WO2004111806A1 - A method, an arrangement, a terminal, a data processing device and a computer program for user identification - Google Patents
A method, an arrangement, a terminal, a data processing device and a computer program for user identification Download PDFInfo
- Publication number
- WO2004111806A1 WO2004111806A1 PCT/FI2004/000358 FI2004000358W WO2004111806A1 WO 2004111806 A1 WO2004111806 A1 WO 2004111806A1 FI 2004000358 W FI2004000358 W FI 2004000358W WO 2004111806 A1 WO2004111806 A1 WO 2004111806A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- identification
- input
- media file
- terminal
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to user identification. A media file (100) is presented to a user, the user gives as a response to said media file an identification input (101), which comprises at least one input element, and the user is identified on the basis of the combination (103) of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
Description
A METHOD, AN ARRANGEMENT ; A TERMINAL> A DATA PROCESSING DEVICE AND A COMPUTER PROGRAM FOR USER IDENTIFICATION
The invention relates to user identification in data processing systems and/or devices, such as user-specific terminals, network servers or services, or passage control devices.
For user identification in data processing systems and devices, one usually utilises an input given by the user to be identified which input is based on something that only, in principal, the "right" user knows and/or owns. As said input, one uses generally, inter alia, different passwords and identification codes, user ID- password pairs and smart cards. A password may, for example, be a PIN (Personal Identification Number) code known from mobile stations or some longer character string defined by the user or system administrator, or a one-time password generated with a time-synchronous device. Also biometric methods, such as fingerprint identification, speech identification or eye retina identification may be utilised in user identification.
User identification may be implemented locally in one device, or it may be implemented via a suitable data transmission connection so that user identification is not performed in the user's own terminal (for example, user connecting into a data transmission network or an Internet service with a suitable terminal).
Common problems of user identification based on passwords are too simple passwords which are easy to break or passwords which are hard to recall because of their complexity. A special problem of methods based on smart cards or biometric identification, for their part, are the requirements of the device needed for giving the user input required for identification. Such devices are often expensive and unwieldy to transfer from one place to another, so they are not, in their current state, suitable for a general-purpose identification method.
An objective of the present invention is to create a new manner of identifying a
user. A basic idea of the invention is to present the user with some media file, such as a music or video file, as a response to which the user gives an identification input, and the user is identified on the basis of said media file and identification input given by the user. The user may, for example, rhythmise his/her input based on the heard music or place his/her input on a touch screen wherever he/she wants in relation to the animation or video clip presented on said touch screen.
The utilised media file may be whichever applicable file, which advantageously consists of material observable by hearing, sight and/or sense of touch. Typically, different people react differently to such observations, and thus different people are likely to give different inputs based on the media file. It is, however, straightforward for a single person to repeat his/her input based on personal observations and feelings. In addition, the media file on which the input is based may be different for different users.
According to an embodiment of the invention, even for identifying the same user one may utilise on different identification occasions different, randomly created media files. Then, the user is identified based on the logical connection with the contents of media file in question and the response given by the user to be identified. The user may, for example, react in a predetermined way to a certain sound, colour, shape, or event in the media file, the relative position of which vary between identification occasions.
Thus is created a new manner for identifying a user which manner does not require great effort from the user in, for example, the form of recalling complex passwords, and which does not necessarily require extra equipment for performing identification. Furthermore, certain embodiments of the invention contribute to eliminating the misuse of different identification codes, because the unique element of the user input may the rhythm of the input when the user may give his/her input with, for example, a terminal hidden in a pocket without the need to see the buttons to be pushed. So, one avoids the situation in which an outsider
would see an identification code or a password being typed to the system.
According to a first aspect of the invention, a method is implemented for identifying a user, the method comprising presenting a user with a media file, receiving an identification input comprising at least one input element, which identification input a user gives as a response to the contents of said media file, receiving said identification input substantially simultaneously with presenting said media file, and identifying a user on the basis of the combination of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
According to a second aspect of the invention, an arrangement is implemented which arrangement comprises presentation equipment for presenting a media file, reception equipment for receiving user input, and identification equipment for identifying the user of said arrangement, and in which arrangement said presentation equipment is arranged to present the media file in connection with the user identification of said arrangement, said reception equipment is arranged to receive the identification input given by the user to be identified, which input comprises at least one input element, substantially simultaneously with the presentation of the media file, and said identification equipment is arranged to identify the user on the basis of the combination of said identification input and media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
According to a third aspect of the invention, a terminal is implemented which terminal comprises presentation equipment for presenting a media file, and reception equipment for receiving a user input, and in which terminal said presentation equipment is arranged for presenting a media file in the connec-
tion with identifying the user of said terminal, and said reception equipment is arranged for receiving an identification input given by the user to be identified, which input comprises at least one input element, substantially simultaneously with the presentation of the media file to be utilised in the identification of the user of the terminal, wherein said terminal further comprises identification equipment for identifying a user of the terminal on the basis of the combination of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
A terminal according to the invention may, for example, be a computer, a portable computer, a mobile station, a smart phone, a personal digital assistant (PDA) or other electronic device.
