The immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid", but gets garbage when he decrypts the data using the passport holder's public key. This would mean that the passport doesn't belong to the holder.
3) The immigration authority decrypts the encrypted data on the RFID chip with the government body's public key and gets the word "This passport is valid" and also gets the same word when he decrypts using the passport holder's public key. This means that the passport is legitimate.
A further working of the invention is now given in the example of wills and important commercial documents. The keys are reproduced every time the fingerprint is obtained. The same set of random numbers should theoretically be obtained and the same set of prime numbers will also be obtained.
A fingerprint reader is used to obtain the public and private keys. The public key will then be kept by an authorised party for the world to use.
In the case of an important document, data such as " date, time, location and other pertinent information relating to authentication of the document " is encrypted using the holder's private key and the authorised party's private key. The data encrypted would be stored in a RFID chip and affixed to the important document.
When the holder presents the important document to an authorised party, the authorised party checks on the important document and obtain public key of the document holder. The authorised party then decrypt the data using their public key. There are three possible scenarios in this instance:-
1 ) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and sees the authentication data " data, time, location and other pertinent information relating to the authentication of the document " but gets garbage when he decrypts the data with the authorised party's public key. This would mean that the document wasn't issued by the legitimate holder.
2) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and gets the pertinent information but gets garbage when he decrypts the data using the document holder's public key. This would mean that the document doesn't belong to the holder.
3) The authorised party decrypts the encrypted data on the RFID chip with the document holder's public key and gets all the pertinent information and also gets the same pertinent information when he decrypts using the document holder's public key. This means that the document is genuine.
There are many methods of generating asymmetric keys and many applications for its uses can be envisaged.
Disclosed herein are methods for generating asymmetric keys:-
- Generation of the asymmetric keys on the fly
- Using the data on the RFID chip as a seed (to strengthen the case for prior filing date)
- Using biometric information to unlock keys stored in the keyfile. The keys could be encrypted using symmetric or asymmetric keys
- Using the portable mobile device to decrypt encrypted data on the RFID chip (to strength the case for prior filing date).
The invention also envisage the asymmetric keys generated by the methods of the invention on secondary storage devices such as the portable consumer electronic device (eg mobile phone, PDAs, Blackberry) be further used as:-
« A two factor authentication device;
« A means to get encrypted information from the server, decrypt it and pass it to a PC
« A digital signing device
« Fingerprint verification to send from phone to payment centre ■* Using asymmetric data
■* As credit card/cash payment (Claims 19). Current method uses an RFID chip add on to the phone. What we are trying to do is to use the memory area on the phone
•* as an authentication device
•* as an identification device
« as an external storage drive on Mobile phone and PDA only
« Storing of Windows/Linux/Apple desktop setting on the mobile phone
< An antivirus scanner/ firewall (Claims 25). Maybe we can include this in the other filing
Other Applications envisaged by the methods claimed in this invention includes:-
> SecurlD token
> Token for identity providers
> Broadcasting change of keys to all parties involved
> Personal information storage device
> Password storage
> Auto update of people's personal details
> Identity token which can be used to verify a person
> Updating phone records/personal particulars of friends from web to phone
> Encryption of data at bootup stage
> Licensing device/Software activation to combat software piracy
> Digital Rights Management
> Storing user preference/credentials
Shops etc
Home entertainment system
> Using the mobile phone to scan for friends in the vicinity
> As a walkie talkie
> Bluetooth earpiece as a microphone
> WiFi to Bluetooth and vice versa converter
> Download of information from an exhibit or place to a mobile phone
> Tourism journal
> Bluetooth/WiFi remote control
> Aging data
> Submission of question and answers
> Receiving data from a speech
> Printing documents, spreadsheets to a printer directly
> Displaying the presentation slides to a project directly
> Electronic cheque
> Means of voting
> Location finder
> Writing the encrypted data onto the RFID chip on the mobile phone for verification (which has been discussed at some length herein).
> Using the mobile phone device to operate machineries
Gadgets incorporating the devices of the invention include:- o Device to generate asymmetric keys on the fly o Lock with direct wireless capabilities o WiFi to Infrared device for remote control o Credit card/ATM authentication for digital signing from mobile phone o Device to enable direct transmission from phone to projector o Device to convert Bluetooth to WiFi converter o Massage chair with capabilities to recognise the user
The description of the system, procedures and workings of the system and method of authentication has been given for purpose of illustration herein. The embodiments are merely preferred examples and not to be construed as limiting the scope of the present invention. It is therefore envisaged similar devices, processes and similar authentication systems could be used for many purposes where authentication or verification of a person's identity is necessary before certain transaction could be entered e.g. approval of financial transactions, authorization of entry into certain restricted areas, with or without modifications for the invention to work in such environments.
Having described preferred embodiments of the invention with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various changes and modifications may be effected therein by one skilled in the art without departing from the scope or spirit of the invention as defined in the claims.
ADVANTAGEOUS EFFECTS OF THE INVENTION
It is essential in authenticate a person's identity and merely possession of a document purportedly to belong to the person is sometimes not sufficient. The invention makes use of biometrics of a person which is unique to the person for generation of an algorithm to output a private key and public key, storing encrypted data and the keys in a RFID chip, for authentication purpose.
Another advantage is that compared to existing biometrics means, the template of the fingerprint etc is stored in a server, hence if the server is compromised, all the templates of the fingerprints stored will be at risk of being stolen and used. In this invention, even if the server is compromised, the public keys stored in there would be useless to the person who compromised the server.
Many applications of the improved authentication system are proposed and discussed.
