[go: up one dir, main page]

WO2018009692A1 - Procédés et systèmes pour augmenter la sécurité de l'authentification biométrique d'un utilisateur - Google Patents

Procédés et systèmes pour augmenter la sécurité de l'authentification biométrique d'un utilisateur Download PDF

Info

Publication number
WO2018009692A1
WO2018009692A1 PCT/US2017/040936 US2017040936W WO2018009692A1 WO 2018009692 A1 WO2018009692 A1 WO 2018009692A1 US 2017040936 W US2017040936 W US 2017040936W WO 2018009692 A1 WO2018009692 A1 WO 2018009692A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
challenge
response
electronic device
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2017/040936
Other languages
English (en)
Inventor
Andreas Schmidt
Patrick Thomas IGOE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PCMS Holdings Inc
Original Assignee
PCMS Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PCMS Holdings Inc filed Critical PCMS Holdings Inc
Publication of WO2018009692A1 publication Critical patent/WO2018009692A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B13/00Transmission systems characterised by the medium used for transmission, not provided for in groups H04B3/00 - H04B11/00
    • H04B13/005Transmission systems in which the medium consists of the human body
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/217Validation; Performance evaluation; Active pattern learning techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1382Detecting the live character of the finger, i.e. distinguishing from a fake or cadaver finger
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/68Gesture-dependent or behaviour-dependent

