This invention relates to the authentication of a user of a remote server using an unsecured network such as the Internet. The objectives of authentication are to make it simple for the end-user to use but difficult for an attacker—that is to say, an unauthorised third party—to impersonate either the user or the remote server. The present invention can make use of a conventional “smart phone” as a part of the authentication system, without the need to provide any additional equipment to the end user.
Existing authentication systems use personal identification numbers (PINs), requiring the user to remember a fixed short sequence of digits. At each authentication attempt the user provides this PIN. Because the same code is used each time, it is vulnerable to observation by an unauthorised person of the user's keystrokes, either by visual observation (“shoulder surfing”) or by key logging “malware” illicitly installed on the user terminal to record the keys pressed. PINs can be made notionally more secure by increasing their complexity, for example by making them longer, or requiring mixtures of upper and lower case letters and numerical digits, disallowing passwords which are easy to guess, such as “1234” or “password”, or requiring passwords to be changed periodically. However, this increased complexity can be counterproductive, as users find the passcodes harder to commit to memory and either record them in some non-volatile way, such as keeping a written record with the device to which the password relates, or by making frequent requests for password reminders or resets. Such requests usually require further, more easily-remembered details to be provided, such as date of birth, mother's maiden name, etc. However, this is a potential weak point in security, as such information is often readily discoverable by interlopers, for example from social networking websites.
The present invention provides an innovative authentication system based on a “dynamic” PIN, (“random PIN string” or RPS) which changes at each use. The invention makes use of a novel combination of security techniques which co-operate in a way which combines the advantages of each technique such that the user interface can be made simpler than systems using only one or other of the individual techniques.
According to a first aspect of the invention there is provided an authentication process to control access from a client terminal to a remote server via an unsecure network, comprising the transmission of a challenge from the server to the client, and the transmission of a response from the client to the server generated in response to a user input, wherein access is granted if the response received by the server from the client corresponds with a predetermined rule, and wherein the challenge is generated according to a quasi-random encryption process of which the parameters are generated dynamically according to parameters of the user, the client terminal, and previous iterations of the process, such that the required user input also changes dynamically, and the response transmitted from the client terminal to the remote server is generated in response to the user input by convolving the user input according to an encryption algorithm also generated according to a quasi-random process according to parameters of the user, the client terminal, and previous iterations of the process.
A second aspect provides a communications terminal arranged to control access from the client terminal to a remote server via an unsecure network, having a communications interface for connection to the network, and a processor arranged to process a challenge received from a server by way of the communications interface, to present the challenge to a human interface, to receive by way of the human interface a user input in response to the challenge, and to generate a response for transmission to the server, by way of the communications interface, by convolving the user input according to a quasi-random encryption algorithm generated dynamically according to parameters of the user, the client terminal, and previous iterations of the process.
A third aspect, complementary to the second, provides an authentication server arranged to control access to the server from client terminals via an unsecure network, comprising a communications interface for transmission of challenges to user terminals, and receipt of responses to such challenges, by way of the communications network, and a processor for generating such challenges according to a quasi-random encryption process of which the parameters are generated dynamically according to parameters of the user, the client terminal, and previous iterations of the process such that the required user input also changes dynamically according to parameters of the user, the client terminal, and previous iterations of the process.
The challenge may be accompanied by a public key authenticating the identity of the server, which may be encoded in a matrix barcode having the challenge data embedded therein. The challenge may relate to the presentation of a set of predetermined images, requiring a user input which is dependent on that presentation. The images are preferably selected by the server from a set of images previously registered by the user. They may have been registered in a predetermined sequence, but presented to the user in a quasi-random order, such that the user is required to generate a response for transmission to the server according to the predetermined order in which the images presented in the challenge should be rearranged to restore the original sequence. Alternatively, one or more of the user's registered images may be presented along with other, unregistered, images, requiring the user to identify which of the images presented belong to the registered set.
The encryption process may use a convolvement of the user input with data intrinsic to the client terminal.
The authentication from the user occurs because the operations that are performed depend on the choices made by the user, (“What the user knows”) and the device information (IMEI and IMSI—“What the user has”), which combine to form the operations. These operations are then applied to a random sequence which has previously been received from the server. The method ensures that the correlation between the random sequence and dynamic identification code (RPS—random PIN string) is something that only the server knows and can only be reproduced by using the correct combination of the registered Terminal/Device/SIM and the registered user. The essence of the invention is making this random sequence and dynamic identity code correlation very secure and difficult to reproduce for anyone except the authorised user.