According to a fourth aspect of the invention, a data processing device is implemented which data processing device comprises identification equipment for identifying users of said data processing device, said identification equipment being arranged for identifying a user on the basis of a combination of a media file presented to said user and an identification input given by said user, the identification input comprising at least one input element, by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
A data processing device according to the invention may, for example, be any general-purpose computer or server, a gateway to a data network, a passage control device or a pay terminal.
According to a fifth aspect of the invention, a computer program is implemented to be run in the terminal, said computer program producing a routine for user
identification and comprising a program code for presenting a media file, a program code for receiving an identification input given by the user to be identified, which identification input comprises at least one input element, substantially simultaneously with the presentation of the media file to be utilised in identifying the user of the terminal, and a program code for identifying the user of the terminal on the basis of the combination of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
According to a sixth aspect of the invention, a computer program is implemented to be run in a data processing device, said computer program producing a routine for user identification, said computer program comprising a program code which is arranged to identify a user based on a combination of a media file presented to said user and an identification input given by said user, the identification input comprising at least one input element, by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
The dependent claims concern advantageous embodiments of the invention. The contents of the dependent claims related to one aspect of the invention may also be applied to the other aspects of the invention.
The invention will now be described in detail by way of examples with reference to the accompanying figures, in which
Fig.1 illustrates visually a basic idea of the invention;
Fig.2A describes an arrangement according to an embodiment of the invention;
Fig.2B is a flow chart, which shows a method applicable for, for example, an arrangement according to Figure 2A;
Fig.3A illustrates a media file according to an embodiment of the invention which media file comprises random material;
Fig.3B is a flow chart, which shows a method applicable for, for example, a media file according to Figure 3A;
Fig.4 is a signalling diagram describing a method according to an embodiment of the invention;
Fig.5 is a simplified block diagram of a terminal according to an embodiment of the invention;
Fig.6 is a simplified block diagram of a data processing device according to an embodiment of the invention;
Fig.7A is a simplified block diagram of an arrangement according to an embodiment of the invention; and
Fig.7B is a simplified block diagram of an arrangement according to another embodiment of the invention.
Figure 1 illustrates visually a basic idea of the invention, according to which the user to be identified is presented with a media file 100, and the user gives as a response to the media file an identification input 101 which comprises at least one input element. Then, user identification 103 is performed on the basis of said media file and identification input linked to it. (The media file and identification input function as a key in user identification.)
An applicable media file may, for example, be a music file 104 or a video file 105 or some other file, which includes material observable by hearing, sight and/or sense of touch. An identification input may, for example, be given via the keypad of a mobile station 106 or a computer 107 or via the touch screen of a personal digital assistant 108. The identification input may also be a sound created by the user, such as a whistle or phonemes, which is received with microphone 109. The input element of the identification input may thus be, for example, a push of a button or touch screen or a phoneme.
The identification input may also be given via an EMFi (Electromechanical Film). Via EMFi, the identification input can be given as unnoticeably as possible, because no such sound as, for example, in using micro switches is produced of using the film. Furthermore, the EMFi may be utilised in presenting a music or other sound file, that is, both presenting the media file and receiving the identification input may be performed via the same film.
As an example of equipment utilised for presentation of a media file observable with sense of touch, one may mention the so-called Force Feedback equipment. The presentation of a media file may comprise, for example, the "impulses" of Force Feedback mouse when the user would react to these impulses by, for example, pushing a button or moving the mouse into some direction when giving the identification input.
Furthermore, user identification input may also be 3D response instead of mere pushes.
One must notice that a media file may be utilised in user identification either explicitly or implicitly. When utilising a media file explicitly, one checks that the user actually chose the correct media file in addition to checking the actual identification input. At its simplest, the implicit utilisation of a media file means that the
media file is presented to the user, and the identification input is received substantially simultaneously with presenting the media file, and one does not separately check which media file was used for giving the identification input but assumes that the user cannot give the correct identification input if the utilised media file was not the correct one. Naturally, this is a weaker identification than the identification which includes checking the correctness of the media file, but this weaker identification may be, depending on the area of application, adequate.
The invention may be applied in user identification locally in one device or in a distributed manner when the user is connected or is connecting in some data network, network server or network service, when the actual identification may be performed centralised in a suitable network element.
