[go: up one dir, main page]

WO2014011026A1 - A system and method for multimodal authentication platform - Google Patents

A system and method for multimodal authentication platform Download PDF

Info

Publication number
WO2014011026A1
WO2014011026A1 PCT/MY2013/000124 MY2013000124W WO2014011026A1 WO 2014011026 A1 WO2014011026 A1 WO 2014011026A1 MY 2013000124 W MY2013000124 W MY 2013000124W WO 2014011026 A1 WO2014011026 A1 WO 2014011026A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
module
authentication module
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/MY2013/000124
Other languages
French (fr)
Inventor
Kang Siong Ng
Rashidah Haron GALOH
Hon Loon WONG
Maniam DHARMADHARSHNI
Chong Seak Sea
Izyani Daud NOR
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mimos Bhd
Original Assignee
Mimos Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Bhd filed Critical Mimos Bhd
Publication of WO2014011026A1 publication Critical patent/WO2014011026A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Definitions

  • the present invention relates to a system and method for authentication by providing multimodal authentication platform as a front channel for user to access a particular application site with security intact.
  • Authentication method is handled solely by the application.
  • Application 'A' is using type of authentication method and application 'B' is using another, '2' type of authentication method.
  • different authentication methods are adapted in order to login to various applications.
  • user is unable to select user's preferred authentication method for specific application in accordance to its security intensity.
  • Authentication method is fixed by the application.
  • Application 'A' is using type of authentication method. But user insists in using '2' type of authentication method. In result, user is forced to use " ⁇ type of authentication method in order to access the application. User is also unable to select user's preferred dynamic authentication method in accessing an application.
  • Authentication method is fixed by the application. In case where capability of multi level and factors authentication method is turned on for the application, the next level of authentication method is fixed by the application. In result, to re-authenticate a user, user is forced to use a fixed authentication method. User is unable to select user's preferred dynamic authentication method in accessing an application.
  • Authentication method is fixed by the application.
  • the adaptive authentication method is fixed by the application where capability of adaptive authentication is turned on for the application.
  • the present invention proposes a system and method to allow users to access a particular application site with multiple modal of authentication methods as valid user's access accounts is proposed.
  • User will be presented with a centralized multimodal authentication as a front channel in accessing any application site.
  • the method includes presenting the multimodal authentication interface to user before accessing any application site; receiving user credentials and authenticates the user and granting user access to the application site, provided that the authentication is successful.
  • the present invention allows and re-enforce security in selection of authentication mechanism by allowing system preference of multi modal authentication to precede the user preference.
  • the present invention provides a system and method for authentication by providing multiple multimodal authentication platform (100,300) as a front channel for user to 5 access a particular application site with at least one user (101 ); at least one authentication gateway (105) and at least one authentication server (102).
  • the at least one authentication server (102) comprising at least one user registration module (302); at least one user profile module (303); at least one manage authentication module (301); and at least one authentication database interface (304).
  • Another aspect of the present invention provides for at least one authentication gateway (105) wherein said authentication page and framework (100, 300) having means for providing multimodal authentication method for accessing a particular application site; presenting selected authentication module (s) as a front channel in accessing a I S protected application site; supporting multiple level and factors of authentication based on available methods; providing method to request additional authentication method; providing method to add user registration module; providing method to add user profiling module; and providing method to maintain user account module.
  • a further aspect of the present invention provides for at least one authentication gateway (105) wherein said authentication server (102) further comprises of at least one interface; said interface having means for displaying multiple iconic interfaces set in accordance to either user or system preference.
  • the at least one interface is user configurable in which user can dynamically select any multiple authentication method set 5 to user preference. Further, the at least one interface is system configurable in which system can presets user selection of multiple authentication method.
  • a further aspect of the present invention provides for at least one user registration module (302) wherein said user registration module further comprises of at least one0 interface.
  • the at least one interface having means for selecting default authentication method based on user preference for user registration; submitting user identification; entering any unique identification based on chosen authentication method; re-entering unique identification for verification; confirming registration for validation; and storing user registration information.
  • Another aspect of the present invention provides for at least one user profile module (303) wherein said user profile module further comprises of at least one interface.
  • the at least one interface having means for selecting default authentication method based on user preference for authentication; selecting only or multiple authentication method (s) based on user preference for authentication; selecting order of authentication method based on user preference for authentication; submitting Media Access Control (MAC) address of machines used to trigger another level of authentication; submitting any unique user information used to trigger another level of authentication; and storing user profile information.
  • MAC Media Access Control
  • a further aspect of the present invention provides for at least one manage authentication module (301) wherein said manage authentication module further comprises of at least one interface.
  • the at least one interface having means for updating each of available authentication method (s) that associates to user account; and storing user authentication maintenance information.
  • the present invention provides for at least one authentication database interface (304) having means for user registration, profile and maintenance of user account.
  • Another aspect of the present invention provides for a method for authentication by providing multimodal authentication platform as a front channel to access a particular application site.
  • the method comprising steps of accessing application site by providing URL link (701); setting authentication module (s) for user access based on authentication module (s) preference list (702); redirecting user to authentication site (703); providing interface with multimodal authentication platform (704); selecting modal of authentication to access application site (705); presenting user credential information required for selected modal of authentication (706); authenticating user based on user credentials (707); and granting user access to application site upon successful authentication (708).
  • a further aspect of the present invention provides the methodology for setting authentication module (s) for user access based on authentication module (s) preference list.
  • the said method comprises steps of extracting authentication module (s) provided by application site (802); grouping and ranking extracted authentication module (s) based on its security intensity (804); setting current authentication module (s) as L1 , S1 (806); checking availability of any authentication module (s) set by authentication server (808); removing authentication module (s) in L1 , S1 against any risk factor when no authentication module is set by authentication server (810); adding unlisted authentication module (s) in L1.
  • S1 for any known risk factor (812); setting current authentication module (s) as L2, S2 (814); checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816); adding elements of user profiles in L2, S2 when there are flags to adopt user profiles for the adaptive or next level of authentication (818); setting current authentication module (s) as L3, S3 (820); checking availability of authentication module (s) set by user (822); grouping and ranking extracted authentication module (s) set by user based on security intensity (824); ranking extracted authentication module (s) against L3, S3 by group (826); ranking extracted authentication module (s) against L3, S3 by sub group (828); setting current authentication module (s) as L4, S4 (830); and presenting selected authentication module (s) as a front channel in accessing a protected application site (832).