The present invention provides a methodology for dynamic PIN-based authentication, in which a new PIN is produced in each user authentication attempt. Furthermore, the dynamic PIN is generated cryptographically in a method which itself changes dynamically at each attempt according to a quasi-random encryption process. Thereby, there is no predictable backward and forward correlation between the processes by which successive PINs are generated, making it practically infeasible for an outside observer to determine how to emulate either party (server or client) taking part in the authentication process. If an unauthorised “man-in-the-middle” were to intercept the interactions between the server and client, bypassing any common security controls, and thereby identify the PINs that have been used in a sequence of access attempts, the process of the present invention would make it difficult to predict, from such a sequence, what would be the next dynamic PIN. The dynamic nature of the PIN also frustrates the use of key-logging or shoulder-surfing to compromise the account, because the order of tapping recognisable images changes in every authentication attempt.
The invention also avoids the need to transmit a PIN from an authentication server to the user when the user first sets up the system. In one embodiment the cryptographic process also depends on the sequence of authentication attempts.
Embodiments will be described which use a variation of the “substitutional box” (“S-Box”), an established cryptographic tool that is traditionally used in symmetric key algorithms. The embodiment to be described also uses a simple sequence of images with different features (e.g. in terms of shape and colours) which can be readily memorised by the user. This allows a different challenge to be sent at each authentication attempt, each requiring a different response from the user.
The embodiments also use technology with high Error Correction Level, such as matrix barcodes, (also known as a two-dimensional barcodes or QR codes) in order to overlay images selected from a set of images that the user previously chose as part of the authentication sequence combined with a set of random images. The combination is generated by the remote server and transmitted over the Internet to the user's remote terminal. The matrix barcode incorporates a certificate which authenticates its origin, thus providing a level of assurance to the end user that he is not inadvertently logging onto a “phishing” website (a site which fraudulently emulates a genuine one, set up to persuade users to disclose their log in details). The introduction of a high error-correction background layer such as a matrix barcode protects against spoofing of user-selected images, and protects security-relevant information from human reading (shoulder-surfing) by overlaying the images Further auxiliary information such as a server certificate or a shared secret can be embedded to facilitate the terminal or user establishing trust with the server.
Unlike many multi-factor authentication systems, the client part of the invention requires no additional devices such as cards or readers, and no additional communication channels or biometric readers, but can be installed on any programmable device as a downloaded application.
The user device reads the matrix barcode and validates the authentication of the remote site. If this validation is passed, a challenge is displayed on the user terminal to which the user is required to respond. An example of a challenge may take the form of a grid of images that the user is asked to re-order by indicating the correct sequence by using the user input. This sequence can be considered as a PIN, which is then convolved with other data to provide the dynamic PIN to be transmitted to the server.
A further enhancement can be made, particularly for touch-sensitive screens, in which the device can randomise the order the images are presented on the user screen, such that an identical presentation (grid of images) will be generated by different sequences and vice versa. For example the serialisation may be cyclic, and use a different start point on different challenges. Of course there may be more advanced algorithms for sorting the images with more advanced unpredictability and more inputs that the RSP can be used in the selection algorithm. Thus the action of the user tapping on identical images on identical grids may result in different sequences of SEEDs and therefore a different PIN.
So, even for identical image grid and seeds in two different authentication sessions, the same user experience—i.e. selection of the same registered images—from what appear to be the same grid may result in different sequences of seeds depending on the relative position of the images, the serialisation algorithm, and the coordinates of the starting point of the serialisation, hence generating a different PIN
The interactions between the server and client ensure that should an unauthorised user intercept the challenge he will not be able to provide the required answer unless he also knows other information. This challenge is based on presenting the user with a question about a code or sequence which the user has previously been required to commit to memory. The user does not enter the code or sequence itself, but responds to the question in the challenge, for example by a sequence of keystrokes or tapping on a touch-sensitive screen. The response is transformed into a numerical value and used by the device during the dynamic PIN generation process.
Because of the other security measures, the code or sequence can be made relatively simple, as an unauthorised interceptor, even if he intercepts the answer to the challenge, will not know what the question was, and will therefore have difficulty reverse-engineering the code from the responses given.