The terminal in which the invention can be applied may be any data processing device the use of which requires that a user identifies himself/herself or which may be utilised in identifying a user in a device with which the terminal is in data transmission connection. Such a terminal may, for example, be a computer, a portable computer, a mobile station, a smart phone, a personal digital assistant (PDA) or other electronic device. This terminal may communicate with a data transmission network and, thus, with a network server via a fixed or wireless connection. The data transmission network may, for example, be an Internet or other IP (Internet Protocol) based network, a GSM (Global System for Mobile Communications) network, a third generation mobile communications network, such as UMTS (Universal Mobile Telecommunications System) network, a WLAN (Wireless Local Area Network) network, a WiFi (Wireless Fidelity) network, a broadcasting service network or a cable television network. An applicable data transmission network may be in general or closed operation. The terminal may also communicate with an external device via a local short-range link, such as a Bluetooth or infrared link. Such an external device may, for example, be a gateway to a data transmission network, a passage control device or a pay terminal.
Figure 2A describes an arrangement according to an embodiment of the invention, which comprises a terminal 200 (for instance, a mobile station) and a server 201 between which there is a wireless data transmission connection, such as a Bluetooth connection. Terminal 200 utilises an operating system into which programs created by a third party can be downloaded. In mobile stations, such operating systems are, inter alia, Symbian and Series 60 developed by Nokia. In the embodiment in question, the user identification is performed in the terminal 200, and the user may download the computer program executing the identification to his/her terminal from, for example, the Internet.
User identification is performed when a user attempts to connect into a service in server 201. If the user identification in terminal 200 is passed successfully, the user is allowed to connect to the service.
Figure 2B is a flow diagram which shows a method applicable for, for example, an arrangement according to Figure 2A. In this context, an applicable terminal is advantageously such one as is only in the personal use of one person.
In the first phase 202, the user information linked to the service in server 201 of Figure 2A is initialised into the terminal. The same information may, if necessary, be applied in substantially more than one service. The user is requested a user ID and a password, which are so-called ordinary user identifications which are generally utilised in user identification in different data systems and services. Furthermore, the user is requested to choose one of available media files to be utilised in identification. The available media files may, for example, be ringing tones downloaded into the terminal. Also animations or video clips downloaded in advance to the terminal may be offered to be utilised as a media file. After the user has chosen the media file, this media file is presented to the user, and the user is required to give a personal input as a response to the contents of the media file. This personal input is recorded as a reference input and is saved with the user information. Optionally, this phase may include a checking phase in which one
checks if the input given by the user fulfils certain criteria defined in advance in relation to, for example, its length.
In phase 203, the user of terminal 200 opens a connection from the terminal to the server 201. The server sends the terminal an authentication request in phase 204. As a response to the authentication request, the terminal starts a user identification process for receiving identification input in phase 205. The user is required to choose a media file to be utilised in identification. In other words, the user must know which media file should be utilised in identification. Optionally, one may check in this phase that the user chose the correct media file. Next, the media file chosen by the user is presented, and the identification input, which was given by the user as a response to the contents of the media file, is received.
In phase 206, the identification input given by the user and the reference input recorded in the initialising phase are compared. The comparison of the identification input and the reference input is described in more detail below. If the identification input and the reference input do not substantially correspond each other, the user identification was unsuccessful, in which case the connection between the terminal and the server is terminated in phase 207. If the identification input and the reference input substantially correspond to each other, the user is successfully identified. Then the user ID and password saved in the initialising phase are sent to the server in phase 208. After this, the user is identified on the server on the basis of the sent user ID and password, and the data transmission between the terminal and the server is continued in a manner already known. This way, the implementation of the embodiment in question does not require special changes to the server, because the identification based on the media file is performed totally in the terminal. Together with the user ID and password, one may also send a piece of information on the successful media file identification, when the server must be able to process such information. If wanted, the used password may be a PIN code of a PKI (Public Key Infrastructure) card. Naturally, the connection between the terminal and the server may include encryption of the connection for
information security.
One must notice that the method of Figure 2B is applicable to be utilised especially in a terminal which is only in the personal use of one person. Thus, it is sufficient that one identification and password is saved to the terminal, and if the user of the terminal is able to choose the correct media file in the identification situation and give a correct identification input as a response to it, one may assume that the user to be identified is the legitimate possessor of said terminal. However, it is evident that the described method may be applied to a multi-user environment with straightforward changes. Naturally, it is possible to save multiple user records, which comprise a use ED, a password, a media file and a reference input. Thus in the identification situation, the user may be required, for example, a user ID with which he/she wishes to identify before choosing and presentation of the media file. The reference input used in identification will then be acquired from the user record corresponding to the user ID given by the user. Alternatively, the same user may need many different user ID-password pairs for different services, when each user ID-password pair may be given its own record. In this case, the media file and the reference input in different records may be identical.
It is well known by those skilled in the art that also other details in the different phases of the identification may be altered.