  • Another aspect of the present invention provides for checking availability of any authentication module (s) set by authentication server (808) which further comprises of directly setting current authentication module (s) as L2, S2 when no authentication module (s) are set by authentication server (814) while checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) further comprises directly setting current authentication module (s) as L3, S3 when there is no flag to adopt user profiles for the adaptive or next level of authentication (820) and checking availability of authentication module (s) set by user (822) further comprises directly setting current authentication module (s) as L4, S4 when no authentication module (s) are set by user (830).
  • FIG. 1.0 illustrates the integration module of the present invention.
  • FIG. 2.0 illustrates the authentication interface as a Front Channel of the present invention.
  • FIG. 3.0 illustrates the integrated modules in Authentication Server.
  • FIG. 4.0 illustrates the determining factors of multimodal authentication,
  • FIG. 5.0 illustrates the ranking of authentication module(s).
  • FIG. 6.0 illustrates the example flow of authentication module(s) list of preference.
  • FIG. 7.0 is a flowchart illustrating user authenticates to the Application Site Flow.
  • FIG. 8.0 is a flowchart illustrating the setting up authentication module(s) for user access.
  • the present invention provides a system and method for authentication by providing multiple multimodal authentication platform as a front channel for user to access a particular application site.
  • this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.
  • FIG. 1.0 illustrates the integration module of the present invention while FIG. 2.0 illustrates the authentication interface as a Front Channel of the present invention.
  • FIG. 1.0 (101), represents a user.
  • a user is accessing an Application Site #1 Site n, (106), commonly via web browser.
  • the Authentication Gateway (105) shall forward user's access request to Authentication Server (102) in order to access to the Application Site #1 (106), which is the secure content.
  • the Authentication Gateway (105) will communicate with the Authentication Server (102) regarding user authenticity information. If the user has not been authenticated, the Authentication Server (102) will perform user authentication and present an authentication site interface as illustrated in FIG. 2.0.
  • Authentication Gateway (105) will received user authentication information and proceeds with the authorization process.
  • Authentication database (103) is the database to store user information with the following support authentication module.
  • Authentication module (104) is an example to identify user with the authentication module supported to access the Application Site #1 Site n (106).
  • (201) represents the multimodal authentication platform.
  • the interface will consist of at least a display of multiple authentication method that is available to user.
  • the interface preferably consists of multiple iconic interfaces where one iconic interface represents one authentication method.
  • (202) is a link for user to register as a new user which may also exist by its own dedicated interface while (203) is for user to manage the account, which include setting for the default for authentication module and setting for user information and profile.
  • the interface may also exist by its own dedicated interface.
  • (204) is an optional interface where a user can scroll to the left and to the right, to browse the entire series of available authentication module. In adding a new module of authentication, it will create one new icon in the series of authentication module.
  • FIG. 3.0 illustrates the integrated modules in Authentication Server of the present invention.
  • the present invention provides a system (100, 300) for authentication by providing multimodal authentication platform as a front channel to access a particular application site (106) with at least one user (101); at least one authentication gateway (105) and at least one authentication server (102).
  • the at least one authentication server (102) comprising at least one user registration module (302); at least one user profile module (303); at least one manage authentication module (301); and at least one authentication database interface (304).
  • the at least one manage authentication module (304) provides a direct communication interface to the Authentication Database ( 03).
  • the at least one authentication page and framework having means for providing multimodal authentication method for accessing a particular application site; presenting selected authentication module (s) as a front channel in accessing a protected application site; supporting multiple level and factors of authentication based on available methods; providing method to request additional authentication method; providing method to add user registration module; providing method to add user profiling module; and providing method to maintain user account module.
  • the at least one authentication server (102) further comprises of at least one interface; said interface having means for displaying multiple iconic interfaces set in accordance to either user or system preference and the at least one interface is user configurable in which user can dynamically select any multiple authentication method set to user preference.
  • the at least one interface is also system configurable in which system can presets user selection of multiple authentication method.
  • the at least one user registration module (302) further comprises of at least one interface.
  • the said interface having means for selecting default authentication method based on user preference for user registration; submitting user identification; entering any unique identification based on chosen authentication method; re-entering unique identification for verification; confirming registration for validation; and storing user registration information.
  • the at least one user profile module (303) further comprises of at least one interface wherein said interface having means for selecting default authentication method based on user preference for authentication; selecting only or multiple authentication method (s) based on user preference for authentication; selecting order of authentication method based on user preference for authentication; submitting Media Access Control (MAC) address of machines used to trigger another level of authentication; submitting any unique user information used to trigger another level of authentication; and storing user profile information.
  • said interface having means for selecting default authentication method based on user preference for authentication; selecting only or multiple authentication method (s) based on user preference for authentication; selecting order of authentication method based on user preference for authentication; submitting Media Access Control (MAC) address of machines used to trigger another level of authentication; submitting any unique user information used to trigger another level of authentication; and storing user profile information.
  • MAC Media Access Control
  • the at least one manage authentication module (301) further comprises of at least one interface having means for updating each of available authentication method (s) that associates to user account; and storing user authentication maintenance information.
  • the at least one authentication database interface (304) having means for user registration, profile and maintenance of user account.
  • FIG. 4.0 illustrates the determining factors of multimodal authentication while FIG. 5.0 illustrates the ranking of authentication module(s).
  • User shall be presented with multimodal authentication interface and have access to the numbers of authentication methods. The authentication methods available to user are set by user's preferences to be authenticated. In addition, the number of authentication methods presented to a user can be controlled by the determining factors as illustrated in FIG. 4.0.
  • the Application Site (401) is the first determining factor in setting up the list of authentication methods and its sequence order (L1 , S1).
  • the application site will determine its authentication methods for application site that has high security risk and demand for high security requirement which will adopt a high authentication method(s). For example, a financial site will require high authentication method.
  • the financial site will set a policy that it will not support username and password for its authentication method.