Definitions

  • Sensitive information is increasingly being saved electronically and is accessible through various different computing devices, such as computers, tablets, automatic teller machines, and smart phones. Access to sensitive information is controlled via authentication methods, such as username and passwords, biometric systems detecting fingerprints or performing facial recognition, 2-part authentication, and the like.
  • Described herein are systems and methods for augmenting security of biometric user authentication.
  • Two countermeasures to spoofing attacks include liveness detection and multimodal biometrics.
  • Liveness detection provides evidence that the biometric factor is presented by a live human being, and not by someone using an artifact.
  • liveness detection include having the user perform actions like winking or smiling during authentication.
  • Multimodal biometrics combine multiple biometric factors to raise the effort for the attacker to successfully gain access via the authentication system.
  • a method of authentication uses a biometric supplement device (BSD), such as a wristband, that is separate from the biometric authentication point.
  • BSD is configured to be worn by a user and to communicate with the biometric authentication device, such as a fingerprint sensor in an automated teller machine (ATM).
  • the BSD can deliver data to augment the security of biometric authentication, including liveness data and raw biometric data.
  • the data may be delivered by body-coupled communication (BCC), such as digital communication through human body tissue.
  • BCC body-coupled communication
  • Another embodiment takes the form of a method, the method comprising detecting a fingerprint touch by a user's finger; responsive to a determination that the fingerprint touch is associated with a valid fingerprint: sending a challenge message to a wearable electronic device; and receiving, by the user device, a challenge response from the wearable electronic device; wherein one or both of the challenge message and the challenge response is transmitted via an electrical signal through the user's finger; and responsive to a determination that the challenge response comprises a valid response to the challenge message, authenticating user access to the user device.
  • FIG. 1A depicts an example communications system in which one or more disclosed embodiments may be implemented.
  • FIG. IB depicts an example electronic device that may be used within the communications system of FIG. 1A.
  • FIG. 1C depicts an example network entity 190, that may be used within the communication system 100 of FIG. 1A.
  • FIG. 2A depicts a first method, in accordance with an embodiment.
  • FIG. 2B depicts a first authentication configuration using a biometric supplement device, in accordance with an embodiment.
  • FIG. 3 depicts technical features to support body-coupled communication (BCC), in accordance with some embodiments.
  • FIG. 4 depicts a first method of BSD supplemented authorization, in accordance with some embodiments.
  • FIG. 5 depicts a first communication sequence for biometric authentication augmented with BSD, in accordance with some embodiments.
  • FIG. 6 depicts a second method of supplemented authentication, in accordance with some embodiments.
  • FIG. 7 depicts a second communication sequence for biometric authentication augmented with BSD, in accordance with some embodiments.
  • FIG. 8 depicts an authentication configuration using an object sensor, in accordance with some embodiments.
  • FIG. 9 depicts an example method of authentication using an object sensor, in accordance with some embodiments.
  • FIG. 10 depicts an example communication sequence for authentication using an obj ect sensor, in accordance with some embodiments.
  • the systems and methods relating to augmenting security of biometric user authentication may be used with the wired and wireless communication systems described with respect to FIGS. 1 A-1C. As an initial matter, these wired and wireless systems will be described.
  • FIG. 1 A is a diagram of an example communications system 100 in which one or more disclosed embodiments may be implemented.
  • the communications system 100 may be a multiple access system that provides content, such as voice, data, video, messaging, broadcast, and the like, to multiple wireless users.
  • the communications system 100 may enable multiple wired and wireless users to access such content through the sharing of system resources, including wired and wireless bandwidth.
  • the communications systems 100 may employ one or more channel-access methods, such as code division multiple access (CDMA), time division multiple access (TDMA), frequency division multiple access (FDMA), orthogonal FDMA (OFDMA), single-carrier FDMA (SC-FDMA), and the like.
  • CDMA code division multiple access
  • TDMA time division multiple access
  • FDMA frequency division multiple access
  • OFDMA orthogonal FDMA
  • SC-FDMA single-carrier FDMA
  • the communications systems 100 may also employ one or more wired communications standards (e.g.: Ethernet, DSL, radio frequency (RF) over coaxial cable, fiber optics, and the like.
  • the communications system 100 may include electronic devices (also referred to as wireless transmit/receive units (WTRUs)) 102a, 102b, 102c, and/or 102d, Radio Access Networks (RAN) 103/104/105, a core network 106/107/109, a public switched telephone network (PSTN) 108, the Internet 110, and other networks 112, and communication links 115/116/117, and 119, though it will be appreciated that the disclosed embodiments contemplate any number of electronic devices, base stations, networks, and/or network elements.
  • WTRUs wireless transmit/receive units
  • RAN Radio Access Networks
  • PSTN public switched telephone network
  • Each of the electronic devices 102a, 102b, 102c, 102d may be any type of device configured to operate and/or communicate in a wired or wireless environment.
  • the electronic device 102a is depicted as a tablet computer
  • the electronic device 102b is depicted as a smart phone
  • the electronic device 102c is depicted as a computer
  • the electronic device 102d is depicted as a television, although certainly other types of devices could be utilized.
  • the communications systems 100 may also include a base station 114a and a base station 114b.
  • Each of the base stations 114a and 114b may be any type of device configured to wirelessly interface with at least one of the WTRUs 102a, 102b, 102c, 102d to facilitate access to one or more communication networks, such as the core network 106/107/109, the Internet 110, and/or the networks 112.
  • the base stations 114a, 114b may be a base transceiver station (BTS), a Node-B, an eNode B, a Home Node B, a Home eNode B, a site controller, an access point (AP), a wireless router, and the like. While the base stations 114a, 114b are each depicted as a single element, it will be appreciated that the base stations 114a, 114b may include any number of interconnected base stations and/or network elements.
  • the base station 114a may be part of the RAN 103/104/105, which may also include other base stations and/or network elements (not shown), such as a base station controller (BSC), a radio network controller (RNC), relay nodes, and the like.
  • the base station 114a and/or the base station 114b may be configured to transmit and/or receive wireless signals within a particular geographic region, which may be referred to as a cell (not shown).
  • the cell may further be divided into sectors.
  • the cell associated with the base station 114a may be divided into three sectors.
  • the base station 114a may include three transceivers, i.e., one for each sector of the cell.
  • the base station 114a may employ multiple- input multiple output (MEVIO) technology and, therefore, may utilize multiple transceivers for each sector of the cell.
  • MMVIO multiple- input multiple output
  • the base stations 114a, 114b may communicate with one or more of the electronic devices 102a, 102b, 102c, and 102d over an air interface 115/116/117, or communication link 119, which may be any suitable wired or wireless communication link (e.g., radio frequency (RF), microwave, infrared (IR), ultraviolet (UV), visible light, and the like).
  • the air interface 115/116/117 may be established using any suitable radio access technology (RAT).
  • RAT radio access technology
  • the communications system 100 may be a multiple access system and may employ one or more channel-access schemes, such as CDMA, TDMA, FDMA, OFDMA, SC-FDMA, and the like.
  • the base station 114a in the RAN 103/104/105 and the electronic devices 102a, 102b, 102c may implement a radio technology such as Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (UTRA), which may establish the air interface 115/116/117 using wideband CDMA (WCDMA).
  • WCDMA may include communication protocols such as High-Speed Packet Access (HSPA) and/or Evolved HSPA (HSPA+).
  • HSPA may include High-Speed Downlink Packet Access (HSDPA) and/or High-Speed Uplink Packet Access (HSUPA).
  • the base station 114a and the electronic devices 102a, 102b, and 102c may implement a radio technology such as Evolved UMTS Terrestrial Radio Access (E-UTRA), which may establish the air interface 115/116/117 using Long Term Evolution (LTE) and/or LTE-Advanced (LTE-A).