Figure 3A illustrates a media file according to an embodiment of the invention, which comprises random material. The media file is an animation in which balls of different colours move inside a box: black, white and striped. The paths of the balls are random. Three instances 300-302 are presented of the state of the animation in different points of time. When this kind of file is utilised in user identification, the user, for example, pushes some button in his/her mobile station when a predetermined sequence occurs in the animation. Such an event could be, for example, that the black ball hits the wall of the box in instance 300, that the white ball hits the bottom of the box in instance 301, that the white ball hits the side wall
of the box in instance 302, that the striped ball hits the bottom of the box in instance 302, or that the black balls hit each other in instance 302. Since the events of the animation are generated randomly, different events occur in different points of time, and the user input is substantially different in different identification occasions.
Figure 3B is a flow diagram which shows a method applicable with, for example, the media file according to Figure 3A. Also any other media file, which includes random material, may be utilised in this context.
In phase 303, user identification information is initialised to the terminal (or other suitable device in which the user is wished to be identified). The user is requested a user ID and the type of media file to be used in identification. The type may, for example, be animation or music. Alternatively, the type of the media file to be used may be predetermined. In addition, the user is requested a piece of logic information which identifies the logical relation between the random material of the media file and user identification input. This logic information is recorded with the user information. The user may be requested to define this piece of logic information freely or the user may be offered some fixedly determined alternatives from which the user may choose which one he/she wants. In any case, the user may alternatively be presented with an example of a media file.
In the actual identification process, the user identification given by the user is requested and received in phase 304, for example, as a response to an external authentication request or some user action. In phase 305, a random media file being the type defined for the user identification is formed. If the method is applied in a device, which is substantially in the personal use of one person, no user identification is necessarily required. Then user identification may be started directly from phase 305, that is, phase 305 may directly be a response, for example, for external authentication request or some user action. Then also saving user identification in phase 303 is unnecessary. For example, when utilising the current identification
method, the user identification equivalent to the PIN code of mobile station is not required, but anyone who is able to give a correct kind of input as a response to the presented media file may use the mobile station.
In phase 306, said random media file is presented to the user, and substantially simultaneously an identification input, which the user gives as a response to the contents of said media file, is received. In phase 307, a reference input is formed on the basis of the logic information corresponding to the user ID and the random media file formed in phase 305. In other words, in phase 307 an input, which the "right" user should give in relation to the media file formed this time, is defined.
Phases 306 and 307 may naturally be performed simultaneously or in reverse order.
In phase 308, the identification input given by the user and the reference input formed in phase 307 are compared. The comparison of the identification input and the reference input is described in more detail below. If the identification input and reference input do not substantially correspond to each other, it is established that user identification was unsuccessful in phase 309. If the identification input and reference input substantially correspond to each other, the user is established to be successfully identified in phase 310. As the result of unsuccessful or successful identification, one may perform, depending in the context, required measures, such as switching off/on connections or allowing/refusing access to information or system (not shown in the figure).
In addition to identification input, also the media file utilised in identification may be a file separately created by the user for each identification occasion. The media file may, for example, be a picture from the environment of the user in the moment of identification, whereby the media file is substantially related to the location of the user and only a user located in an allowed location passes the identification successfully, or the media file may be a picture of a person or an object on
him/her at the moment of identification. The identification input in such a case is some kind of response to this file created by the user. Naturally, one must ensure in these kinds of implementations that the picture presented is actually taken at the moment of identification, and that the pictures taken from the environment, person or object at different points of time correspond to each other with adequate precision.
The comparison of the identification input and reference input is performed according to an embodiment of the invention by means of rank correlation. The identification input and reference input are sampled by saving a time stamp for each input element in relation to the contents of the media file. The start of the media file is advantageously set as zero moment, that is, the timer on the basis of which the time stamps are defined is started at the start of the media file. For each input element, one may save either a time stamp denoting the starting moment of the input element, or time stamps denoting both starting and ending moment. If the input may be given with many different buttons, also the used button is saved for each input element. Depending on the practical implementation method, it might be necessary to save also the relational location of input element on the touch screen or some other information on the given input element. At its simplest, however, a time stamp denoting the start moment of the input element is adequate. In any case, the sampling of the identification input and reference input is performed in the same manner.
The actual comparison of the identification input and reference input is performed by calculating rank correlation between sampled inputs. The calculation of rank correlation is started at the first input element of the identification input, and calculation is continued till the last input element. If desired and if the practical implementation method so allows, the calculation of rank correlation may be started simultaneously with the presentation of the media file and the reception of the user input.
If the result of rank correlation equals 1 (one), the inputs are totally identical. Then user identification is established passed. On the other hand, if the result of rank correlation equals 0 (zero), the inputs are totally different and user identification is failed.