The user's response to the challenge, combined with the dynamic PIN generation algorithm, effectively produces a one-time “dynamic PIN”, for whose correct entry it is necessary to have successfully decoded the challenge message from the remote server, to have knowledge of the user's own code in order to be able to answer the challenge correctly, and have knowledge of the correct instance of the dynamic PIN generation algorithm used for each authentication instance. This “dynamic PIN” is returned to the remote site.
The “dynamic PIN” is based on the user's response (i.e. the user's “password”)—uniquely interpreted in the context of the server's challenge—in a one-direction only manner, That is to say that it is only possible to recalculate the dynamic PIN if the following information is known:
For each authentication attempt a different instance of such algorithm is used. The algorithm may also depend on other factors, such as information related to previous successful attempts in the form of a numerical value.
Consequently a remote server requires all these data to recreate the required dynamic PIN, and compare this with the received dynamic PIN to authenticate the user. As these data are generated on different platforms, at different times, by different users, it is difficult for an interloper to gain unauthorised access to all of them—for example even knowledge of the password will not allow the dynamic PIN to be generated without the dynamically generated algorithms to correctly decode the challenge and encode the response to the remote site. Similarly, “keypad logging” or “shoulder surfing” (monitoring the actual keys pressed by the user) will be of no use to an observer without knowing the nature of the challenge, the “shared secret”, and the encryption code used to respond. Thus, even if the handset were stolen, (so that the thief can receive the challenge and can correctly encrypt the response), he cannot know what the correct response to the challenge is without also knowing the “shared secret”. Similarly, a “man in the middle” cannot “spoof” the genuine website (that is, to misrepresent himself as being the trusted party with which the customer wishes to deal) without knowing both the shared secret and the parameters of the quasi-random encryption process.
The combination of associating seeds with the images and the steganographic (concealed) embedding of information in the matrix barcode make the process quite different in practice from a simple challenge of whether the user knows a pre-agreed user-password. In the present invention the Images are associated with seeds, the matrix barcode includes information that facilitates trust establishment between user, device and remote server, and the user activity results in a sequence of images which induces a further randomization.
The challenge, the response of the user to the challenge, the dynamic pin generation algorithm, and the dynamic PIN generated, all vary each time access is requested. Even if both the challenge and the response can be intercepted, it will be difficult for an unauthorised observer to replicate the correct response (in order to emulate the user) should the same challenge be presented on a subsequent occasion, as the RPS, and consequently the dynamic PIN will change. Similarly, having intercepted the exchange, an unauthorised user cannot emulate the server by presenting the same challenge to the user because the cipher to be used by the user to unscramble the challenge will have changed, and the user will therefore not be able to unscramble the repeated challenge unless it has itself been encrypted correctly.
The one-way nature of the dynamic PIN generation process also makes it very difficult to determine the user's input terms from the resulting dynamic PIN. Unlike traditional hash codes, the set of transformations used by the cryptographic algorithms to generate this dynamic PIN are different at every instance of user authentication, and the way that this set of transformations changes over time can only be derived from information that is maintained in the user's device and the authentication server. Consequently, the use of a RPS allows the same response (e.g set of keystrokes) entered on the same device in relation to the same challenge to generate different dynamic PINs at each instance.
The invention therefore provides a strong PIN authentication system, with various security improvements relating to dynamicity, strength of randomness, better information obfuscation, and better protection against man-in-the-middle and end-user attacks such as phishing, key logging, shoulder surfing, etc. The invention is also easier to use by humans as it does not involve use of intrusive or complex authentication mechanisms by the human user and the user does not have to remember any complex information (e.g. long numbers, complex passwords, complex patterns etc. It is also easier to trust because the user does not have to disclose sensitive information and there is no need for synchronization action between the authentication server and the end-user device after user registration, and no security-sensitive item of persistent end-user knowledge is transmitted over the network.
An embodiment of the invention will now be described with reference to the drawings, in which:
The user device also has an interface 21 with the data network 1, illustrated here as a wireless interface but it may use other communication means. A processing unit 22 controls the operation of the device, including the reception and transmission of data over the human and network interfaces 20, 21, making use of programme data maintained in a programme store 23.
The programme store 23 may include programmes installed at manufacture, and other programmes downloaded subsequently. Such programmes include the encryption processes used in the present invention.
The user device also maintains a data store 24 which maintains data to be used in running the process. Such data includes the “seeds” associated to the images to be displayed, as well as intrinsic data such as the IMEI and IMSI for the device.