  • E-UTRA Evolved UMTS Terrestrial Radio Access
  • LTE Long Term Evolution
  • LTE-A LTE-Advanced
  • the base station 114a and the electronic devices 102a, 102b, and 102c may implement radio technologies such as IEEE 802.16 (i.e., Worldwide Interoperability for Microwave Access (WiMAX)), CDMA2000, CDMA2000 IX, CDMA2000 EV-DO, Interim Standard 2000 (IS-2000), Interim Standard 95 (IS-95), Interim Standard 856 (IS-856), Global System for Mobile communications (GSM), Enhanced Data rates for GSM Evolution (EDGE), GSM EDGE (GERAN), and the like.
  • IEEE 802.16 i.e., Worldwide Interoperability for Microwave Access (WiMAX)
  • CDMA2000, CDMA2000 IX, CDMA2000 EV-DO Code Division Multiple Access 2000
  • IS-95 Interim Standard 95
  • IS-856 Interim Standard 856
  • GSM Global System for Mobile communications
  • GSM Global System for Mobile communications
  • EDGE Enhanced Data rates for GSM Evolution
  • GERAN GSM EDGERAN
  • the base station 114b in FIG. 1 A may be a wired router, a wireless router, Home Node B, Home eNode B, or access point, as some examples, and may utilize any suitable wired transmission standard or RAT for facilitating wireless connectivity in a localized area, such as a place of business, a home, a vehicle, a campus, and the like.
  • the base station 114b and the electronic devices 102c and 102d may implement a radio technology such as IEEE 802.11 to establish a wireless local area network (WLAN).
  • the base station 114b and the electronic devices 102c and 102d may implement a radio technology such as IEEE 802.15 to establish a wireless personal area network (WPAN).
  • WLAN wireless local area network
  • WPAN wireless personal area network
  • the base station 114b and the electronic devices 102c and 102d may utilize a cellular-based RAT (e.g., WCDMA, CDMA2000, GSM, LTE, LTE-A, and the like) to establish a picocell or femtocell.
  • a cellular-based RAT e.g., WCDMA, CDMA2000, GSM, LTE, LTE-A, and the like
  • the base station 114b communicates with electronic devices 102a, 102b, 102c, and 102d through communication links 119. As shown in FIG. 1A, the base station
  • the base station 114b may have a direct connection to the Internet 110.
  • the base station 114b may not be required to access the Internet 110 via the core network 106/107/109.
  • the RAN 103/104/105 may be in communication with the core network 106/107/109, which may be any type of network configured to provide voice, data, applications, and/or voice over internet protocol (VoIP) services to one or more of the electronic devices 102a, 102b, 102c, and 102d.
  • the core network 106/107/109 may provide call control, billing services, mobile location-based services, pre-paid calling, Internet connectivity, video distribution, and the like, and/or perform high-level security functions, such as user authentication.
  • the RAN 103/104/105 and/or the core network 106/107/109 may be in direct or indirect communication with other RANs that employ the same RAT as the RAN 103/104/105 or a different RAT.
  • the core network 106/107/109 may also be in communication with another RAN (not shown) employing a GSM radio technology.
  • the core network 106/107/109 may also serve as a gateway for the electronic devices 102a, 102b, 102c, and 102d to access the PSTN 108, the Internet 110, and/or other networks 112.
  • the PSTN 108 may include circuit-switched telephone networks that provide plain old telephone service (POTS).
  • POTS plain old telephone service
  • the Internet 110 may include a global system of interconnected computer networks and devices that use common communication protocols, such as the transmission control protocol (TCP), user datagram protocol (UDP) and IP in the TCP/IP Internet protocol suite.
  • the networks 112 may include wired and/or wireless communications networks owned and/or operated by other service providers.
  • the networks 112 may include another core network connected to one or more RANs, which may employ the same RAT as the RAN 103/104/105 or a different RAT.
  • the electronic devices 102a, 102b, 102c, and 102d in the communications system 100 may include multi-mode capabilities, i.e., the electronic devices 102a, 102b, 102c, and 102d may include multiple transceivers for communicating with different wired or wireless networks over different communication links.
  • the WTRU 102c shown in FIG. 1A may be configured to communicate with the base station 114a, which may employ a cellular-based radio technology, and with the base station 114b, which may employ an IEEE 802 radio technology.
  • FIG. IB depicts an example electronic device that may be used within the communications system of FIG. 1A. In particular, FIG.
  • IB is a system diagram of an example electronic device, or WTRU, 102.
  • the electronic device 102 may include a processor 118, a transceiver 120, a transmit/receive element 122, a speaker/microphone 124, a keypad 126, a display/touchpad 128, a non-removable memory 130, a removable memory 132, a power source 134, a global positioning system (GPS) chipset 136, and other peripherals 138.
  • GPS global positioning system
  • the base stations 114a and 114b, and/or the nodes that base stations 114a and 114b may represent, such as but not limited to transceiver station (BTS), a Node-B, a site controller, an access point (AP), a home node-B, an evolved home node-B (eNodeB), a home evolved node-B (He B), a home evolved node-B gateway, and proxy nodes, among others, may include some or all of the elements depicted in FIG. IB and described herein.
  • BTS transceiver station
  • Node-B a Node-B
  • AP access point
  • eNodeB evolved home node-B
  • He B home evolved node-B gateway
  • proxy nodes among others, may include some or all of the elements depicted in FIG. IB and described herein.
  • the processor 118 may be a general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASICs), Field Programmable Gate Array (FPGAs) circuits, any other type of integrated circuit (IC), a state machine, and the like.
  • the processor 1 18 may perform signal coding, data processing, power control, input/output processing, and/or any other functionality that enables the electronic device 102 to operate in a wired or wireless environment.
  • the processor 118 may be coupled to the transceiver 120, which may be coupled to the transmit/receive element 122. While FIG. IB depicts the processor 118 and the transceiver 120 as separate components, it will be appreciated that the processor 118 and the transceiver 120 may be integrated together in an electronic package or chip.
  • the transmit/receive element 122 may be configured to transmit signals to, or receive signals from, a base station (e.g., the base station 114a) over the air interface 115/116/117 or communication link 119.
  • the transmit/receive element 122 may be an antenna configured to transmit and/or receive RF signals.
  • the transmit/receive element 122 may be an emitter/detector configured to transmit and/or receive IR, UV, or visible light signals, as examples.
  • the transmit/receive element 122 may be configured to transmit and receive both RF and light signals.
  • the transmit/receive element may be a wired communication port, such as an Ethernet port. It will be appreciated that the transmit/receive element 122 may be configured to transmit and/or receive any combination of wired or wireless signals.
  • the transmit/receive element 122 is depicted in FIG. IB as a single element, the electronic device 102 may include any number of transmit/receive elements 122. More specifically, the electronic device 102 may employ MFMO technology. Thus, in one embodiment, the electronic device 102 may include two or more transmit/receive elements 122 (e.g., multiple antennas) for transmitting and receiving wireless signals over the air interface 115/116/117.
  • the transceiver 120 may be configured to modulate the signals that are to be transmitted by the transmit/receive element 122 and to demodulate the signals that are received by the transmit/receive element 122.
  • the electronic device 102 may have multi-mode capabilities.
  • the transceiver 120 may include multiple transceivers for enabling the electronic device 102 to communicate via multiple RATs, such as UTRA and IEEE 802.11, as examples.
  • the processor 118 of the electronic device 102 may be coupled to, and may receive user input data from, the speaker/microphone 124, the keypad 126, and/or the display/touchpad 128 (e.g., a liquid crystal display (LCD) display unit or organic light-emitting diode (OLED) display unit).
  • the processor 118 may also output user data to the speaker/microphone 124, the keypad 126, and/or the display/touchpad 128.
  • the processor 118 may access information from, and store data in, any type of suitable memory, such as the non-removable memory 130 and/or the removable memory 132.
  • the non-removable memory 130 may include random-access memory (RAM), read-only memory (ROM), a hard disk, or any other type of memory storage device.
  • the removable memory 132 may include a subscriber identity module (SIM) card, a memory stick, a secure digital (SD) memory card, and the like.
  • SIM subscriber identity module
  • SD secure digital