  • (L1 , S1) is preferably to be biometric, certificate, and short message service (SMS) mobile, as its authentication method.
  • SMS short message service
  • the module authentication gateway (105) shall be configured to accept the (L1 , S1). If the list is empty, the application site will adopt authentication methods that are determined by the next factor (i.e.
  • the second determining factor i.e. the Risk Factor (402) in setting up the list of authentication methods and its sequence order (L2, S2) will include security risk that is based on security event or knowledge base. For example, for security event, if the HTTP request is coming from the internet protocol address or location that is a victim of hacking activities, it will immediately stop the request. For the knowledge base example, if the authentication method contains unavoidable security breach, then the authentication method will be discarded in the list. In this case, from the value of (L1 , S1) above, if the certificate has been compromised either by its signing algorithm or any other factor, (L2, S2) the value is biometric and short message service (SMS) mobile as its authentication method.
  • SMS short message service
  • the module authentication server (102) shall be configured to accept the (L2, S2) updating the previous list of authentication method and its sequence order (L1 , S1).
  • the next factor, (i.e. User Profile (403)) will determine the authentication method(s) if the list is empty.
  • User Profile (403) is the third determining factor in setting up the list of authentication methods and its sequence order (L3, S3). It is based on user usage history of the authentication system. It automates the collection of user information and creates user profiles for each user. This will includes user internet protocol address, the time of login and etc. The user profiles information will contributes to the adaptive authentication method.
  • the module authentication server (102) shall be configured to accept the (L3, S3) updating the previous list of authentication method and its sequence order (L2, S2).
  • the next factor, user preference (404) will determine the authentication method(s) if the list is empty.
  • the final determining factor lies in the User Preference (404) in setting up the list of authentication methods and its sequence order (L4, S4) which is based on user preference of the authentication system.
  • User will have an option to select user's preferred authentication mechanism. If user's preferred authentication mechanism is not listed in L4, then user preference is discarded. If user set the user's preference than comparison should be made to the current list of preference set in L3, S3.
  • the decision of ranking is based on the strength of authentication module(s) as illustrated in FIG. 5.0.
  • the module authentication server (102) shall be configured to accept the (L4, S4). If the list is empty, the authentication can adopt any available method to the user.
  • the ranking of the authentication module(s) are preferably to be based on measurement of authentication strength.
  • Ranking is performed via group (501) and via subgroup (502).
  • the group is characterized as Highest, Intermediate, Low and Zero security.
  • Ranking via subgroup (502) will proceed upon completion of ranking via group (501).
  • the example of the subgroup ranking is certificate of key size, username and password.
  • FIG. 6.0 illustrates the example flow of authentication module(s) list of preference.
  • Flow #1 represents a sample flow where user preference of authentication module(s) precedes the system preference while Flow #2, represents a sample flow where system preference of authentication module(s) precedes the user preference.
  • the next flow is to check whether any risk factors are identified before proceeding to the next action.
  • the risk factor is a certificate based authentication with 512 as its key size.
  • the preference list is updated to L2, S2 (- ⁇ Certificate 512).
  • the next flow is to check whether the authentication request adopts an adaptive or next level of authentication.
  • the preference list is updated to L3.S3 (--Certificate 512) if authentication request does nor adopt an adaptive or next level of authentication.
  • the final flow is to check whether user has a set of preference list for authentication. In this example, user has set username and password.
  • the preference list is updated to L4.S4 (-'Certificate 512, username & password).
  • L1 , S1 is set to Certificate, SMS mobile, OTP.
  • L2.S2 Certificate > 512, SMS mobile, OTP.
  • L3.S3 L4.S3 (Certificate > 512, SMS Mobile, OTP, IP address).
  • FIG. 7.0 is a flowchart illustrating authentication of user to the Application Site Flow
  • FIG. 8.0 is a flowchart illustrating the setting up of authentication module(s) for user access.
  • user access to a site by providing a URL link for the dedicated application site (701).
  • the multimodal authentication platform dynamically sets the authentication module (s) for user access based on authentication module (s) preference list (702) and redirects user to the authentication site (703).
  • the methodology of setting authentication module (s) for user access based on authentication module (s) preference list (702) further comprises steps of extracting authentication module (s) provided by application site (802); grouping and ranking extracted authentication module (s) based on its security intensity (804); setting current authentication module (s) as L1, S1 (806); and checking availability of any authentication module (s) set by authentication server (808).
  • the authentication module (s) in L1 , S1 is removed against any risk factor when no authentication module is set by authentication server (810). Thereafter, unlisted authentication module(s) are added in L1 , S1 for any known risk factor (812); and current authentication module(s) are set as L2, S2 (814).
  • the method for checking availability of any authentication module (s) set by authentication server (808) further comprises directly setting current authentication module (s) as L2, S2 when no authentication module (s) are set by authentication server (814). Thereafter, the said method proceeds by checking the availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) and elements of user profiles are added in L2, S2 when there are flags to adopt user profiles for the adaptive or next level of authentication (818).
  • Current authentication module(s) are set as L3, S3 (820).
  • the method for checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) further comprises directly setting current authentication module (s) as L3, S3 when there is no flag to adopt user profiles for the adaptive or next level of authentication (820).
  • the said method accordingly proceeds by checking the availability of authentication module (s) set by user (822) by grouping and ranking extracted authentication module (s) set by user based on security intensity (824) when authentication module (s) are set by user. Thereafter, the extracted authentication modules (s) are ranked against L3, S3 by group (826) and extracted authentication module (s) are ranked against L3, S3 by sub group (828). Current authentication modules (s) are accordingly set as L4, S4 (830). Alternatively, upon checking the availability of authentication module (s) set by user (822) and it is confirmed that authentication module (s) are not set by user, current authentication module (s) are directly set as L4, S4.
  • Selected authentication module(s) are presented as a front channel in accessing a protected application site (832).
  • the current authentication module(s) are set as per progress. For example L1 , S1 is updated with the information from the application site while L2, S2 is updated based on risk factors. L3, S3 is added based on user profile and L4, S4 is updated based on user preference.
  • user Upon redirecting user to authentication site, user receives interface with multimodal authentication platform (704) as described and illustrated in FIG. 2.0. Thereafter, user selects modal of authentication to access application site (705) and presents user credential information required for selected modal of authentication (706) and user is authenticated based on user credentials (707). Access is granted to a user to access to the application site upon successful authentication (708).
  • the system and method of the present invention for authentication provides multimodal authentication platform as a front channel for user to access a particular application site with security intact.
  • the present invention is user configurable in which user can dynamically select any multiple authentication method set to user preference.
  • the present invention is system configurable in which system can preset user selection of multiple authentication method.
  • the present invention allows and re- enforce security in selection of authentication mechanism by allowing system preference of multi modal authentication to precede the user preference.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Description