In practice however, the rank correlation usually equals something between zero and one, as slight variation might occur in the identification input given by the user because of human factors. One may try to eliminate the effect of small variations occurring naturally in the identification input given by the user on the identification result by, for example, rounding time stamps of input elements into the multifold of a predetermined parameter. In addition or alternatively, a suitable thrshold value may be defined for the rank correlation, the values exceeding which are interpreted as a passed identification result, when an identification input almost equivalent to the reference input leads to a positive identification result.
Here is presented as an illustrating example, without limiting the scope of protection of the invention, a manner to verify the authenticity of an identification input. It is evident that other methods for the comparison of the identification input and reference input may be utilised within the scope of the invention. Furthermore, any suitable manner may be utilised in forming the reference input when the identification input is an input given by the user.
Figure 4 is a signalling diagram describing a method according to an embodiment of the invention in which terminal 400 communicates with server 402 via gateway (GW) 401. The terminal and gateway communicate with each other via a short- range radio link, such as a Bluetooth connection. The gateway and server, in their part, are connected to the Internet, and the traffic between them travels in the Internet as IP traffic.
Terminal 400 forms a connection with gateway 401 and sends a connection request 4-1 for opening the connection to server 402. The gateway responds to the
terminal with an authentication request 4-2. As a response to the authentication request, a media file is presented to the user of the terminal and an identification input is received which identification input the user of the terminal gives as a response to the contents of the media file in phase 4-3. The terminal sends the identification input 4-4 further to the gateway, which validates the identification input 4-5, that is, it checks if the identification input is correct. In practice, the gateway checks if the given identification input authorises the connection to the server with which the terminal tries to communicate. If the identification input is not established valid, the gateway terminates the connection to the terminal 4-7 (shown with dashed line in the figure). If the identification input is valid, the gateway opens a connection 4-6 to the server. The communication between the terminal and server continues in a manner already known, so it is not discussed here in more detail.
Another certain advantageous area of application of the invention is passage control. People allowed in a controlled area may be identified with an application installed to, for example, a mobile station. The passage control equipment is advantageously arranged to actively seek and observe mobile stations brought near it and to form a Bluetooth connection to the observed mobile station. Via the Bluetooth connection, the passage control equipment requests the user of the mobile station to authenticate himself/herself by means of an identification input given as a response to the contents of a media file. The media file is presented to the user of the mobile station and the identification input of the user is communicated to the passage control equipment via the mobile station. The received identification input is validated in the passage control equipment by comparing it to the pre- saved valid reference inputs. If the identification input proves to be valid, passage to controlled area is allowed. Other parts of the passage control may be performed in a manner already known, so passage control is not discussed here in more detail.
The invention is advantageously implemented as a suitable combination of soft-
ware components and physical hardware.
Figure 5 is a simplified block diagram of a terminal 50 according to an embodiment of the invention, which terminal may be any device in which access control is required or which may be utilised in user identification. Such a device may, for example, be a mobile station, a smart phone, a computer, a personal digital assistant, a mobile computer or an electronic device especially designed for user identification. Terminal 50 comprises a processing unit 51, which, for its part, comprises a memory 53. The processing unit communicates with a radio part (RF) 52 via which the terminal 50 receives and sends information over a wireless data transmission connection. The processing unit also communicates with a user interface (UI) 55 via which, inter alia, commands of the user of the terminal are received, a media file utilised for user identification is presented, and the identification input given by the user is received. The user interface may be arranged to give information, for example, in visual format on a screen, sound over a loudspeaker or in a format sensed with touch, and to receive information, for example, via a keyboard, a touch screen, a mouse or a microphone.
A computer program 54 to be run in the processing unit is saved in memory 53. The computer program 54 comprises a program code for presenting a media file for the user of the terminal via user interface 55 and for receiving an identification input given by the user of the terminal, comprising at least one input element, substantially simultaneously with the presentation of the media file to be utilised in identifying the user of the terminal.
Advantageously, the computer program 54 also comprises a program code for identifying the user of the terminal on the basis of the combination of said identification input and said media file. Alternatively, the computer program 54 may be arranged to receive an authentication request from an external data processing device and to send said identification input to said external data processing device as a response to said authentication request via radio part 52.
Naturally, the invention is applicable to be utilised in a terminal which functions as an independent unit and does not communicate with external devices or which receives and sends data via a fixed data transmission connection.
Figure 6 is simplified block diagram of a data processing device 60 according to an embodiment of the invention, which data processing device may, for example, be any general-purpose computer or server. The data processing device comprises a processing unit 61, which, for its part, comprises a memory 63. The processing unit communicates with I/O interface 62 via which the data processing device communicates with other devices through a fixed or wireless data transmission connection.