  • the processor 118 may access information from, and store data in, memory that is not physically located on the electronic device 102, such as on a server or a home computer (not shown).
  • the processor 118 may receive power from the power source 134, and may be configured to distribute and/or control the power to the other components in the electronic device 102.
  • the power source 134 may be any suitable device for powering the electronic device 102.
  • the power source 134 may include one or more dry cell batteries (e.g., nickel- cadmium (NiCd), nickel-zinc (NiZn), nickel metal hydride (NiMH), lithium-ion (Li-ion), and the like), solar cells, fuel cells, a wall outlet and the like.
  • the processor 118 may also be coupled to the GPS chipset 136, which may be configured to provide location information (e.g., longitude and latitude) regarding the current location of the electronic device 102.
  • location information e.g., longitude and latitude
  • the electronic device 102 may receive location information over the air interface 115/116/117 from a base station (e.g., base stations 114a, 114b) and/or determine its location based on the timing of the signals being received from two or more nearby base stations. It will be appreciated that the electronic device 102 may acquire location information by way of any suitable location-determination method while remaining consistent with an embodiment. In accordance with an embodiment, the electronic device 102 does not comprise a GPS chipset and does not acquire location information.
  • the processor 118 may further be coupled to other peripherals 138, which may include one or more software and/or hardware modules that provide additional features, functionality and/or wired or wireless connectivity.
  • the peripherals 138 may include an accelerometer, an e-compass, a satellite transceiver, a digital camera (for photographs or video), a universal serial bus (USB) port, a vibration device, a television transceiver, a hands free headset, a Bluetooth® module, a frequency modulated (FM) radio unit, a digital music player, a media player, a video game player module, an Internet browser, a thermometer, a barometer, an altimeter, an air sampler, a light detector, an accelerometer, a compass, a humidity detector, a biometric sensor, and the like.
  • the various peripherals may be configured to detect surrounding events in order to capture video and audio streams and associated contextual information.
  • FIG. 1C depicts an example network entity 190 that may be used within the communication system 100 of FIG. 1A.
  • network entity 190 includes a communication interface 192, a processor 194, and non-transitory data storage 196, all of which are communicatively linked by a bus, network, or other communication path 198.
  • Communication interface 192 may include one or more wired communication interfaces and/or one or more wireless-communication interfaces. With respect to wired communication, communication interface 192 may include one or more interfaces such as Ethernet interfaces, as an example. With respect to wireless communication, communication interface 192 may include components such as one or more antennae, one or more transceivers/chipsets designed and configured for one or more types of wireless (e.g., LTE) communication, and/or any other components deemed suitable by those of skill in the relevant art. And further with respect to wireless communication, communication interface 192 may be equipped at a scale and with a configuration appropriate for acting on the network side— as opposed to the client side— of wireless communications (e.g., LTE communications, Wi-Fi communications, and the like). Thus, communication interface 192 may include the appropriate equipment and circuitry (perhaps including multiple transceivers) for serving multiple mobile stations, UEs, or other access terminals in a coverage area.
  • wireless communication interface 192 may include the appropriate equipment and circuitry (perhaps including multiple transceivers)
  • Processor 194 may include one or more processors of any type deemed suitable by those of skill in the relevant art, some examples including a general-purpose microprocessor and a dedicated DSP.
  • Data storage 196 may take the form of any non-transitory computer-readable medium or combination of such media, some examples including flash memory, read-only memory (ROM), and random-access memory (RAM) to name but a few, as any one or more types of non- transitory data storage deemed suitable by those of skill in the relevant art could be used.
  • data storage 196 contains program instructions 197 executable by processor 194 for carrying out various combinations of the various network-entity functions described herein.
  • the network-entity functions described herein are carried out by a network entity having a structure similar to that of network entity 190 of FIG. 1C. In some embodiments, one or more of such functions are carried out by a set of multiple network entities in combination, where each network entity has a structure similar to that of network entity 190 of FIG. 1C.
  • network entity 190 is— or at least includes— one or more of the encoders, one or more of (one or more entities in) RAN 103, (one or more entities in) RAN 104, (one or more entities in) RAN 105, (one or more entities in) core network 106, (one or more entities in) core network 107, (one or more entities in) core network 109, or one or more entities in a base station, a Node-B, an RNC, a MGW, a MSC, a SGSN, a GGSN, an eNode-B, a MME, a serving gateway, a PDN gateway, an ASN gateway, a MIP-HA, and an AAA, and a gateway.
  • network entities and/or combinations of network entities could be used in various embodiments for carrying out the network-entity functions described herein, as the foregoing list is provided by way of example and not by way of limitation.
  • FIG. 2A depicts an example method, in accordance with some embodiments.
  • FIG. 2A depicts the example method 200 that includes detecting a fingerprint at 202, sending a challenge message to a wearable electronic device at 204, receiving a challenge response from a wearable electronic device at 206, and authentication user access at 208.
  • a fingerprint reader on a user device detects a fingerprint touch by a user' s finger at 202. The detected fingerprint is compared to stored representations of valid user's fingerprints.
  • the electronic device Responsive to determining that the detected fingerprint is associated with a valid user, the electronic device sends a challenge message to a wearable electronic device at 204 and receives a challenge response from the wearable electronic device at 206. Either one or both of the challenge message and the challenge response is transmitted via an electrical signal through the user's finger.
  • Example methods for transmitting an electrical signal through a user's finger comprise body- coupled communications (BCC).
  • BCC body- coupled communications
  • one of the challenge message and the challenge response is transmitted via electrical signals through a user's finger and the other one of the challenge message and the challenge response is transmitted via a radio frequency transmission.
  • Example radio frequency transmissions include NFC transmissions, Bluetooth transmissions, WiFi transmissions, and the like.
  • FIG. 2B depicts a first authentication configuration using a biometric supplement device, in accordance with an embodiment.
  • FIG. 2B depicts the configuration 250, which may be used to carry out the method 200.
  • the configuration 250 includes a tablet computer 252 having fingerprint scanner 254 that operates as a biometric authentication point, a user's arm 256, a wristband electronic device 258 that operates as a biometric supplement device (BSD), and a communication path 260.
  • the tablet computer 252 and the wristband electronic device 258 may include the functional components of the electronic device 102 described in FIG. IB.
  • the embodiment depicted in configuration 250 includes the tablet computer 252 having the fingerprint scanner 254 operating as the biometric authentication point and the wristband electronic device 258 operating as the BSD, it is to be understood that different components could be substituted.
  • the BSD may be any wearable electronic device configured to support either sending or receiving communications via BCC.
  • the biometric authentication point is an automatic teller machine (ATM) and the BSD is a smart-watch.
  • ATM automatic teller machine
  • one BSD may be configured to interact with many different types of biometric authentic points.
  • a user with a BSD may supplement biometric authentication on a smart phone, a tablet computer, an automatic teller machine, a security door lock, and the like.
  • the BSD does not perform biometric pattern matching, and thus no sensitive user-related data is stored on the BSD.
  • a BSD may have access to additional biometric sensors attached to the human body and thus be able to obtain an additional biometric factor for user authentication.
  • a fixed sensor e.g., the fingerprint scanner 254 in a tablet may read a fingerprint
  • the BSD e.g., the wearable electronic device 258 provides the secondary factor of ECG patterns to the biometric authentication.