Claims
1. An authentication system for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a asymmetric algorithm such as the RSA algorithm, characterised by
obtaining the prime numbers required for inputs for the RSA asymmetric algorithm from a biometric source;
storing of data encrypted using asymmetric cryptography on a secondary storage device; and
authenticating and retrieving of the encrypted data stored in said secondary storage devices using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
2. The verification means of an authentication system as claimed in Claim 1 , wherein the verification means is a validation message or a rejection message.
3. The inputs for the RSA algorithm obtained from a biometric source as claimed in Claim 1 , wherein the biometric source could be an image of the biometric image.
4. The biometric image used for an authentication system for storage and retrieval of encrypted data as claimed in Claim 1 , wherein the biometric image could be a fingerprint, an iris scan, face recognition, vein scan or any part of the body.
5. The biometric image used for an authentication system as claimed in Claim 3, wherein the image of the fingerprint, the iris scan, face, vein or any part of the body is processed by a computer, and saved into memory and then such data which are ultimately represented as binary values are then used to generate the random numbers either as the seed for random number generation or as the random number itself, the random numbers generated are then put through an algorithm to test for primality testing and thereafter, the prime numbers generated after the primality testing will be fed as the input to the RSA algorithm to generate the key pairs.
6 . Method for generating asymmetric keys (e.g. RSA) by using the methods mentioned below as the seed for the pseudo random number required for primality testing :- i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number etc) iii) using the data on the RFID chip iv) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) v) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
7. Method for generating asymmetric keys (e.g. RSA) by combining two or more of the below mentioned means as the seed for the pseudo random number for primality testing i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction; with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
8. Method for generating asymmetric keys (e.g. RSA) by using one or more of the methods specified below as the seed for the pseudo random number and then using one or more of the methods specified below to iterate and find a new random number for primality testing or to find new prime numbers by iterating the primality test using one or more of the methods specified below i) obtaining the biometric information of the person ii) device identification number (e.g. CPU serial number, lmei number of the mobile phone, hard disk serial number, mobile phone number etc) iii) using the data on the RFID chip iv) password v) pin number vi) file on the device (e.g. photos, data, mp3) vii) identification number of add on accessories/gadgets used in conjunction with the device (e.g. SIM card number of a SIM card used with a mobile phone,
Serial number of a Bluetooth headset used with a mobile phone, external hard disk serial number used with a PC, phone number of the mobile phone) viii) using the biometric information template obtained by matching it with the biometric information obtained from the person (e.g. fingerprint recognition, facial recognition, voice recognition etc).
9. Method for using biometric information (e.g. fingerprint recognition, facial recognition, voice recognition) to unlock keys stored in the keyfile and decrypt the incoming data in the portable consumer electronic device and transfer it back to the sender either directly from the device or via another device such as a PC.
Example: i) User and bank has previously exchanged the encryption keys (either symmetric or asymmetric) ii) Bank encrypts the token with the encryption key and sends it to the mobile phone either directly through GPRS or through a PC iii) User scans his finger on the fingerprint scanner on the mobile phone.
The mobile phone will match the fingerprint from the database on the mobile phone iv) Upon successful identification, it will decrypt the key from the file v) Using the key it obtained, the mobile phone will then decrypt the token to extract the message vi) The message is then transferred to the PC which will in turn send it back to the bank for verification.
10. Method for using the portable consumer electronic device with storage capability (e.g. mobile phone, PDA, iPod, BlackBerry) to decrypt a RFID chip with data encrypted either using symmetric or asymmetric encryption or both.
11. Method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod, BlackBerry) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method generated from Claims 6 - 8 and storing the keys on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication ) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
12. Method for using a portable consumer electronic device with storage capability (e.g. mobile phone, PDAs, iPod) as a multi-factor (defined as two or more) authentication device using asymmetric keys from the method generated from Claims 6 - 8 on the fly as and when needed. The keys generated are not stored permanently on the device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB), thereby minimising the risk exposed to the user if the device is stolen or lost as the person who stole it would need to know how to get the seed to generate the asymmetric key.
13. Method for using portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) as a multi-factor authentication device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Near Field Communication) or via a gateway (eg GPRS, 3G, SMS) or direct wired (e.g. USB).
14. Method for using portable consumer electronic devices (e.g. mobile phone, PDA) with data encrypted with symmetric keys (e.g. AES) specified in Claims 9-10 as a multi-factor authentication device. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi1 Infrared, Near Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g. USB).
15 Method for using a secondary storage device in a portable consumer electronic device (e.q. mobile phone, PDAs, iPod) to perform as a two or more factor authentication device using symmetric and/or asymmetric keys. The mode o transmission for the exchange of the data can be direct wireless communication (e.g Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G, SMS) or direct wired (e.g USB).
16, Method for using portable consumer electronic devices (e.g. mobile phone PDA) as a means for transferring encrypted data (either asymmetric or symmetric) frorr a server to the portable consumer electronic device for decryption and then transfer the data to another system such as a PC. The mode of transmission for the exchange o the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared, Neai Field Communication) or via a gateway (e.g. GPRS, 3G, SMS) or direct wired (e.g USB).
The encrypted data can be send in any of the ways mention below i) Transfer an encrypted session token from the server to the portable consumer electronic device either directly via GPRS, SMS etc or via the primary computing device such as a PC to the portable consumer electronic device. The decrypted session token is then sent back either directly to the server or via the primary computing device. The server will then allow the primary computinc device to access the data. ii) Transfer the encrypted data from the portable consumer electronic device either directly via GPRS etc or via the primary computing device such as a PC to the portable consumer electronic device. The data is decrypted on the portable consumer electronic device and sent to the primary computing device.