A SYSTEM AND METHOD FOR MULTIMODAL AUTHENTICATION PLATFORM
FIELD OF INVENTION The present invention relates to a system and method for authentication by providing multimodal authentication platform as a front channel for user to access a particular application site with security intact.
BACKGROUND ART
Multiple authentication methods are available, for example username and password, certificate and biometric. The similarity between these authentication methods is the capability in providing a unique identity to represent user, as such only the user is indeed, the user claims to be. Traditionally, system will present a challenge for user authentication. The challenge may involve one or more factors of authentication as user will need to provide a valid respond to have access to the system.
At present, current authentication issues arises wherein user has to handle multiple authentications and identities in order to access different applications. Authentication method is handled solely by the application. Application 'A' is using type of authentication method and application 'B' is using another, '2' type of authentication method. In result, different authentication methods are adapted in order to login to various applications. In addition, user is unable to select user's preferred authentication method for specific application in accordance to its security intensity. Authentication method is fixed by the application. Application 'A' is using type of authentication method. But user insists in using '2' type of authentication method. In result, user is forced to use "Γ type of authentication method in order to access the application. User is also unable to select user's preferred dynamic authentication method in accessing an application. Authentication method is fixed by the application. In case where capability of multi level and factors authentication method is turned on for the application, the next level of authentication method is fixed by the application. In result, to re-authenticate a user, user is forced to use a fixed authentication method. User is unable to select user's preferred dynamic authentication method in accessing an application. Authentication method is fixed by the application. The adaptive authentication method is fixed by the application where capability of adaptive authentication is turned on for the application.
The present invention proposes a system and method to allow users to access a particular application site with multiple modal of authentication methods as valid user's access accounts is proposed. User will be presented with a centralized multimodal authentication as a front channel in accessing any application site. The method includes presenting the multimodal authentication interface to user before accessing any application site; receiving user credentials and authenticates the user and granting user access to the application site, provided that the authentication is successful. The present invention allows and re-enforce security in selection of authentication mechanism by allowing system preference of multi modal authentication to precede the user preference.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.
SUMMARY OF INVENTION
The present invention provides a system and method for authentication by providing multiple multimodal authentication platform (100,300) as a front channel for user to 5 access a particular application site with at least one user (101 ); at least one authentication gateway (105) and at least one authentication server (102). The at least one authentication server (102) comprising at least one user registration module (302); at least one user profile module (303); at least one manage authentication module (301); and at least one authentication database interface (304).
10
Another aspect of the present invention provides for at least one authentication gateway (105) wherein said authentication page and framework (100, 300) having means for providing multimodal authentication method for accessing a particular application site; presenting selected authentication module (s) as a front channel in accessing a I S protected application site; supporting multiple level and factors of authentication based on available methods; providing method to request additional authentication method; providing method to add user registration module; providing method to add user profiling module; and providing method to maintain user account module. 0 A further aspect of the present invention provides for at least one authentication gateway (105) wherein said authentication server (102) further comprises of at least one interface; said interface having means for displaying multiple iconic interfaces set in accordance to either user or system preference. The at least one interface is user configurable in which user can dynamically select any multiple authentication method set 5 to user preference. Further, the at least one interface is system configurable in which system can presets user selection of multiple authentication method.
A further aspect of the present invention provides for at least one user registration module (302) wherein said user registration module further comprises of at least one0 interface. The at least one interface having means for selecting default authentication method based on user preference for user registration; submitting user identification; entering any unique identification based on chosen authentication method; re-entering unique identification for verification; confirming registration for validation; and storing user registration information. Another aspect of the present invention provides for at least one user profile module (303) wherein said user profile module further comprises of at least one interface. The at least one interface having means for selecting default authentication method based on user preference for authentication; selecting only or multiple authentication method (s) based on user preference for authentication; selecting order of authentication method based on user preference for authentication; submitting Media Access Control (MAC) address of machines used to trigger another level of authentication; submitting any unique user information used to trigger another level of authentication; and storing user profile information.
A further aspect of the present invention provides for at least one manage authentication module (301) wherein said manage authentication module further comprises of at least one interface. The at least one interface having means for updating each of available authentication method (s) that associates to user account; and storing user authentication maintenance information. Further, the present invention provides for at least one authentication database interface (304) having means for user registration, profile and maintenance of user account.
Another aspect of the present invention provides for a method for authentication by providing multimodal authentication platform as a front channel to access a particular application site. The method comprising steps of accessing application site by providing URL link (701); setting authentication module (s) for user access based on authentication module (s) preference list (702); redirecting user to authentication site (703); providing interface with multimodal authentication platform (704); selecting modal of authentication to access application site (705); presenting user credential information required for selected modal of authentication (706); authenticating user based on user credentials (707); and granting user access to application site upon successful authentication (708). A further aspect of the present invention provides the methodology for setting authentication module (s) for user access based on authentication module (s) preference list. The said method comprises steps of extracting authentication module (s) provided by application site (802); grouping and ranking extracted authentication module (s) based on its security intensity (804); setting current authentication module (s) as L1 , S1 (806); checking availability of any authentication module (s) set by authentication server (808); removing authentication module (s) in L1 , S1 against any risk factor when no authentication module is set by authentication server (810); adding unlisted authentication module (s) in L1. S1 for any known risk factor (812); setting current authentication module (s) as L2, S2 (814); checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816); adding elements of user profiles in L2, S2 when there are flags to adopt user profiles for the adaptive or next level of authentication (818); setting current authentication module (s) as L3, S3 (820); checking availability of authentication module (s) set by user (822); grouping and ranking extracted authentication module (s) set by user based on security intensity (824); ranking extracted authentication module (s) against L3, S3 by group (826); ranking extracted authentication module (s) against L3, S3 by sub group (828); setting current authentication module (s) as L4, S4 (830); and presenting selected authentication module (s) as a front channel in accessing a protected application site (832).