It will be understood that the functional elements described above are typically implemented in software controlling the hardware components of the device. The software may be installed in the device at manufacture, or downloaded to it subsequently over a communications interface 21.
The process involves three main functions: registration (
In the initial registration process illustrated in
The images 201, 202, 203, are illustrated in
In the registration process, the user first selects images he wishes to use (step 41). These may be selected from a library of such images stored on the server 3, or may be generated on the user device 2 as shown in
The device then uses a pseudo-random process to generate the “seeds” (step 42). Seeds are codes which are used to label these images. The device generates a concordance between the seeds and the images (step 43). This concordance is transmitted to the server 3 (step 44)
In one embodiment, the user registers a sequence of images that are associated with seeds and are then used by the server for generating and sending challenges to the user. Such a sequence 201, 202, 203 is illustrated in
The registered collection may be taken from a larger selection offered by the server, or may be generated by the user. In either case the unregistered images should be selected such that to a casual observer they are not readily distinct from the registered ones, but not so similar that the user who selected them might have difficulty in distinguishing them.
If the registered images are all drawn from a set provided by the service provider, the user can choose a selection from that set to be his registered images. If the registered images are uploaded by the user, the unregistered images should be drawn from a set of similar images—that is, showing as much, or as little, variety as the registered images. For example, the images selected by the user could be human faces, and the server could maintain a register of other faces for use as the unregistered images, selected such that the user can readily distinguish the pictures he has registered from the random ones, but that a casual user should not be able to do so. The random selection therefore needs to be selected from a set which excludes all of the user's own set, but must not be so different that a casual observer of the challenge screen would recognise the user's images as an obvious set. So, if the user has chosen photographs of family members as his images, the random images should also be of people, (and not, for example, abstract shapes, cartoon characters, animals, or a mixture of such images), so that to a casual observer there are sixteen people/(shapes/cartoon characters/animals etc), but only the authorised user knows which six are of special significance.
The number of images is a sufficiently large number to make guessing difficult. The sequence of selected images may be incorporated into a larger set, for example a array of sixteen images including five images selected from the set of twenty chosen by the user at registration, together with eleven random images, and asking the user to identify the five secret images in a particular order. This would produce 524,160 possible sequences of images per authentication attempt.
The seed is an associated representation of the images that is used as input to the dynamic PIN generation algorithm. By combining the seeds and the order the entropy of the data used as input for the pseudo-random generator is maximised. The correct answer generated by the user on the device (terminal) in response to the challenge (images sent by the server) is already known by the server at the time of sending the challenge. This answer is used to generate the dynamic PIN. In essence there are two session-specific PIN interpretations, namely a sequence of seeds, and a sequence of relative positions of images, each of which is used in different ways. Firstly there is an S-Box generation function based on the seeds of which the output is a different S-Box at each use. Secondly there is the session-specific creation of a PIN, from which, together with a random PIN string (RPS) generated by the server, the dynamic PIN is created using the substitutions in the S-Box. The user is never exposed to the exact structure of the PIN, the RPS or the S-Box. Among other benefits, this offers protection against image recognition, shoulder surfing etc., as knowing the registered images is insufficient without knowing the agreement of the corresponding seeds and the RPS and the S-Box used at each instance.
A preferred arrangement also has the terminal retrieve its IMEI (International Mobile Equipment Identity—a number that uniquely identifies the handset) and the IMSI (International Mobile Subscriber Identity—a number that uniquely identifies the “SIM” card loaded in the handset, and thus its user) (step 45). This information is transmitted to the server (step 46). Use of this information ensures that any user accessing the account must be in possession of the correct terminal.
After the initial registration process (
In this embodiment, a preliminary security enhancement is provided at application level (
As shown in
Once the registration and session key set-up phases are complete (
The server 3 selects a sequence of the images previously uploaded by the user, using a pseudo-random sequence to select the seed values (step 61).
For each challenge, the server 3 selects a sequence of images from those selected at registration (step 61), and a shared secret that instructs the device how to interpret the sequencing of the images sent in the given challenge. The shared sequence can be for example a parameter to an image-sequencing algorithm known to the server and pre-installed on the device/terminal. The image set to be displayed may include images that were initially registered by the user, and other images that are not registered by the user. The user has simply to identify those images that he had previously registered. Alternatively, the user may be required to sort the images into a predetermined order.
The selected sequence of images is generated, together with their associated seeds that the server intends to be used for the dynamic pin generation. In this alternative the user does not need to be aware of the chosen order of pre-registered images, but only needs to recognise which of the symbols displayed belong to his chosen set.