Example usage : i) User stores his personal information such as address, medica information, telephone number on the web and encrypt the data ii) When the user visits a clinic for the first time, the user will log in to the server through his mobile phone iii) The data downloaded from the server will be decrypted on the mobile phone and sent to the PC at the clinic iv) The software on the PC will process the details of the user such as the address, the medical information and telephone number accordingly.
17 Method for using the biometric functions built in a portable consumer electronk device as means for authentication/identification in place of an external biometrύ reading machine. For example : Instead of using a fingerprint scanner connected to a payment device, the user can use the fingerprint scanner on his mobile phone or PDA to authenticate his identity to the payment centre. This eliminates the risk of the fingerprint template being stored in the merchant's computer.
18 Method for authenticating and/or signing the message on the devices mentioned above (which is used as the secondary device) where the primary device doesn't have access to the keys using the asymmetric keys generated in Claims 6-10.
19 Method for using the portable consumer electronic device with or without asymmetric keys as a mode of payment and/or as a credit card. The data is stored in the common memory area of the device and encrypted and/or on external commercially available memory storage devices.
20 Method to use portable consumer electronic devices (eg mobile phone, PDA) as secondary storage devices with asymmetric keys stored in them/or asymmetric keys generated on the as a form of authentication device for use such as i) loyalty card ii) access card (e.g. proximity access card for access for offices); iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
In the authentication process, the other party needs to know if the owner of the phone is authorised and does not need to know their identity. The data on the loyalty card etc can be stored on the portable consumer electronic device, on an external server such as the web, or on the merchant's server (as in the case of loyalty cards).
21 Method to use portable consumer electronic devices (e.g. mobile phone, PDA) as secondary storage devices as a form of identification device for use such as h lovaltv card N) access card (e.g. proximity access card for access for offices) iii) proof of identity iv) e-commerce applications (e.g. e-tickets purchases) v) web log ins vi) Operating system logins vii) Activating and deactivating screensavers based on credentials viii) Credit card authentication through the Internet ix) Credit card authentication at Point of Sales Terminal in place of/in addition to signature verification x) Proof of purchase (e.g. receipts) xi) identity management on the Internet or Intranet
In this identification process, the user identifies himself to the other party using asymmetric/symmetric keys. Therefore, using a portable consumer electronic device can hold multiple identities for a user.
For example : Assuming that the asymmetric keys have been generated and given to the respective parties, the user then proceed login to his intranet by placing his phone near the PC and generates the asymmetric key using Claims (6-8). The PC identities the user and allows him to log in. When the same user logs in to his email service provider, he generates another set of asymmetric key using Claims (6-8). In this way, the mobile phone hold multiple identities of the same person.
22. Method to use the mobile phone, personal digital assistant (PDA) as an external storage device. This will allow the user to save their documents and setting directly into the mobile phone or PDA which is mapped as a local drive on the computer. The data on the mobile phone or PDA can be encrypted and decrypted on the fly thereby functioning as an encrypted external hard disk.
23. Method to store the user settings and user personal folder (such as C:\Documents and Settings\kschua in Windows XP or /usr/home/kschua in Linux) on the mobile phone, personal digital assistant (PDA). This will preserve the settings for the user when he switches between computers. In addition, operating system can be customised to extract the user settings from the mobile phone or PDA upon startup or login.
24. Method to store internet cookies, bookmarks etc with encryption or in plain text on the portable consumer electronic device which the user can use to access websites on another device such as a PC
Example usage : i) A user's bookmarks, cookies and login user name and passwords are stored on the mobile phone ii) When the user access a PC, and launches the Internet browser, the
Internet browser will load the bookmarks from the mobile phone iii) When the user logs in to read his email, the browser will pick up the user name and password from the mobile phone, thereby freeing the user from keying in the user name and password. This will prevent key loggers from stealing the user name and password.
25. Method to use the mobile phone, personal digital assistant (PDA) to scan for virus on the PC and/or to act as a network gateway with firewall. This isolates virus scanning and firewall activities to an external device function and functions as a hardware virus scanner/firewall.
26. Method for using the mobile phone to function as a SecurlD token (by RSA Security).
27. Method for using the mobile phone for generation of a new code at a specific interval (e.g. 60 seconds) to be combined for use with the PIN number/password at the primary computing device for multi factor authentication purposes. The resultant pin/password will be a one-time-use code that is used to positively identify or authenticate the user. The server at the other end will be synchronised such that the new code generated by the mobile phone will be the same.
Example usage
1 ) Upon logging in to an internet banking website, the mobile phone displays aaaaaa. The user's pin number is 222222. Therefore, when prompted to enter the password, the user enters aaaaa222222. The internet banking server need to be synchronised with the mobile phone such that at the specific time, it knows that the mobile phone has generated aaaaaa.
28 Method for storing the asymmetric data and any important data on the web and to broadcast change of keys and/or consumer electronic device to all parties involved, (e.g. banks, shops whom the user has a loyalty card with).
29 Method for storing personal information on the portable consumer electronic device with 1 ) symmetric encryption or/and 2) asymmetric encryption for the purpose of ease of data entry and counter checking purposes (e.g. filling in of forms by transmitting the data to the PC or filling in of lottery coupons to purchase the tickets and later to check the numbers bought with the winning numbers).
30 Method for using portable consumer electronic device to store information encrypted with either symmetric and/or asymmetric keys pertaining to the user (e.g. address, medical records, dental records, drug allergies).
31 Method for encrypting data on the portable consumer electronic device with symmetric and/or asymmetric key to protect the privacy of data on the portable consumer electronic device. An option may be included to allow the data to self destruct upon keying in a wrong decryption code.