A computer program 64 producing a user identification routine to be run in the processing unit is saved in memory 63. The computer program 64 comprises a program code which is arranged to identify a user on the basis of a media file and identification input comprising at least one input element, when said identification input is an input which the user to be identified has given as a response to the contents of said media file. Advantageously, the data processing device 60 receives an identification input via I/O interface 62 from the terminal which the user to be identified utilises. Furthermore, the data processing device 60 may be arranged to receive from an external terminal an I/O interface connection set-up request as a response to which the data processing device sends the terminal an authentication request comprising a request to supply an identification input to the data processing device.
Naturally, the invention is applicable to be utilised also in a data processing device, which functions as an independent unit and does not communicate with external devices. Then, the user to be identified gives his/her identification input directly to the data processing device.
Figure 7A is a simplified block diagram of an arrangement according to an embodiment of the invention in which user identification is performed in a distributed manner in terminal 700 and data processing device 701 which communicate with each other via suitable I/O interfaces (not shown in the figure). The terminal 700 comprises presentation equipment 702 for presenting a media file to the user of the terminal and reception equipment 703 for receiving an identification input given by the user. Typically, the presentation equipment and reception equipment communicate with the external world via a user interface. The data processing device comprises identification equipment 704, which is arranged to establish the user identification passed or failed on the basis of the presented media file and the identification input given as a response to it. The reception equipment 703 is arranged to send the identification input directly or indirectly to the identification equipment 704 of the data processing device, and the identification equipment 704 may alternatively be arranged to control the presentation of a media file with presentation equipment 702.
Figure 7B is a simplified block diagram of an arrangement according to another embodiment of the invention in which arrangement user identification is performed locally in terminal 705. The terminal 705 comprises presentation equipment 706 for presenting a media file to the user of the terminal and reception equipment 707 for receiving an identification input given by the user, and identification equipment 708 which is arranged to establish the user identification passed or failed on the basis of the presented media file and the identification input given as a response to it. The reception equipment 706 is arranged to supply the identification input directly or indirectly to the identification equipment 708, and the identification equipment 708 may alternatively be arranged to control the presentation of a media file with presentation equipment 706.
The details of the invention were described above by way of examples in connection with advantageous embodiments without limiting the invention to these examples only. It is well known by those skilled in the art that this invention is not
limited to the details described here, and that the invention may be implemented in another form without deviating from the characteristic features of the invention. The implementation and utilising possibilities of the invention are limited only by the appended patent claims. Thus, the different implementation alternatives of the invention defined by the claims, also equivalent implementations, are within the scope of the invention.
Claims
1. A method for identifying a user, the method comprising presenting (205, 306, 4-3) a user with a media file (100), receiving (205, 306, 4-3) an identification input (101) comprising at least one input element, which identification input the user gives as a response to the contents of said media file, characterised in that the method comprises receiving said identification input substantially simultaneously with presenting said media file, and identifying (206, 308, 4-5) the user on the basis of the combination (103) of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
2. A method according to claim 1, characterised in that the method comprises initialising (202) the identification method by recording a reference input given by the user which input is given as a response to the presentation of said media file substantially at a different moment of time than the identification input, comparing (206) the recorded reference input and identification input, and establishing user identification passed or failed on the basis on said comparison.
3. A method according to claim 1, characterised in that the media file to be presented comprises random material which is substantially different in different identification occasions, and that the method comprises initialising (303) the identification method by saving a piece of logic information which identifies the logical connection between said random material and identification input, forming (305) a media file to be presented comprising random material, forming (307) a reference input on the basis of said logic information and the media file to be presented, comparing (308) the reference input and identification input, and establishing (309, 310) user identification passed or failed on the basis of said comparison.
4. A method according to claim 2 or 3, characterised in that the comparison of the reference input and identification input is performed by calculating rank correlation between the identification input and reference input, and establishing user identification passed or failed on the basis of said rank correlation.
5. A method according to claim 4, characterised in interpreting user identification passed if said rank correlation exceeds a predetermined limit value.
6. A method according to any one of claims 1-5, characterised in that the method further comprises presenting the user with a list of media files, receiving a choice identifying a media file on said list from the user, and utilising said identified media file in identification of the user.
7. A method according to any one of claims 1-5, characterised in that the method further comprises requesting the user to identify a media file, and utilising said media file in identification of the user.
8. A method according to any one of claims 1-7, characterised in that the method is utilised for identifying a user in a terminal, said terminal and an external data processing device being capable of communicating with each other, and that said method comprises saving (202) in the terminal user identification information with which the user has registered to said data processing device, forming (203) a data transmission connection between the terminal and the data processing device, sending (204) an authentication request from the data processing device to the terminal, presenting (205) said media file to the user of the terminal as a response to the authentication request, establishing in said terminal the user identification passed or failed on the basis of the combination of said identification input and said media file, sending (208) said user identification information from the terminal to the data processing device, if said user identification is established passed, and terminating (207) said data transmission connection, if said user identification is established failed.