Another aspect of the present invention provides for checking availability of any authentication module (s) set by authentication server (808) which further comprises of directly setting current authentication module (s) as L2, S2 when no authentication module (s) are set by authentication server (814) while checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) further comprises directly setting current authentication module (s) as L3, S3 when there is no flag to adopt user profiles for the adaptive or next level of authentication (820) and checking availability of authentication module (s) set by user (822) further comprises directly setting current authentication module (s) as L4, S4 when no authentication module (s) are set by user (830).
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1.0 illustrates the integration module of the present invention.
FIG. 2.0 illustrates the authentication interface as a Front Channel of the present invention. FIG. 3.0 illustrates the integrated modules in Authentication Server. FIG. 4.0 illustrates the determining factors of multimodal authentication, FIG. 5.0 illustrates the ranking of authentication module(s).
FIG. 6.0 illustrates the example flow of authentication module(s) list of preference.
FIG. 7.0 is a flowchart illustrating user authenticates to the Application Site Flow. FIG. 8.0 is a flowchart illustrating the setting up authentication module(s) for user access.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention provides a system and method for authentication by providing multiple multimodal authentication platform as a front channel for user to access a particular application site. Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.
Reference is first being made to FIG. 1.0 and FIG. 2.0 respectively. FIG. 1.0 illustrates the integration module of the present invention while FIG. 2.0 illustrates the authentication interface as a Front Channel of the present invention. As illustrated in FIG. 1.0, (101), represents a user. A user is accessing an Application Site #1 Site n, (106), commonly via web browser. The Authentication Gateway (105) shall forward user's access request to Authentication Server (102) in order to access to the Application Site #1 (106), which is the secure content. The Authentication Gateway (105) will communicate with the Authentication Server (102) regarding user authenticity information. If the user has not been authenticated, the Authentication Server (102) will perform user authentication and present an authentication site interface as illustrated in FIG. 2.0. If the user has been authenticated, Authentication Gateway (105) will received user authentication information and proceeds with the authorization process. Authentication database (103) is the database to store user information with the following support authentication module. Authentication module (104) is an example to identify user with the authentication module supported to access the Application Site #1 Site n (106).
As illustrated in FIG. 2.0, (201) represents the multimodal authentication platform. The interface will consist of at least a display of multiple authentication method that is available to user. The interface preferably consists of multiple iconic interfaces where one iconic interface represents one authentication method. (202) is a link for user to register as a new user which may also exist by its own dedicated interface while (203) is for user to manage the account, which include setting for the default for authentication module and setting for user information and profile. The interface may also exist by its own dedicated interface. (204) is an optional interface where a user can scroll to the left and to the right, to browse the entire series of available authentication module. In adding a new module of authentication, it will create one new icon in the series of authentication module.
Reference is now being made to FIG. 3.0. FIG. 3.0 illustrates the integrated modules in Authentication Server of the present invention. The present invention provides a system (100, 300) for authentication by providing multimodal authentication platform as a front channel to access a particular application site (106) with at least one user (101); at least one authentication gateway (105) and at least one authentication server (102). The at least one authentication server (102) comprising at least one user registration module (302); at least one user profile module (303); at least one manage authentication module (301); and at least one authentication database interface (304). The at least one manage authentication module (304) provides a direct communication interface to the Authentication Database ( 03).
The at least one authentication page and framework (100, 300) having means for providing multimodal authentication method for accessing a particular application site; presenting selected authentication module (s) as a front channel in accessing a protected application site; supporting multiple level and factors of authentication based on available methods; providing method to request additional authentication method; providing method to add user registration module; providing method to add user profiling module; and providing method to maintain user account module. The at least one authentication server (102) further comprises of at least one interface; said interface having means for displaying multiple iconic interfaces set in accordance to either user or system preference and the at least one interface is user configurable in which user can dynamically select any multiple authentication method set to user preference. The at least one interface is also system configurable in which system can presets user selection of multiple authentication method.
Further, as illustrated in FIG. 3.0, the at least one user registration module (302) further comprises of at least one interface. The said interface having means for selecting default authentication method based on user preference for user registration; submitting user identification; entering any unique identification based on chosen authentication method; re-entering unique identification for verification; confirming registration for validation; and storing user registration information.
The at least one user profile module (303) further comprises of at least one interface wherein said interface having means for selecting default authentication method based on user preference for authentication; selecting only or multiple authentication method (s) based on user preference for authentication; selecting order of authentication method based on user preference for authentication; submitting Media Access Control (MAC) address of machines used to trigger another level of authentication; submitting any unique user information used to trigger another level of authentication; and storing user profile information.
The at least one manage authentication module (301) further comprises of at least one interface having means for updating each of available authentication method (s) that associates to user account; and storing user authentication maintenance information. In addition, the at least one authentication database interface (304) having means for user registration, profile and maintenance of user account.
Reference is now being made to FIG. 4.0 and FIG. 5.0 respectively. FIG. 4.0 illustrates the determining factors of multimodal authentication while FIG. 5.0 illustrates the ranking of authentication module(s). User shall be presented with multimodal authentication interface and have access to the numbers of authentication methods. The authentication methods available to user are set by user's preferences to be authenticated. In addition, the number of authentication methods presented to a user can be controlled by the determining factors as illustrated in FIG. 4.0.
As illustrated in FIG. 4.0, the Application Site (401) is the first determining factor in setting up the list of authentication methods and its sequence order (L1 , S1). The application site will determine its authentication methods for application site that has high security risk and demand for high security requirement which will adopt a high authentication method(s). For example, a financial site will require high authentication method. The financial site will set a policy that it will not support username and password for its authentication method. In this case, (L1 , S1) is preferably to be biometric, certificate, and short message service (SMS) mobile, as its authentication method. The module authentication gateway (105) shall be configured to accept the (L1 , S1). If the list is empty, the application site will adopt authentication methods that are determined by the next factor (i.e. the Risk Factor (402)). The second determining factor (i.e. the Risk Factor (402)) in setting up the list of authentication methods and its sequence order (L2, S2) will include security risk that is based on security event or knowledge base. For example, for security event, if the HTTP request is coming from the internet protocol address or location that is a victim of hacking activities, it will immediately stop the request. For the knowledge base example, if the authentication method contains unavoidable security breach, then the authentication method will be discarded in the list. In this case, from the value of (L1 , S1) above, if the certificate has been compromised either by its signing algorithm or any other factor, (L2, S2) the value is biometric and short message service (SMS) mobile as its authentication method. The module authentication server (102) shall be configured to accept the (L2, S2) updating the previous list of authentication method and its sequence order (L1 , S1).The next factor, (i.e. User Profile (403)) will determine the authentication method(s) if the list is empty.