  • the tablet computer 252 includes a fingerprint reader, such as the fingerprint scanner 254. As a portion of the authentication process, the fingerprint scanner 254 detects a user's fingerprint (202 of method 200). To determine if the detected fingerprint is associated with a valid fingerprint, the detected fingerprint is compared to a stored representation of the user' s fingerprint. The comparison may be performed by the tablet computer 252, a remote server, or the like.
  • the tablet computer 252 Responsive to detecting a valid finger print, the tablet computer 252 sends a challenge message to the wristband electronic device 258 (204 of method 200). The wristband electronic device 258 then transmits a challenge response (206 of method 200) to the tablet computer 252. Responsive to receiving a valid challenge response, the tablet computer 252 authenticates the user (208 of method 200) to access the device. Authenticating a user to access the device may comprise unlocking the tablet computer 252, permitting the user to use a specific application hosted on the user device, interact with the user device - for example withdrawal money from an ATM, and the like.
  • the wristband electronic device 258 is worn on the user's arm 256.
  • the wristband electronic device 258 may be configured to receive a challenge message, and provide a challenge response in the form of transmitting detected liveness data associated with the user via a liveness sensor.
  • Example of liveness data and liveness sensors able to detect the liveness data include: detection of a heartbeat or pulse as detected by a heartrate meter, detection of perspiration as determined by a sensor able to detect the difference in the dielectric constant and/or electrical conductivity between drier lipids of the outer skin layer and the moister sweatier areas near perspiring pores, temperature as detected by a thermometer, spectroscopic characteristics as detected by a multispectral imager detecting wavelengths of light reflected from the skin, a skin layer's response to acoustic signals as detected by a receiver, a skin layer's response to hot and cold stimulus as detected by a blood-flow sensor, a skin layer's color change response to a change in pressure as detected by a multispectral imager; a skin's electrical properties as detected by an electrode or series of electrodes, visible characteristics as detected by a camera or laser system, blood oxidation levels as detected by a blood oxygenation sensor and the like.
  • the liveness data may be evaluated by the BSD itself.
  • the result of the evaluation may be sent as a binary signal to the biometric authentication device, such as the fingerprint scanner 254.
  • the result may indicate, for example, that the liveness data is likely to have been collected from a living human.
  • the wristband electronic device 258 may be further configured to detect raw biometric data obtained through the BSD's various sensors attached to the user's body.
  • the wristband electronic device 258 includes sensors able detect biometric data, such as heartbeats.
  • the raw biometric data may be transmitted to a secure third party which performs identification by template matching, and reports the result of the matching to the tablet computer 252.
  • the communication path 260 is used to facilitate two-way communication between the tablet computer 252 and the wristband electronic device 258.
  • the communication path 260 comprises sending a message via electronic signals through the user's body (e.g., through a finger, hand, and arm to a wrist-worn electronic device).
  • Sending an electronic signal through a user' s body may comprise body-coupled communication (BCC), which is digital communication through the human body tissue.
  • BCC body-coupled communication
  • the body tissue acts as a conduit for the electrical signal.
  • the BCC may be a form of near-field communication technology that uses a body-area network using the human body as a communication path.
  • the wristband electronic device 258 may enter into two-way communication with the fingerprint reader 254 via a BCC communication path to transmit authentication data via the communication path 260. Since the communication path 260 is via the user's arm 256, extra confidence is provided that the BSD communicating the liveness data to the authentication point is worn by a live human.
  • the fingerprint reader 254 and the wristband electronic device 258 enter a challenge-response communication sequence via a BCC communication path 260 in addition to the wearable electronic device 258 transmitting the liveness or biometric anti-spoofing data.
  • a user device responsive to detecting a valid fingerprint (e.g., detecting a user's fingerprint at fingerprint scanner 254), a user device, such as the tablet computer 252, sends a challenge message to a wearable electronic device, such as the wristband electronic device 258. The user device then receives a challenge response from the wearable electronic device.
  • a challenge message or challenge response is transmitted via electrical signals through the user's finger between the devices (e.g., via BCC between the tablet computer 252 and the wristband electronic device 258.)
  • FIG. 3 depicts technical features to support body-coupled communication (BCC), in accordance with some embodiments.
  • the technical features 300 depicted in FIG. 3 may be used to facilitate the communication path 260 via the user's arm 256 of FIG. 2B.
  • both the tablet computer 252 and the wristband electronic device 258 may be equipped with transmitters and receivers.
  • a transmitter 302 induces a signal through a signal electrode 302a to the human body 306.
  • the electrical signal passes through the human body 306 and is received by a signal electrode 302b associated with the receiver 304.
  • the human body 306 acts as a conductor and in some embodiments, it is able to transmit digital signals on the order of up to 30 MHz.
  • FIG. 4 depicts a first method of BSD supplemented authorization, in accordance with some embodiments.
  • FIG. 4 depicts the method 400, which includes an authorization point (AuP) sending a token to the BSD via BCC at 402, the BSD verifying the token at 404, the BSD sending a response to the AuP via BCC at 406, and the AuP verifying the response at 408.
  • AuP authorization point
  • the configuration 250 depicted in FIG. 2B may be used to perform the method 400, with the AuP being a component of a tablet computer 252, the BSD being implemented in a wristband electronic device 258, and the communication path 260 being used as a communication path for the BCC communications.
  • the AuP sends an authorization token to the BSD via BCC.
  • the AuP may additionally transmit a challenge value with the authorization token.
  • the authorization token is evaluated by the BSD and authorizes the AuP to receive data from the BSD, such that the BSD will perform the subsequent authorization steps only if the authorization data is evaluated as a positive result.
  • the authorization data may include digitally signed data.
  • there is a challenge-response exchange for authorization of the AuP towards the BSD wherein the BSD issues an authorization challenge which the AuP digitally signs as the authorization token.
  • the challenge may be a freshly generated random number used only once (e.g.; a nonce).
  • the BSD verifies the AuP's authorization token. If the authorization is evaluated positively, the BSD detects liveness data or biometric data from the user's body through liveness or biometric sensors.
  • the BSD sends a response to the AuP via BCC. After the BSD gathers the necessary data, it creates a response to the token received from the AuP. The response is used by the AuP to verify the authenticity of the BSD and the data received by the AuP from the BSD. The data may be protected by a message authentication code, such as an HMAC value, using the response value as keying material. The BSD compiles a response message, which includes the authentication response.
  • a message authentication code such as an HMAC value
  • the response message may also include information on the user's liveness, raw or processed liveness data from the biometric sensors, raw and processed biometric data from additional biometric sensors, and the like.
  • the response message may also be part of a challenge- response exchange for authorization along with the received token.
  • the BSD sends the response message to the AuP through the communication path using BCC.
  • the response message may be transmitted through another communication channel, such as a NFC wireless channel.
  • the AuP verifies the response. If the authentication response is verified, the AuP proceeds to check any liveness data received from the BSD.
  • the AuP may evaluate liveness data, which may be a yes/no determination made by the BSD or raw liveness data that the AuP evaluates for liveness. If the authentication checks are successful, the AuP reads a biometric authentication factor with its biometric sensors. For example, a fingerprint reader on the AuP may scan a fingerprint for biometric authorization. In some embodiments, the AuP may evaluate additional biometric data to strengthen the biometric user authentication. In some embodiments, the AuP transmits portions of the response message to a trusted third party to aide in the evaluation of the authentication. After verification of the evaluations of biometric data are successful, the AuP renders a positive authentication decision for the use. Following a positive authentication decision, the AuP may permit the user to access the device.