32 Method for using the mobile phone and/or PDA as a password management device for use with another device (e.g. PC) where i) The user name and/or password can be transmitted to the other device either in clear text form or in encrypted format or ii) The user name and/or password will be sent to a server (e.g. web based email) and the session token (such as a cookie) returned from the said server will be transmitted to the PC for use.
33 Method for storing personal details encrypted with asymmetric data of the owner on a server and allowing authorised personnel to access the data. This will ensure that even if the system is hacked, hackers will not be able to decrypt the person's information stored on the server and it will provide the convenience of allowing friends of the user to be able to have the latest personal details of the user. Example usage : Jack encrypts his mobile phone, address and email address with the public keys of Sally and Jane respectively on the web.
1 ) Sally and Jane's mobile phone will update Jack's mobile phone number from the web at regular intervals or as and when is required. This way, whenever Jack changes his telephone number, Sally and Jane's mobile phone data will be updated accordingly. If Jack decides to deny Sally from knowing his new mobile phone number, he simply encrypts his new mobile phone number on the web with Jane's public key. This way, only Jane will have the new number and Sally doesn't 2) Jack changes his email address and updates the information on the web and encrypts it with Sally and Jane's public key. On Sally's and Jane's PC1 this information will be downloaded and the changes made to the address book accordingly.
3) Jack shifts house and updates the information on the web and encrypts it with Sally and Jane's public key. If Sally or Jane wants to pay Jack a visit, they can check the web or use their PC to retrieve the latest information and check where Jack is staying. If Jack doesn't wish to let any of them know of his new address, he can just simply update the data encrypting it with other people's public key except Jane and Sally's.
34. Method for allowing identity providers to store tokens on portable consumer electronics. This token can then be forwarded to a third party who had initially requested for identity verification. Example usage
1 ) ABC Brewery sends identity verification token to verify that the owner is above the legal age limit to purchase liquor to the owner's mobile phone. The owner forwards the request to an identity provider (eg Immigration and Checkpoint Authority, ICA) to verify. The ICA acknowledges the identity and age of the owner and processes the token. It then digitally signs the token and sends it back to the owner's mobile phone. The owner then forwards the digitally signed token to ABC Brewery. ABC Brewery will then check to see if the token is authentic. If it is authentic, the owner is allowed to purchase liquor.
35 Method of updating the phone number of a contact in the address book seamlessly either through accessing the web to retrieve the updated data or by changing the contact details stored in the mobile phone and/or PDA.
Example usage : i) Jack calls John by selecting "John" in the address book. ii) The mobile phone gets a message saying that the number dialled is no longer available. iii) The mobile phone will then automatically check the web to search for
John's new number and dial that new number instead.
36 Method for using a portable consumer electronic device with asymmetric and/or symmetric key as a means to encrypt and decrypt data on the PC with hard disk at either bootup stage or sections of the hard disk.
Example usage : i) User powers up his PC and places the mobile phone next to the PC. ii) At the bootup, a program will decrypt the rest of the hard disk with the key obtained from the mobile phone. iii) Upon successful decryption, the Windows operating system and all other parts of the hard disk will be accessible to the user, therefore, Windows will be able to start up and proceed.
37. Method for using portable consumer electronic devices as a means for activating software applications to prevent piracy and/or as a licensing device. Example usage : i) Before a software can run, it will check for credentials of the user through the mobile phone. ii) After obtaining the credentials of the users, it will then determine whether the set of credentials is allowed to execute the program. If it is, the program will execute, otherwise it will inform the user that he does not have the licence to run the program.
38 Method for using the consumer electronic device as a means for digital rights management, (e.g. the DVD movie can only be played if the authorised mobile phone is placed near the DVD player).
Another example usage : i) User purchases movie from the internet and passes his public key from his mobile phone to the service provider. ii) Service provider will encrypt the movie with the user's public key and sends the movie to the user. iii) When the user plays the movie on his home entertainment system such as a PC, the PC will check to ensure that the data can be successfully decrypted using the private key of the user's mobile phone. iv) The decrypted data is then played.
39 Method for using the portable consumer electronic device to function as a storage to keep user preferences and credentials. The data can be encrypted with asymmetric and/or symmetric keys. An example would be to store users preference for shop. (e.g. clothes size, shoe size, food dishes).
Example usage : i) User visits a restaurant and places the order via his mobile phone. ii) On subsequent visits, he can review previously placed orders to determine if he wants to order the exact same dish again.
40 Method for using a portable consumer electronic device with or without asymmetric key as a means to store the user preferences of a home entertainment systems and home automation systems.
Example usage : i) When Sam is listening to music, he places his mobile phone near the music player. It grabs Sam's preferences such as the equaliser settings, volume control and automatically adjust the sound system to it. ii) Sam can also store the massage sequence on his mobile phone such that when he sits on the massage chair, the chair activates the massage sequence.
41 Method for using the portable electronic consumer device to locate friends in the vicinity either by using direct wireless means (e.g. Bluetooth, WiFi) or via a gateway (e.g. wireless internet connection).
Example usage i) Jack and Sam are in the same building. ii) Their mobile phones are turned on to scan for friends in the vicinity using the building WiFi access. iii) Through the IP address provided, their respective mobile phone knows that they are both in the same building and trigger an alert to both of them informing them that they are in the same building.
42 Method for using portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth, WiFi) as a walkie talkie or for conference calls.
Example usage : i) Jack decides to place a phone call to Sam. ii) The mobile phone detects that both Jack and Sam are in a wireless environment and automatically uses the WiFi connection to establish the phone session thereby saving phone charges.