User Profile (403) is the third determining factor in setting up the list of authentication methods and its sequence order (L3, S3). It is based on user usage history of the authentication system. It automates the collection of user information and creates user profiles for each user. This will includes user internet protocol address, the time of login and etc. The user profiles information will contributes to the adaptive authentication method. The module authentication server (102) shall be configured to accept the (L3, S3) updating the previous list of authentication method and its sequence order (L2, S2).The next factor, user preference (404) will determine the authentication method(s) if the list is empty.
The final determining factor lies in the User Preference (404) in setting up the list of authentication methods and its sequence order (L4, S4) which is based on user preference of the authentication system. User will have an option to select user's preferred authentication mechanism. If user's preferred authentication mechanism is not listed in L4, then user preference is discarded. If user set the user's preference than comparison should be made to the current list of preference set in L3, S3. The decision of ranking is based on the strength of authentication module(s) as illustrated in FIG. 5.0. The module authentication server (102) shall be configured to accept the (L4, S4). If the list is empty, the authentication can adopt any available method to the user.
As illustrated in FIG. 5.0, the ranking of the authentication module(s) are preferably to be based on measurement of authentication strength. There are two ways ranking is performed: Ranking is performed via group (501) and via subgroup (502). As for ranking via group (501), the group is characterized as Highest, Intermediate, Low and Zero security. Ranking via subgroup (502) will proceed upon completion of ranking via group (501). The example of the subgroup ranking is certificate of key size, username and password.
Reference is now being made to FIG. 6.0. FIG. 6.0 illustrates the example flow of authentication module(s) list of preference. As illustrated in FIG. 6.0, Flow #1 represents a sample flow where user preference of authentication module(s) precedes the system preference while Flow #2, represents a sample flow where system preference of authentication module(s) precedes the user preference.
For Flow #1 , Application site does not set any minimum security authentication module(s). Hence, no preference list of authentication modules resides in L1 , S1. The next flow is to check whether any risk factors are identified before proceeding to the next action. In this example we have identified that the risk factor is a certificate based authentication with 512 as its key size. The preference list is updated to L2, S2 (-Certificate 512). Thereafter, the next flow is to check whether the authentication request adopts an adaptive or next level of authentication. The preference list is updated to L3.S3 (--Certificate 512) if authentication request does nor adopt an adaptive or next level of authentication. The final flow is to check whether user has a set of preference list for authentication. In this example, user has set username and password. Thus, the preference list is updated to L4.S4 (-'Certificate 512, username & password).
For Flow #2, Application site does set minimum security authentication module(s). Hence, L1 , S1 is set to Certificate, SMS mobile, OTP. For the risk factor, it limits the authentication module to accept certificate based authentication higher than 512 key size, which set up the list to L2.S2 (Certificate > 512, SMS mobile, OTP). For user profiles, it adopts the adaptive authentication which adds checking for IP address for user. The final flow will check the security intensity of the authentication module set by user and the L3.S3, which results in L4.S3 (Certificate > 512, SMS Mobile, OTP, IP address).
Reference is now being made to FIG. 7.0 and FIG. 8.0 respectively. FIG. 7.0 is a flowchart illustrating authentication of user to the Application Site Flow while FIG. 8.0 is a flowchart illustrating the setting up of authentication module(s) for user access. As illustrated in FIG. 7.0, user access to a site by providing a URL link for the dedicated application site (701). Thereafter, the multimodal authentication platform dynamically sets the authentication module (s) for user access based on authentication module (s) preference list (702) and redirects user to the authentication site (703).
As illustrated in FIG. 8.0, the methodology of setting authentication module (s) for user access based on authentication module (s) preference list (702) further comprises steps of extracting authentication module (s) provided by application site (802); grouping and ranking extracted authentication module (s) based on its security intensity (804); setting current authentication module (s) as L1, S1 (806); and checking availability of any authentication module (s) set by authentication server (808). The authentication module (s) in L1 , S1 is removed against any risk factor when no authentication module is set by authentication server (810). Thereafter, unlisted authentication module(s) are added in L1 , S1 for any known risk factor (812); and current authentication module(s) are set as L2, S2 (814). The method for checking availability of any authentication module (s) set by authentication server (808) further comprises directly setting current authentication module (s) as L2, S2 when no authentication module (s) are set by authentication server (814). Thereafter, the said method proceeds by checking the availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) and elements of user profiles are added in L2, S2 when there are flags to adopt user profiles for the adaptive or next level of authentication (818). Current authentication module(s) are set as L3, S3 (820). The method for checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) further comprises directly setting current authentication module (s) as L3, S3 when there is no flag to adopt user profiles for the adaptive or next level of authentication (820). The said method accordingly proceeds by checking the availability of authentication module (s) set by user (822) by grouping and ranking extracted authentication module (s) set by user based on security intensity (824) when authentication module (s) are set by user. Thereafter, the extracted authentication modules (s) are ranked against L3, S3 by group (826) and extracted authentication module (s) are ranked against L3, S3 by sub group (828). Current authentication modules (s) are accordingly set as L4, S4 (830). Alternatively, upon checking the availability of authentication module (s) set by user (822) and it is confirmed that authentication module (s) are not set by user, current authentication module (s) are directly set as L4, S4. Selected authentication module(s) are presented as a front channel in accessing a protected application site (832).The current authentication module(s) are set as per progress. For example L1 , S1 is updated with the information from the application site while L2, S2 is updated based on risk factors. L3, S3 is added based on user profile and L4, S4 is updated based on user preference.
Upon redirecting user to authentication site, user receives interface with multimodal authentication platform (704) as described and illustrated in FIG. 2.0. Thereafter, user selects modal of authentication to access application site (705) and presents user credential information required for selected modal of authentication (706) and user is authenticated based on user credentials (707). Access is granted to a user to access to the application site upon successful authentication (708).
The system and method of the present invention for authentication provides multimodal authentication platform as a front channel for user to access a particular application site with security intact. The present invention is user configurable in which user can dynamically select any multiple authentication method set to user preference. Alternatively, the present invention is system configurable in which system can preset user selection of multiple authentication method. The present invention allows and re- enforce security in selection of authentication mechanism by allowing system preference of multi modal authentication to precede the user preference.
The present invention may be embodied in other specific forms without departing from its essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore indicated by the appended claims rather than by the foregoing description. All changes, which come within the meaning and range of equivalency of the claims, are to be embraced within their scope.