9. A method according to any one of claims 1-7, characterised in that the method is utilised for identifying a user of a terminal in an external data processing device, said terminal and external data processing device being capable of communicating with each other, and that said method comprises forming a data transmission connection (4-1) between the terminal and the data processing device, sending an authentication request (4-2) from the data processing device to the terminal, presenting (4-3) said media file to the user of the terminal as a response to the authentication request, sending said identification input (4-4) given by the user to the data processing device, establishing (4-5) in said data processing device the user identification passed or failed on the basis of the combination of said identification input and said media file.
10. A method according to claim 9, characterised in sending to the data processing device a piece of information identifying said media file together with the identification input given by the user.
11. A method according to any one of claims 1-10, characterised in that said media file (100) relates substantially to the user's physical location in the moment of identification.
12. A method according to any one of claims 1-11, characterised in that said media file (100) comprises material, which is observable by hearing, sight and/or sense of touch.
13. A method according to any one of claims 1-12, characterised in that said media file (100) comprises sound, music, animation, video picture and/or text.
14. A method according to any one of claims 1-13, characterised in that said media file (100, 300-302) comprises random material, which is substantially different in different identification occasions.
15. A method according to claim 14, characterised in that there is a logical connection between said identification input and said randomly formed material, in which case also said identification input is substantially different in different identification occasions.
16. A method according to any one of claims 1-15, characterised in that said at least one input element is at least one of the following: push of a button, push of a touch screen, touch of an EMFi film.
17. A method according to any one of claims 1-15, characterised in that said at least one input element is a sound signal created by the user.
18. An arrangement which comprises presentation equipment (702, 706) for presenting a media file, reception equipment (703, 707) for receiving user input, and identification equipment (704, 708) for identifying the user of said arrangement, wherein said presentation equipment (702, 706) is arranged to present a media file in connection with identifying the user of said arrangement, characterised in that said reception equipment (703, 707) is arranged to receive an identification input given by the user to be identified, which identification input comprises at least one input element, substantially simultaneously with the presentation of the media file, and said identification equipment (704, 708) is arranged to identify the user on the basis of the combination of said identification input and media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
19. A terminal which comprises presentation equipment (55, 702, 706) for presenting a media file, and reception equipment (55, 703, 707) for receiving a user input, characterised in that said presentation equipment (55, 702, 706) is arranged for presenting a media file in the connection with identifying the user of said terminal, said reception equipment (55, 703, 707) is arranged for receiving an identification input given by the user to be identified, which input comprises at least one input element, substantially simultaneously with the presentation of the media file to be utilised in the identification of the user of the terminal, and in that said terminal further comprises identification equipment (51, 54, 704) for identifying a user of the terminal on the basis of the combination of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
20. A terminal according to claim 19, characterised in that said terminal further comprises communication equipment (52) which are arranged for receiving an authentication request from an external data processing device, and sending said identification input to said data processing device as a response to said authentication request.
21. A data processing device which comprises identification equipment (61, 64, 704, 708) for identifying users of said data processing device, characterised in that said identification equipment (61, 64, 704, 708) is arranged for identifying a user on the basis of a combination of a media file presented to said user and an identification input given by said user, the identification input comprising at least one input element, by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
22. A computer program (54) to be run in a terminal, said computer program producing a routine for user identification and comprising a program code for presenting a media file, and a program code for receiving an identification input given by the user to be identified, which identification input comprises at least one input element, substantially simultaneously with the presentation of the media file to be utilised in identifying the user of the terminal, and a program code for identifying the user of the terminal on the basis of the combination of said identification input and said media file by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
23. A computer program according to claim 22, said computer program further comprising a program code for receiving an authentication request from an external data processing device, and a program code which is arranged to send said identification input to said data processing device as a response to said authentication request.