43 Method for using asymmetric key to identify individual users in using the method specified in Claim 39. The keys can also be used to allow for secure mobile phone communication using the method specified in Claim 39.
44 Method for using a Bluetooth earpiece or Bluetooth/WiFi enabled portable consumer electronic device with or without asymmetric key to function in place of a microphone.
45. Method for using the portable consumer electronic as a Bluetooth to WiFi converter and vice versa. This will allow for users who are using a voice chat system in their PC (e.g. MSN) to transfer the data via WiFi to the mobile phone and using the Bluetooth connection of the mobile phone to transfer the data to a Bluetooth earpiece, thereby facilitating the use of a Bluetooth earpiece to be used as an ordinary headphone with a PC.
46 Method for using a portable consumer electronic device to download information either in clear text or encrypted with asymmetric and/or symmetric key pertaining to an exhibit in places such as a museum or zoo onto the device.
47 Method for using a portable consumer electronic device with or without asymmetric key with a Bluetooth earpiece as a means to obtain voice information on an item (e.g. an exhibit in a museum can have a corresponding device to transmit information such as what the exhibit is about to the users mobile phone and then to the earpiece).
48 Method of using a portable consumer electronic device as a travel journal. When payment is made using the mobile phone or when the tourist visits a place of interest and establishes a connection, these data are stored in the users mobile phone for his own record purposes. Pictures taken between sites will be organised accordingly.
49. Method for using a portable consumer electronic device with camera and location tracking service (e.g. GPS, mobile phone base station) to capture the image with location coordinates (e.g. GPS coordinate) into in portable consumer electronic device or directly into a web page. The coordinates can be tagged to the image or embedded in the image file. It can also include the date and time embedded in the image or tagged to the image. This can be used to serve as a travel journal, evidence of crime, diary etc. Example usage: i) A person witness a burglary and take out his mobile phone with GPS and camera to take a picture of the crime scene; ii) The coordinates is embedded into the image and the image transferred to the police website; iii) The website will record the date and time the image was received which can then be admitted as evidence in court.
50. Method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
51. Method for using the portable consumer electronic device (e.g. mobile phone or PDA) as a voice language translation. The voice translation can be done either on the device itself or through sending the data to the web and get the translated voice message through the web.
52. Method to allow portable consumer electronic devices (e.g. mobile phone, PDA) to use its direct wireless capabilities as a remote control to control Bluetooth enabled or WiFi consumer electronic devices.
53. Method for using portable consumer electronic device to store aging data which may be digitally signed or digitally encrypted or in clear text (e.g. warranty cards, e- tickets, receipts, promotion coupons). When the expiry date is reached (e.g. one year warranty has expired or the promotion date has reached), the data is automatically erased.
54. Method for using the direct wireless capabilities of the portable consumer electronic device to submit digitally signed questions and answers during a forum or speech or lecture or classroom lessons.
55. Method for enabling portable consumer electronic devices with direct wireless capabilities (e.g. Bluetooth or WiFi) with or without encryption (such as asymmetric and/or symmetric key encryption) to function as means for receiving data such as presentation slides from the speaker in a speech or lecture. This can also be used to distribute handouts in a meeting or at a lecture.
Example usage : i) When going for a lecture, the user signs his attendance using his mobile phone public key before entering the room; ii) When the lecturer decides to disseminate the information, he clicks a button which will encrypt the slides with the public key of the user and transmit it to everyone in the room; iii) Only the user will be able to decrypt the slide and the information will be junk to the other people in the room.
56. Method for printing documents, spreadsheets or presentation slides from mobile phone or PDA with direct wireless capabilities to the printer directly. This will allow users to print a Word document directly to a printer.
57. Method for displaying documents, spreadsheets or presentation slides from a mobile phone or PDA with direct wireless capabilities directly to a projector. With this means, the user does not need to carry a notebook when conducting presentation.
58. Method for using the portable consumer electronic device with asymmetric encryption as a chequebook.
Example usage : i) Bank issues digitally signed chequebook to the user and the user stores it in their mobile phone; ii) When the user wishes to pay another party in the form of a cheque, he transmit the digitally signed (from the bank) cheque book and digitally signs it himself; iii) He then transmit this data to the other party who will forward it to his bank to honour the cheque. In this way, the pay does not need to know the payee's bank account number which is the case in internet banking.
59. Method for using the direct wireless capabilities of the portable consumer electronic device (e.g. mobile phone, PDA) with or without asymmetric keys as a means of voting. This can happen in AGM where the individual members will cast their vote and digitally sign it for auditing purposes.
Example usage in an AGM i) Members register their public key at the reception and obtain the public key of the returning officer; ii) When it is time to cast their votes, they can key in their votes which will be encrypted with the public key of the returning officer and then digitally signed by them; iii) This data will be stored for auditing purposes and the vote will be kept secret because no one can decrypt the returning officers data; iv) This same data will be decrypted in memory to obtain the vote and add it to the counter.
This will ensure that the vote remains secret and yet can be subjected to auditing.
60. Method for using a portable consumer electronic device with direct wireless access capabilities (e.g. Bluetooth) to identify the location of a person.
Example usage : i) Child turns on the Bluetooth feature in mobile phone in a shopping centre; ii) His movement is captured at every intersection thereby providing his parents his whereabouts on their mobile phone.
61. Method for writing the asymmetric and/or symmetric key data onto the RFID chip on the phone as and when is required for the purpose of authentication.
62. Method for using the mobile phone with data encrypted using symmetric and/or asymmetric keys as a means for operating machinery (eg starting cars, playing arcade games machine).