Claims

1. A system (100, 300) for authentication by providing multimodal authentication platform as a front channel to access a particular application site (106) with at least one user (101); at least one authentication gateway(105) and at least one authentication server (102);
wherein the said authentication server ( 02) comprising:
at least one user registration module (302);
at least one user profile module (303);
at least one manage authentication module (301); and
at least one authentication database interface (304)
characterized in that
the said manage authentication module (301) further comprises of at least one interface having means for selecting default authentication based on user preference for user registration and authentication wherein said interface is system configurable in which system can presets user selection of multiple authentication method.
2. A system (100) according to Claim 1 , wherein the at least one authentication gateway (105) having means a support multiple level and factors of authentication based on multimodal authentication to add user registration module, profiling module and user account module.
3. A system (100) according to Claim 1 , wherein the at least one authentication server (102) further comprises of at least one interface; said interface having means for displaying multiple iconic interfaces set in accordance to either user or system preference.
4. A system (100) according to Claim 3, wherein the at least one interface is user configurable in which user can dynamically select any multiple authentication method set to user preference. A system (300) according to Claim 1 , wherein the at least one user registration module (302) comprises of at least one interface for selection default authentication based on user preference further comprises:
submission the user identification;
entering any unique identification based on chosen authentication method;
re-entering unique identification for verification;
confirming registration for validation; and
storing user registration information.
A system (300) according to Claim 1 , wherein the at least one user profile module (303) comprises of at least one interface for selection default authentication based on user preference further comprises:
selecting only or multiple authentication method (s) based on user preference for authentication;
selecting order of authentication method based on user preference for authentication;
submitting Media Access Control (MAC) address of machines used to trigger another level of authentication;
submitting any unique user information used to trigger another level of authentication; and
storing user profile information.
A method (700) for authentication by providing multimodal authentication platform as a front channel to access a particular application site; the method comprising steps of:
accessing application site by providing URL link (701);
setting authentication module (s) for user access based on authentication module (s) preference list (702);
redirecting user to authentication site (703);
providing interface with multimodal authentication platform (704);
selecting modal of authentication to access application site (705);
presenting user credential information required for selected modal of authentication (706); authenticating user based on user credentials (707); and
granting user access to application site upon successful authentication
(708)
characterized in that
setting authentication module (s) for user access based on authentication module (s) preference list (702) further comprises steps of:
checking availability of any authentication module (s) set by
authentication server (808);
removing authentication module (s) in L1 , S1 against any risk factor when no authentication module is set by authentication server (810);
adding unlisted authentication module (s) in L1 , S1 for any known risk factor (812);
setting current authentication module (s) as L2, S2 (814);
checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816);
adding elements of user profiles in L2, S2 when there are flags to adopt user profiles for the adaptive or next level of authentication (818);
setting current authentication module (s) as L3, S3 (820);
checking availability of authentication module (s) set by user (822);
grouping and ranking extracted authentication module (s) set by user based on security intensity (824);
ranking extracted authentication module (s) against L3, S3 by group (826);
ranking extracted authentication module (s) against L3, S3 by sub group (828);
setting current authentication module (s) as L4, S4 (830); and presenting selected authentication module (s) as a front channel in accessing a protected application site (832).
A method according to Claim 7 wherein checking availability of any authentication module (s) set by authentication server (808) further comprises directly setting current authentication module (s) as L2, S2 when no authentication module (s) are set by authentication server (814).
9. A method according to Claim 7, wherein checking availability of any flag to adopt user profiles for the adaptive or next level of authentication (816) further comprises directly setting current authentication module (s) as L3, S3 when there is no flag to adopt user profiles for the adaptive or next level of authentication (820). 10. A method according to Claim 7, wherein checking availability of authentication module (s) set by user (822) further comprises directly setting current authentication module (s) as L4, S4 when no authentication module (s) are set by user (830).
PCT/MY2013/000124 2012-07-13 2013-07-05 A system and method for multimodal authentication platform Ceased WO2014011026A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2012003211A MY155818A (en) 2012-07-13 2012-07-13 A system and method for multimodal authentication platform
MYPI2012003211 2012-07-13