  • FIG. 5 depicts a first communication sequence for biometric authentication augmented with BSD, in accordance with some embodiments.
  • FIG. 5 depicts the communication sequence 500 and depicts the communications between a biometric server 502, an authentication point 504, a primary biometric factor 506, a BSD 508, a liveness sensor 510, and a secondary biometric factor 512.
  • the sequence 500 is used to depict the steps 402-408 from the method 400, and the steps 514-520.
  • the communication sequence 500 may be used to perform the method 400 of FIG. 4, and be performed by the components depicted in the configuration 250 of FIG. 2B.
  • the biometric server 502 is a remote server communicatively coupled with the AuP 504 and may be used to assist in evaluation of received biometric data.
  • the AuP 504 is an authentication point that serves as the main biometric sensor and attached authentication logic. It may be further configured to read and authenticate the primary biometric factor, such as a user's index finger fingerprint.
  • An example of the AuP 504 includes the tablet computer 252 of FIG. 2B.
  • the BSD is a supplemental biometric device, an example of which is the wristband electronic device 258 of FIG. 2B. It may include, or be communicatively coupled to, the liveness sensor 510 and a sensor able to detect the second biometric factor 512.
  • the AuP sends the token to the BSD via BCC at 402.
  • the BSD verifies the token.
  • the BSD receives liveness data (514) from the liveness sensor 510 and may also receive (516) the secondary biometric data 512.
  • the BSD 508 sends the response to the AuP, via BCC or other suitable means, at 406.
  • the AuP 504 reads and evaluates the received primary biometric factor through its biometric sensors. If desired, the AuP 504 may transmit portions of the response and the primary biometric factor to the biometric server 502 for assistance in evaluation. After successful verification, the AuP 504 renders a positive authentication decision on the user.
  • all or portions of the data transmitted through the communication path between the AuP and the BSD may be though a wireless communication path with an authenticated proximity measure.
  • at least one communication between the AuP 504 and the BSD 508 is via electrical signals transmitted through a user's skin.
  • a positive authentication may result without positive evaluation of the primary biometric factor.
  • the AuP may not include an operational biometric sensor capable of detecting the primary biometric parameter.
  • the secondary biometric factor may satisfy the authentication requirement.
  • the steps depicted in the sequence 500 may be re-ordered or be carried out independent of each other.
  • the AuP 504 may receive the primary biometric factor 506 at step 518 after the user's finger touches the biometric sensor rather than waiting for the steps 402-408 to occur.
  • the BSD 508 may continually receive liveness and biometric data before receiving the token at step 402.
  • liveness data is continuously monitored during the authentication to ensure the user presenting the biometric data is the user who is wearing or is otherwise associated with the BSD.
  • the AuP 504 and BSD 508 may continually probe the BCC communication path with challenge and response messages via the BCC communication path.
  • the communication sequence 500 is altered to send an authorization and challenge between an AuP 504 and a BSD 508 via BCC communication; the BSD 508 checks the authorization and creates an authentication response.
  • the authentication response may further include data related to detected liveness or other biometric evaluations.
  • the BSD 508 returns the response to the AuP 504 through a communication channel, which may include a BCC or wireless channel.
  • the data may be binary yes/no information related to liveness, processed data, unprocessed data, and may be encrypted.
  • the AuP 504 checks the authentication response, which includes checking the liveness data, and optionally any secondary biometric evaluations performed at the BSD 508.
  • the AuP 504 then performs a biometric authentication of a primary biometric parameter, such as a finger print biometric parameter to complete authorization.
  • an AuP 504 first detects and authenticates a first biometric parameter, such as a fingerprint, and responsively sends a challenge message via a BCC communication path to a BSD 508 associated with the user.
  • the BSD 508 prepares and sends a challenge response via the BCC communication path. Responsive to the AuP 504 determining that the challenge response is valid, the user is allowed access to the device.
  • the challenge message may be a request for biometric measurements or liveness data, and the challenge response includes information responsive to the challenge request, such as the requested biometric measurements or liveness data.
  • FIG. 6 depicts a second method of supplemented authentication, in accordance with some embodiments.
  • FIG. 6 depicts the method 600 that includes a BSD sensing a user device and determining the user device type at 602, the BSD retrieving liveness data at 604, the BSD sending a response to the device via BCC at 606, and the device evaluating the response for authentication at 608.
  • the method 600 may be accomplished with the components of the configuration 250 of FIG. 2B.
  • the tablet computer 252 may be the user device
  • the wearable electronic device 258 may be the BSD
  • the communication path 260 may facilitate BCC communications.
  • the BSD detects that the user is touching an AuP.
  • the BSD further determines the type of AuP the user is touching.
  • the BSD operates autonomously in that it initially senses the contact of the user's body to the biometric AuP, authentication device, without actively communicating with the AuP.
  • the BSD continually senses electronic emissions using the user's body, for example, by the skin surface acting as a conduit, to detect emission patterns. By comparing the detected emission patterns with previously- stored emission patterns of known authentication points (and/or emission patterns of user devices equipped with AuPs), the BSD is able to determine when the user's finger makes physical contact to the biometric authentication sensor of the user device or other authentication point.
  • the BSD retrieves liveness data. Similar to steps 514 and 516 discussed in FIG. 5, the BSD 508 detects liveness data (510). In some embodiments, the BSD 508 also detects a secondary biometric factor (512). Based on the retrieved information, the BSD 508 prepares and sends a response to the user device via a BCC communication path at 606.
  • the user device evaluates the received response for authentication.
  • the user device evaluates the received response to determine if the user device is connected to the BSD through a live human body.
  • the user device may also perform authentication of a primary biometric factor to provide a final positive authentication decision on the user.
  • FIG. 7 depicts a second communication sequence for biometric authentication augmented with BSD, in accordance with some embodiments.
  • FIG. 7 depicts the communication sequence 700 that includes the components 502-512 discussed in conjunction with FIG. 5, the steps 602-608 discussed in conjunction with the method 600 of FIG. 6, and steps 702- 704. Similar to communication sequence 500 of FIG. 5, the communication sequence 700 may be used to perform the method 600 of FIG. 6, and be performed by the components depicted in the configuration 250 of FIG. 2B.
  • the BSD 508 senses the physical connection to the AuP 504 by reading electromagnetic emissions from its sensors attached to the user's body. The BSD is able to determine a device type based on the received electromagnetic emissions.
  • the BSD 508 retrieves liveness data from the liveness sensor 510 and also receives a second biometric factor 512. Alternatively, authentication may proceed without the BSD 508 obtaining liveness data and rely on transmission of data, such as challenge and responses, via the BCC communication path between the BSD 508 and AuP 504, thus omitting step 604.
  • the BSD 508 sends a response to the AuP 504 via the BCC communication path.
  • the response may simply be a two-way challenge-response communication between the AuP 504 and the BSD 508, or the response may further include data collected by the liveness sensor 510 and the secondary biometric factor 512, or the response may be similar to the response sent in step 406 of the method 400.
  • the AuP 504 evaluates the response for authentication.
  • the evaluation determines if the AuP 504 is connected to the BSD 508 through a human body, and may be based on successful receipt of the challenge and response via a BCC communication path, liveness data, a secondary biometric factor, and the like.