63. Device to generate the asymmetric keys using the methods specified in Claim 6 - 9 with the option of keeping a copy of the keys generated and then using the keys when required, or generating the keys on the fly as and when it is required. The mode of transmission for the exchange of the data can be direct wireless communication (e.g. Bluetooth, WiFi, Infrared) or via a gateway (e.g. GPPRS, 3G1 SMS).
64. Direct Wireless (e.g. Bluetooth, InfraRed, WiFi, NFC) locks with asymmetric and/or symmetric encryption capabilities for use with the devices mentioned above.
65. Device for converting WiFi signals to infra red for use as a remote control. This will enable portable consumer electronic devices with WiFi capabilities to be used as a remote control.
66. Device to allow for the card authentication (e.g. credit card, loyalty card, ATM cards) using the methods specified above (Claims 20-21 ) through direct wired and wireless means. This will be used in conjunction with existing means except that instead of signing the bill, the user verifies his identity using the portable consumer electronic device. The public key from the mobile phone can be stored on the card itself, thereby if it can be unlocked with the private key on the mobile phone, the transaction is deemed authentic.
67. Device to enable existing projects to receive data (such as a Power point presentation) from a portable consumer electronic device to display directly onto the projector without the need for a notebook or PC.
68. Device to convert data from Bluetooth to WiFi. This can be used in conjunction with Claims 42, 49 and as a replacement for Claims 44.
69. Massage chair which has the capabilities to identify the person through the portable electronic consumer device specified in Claims 40.
70. The authentication system as claimed in Claim 1 wherein personal and commercially important data are encrypted into a secured document using the data owner's private key (i.e. digital signing) and the information stored in a secondary storage device either in the form of a barcode or in a memory chip in a smart card or a memory chip in a RFID tag embedded in the secured document.
71 The authentication system as claimed in Claim 70 wherein the process of verification is as follows.
a. Public key of the data owner involved is obtained; b. Data on the secured document is decrypted.
and if the data could be read, the secured document is authenticated.
72. The authentication system as claimed in Claim 70 for authenticating stored data encrypted on secured documents using asymmetric cryptography whereby the stored data could be stored in important documents such as identity card, driver's licence, passports, wills, contracts, credit cards and other commercially important documents, the stored data being personal and business information of a data owner and meant to be disclosed only to users of the data authorised with a public key issued by the data owner.
73. A secured document issued by an agency using the authentication system as claimed in Claim 70 for storage and retrieval of encrypted data using a public key and a private key, both the public key and private key being generated by a RSA algorithm, characterised by
obtaining the inputs for the RSA algorithm from a biometric source; storing of data encrypted using asymmetric cryptography on an RFID chip; and authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
74 A secured document obtained from the authentication system as claimed in Claim 70 wherein the authenticity is verified according to these steps:-
The verification agency decrypts the encrypted data on the RFID chip with the document holder's public key and obtains a validation message such as "This document is valid" but gets an incoherent message when the encrypted data is decrypted with the verification agency's public key, indicating the document was not genuine.
The verification agency decrypts the encrypted data on the RFID chip with the verification agency's public key and obtains a validation message such as "This document is valid", but also obtains a validation message when the encrypted data is decrypted using the document holder's public key. This would mean that the secured document is genuine.
75. A secured document for recording, storage and retrieval of encrypted data using the authentication system as claimed in Claim 70, using a public key and a private key, both the public key and private key being generated by a RSA algorithm, the secured document obtained by the following steps:- obtaining the inputs for the RSA algorithm from a biometric source;
recording and storing of data encrypted using asymmetric cryptography on an RFID chip; and
authenticating the stored data encrypted on documents using asymmetric cryptography;
the authentication of the encrypted data being carried out through verification means using both the public key and private key.
76. A secured document for recording, storage and retrieval of encrypted data obtained according to the steps in Claim 71 wherein the encrypted data includes data such as " date, time, location and other pertinent information relating to authentication of the document " which is then stored in a RFID chip and affixed to the important document.
77. Method for using the mobile phone as a password manager for another system/systems where the transmission of the password from the mobile phone to the system/systems can be, but not limited by, GPRS, Bluetooth, Wi-fi, Infra red, USB, or user input on the system keyboard.
An example would be where the user would key in a PIN number on the mobile phone to unlock the password for a PC running on Windows Operating System. The mobile phone would then transmit the password to the Windows system via another password stored in the mobile phone.
Another example would be where the user stores the log-in user name and password to a web site on his mobile phone. Upon unlocking the information on the mobile phone, the user name and password is transmitted to the computer system which does a log in to the web site without any further user intervention. This adds convenience to the user as well as provide the added security where the passwords are not stored on the system being used to access the web site as compared to existing password managers in which the passwords are stored on the PC itself. In addition, it gives the user the benefit of portability where he can carry his password manager with him. This also promotes strong passwords where the user just needs to remember a single simple password on his mobile phone to unlock various strong passwords to access the respective systems.
78. Method for directly or indirectly translating an email address to a telephone number on a mobile phone. This will allow the user of a mobile phone to call the other party using the other party's email address. The email address will then be either directly or indirectly translated to a telephone number either on the mobile phone or on a server.
The advantage is such that if a friend of the user changes his telephone number, the latter can update it onto the central database which can then either push the new contact number to the user's phone or be updated on the user's mobile phone when it is synchronised.
79. Method for using the mobile phone keyboard to function as the keyboard input of another device. For example, the mobile phone keypad can be used to key in the PIN number for an ATM card and then transmitted wirelessly to the ATM machine. This eliminates the risk of someone peeking at the ATM booth whilst the use is keying in the PIN number.