Publications (1)

Publication Number Publication Date
WO2014011026A1 true WO2014011026A1 (en) 2014-01-16

Family

ID=48980246

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2013/000124 Ceased WO2014011026A1 (en) 2012-07-13 2013-07-05 A system and method for multimodal authentication platform

Country Status (2)

Country Link
MY (1) MY155818A (en)
WO (1) WO2014011026A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3258407A1 (en) * 2016-06-17 2017-12-20 Fujitsu Limited Apparatus, method, and program for controlling profile data delivery
WO2019132642A1 (en) * 2017-12-28 2019-07-04 Mimos Berhad Method and system for automated selection of login in a multi-modal authentication system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020087894A1 (en) * 2001-01-03 2002-07-04 Foley James M. Method and apparatus for enabling a user to select an authentication method
US20080155662A1 (en) * 2006-12-20 2008-06-26 International Business Machines Corporation Method of handling user authentication in a heterogeneous authentication environment
US20110047608A1 (en) * 2009-08-24 2011-02-24 Richard Levenberg Dynamic user authentication for access to online services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020087894A1 (en) * 2001-01-03 2002-07-04 Foley James M. Method and apparatus for enabling a user to select an authentication method
US20080155662A1 (en) * 2006-12-20 2008-06-26 International Business Machines Corporation Method of handling user authentication in a heterogeneous authentication environment
US20110047608A1 (en) * 2009-08-24 2011-02-24 Richard Levenberg Dynamic user authentication for access to online services

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LUÍS MIRANDA ET AL: "Context-aware multi-factor authentication", REPOSITORIO INSTITUCIONAL DA FCT-UNL, 24 September 2010 (2010-09-24), PT, XP055091109, Retrieved from the Internet <URL:http://hdl.handle.net/10362/4111> [retrieved on 20131202] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3258407A1 (en) * 2016-06-17 2017-12-20 Fujitsu Limited Apparatus, method, and program for controlling profile data delivery
US10686768B2 (en) 2016-06-17 2020-06-16 Fujitsu Limited Apparatus and method for controlling profile data delivery
WO2019132642A1 (en) * 2017-12-28 2019-07-04 Mimos Berhad Method and system for automated selection of login in a multi-modal authentication system

Also Published As

Publication number Publication date
MY155818A (en) 2015-12-02

Similar Documents

Publication Publication Date Title
US10404754B2 (en) Query system and method to determine authentication capabilities
US9306754B2 (en) System and method for implementing transaction signing within an authentication framework
EP3916593B1 (en) System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices
EP3065366B1 (en) Identification and/or authentication system and method
US9015482B2 (en) System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices
US9219732B2 (en) System and method for processing random challenges within an authentication framework
EP2772078B1 (en) Two-factor authentication systems and methods
US9083689B2 (en) System and method for implementing privacy classes within an authentication framework
US8341710B2 (en) Ubiquitous webtoken
US20110202982A1 (en) Methods And Systems For Management Of Image-Based Password Accounts
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
US10630669B2 (en) Method and system for user verification
WO2007037703A1 (en) Human factors authentication
US20140173707A1 (en) Disabling Unauthorized Access To Online Services
KR20250099091A (en) Cross authentication method and system between online service server and client
KR102313868B1 (en) Cross authentication method and system using one time password
KR101627896B1 (en) Authentication method by using certificate application and system thereof
WO2014011026A1 (en) A system and method for multimodal authentication platform
EP3268890B1 (en) A method for authenticating a user when logging in at an online service
CN103716366A (en) Cloud computing server access system and access method
CN104519073A (en) AAA multi-factor security-enhanced authentication method
HK1263015A1 (en) Query system and method to determine authentication capabilities

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13748118

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13748118

Country of ref document: EP

Kind code of ref document: A1