  • the AuP 504 may check primary biometric data 506 for use in authentication, similar to 518 of FIG. 5.
  • the AuP 504 may coordinate with the biometric server 502 for assistance in authentication, similar to 520 of FIG. 5.
  • the user device may render a positive authentication decision on the user.
  • FIG. 8 depicts an authentication configuration using an object sensor, in accordance with some embodiments.
  • FIG. 8 depicts the configuration 800 that includes an object 802 (depicted as a doorknob), a human arm 804, an object sensor 806 (depicted as a wearable electronic device), and an authentication point 808.
  • the object sensor 806 is worn by the user, for example, on the human arm 804.
  • the object sensor 806 may be similar to the wristband electronic device 258 and BSD 508 discussed herein and may be configured to sense when the user touches an object and responsively send out a touch-authentication signal via the communication path 810, which may be a BCC communication path.
  • the object sensor 806 is configured to detect touching of an object based at least in part on detected emission patterns.
  • Exemplary techniques that may be used for detection of emission patterns include techniques disclosed in Laput. (Laput, Gierad, et.
  • the touch authentication signal may be transmitted via the communication path 812 from the object sensor 806 to the authentication point 808 by any number of standard communication channels, such as WiFi, Bluetooth, or NFC, as examples.
  • the touch authentication signal may include data related to the touched object's type, nature, and identity, or the touch authentication signal may be raw or partially processed information associated with the detected touch.
  • the authentication point 808 receives and evaluates the authentication signal to perform authorization functions.
  • An authorization message is sent via the communication path 814, which may be similar to the communication path 812, to the touched object 802. Responsive to receiving the authentication message, the touched object may perform an authentication function.
  • the touched object 802 (the doorknob) may unlock in response to the authentication point 808 receiving the touch authentication signal from the object sensor 806.
  • the object sensor 806 acts as a passive sensor, detecting the electromagnetic emissions from the object through the body (e.g.; the arm 804) of the user.
  • the sensor data is not processed by the object sensor 806, but is sent in unprocessed form to the authentication point 808.
  • the data is integrity protected and authenticated by the object sensor 806 before sending to the authentication point 808.
  • Example methods for protecting include applying a hash message authentication code (HMAC) similar to operation of passive radio frequency identification tags.
  • HMAC hash message authentication code
  • the processing and evaluation of the sensing data is performed by the authentication point 808, which determines the type and characteristics of the touched object.
  • the authentication point 808 then performs authentication functions in response to the satisfactory authentication.
  • the object sensor 806 processes the sensor data to autonomously determine the type of object touched by the user.
  • the object sensor 806 sends a report, and optionally other pre-processed and compressed sensors data, to the authentication point 808.
  • the authentication process may further include a challenge-response authentication protocol in the course of sending the data between the object sensor 806 and the authentication point 808.
  • FIG. 9 depicts an example method of authentication using an object sensor, in accordance with some embodiments.
  • FIG. 9 depicts the method 900 that includes an object sensor sensing physical connection with an object at 902, the object sensor sending a touch authentication signal to an authentication point at 904, the authentication point evaluating the touch authentication signal at 906, and the authentication point effecting an authorization at 908.
  • the components of the configuration 800 may be used to complete the method 900.
  • the object sensor may be the object sensor 806, the touched object may be the doorknob 802, and the authentication point may be the authentication point 808.
  • the object sensor 806 detects (902), via BCC through the communication path 810, that the object (doorknob) 802 is being touched.
  • the object sensor 806 transmits (904), via the communication path 812, an authentication signal to the authorization point 808.
  • the authorization point 808 evaluates (906) the touch authentication signal and effects (908) authorization by transmitting an authorization message to the touched object 802 via the communication path 814. Responsive to receiving the authorization message, the touched object performs the authentication function, for example, the doorknob 802 unlocks.
  • FIG. 10 depicts an example communication sequence for authentication using an obj ect sensor, in accordance with some embodiments.
  • FIG. 10 depicts the communication sequence 1000.
  • the communication sequence 1000 includes the components 802-808 of the configuration 800 that are used to perform the method 900 of FIG. 9.
  • the object sensor 806 senses physical contact between the user 804 and the object 802 at step 902.
  • the object sensor 806 sends a touch authentication signal to the authorization point 808.
  • the authentication point 808 evaluates the touch authentication signal, and in response to a successful authentication, the authentication point 808 effects an authorization function associated with the object 802.
  • the touch authentication message includes authentication data associated with the user wearing the object sensor 806 that is touching the object 802.
  • the authentication data may include an identity of the object sensor 808.
  • the object 802 includes a tag, similar to an RFID tag.
  • Each tag may be individual and associated with a different respective object and may emit deterministic electromagnetic signal patterns to the object's surface.
  • the object sensor 808 detects the deterministic electromagnetic signal associated with the tag and therefore is able to identify the object.
  • the deterministic electromagnetic signal may vary with time, such that the authentication touch response enables the authentication point 808 to determine both what object was touched and when.
  • the authorization functions may vary according to the different objects touched.
  • the touched object is a doorknob, and the authorization function includes unlocking the corresponding door.
  • the touched object is a car in a car-sharing scenario, and the authorization function effected by the authorization point includes determining that the user has touched the right car and unlocking the car.
  • the authorization function may further be extended to starting and stopping the car's engine in response to touching an engine start/stop button.
  • the authorization function effects the playing of personalized multimedia content when an exhibit casing is touched.
  • the authorization function may permit playing of multimedia content when a user touches a smart TV, its remote, or the like.
  • modules that carry out (i.e., perform, execute, and the like) various functions that are described herein in connection with the respective modules.
  • a module includes hardware (e.g., one or more processors, one or more microprocessors, one or more microcontrollers, one or more microchips, one or more application-specific integrated circuits (ASICs), one or more field programmable gate arrays (FPGAs), one or more memory devices) deemed suitable by those of skill in the relevant art for a given implementation.
  • ASICs application-specific integrated circuits
  • FPGAs field programmable gate arrays
  • Each described module may also include instructions executable for carrying out the one or more functions described as being carried out by the respective module, and it is noted that those instructions could take the form of or include hardware (i.e., hardwired) instructions, firmware instructions, software instructions, and/or the like, and may be stored in any suitable non-transitory computer- readable medium or media, such as commonly referred to as RAM, ROM, etc.
  • Examples of computer-readable storage media include, but are not limited to, a read only memory (ROM), a random access memory (RAM), a register, cache memory, semiconductor memory devices, magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • ROM read only memory
  • RAM random access memory
  • register cache memory
  • semiconductor memory devices magnetic media such as internal hard disks and removable disks, magneto-optical media, and optical media such as CD-ROM disks, and digital versatile disks (DVDs).
  • a processor in association with software may be used to implement a radio frequency transceiver for use in a WTRU, UE, terminal, base station, RNC, or any host computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Biomedical Technology (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Human Computer Interaction (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