In addition, in place of a keyboard, the mobile keypad can serve to function as a keyboard for a computer system through Bluetooth, infra red etc.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG200604513-2 | 2006-07-04 | ||
SG200604513-2A SG131827A1 (en) | 2005-10-25 | 2006-07-04 | Improved authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008030184A1 true WO2008030184A1 (en) | 2008-03-13 |
Family
ID=39157514
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2007/000177 WO2008030184A1 (en) | 2006-07-04 | 2007-06-25 | Improved authentication system |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008030184A1 (en) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2948519A1 (en) * | 2009-07-24 | 2011-01-28 | Mediscs | Digital data ciphering and deciphering method, involves recovering single physical identification parameter at level of medium so as to introduce single physical identification parameter while ciphering and deciphering digital data |
WO2011012788A1 (en) * | 2009-07-29 | 2011-02-03 | Mediscs | Method for securely authenticating access to encrypted data |
US8213614B2 (en) | 2009-05-18 | 2012-07-03 | Amadeus S.A.S. | Distribution and printing of travel documents |
CN103297416A (en) * | 2012-02-27 | 2013-09-11 | 三星电子株式会社 | Method and apparatus for two-way communication |
US9077537B2 (en) | 2008-11-13 | 2015-07-07 | International Business Machines Corporation | Generating secure private keys for use in a public key communications environment |
US9111160B1 (en) | 2014-06-25 | 2015-08-18 | Tata Consultancy Services Limited | Computer implemented non-intrusive remote monitoring and capturing system and a method thereof |
US9819676B2 (en) | 2012-06-29 | 2017-11-14 | Apple Inc. | Biometric capture for unauthorized user identification |
US9832189B2 (en) | 2012-06-29 | 2017-11-28 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US9959539B2 (en) | 2012-06-29 | 2018-05-01 | Apple Inc. | Continual authorization for secured functions |
US9992171B2 (en) | 2014-11-03 | 2018-06-05 | Sony Corporation | Method and system for digital rights management of encrypted digital content |
CN108259161A (en) * | 2018-01-30 | 2018-07-06 | 吉林大学 | Application in modified mixed encryption method and its in the car environmental monitoring system |
CN108306738A (en) * | 2017-01-13 | 2018-07-20 | 阳振庭 | A kind of method and system of identification identity |
CN108650216A (en) * | 2018-03-21 | 2018-10-12 | 国网浙江省电力有限公司温州供电公司 | Supervisory control of substation background information checking method based on wireless transmission |
US10212158B2 (en) | 2012-06-29 | 2019-02-19 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US10331866B2 (en) | 2013-09-06 | 2019-06-25 | Apple Inc. | User verification for changing a setting of an electronic device |
US10372418B1 (en) | 2018-02-20 | 2019-08-06 | Wells Fargo Bank, N.A. | Apparatuses and methods for improved pseudo-random number generation |
CN111385793A (en) * | 2018-12-30 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Instruction sending method, instruction sending system, electronic equipment and storage medium |
US10735412B2 (en) | 2014-01-31 | 2020-08-04 | Apple Inc. | Use of a biometric image for authorization |
CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN113706361A (en) * | 2021-08-19 | 2021-11-26 | 兰州大学 | Digital image ownership protection cloud platform based on confidential computation |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
CN114398602A (en) * | 2022-01-11 | 2022-04-26 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114491465A (en) * | 2022-02-15 | 2022-05-13 | 南京邮电大学 | Credible user identity authentication method based on RFID |
US11676188B2 (en) | 2013-09-09 | 2023-06-13 | Apple Inc. | Methods of authenticating a user |
CN117614549A (en) * | 2023-11-29 | 2024-02-27 | 江苏富士特电气技术有限公司 | Medium-voltage high-speed analog optical fiber intelligent communication terminal with communication interference prevention function |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020044650A1 (en) * | 2000-08-24 | 2002-04-18 | Miaxis Biometrics Co. | Identity credence and method for producing the same |
WO2004008282A2 (en) * | 2002-07-12 | 2004-01-22 | Privaris, Inc. | Personal authentication software and systems for travel privilege assignation and verification |
US20050226411A1 (en) * | 2002-06-19 | 2005-10-13 | Gemplus | Method of generating electronic keys for a public-key cryptography method and a secure portable object using said method |
US20060083370A1 (en) * | 2004-07-02 | 2006-04-20 | Jing-Jang Hwang | RSA with personalized secret |
-
2007
- 2007-06-25 WO PCT/SG2007/000177 patent/WO2008030184A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020044650A1 (en) * | 2000-08-24 | 2002-04-18 | Miaxis Biometrics Co. | Identity credence and method for producing the same |
US20050226411A1 (en) * | 2002-06-19 | 2005-10-13 | Gemplus | Method of generating electronic keys for a public-key cryptography method and a secure portable object using said method |
WO2004008282A2 (en) * | 2002-07-12 | 2004-01-22 | Privaris, Inc. | Personal authentication software and systems for travel privilege assignation and verification |
US20060083370A1 (en) * | 2004-07-02 | 2006-04-20 | Jing-Jang Hwang | RSA with personalized secret |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9077537B2 (en) | 2008-11-13 | 2015-07-07 | International Business Machines Corporation | Generating secure private keys for use in a public key communications environment |
US8213614B2 (en) | 2009-05-18 | 2012-07-03 | Amadeus S.A.S. | Distribution and printing of travel documents |