The server selects a subset of images (e.g. five) from the set (e.g. twenty images) previously defined by the user and uploaded to the server. The server combines the five images with another subset of images (e.g. eleven) from a set of random images generated by the server. This second subset of images must not include any of those initially defined by the user. They may, for example, be selected from those members of the original library not selected by the user at registration. Then the server uses the two subsets of images to create an array of images (e.g. 4×4=16) and overlays this array on a matrix barcode.
The server then generates a matrix barcode with a high error correction level in order to embed the images (step 62). The code is built from a random PIN string (RPS) selected by the server. An example of RPS is a string of 160 cryptographically generated random bytes, identified herein as RPVi, where i takes values from 0 to 159. Each authentication causes the generation of a new RPS.
It is known for matrix barcodes to have images overlaid for customisation purposes, for example to embed a company logo in a matrix barcode. The present invention embeds an image (or an array of images) in a matrix barcode in a way that each image is difficult to separate from the matrix barcode, while the combination matrix barcode and image(s) can be signed and the signature can be conveyed with the matrix barcode or the session/message associated with the matrix barcode. The amount of data that can be encoded in a matrix barcode depends on the size of the matrix barcode (in pixels), the error correction level used during the encoding process and which ranges from 7% up to 30%. The more error correction the less the amount of data that can be embedded. An image of size 100×100 pixels can be overlaid on a matrix barcode with 30% error correction level and of size 250×250 pixels while allowing the matrix barcode to be read.
The matrix barcode is used as a means of passing additional hidden information (steganography) from a server to a user terminal. The matrix barcode operates as a container of information that assists with establishing the authenticity of the challenge and facilitate the dynamic PIN generation process.
The sequence of images sent to the user are generated by the server based on the pre-registered images or sequences. The images are imposed on the matrix barcode by the server, and can be further protected by embedding a signature of the images into the matrix barcode for verification by the user device.
The server 3 then transmits the matrix barcode with its embedded images to the user terminal 2 (step 63), which displays the images.
The user is then presented with a challenge, in the form of one or more questions about the depicted sequence (step 64). The actual questions may be generated by the terminal, for example identify the registered images, or to tap on the images in the order previously registered.
For each challenge, the server 3 chooses a sub-sequence of the registered sequence, and the user's response to the challenge essentially confirms the relative order of the images in relation to the registered sequence.
As shown in
This is different in terms of randomisation from a user confirming the exact position of digits in a password, as is common practice in confirming passwords for example in telephone banking.
The user responds using an input 23 such as a keypad, touchscreen, or audio input to indicate the correct answer, e.g “1st”. The process is repeated for a number of other questions. In the case illustrated in
The answers provided form a new sequence. In the preferred embodiment this sequence is encrypted using a substitutional box (S-box). An S-Box (Substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext (Shannon's property of confusion). The actual substitutions can be carefully chosen to resist cryptanalysis. In general, an S-Box takes some number of input bits, m, and transforms them into some number of output bits, n.
An S-box instance can then be generated (step 66) applying a pseudo-random algorithm to a number of values derived from several parameters (shared secrets):
To generate the new S-box transformation, the user terminal 2 first extracts the RPS from the matrix barcode (step 65) to verify the authenticity of the server 3. From these inputs is generated a function GEN=f(seed, IMEI, IMSI). The use of IMSI and IMEI introduces further factors to authentication to ensure that the device performing the calculations is authentic. The user can cancel the validity of any authentication if the device is stolen by requesting that the service provider revoke the validity of the IMSI/IMEI.
Another stronger alternative is to also include a dependency on previous successful authentication attempts from the same device/terminal. This improves significantly the unpredictability of the S-Box selection
A further strengthening can be achieved by also including the whole grid of images in the challenge (as a separate “addition” parameter to the selected SEEDs). This ensures that the gird of images associated with the challenge cannot be tampered
These multiple sources ensure the robustness of the process, as it would be extremely difficult for an unauthorised person to gain knowledge of more than one or two of them from any individual breach in security. Moreover, the relatively simple sequence, required for the user to remember, itself increases security since the user is less likely to have to resort to a physical “aide-memoire”, or to request a password reset, a process which is itself vulnerable to unauthorised access.