La présente invention concerne des systèmes et des procédés pour augmenter la sécurité de l'authentification biométrique d'un utilisateur. Selon un mode de réalisation, un procédé consiste à détecter un toucher d'empreinte digitale par le doigt d'un utilisateur; en réponse à une détermination selon laquelle le toucher d'empreinte digitale est associé à une empreinte digitale valide : envoi d'un message de demande à un dispositif électronique portable; et réception, par le dispositif utilisateur, d'une réponse de défi provenant du dispositif électronique portable; l'un ou les deux du message de défi et de la réponse de défi étant transmis par l'intermédiaire d'un signal électrique à travers le doigt de l'utilisateur; et en réponse à une détermination selon laquelle la réponse de défi comprend une réponse valide au message de défi, authentification de l'accès de l'utilisateur au dispositif d'utilisateur.
PCT/US2017/040936 2016-07-08 2017-07-06 Procédés et systèmes pour augmenter la sécurité de l'authentification biométrique d'un utilisateur Ceased WO2018009692A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662359881P 2016-07-08 2016-07-08
US62/359,881 2016-07-08

Publications (1)

Publication Number Publication Date
WO2018009692A1 true WO2018009692A1 (fr) 2018-01-11

Family

ID=59363286

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/040936 Ceased WO2018009692A1 (fr) 2016-07-08 2017-07-06 Procédés et systèmes pour augmenter la sécurité de l'authentification biométrique d'un utilisateur

Country Status (1)

Country Link
WO (1) WO2018009692A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020005729A1 (fr) * 2018-06-28 2020-01-02 Microsoft Technology Licensing, Llc Authentification d'utilisateur à l'aide d'un dispositif compagnon
US10569174B1 (en) 2018-09-27 2020-02-25 Microsoft Licensing Technology, LLC Implementing a graphical overlay for a streaming game based on current game scenario
EP3790248A1 (fr) * 2019-09-09 2021-03-10 The Swatch Group Research and Development Ltd Dispositif electronique d'authentification portable
WO2025109249A1 (fr) * 2023-11-24 2025-05-30 University Of Jyväskylä Authentification multifactorielle sécurisée avec interaction utilisateur

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150163221A1 (en) * 2013-12-05 2015-06-11 Sony Corporation System and method for allowing access to electronic devices using a body area network
US20150379255A1 (en) * 2014-06-25 2015-12-31 Anand Konanur Systems and methods for granting access to a computing device using a wearable device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150163221A1 (en) * 2013-12-05 2015-06-11 Sony Corporation System and method for allowing access to electronic devices using a body area network
US20150379255A1 (en) * 2014-06-25 2015-12-31 Anand Konanur Systems and methods for granting access to a computing device using a wearable device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DRAHANSKY, MARTIN: "Advanced Biometric Technologies", article "Liveness Detection in Biometrics"
LAPUT; GIERAD: "UIST", 2015, ACM, article "EM-Sense: Touch Recognition of Uninstrumented, Electrical and Electromechanical Objects"
MARTIN DRAHANSKY ED - GIRIJA CHETTY ET AL: "Advanced Biometric Technologies, Chapter 9: Liveness Detection in Biometrics", 1 January 2011, ADVANCED BIOMETRIC TECHNOLOGIES, INTECH, PAGE(S) 179 - 198, ISBN: 978-953-307-487-0, XP002737507 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020005729A1 (fr) * 2018-06-28 2020-01-02 Microsoft Technology Licensing, Llc Authentification d'utilisateur à l'aide d'un dispositif compagnon
US11038684B2 (en) 2018-06-28 2021-06-15 Microsoft Technology Licensing, Llc User authentication using a companion device
US10569174B1 (en) 2018-09-27 2020-02-25 Microsoft Licensing Technology, LLC Implementing a graphical overlay for a streaming game based on current game scenario
US11033819B2 (en) 2018-09-27 2021-06-15 Microsoft Technology Licensing, Llc Implementing a graphical overlay for a streaming game based on current game scenario
EP3790248A1 (fr) * 2019-09-09 2021-03-10 The Swatch Group Research and Development Ltd Dispositif electronique d'authentification portable
JP2021043957A (ja) * 2019-09-09 2021-03-18 ザ・スウォッチ・グループ・リサーチ・アンド・ディベロップメント・リミテッド 可搬電子認証デバイス
CN112565171A (zh) * 2019-09-09 2021-03-26 斯沃奇集团研究和开发有限公司 便携式电子认证设备
JP7041209B2 (ja) 2019-09-09 2022-03-23 ザ・スウォッチ・グループ・リサーチ・アンド・ディベロップメント・リミテッド 可搬電子認証デバイス
CN112565171B (zh) * 2019-09-09 2023-04-07 斯沃奇集团研究和开发有限公司 便携式电子认证设备
US11632673B2 (en) 2019-09-09 2023-04-18 The Swatch Group Research And Develonment Ltd Portable electronic authentication device
WO2025109249A1 (fr) * 2023-11-24 2025-05-30 University Of Jyväskylä Authentification multifactorielle sécurisée avec interaction utilisateur

Similar Documents

Publication Publication Date Title
US20220210152A1 (en) Method And Apparatus For Authentication Of A User To A Server Using Relative Movement
US20230034319A1 (en) Location-based mobile device authentication
KR101924683B1 (ko) 요구된 인증 보증 레벨을 달성하기 위한 다중요소 인증
CN104781823B (zh) 具有身体耦合通信接口的生物计量系统
US12380196B2 (en) Quick response codes for data transfer
WO2018009692A1 (fr) Procédés et systèmes pour augmenter la sécurité de l'authentification biométrique d'un utilisateur
US20230177138A1 (en) Identity verification utilizing uploaded content and trust score
EP4209944B1 (fr) Authentification d'utilisateur basée sur une chaîne de blocs
US11784834B2 (en) Electronic devices and corresponding methods for verifying device security prior to use
CA2967768C (fr) Assertion d'identite en se basant sur des informations biometriques
KR101910757B1 (ko) 로컬 인증
WO2017144768A1 (fr) Authentification biométrique comportementale
CN118629119A (zh) 一种智能门锁的开锁方法、移动终端及计算机可读存储介质
WO2017193889A1 (fr) Procédé et dispositif d'accès de terminal
AlQahtani et al. Zero-effort Continuous Two-factor Authentication
KR20130131752A (ko) 홍채인증 및 증강현실을 이용한 클라우드 컴퓨팅 환경의 모바일 사용자 인증 보안 시스템 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17740587

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17740587

Country of ref document: EP

Kind code of ref document: A1