FR2948519A1 (en) * | 2009-07-24 | 2011-01-28 | Mediscs | Digital data ciphering and deciphering method, involves recovering single physical identification parameter at level of medium so as to introduce single physical identification parameter while ciphering and deciphering digital data |
WO2011012788A1 (en) * | 2009-07-29 | 2011-02-03 | Mediscs | Method for securely authenticating access to encrypted data |
FR2948839A1 (en) * | 2009-07-29 | 2011-02-04 | Mediscs | METHOD FOR SECURELY AUTHENTICATING ACCESS TO FIGURE DATA |
CN103297416A (en) * | 2012-02-27 | 2013-09-11 | 三星电子株式会社 | Method and apparatus for two-way communication |
EP2632156A3 (en) * | 2012-02-27 | 2015-12-30 | Samsung Electronics Co., Ltd | Method and apparatus for two way communication |
US10212158B2 (en) | 2012-06-29 | 2019-02-19 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US9819676B2 (en) | 2012-06-29 | 2017-11-14 | Apple Inc. | Biometric capture for unauthorized user identification |
US9832189B2 (en) | 2012-06-29 | 2017-11-28 | Apple Inc. | Automatic association of authentication credentials with biometrics |
US9959539B2 (en) | 2012-06-29 | 2018-05-01 | Apple Inc. | Continual authorization for secured functions |
US10331866B2 (en) | 2013-09-06 | 2019-06-25 | Apple Inc. | User verification for changing a setting of an electronic device |
US11676188B2 (en) | 2013-09-09 | 2023-06-13 | Apple Inc. | Methods of authenticating a user |
US10735412B2 (en) | 2014-01-31 | 2020-08-04 | Apple Inc. | Use of a biometric image for authorization |
US9111160B1 (en) | 2014-06-25 | 2015-08-18 | Tata Consultancy Services Limited | Computer implemented non-intrusive remote monitoring and capturing system and a method thereof |
US9992171B2 (en) | 2014-11-03 | 2018-06-05 | Sony Corporation | Method and system for digital rights management of encrypted digital content |
CN108306738A (en) * | 2017-01-13 | 2018-07-20 | 阳振庭 | A kind of method and system of identification identity |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
CN108259161A (en) * | 2018-01-30 | 2018-07-06 | 吉林大学 | Application in modified mixed encryption method and its in the car environmental monitoring system |
US10977004B1 (en) | 2018-02-20 | 2021-04-13 | Wells Fargo Bank, N.A. | Apparatuses and methods for improved pseudo-random number generation |
US10599397B1 (en) * | 2018-02-20 | 2020-03-24 | Wells Fargo Bank, N.A. | Apparatuses and methods for improved pseudo-random number generation |
US10372418B1 (en) | 2018-02-20 | 2019-08-06 | Wells Fargo Bank, N.A. | Apparatuses and methods for improved pseudo-random number generation |
CN108650216A (en) * | 2018-03-21 | 2018-10-12 | 国网浙江省电力有限公司温州供电公司 | Supervisory control of substation background information checking method based on wireless transmission |
CN108650216B (en) * | 2018-03-21 | 2023-07-11 | 国网浙江省电力有限公司温州供电公司 | Substation monitoring background information checking method based on wireless transmission |
CN111385793A (en) * | 2018-12-30 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Instruction sending method, instruction sending system, electronic equipment and storage medium |
CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN111970699B (en) * | 2020-08-11 | 2023-09-05 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN113706361A (en) * | 2021-08-19 | 2021-11-26 | 兰州大学 | Digital image ownership protection cloud platform based on confidential computation |
CN113706361B (en) * | 2021-08-19 | 2022-04-26 | 兰州大学 | Digital image ownership protection cloud system based on confidential calculation |
CN114398602A (en) * | 2022-01-11 | 2022-04-26 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114398602B (en) * | 2022-01-11 | 2024-05-10 | 国家计算机网络与信息安全管理中心 | Internet of things terminal identity authentication method based on edge calculation |
CN114491465A (en) * | 2022-02-15 | 2022-05-13 | 南京邮电大学 | Credible user identity authentication method based on RFID |
CN117614549A (en) * | 2023-11-29 | 2024-02-27 | 江苏富士特电气技术有限公司 | Medium-voltage high-speed analog optical fiber intelligent communication terminal with communication interference prevention function |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008030184A1 (en) | Improved authentication system | |
US12126715B2 (en) | Methods and systems of providing verification of information using a centralized or distributed ledger | |
US20180295121A1 (en) | Secure element authentication | |
US6880079B2 (en) | Methods and systems for secure transmission of information using a mobile device | |
KR100952551B1 (en) | Method and apparatus for simplified audio authentication | |
US9210146B2 (en) | Secure content transfer using dynamically generated optical machine readable codes | |
JP2009510644A (en) | Method and configuration for secure authentication | |
US20070255951A1 (en) | Token Based Multi-protocol Authentication System and Methods | |
TW200402224A (en) | Biometric private key infrastructure | |
AU2020100734A4 (en) | Systems and methods for secure digital file sharing and authenticating | |
CN111656732A (en) | Device for storing a digital key for signing transactions on a blockchain | |
JPH09223210A (en) | Portable information storage medium and authentication method and authentication system using the same | |
Reddy et al. | A comparative analysis of various multifactor authentication mechanisms | |
WO2022251894A1 (en) | Systems and methods for secure digital file sharing and authenticating | |
KR20090041570A (en) | System for authenticating electronic notarial document using two dimensional bar code and rfid tag and method for issuing electronic notarial document |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07748722 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 570380 Country of ref document: NZ |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07748722 Country of ref document: EP Kind code of ref document: A1 |