A suitable transformation is the Rijndael S-box, as illustrated in
A new S-Box instance is therefore generated for each authentication session, by using a session-specific user challenge (i.e. sequence of seeds), information from the device/terminal (e.g. IMSI/IMEI). An S-Box generating algorithm is used to generate the transformation.
From the tapping sequence entered by the user (step 64), an exclusive or (XOR) function can be used to obtain a PIN (steps 65, 66, 67). Alternatively, some iterative substitutions driven by the PIN and RPS values can be used to create a second PIN. Provided the substitution process is known to both the client and the server, the original PIN can be retrieved.
The dynamic PIN is generated (step 67) using the substitutions of the newly generated S-Box, the RPS that has been chosen by the server for this session, and the session-specific PIN derived from the sequence of seeds, by applying an XOR function.
One example of an S-box transformation would be to use the notion of dual ciphers—i.e. producing an S-Box with equivalent crypto-analysis properties as the original, thereby guaranteeing that the new dynamic pin generation algorithm retains desired cryptographic properties.
The dynamic pin generation algorithm (step 67) consists of iterative substitutions between RPS bits and the PIN value bits via the S-Box (Where the PIN is a XOR of the seeds, IMEI and IMSI), as shown in
In this example, a four-(decimal)-digit PIN is to be encoded. As each digit D(i) lies in the range 0<=D(i)<=9, it can be represented by half a byte (four bits), and four digits D(0) D(1) D(2) D(3) can therefore be represented by two bytes. (In a simplified form of the invention, in which the tapping sequence is used directly, without convolving with the IMSI and IMEI, four digits could be represented by a single byte provided that 0 and 9 are not valid digits—for example if the user is required to sort eight images)
The RPS is an array of 160 bytes R(i), where i takes values 0 to 159. Each byte is composed of two half-bytes (“nibbles”) R(iH) and R(iL). For the purposes of this algorithm the RPS is subdivided into four groups each of forty bytes.
The dynamic PIN is computed from the original PIN and two bytes of the RPS using a chain of substitutions using the S-box transformation. For example, representing S(x,y)= as the substitution of a byte made up of two half bytes x,y, and using the first two bytes of the RPS R(0) and R(1) we can generate an operation as follows:
S[D(0)R(0H)]=S1:
S1 is a byte, and can also be subdivided into half-bytes S1(H), S1(L), one of which is used in the next step.
Similarly:
S[S1(H)R(0L)]=S2
S[S2(L)D(1)]=S3
S[S3(H)D(2)]=S4
S[S4(L)R(1H)]=S5
S[S5(H)R(1L)]=S6
S[S6(L)D(3)]=S7
Thus S7=S[S[S[S[S[S[S[D(0)R(0H)](H)R(0L)](L)D(1)](H)D(2)](L)R(1H)](H)R(1L)](L)D(3)]
The process is then repeated for three further iterations, replacing (R(0) and R(1) by bytes selected from the second, third and fourth quarters (groups of forty bytes) in the RPS, respectively, to produce three further values for S7. The actual bytes selected may be determined from the value of S7 derived from the previous iteration, e.g R(40j+|S7|) where j=0, 1, 2 or 3 and |S7| is the value of the previous S7 to modulo 40 (to ensure we remain in the correct quarter of the RPS)
The four values of S7 derived from these iterations are used to generate the dynamic PIN. The multiple convolvements make it very difficult to derive the original PIN from inspection of the dynamic PIN.
Once the PIN has been generated (step 67), it can be sent to the server over an encrypted channel (step 68). The server can verify the PIN using the substitution process (step 69) to grant or deny access to the user (step 70).
In an alternative arrangement the user can acquire the picture and RPS from an independent synchronised source such as a badge-reader. This allows the user to acquire the picture and RPS without any initial communication with the server.
The authentication from the user occurs because the operations that are performed on the RPS (ie the s-box iterations) depend on the choice of images made by the user information (“What the user knows”) and the device information (IMEI and IMSI—“What the user has”), which combine to form the operations. These operations are then applied to the RPS which has previously been received from the server. The method utilising the S-Box generation ensures that the correlation between the RPS and Dynamic PIN is something that only the Server knows and can only be reproduced by using the correct combination of the registered Terminal/Device/SIM and the registered user. The essence of the invention is making this RPS and DynamicPIN correlation very secure and difficult for anyone except the authorised user.
Number | Date | Country | Kind |
---|---|---|---|
12250188.5 | Dec 2012 | EP | regional |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/GB2013/000553 | 12/17/2013 | WO | 00 |