24. A computer program (64) to be run in a data processing device, said computer program producing a routine for user identification, said computer program comprising a program code which is arranged to identify a user based on a combination of a media file presented to said user and an identification input given by said user, the identification input comprising at least one input element, by examining temporal and/or spatial location of the input elements of said identification input in relation to the content of said media file.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| FI20030922A FI20030922A (en) | 2003-06-19 | 2003-06-19 | Identification of a user |
| FI20030922 | 2003-06-19 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2004111806A1 true WO2004111806A1 (en) | 2004-12-23 |
Family
ID=8566278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/FI2004/000358 WO2004111806A1 (en) | 2003-06-19 | 2004-06-10 | A method, an arrangement, a terminal, a data processing device and a computer program for user identification |
Country Status (2)
| Country | Link |
|---|---|
| FI (1) | FI20030922A (en) |
| WO (1) | WO2004111806A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007174062A (en) * | 2005-12-20 | 2007-07-05 | Canon Inc | Data communication apparatus, data communication system, data communication method, and program thereof |
| JP2009010658A (en) * | 2007-06-27 | 2009-01-15 | Ricoh Co Ltd | Information processor |
| EP2071485A1 (en) * | 2007-12-13 | 2009-06-17 | x-Desktop Ltd. | Method and device for protecting electronically stored content from automated access |
| CN102300020A (en) * | 2010-04-15 | 2011-12-28 | 佳能株式会社 | Image processing apparatus and user authentication method for image processing apparatus |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2765979A1 (en) * | 1997-07-08 | 1999-01-15 | Jacques Rivailler | INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL |
| WO1999009512A1 (en) * | 1997-08-20 | 1999-02-25 | Ogilvie John W L | Identification in computer systems using inherent characteristics |
| WO2000041103A1 (en) * | 1998-12-31 | 2000-07-13 | Perfecto Technologies Ltd. | Method and system for discriminating a human action from a computerized action |
| US6163616A (en) * | 1995-12-29 | 2000-12-19 | Feldman; Stephen E. | System and method for verifying the identity of a person |
| US20010044906A1 (en) * | 1998-04-21 | 2001-11-22 | Dimitri Kanevsky | Random visual patterns used to obtain secured access |
| US20020184538A1 (en) * | 2001-05-30 | 2002-12-05 | Fujitsu Limited | Combined authentication system |
| US6509847B1 (en) * | 1999-09-01 | 2003-01-21 | Gateway, Inc. | Pressure password input device and method |
-
2003
- 2003-06-19 FI FI20030922A patent/FI20030922A/en not_active Application Discontinuation
-
2004
- 2004-06-10 WO PCT/FI2004/000358 patent/WO2004111806A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6163616A (en) * | 1995-12-29 | 2000-12-19 | Feldman; Stephen E. | System and method for verifying the identity of a person |
| FR2765979A1 (en) * | 1997-07-08 | 1999-01-15 | Jacques Rivailler | INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL |
| WO1999009512A1 (en) * | 1997-08-20 | 1999-02-25 | Ogilvie John W L | Identification in computer systems using inherent characteristics |
| US20010044906A1 (en) * | 1998-04-21 | 2001-11-22 | Dimitri Kanevsky | Random visual patterns used to obtain secured access |
| WO2000041103A1 (en) * | 1998-12-31 | 2000-07-13 | Perfecto Technologies Ltd. | Method and system for discriminating a human action from a computerized action |
| US6509847B1 (en) * | 1999-09-01 | 2003-01-21 | Gateway, Inc. | Pressure password input device and method |
| US20020184538A1 (en) * | 2001-05-30 | 2002-12-05 | Fujitsu Limited | Combined authentication system |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007174062A (en) * | 2005-12-20 | 2007-07-05 | Canon Inc | Data communication apparatus, data communication system, data communication method, and program thereof |
| EP1814053A1 (en) * | 2005-12-20 | 2007-08-01 | Canon Kabushiki Kaisha | Data communication system, device, and method |
| US8108938B2 (en) | 2005-12-20 | 2012-01-31 | Canon Kabushiki Kaisha | Data communication system, device, and method |
| EP3462350A1 (en) * | 2005-12-20 | 2019-04-03 | Canon Kabushiki Kaisha | Data communication system, device, and method |
| US10996880B2 (en) | 2005-12-20 | 2021-05-04 | Canon Kabushiki Kaisha | Data communication system device and method |
| JP2009010658A (en) * | 2007-06-27 | 2009-01-15 | Ricoh Co Ltd | Information processor |
| EP2071485A1 (en) * | 2007-12-13 | 2009-06-17 | x-Desktop Ltd. | Method and device for protecting electronically stored content from automated access |
| CN102300020A (en) * | 2010-04-15 | 2011-12-28 | 佳能株式会社 | Image processing apparatus and user authentication method for image processing apparatus |
| CN102300020B (en) * | 2010-04-15 | 2014-07-16 | 佳能株式会社 | Image processing apparatus and user authentication method for image processing apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| FI20030922A0 (en) | 2003-06-19 |
| FI20030922A (en) | 2004-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103098441B (en) | Equipment communicates | |
| CN1816136B (en) | User authentication via a mobile telephone | |
| KR100331671B1 (en) | Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| EP3179758A1 (en) | Building intercom method, nfc unlocking device and building intercom system | |
| CN110235424A (en) | For providing the device and method with managing security information in a communications system | |
| CN105656948A (en) | Account login method and device | |
| US20020007462A1 (en) | User authentication system | |
| JP3258632B2 (en) | Fingerprint authentication device | |
| CN103021045A (en) | Intelligent entrance guard system for mobile terminal user verification | |
| JP2005323070A (en) | Authentication method for home information appliance by portable telephone | |
| WO2005002130A1 (en) | Hybrid authentication | |
| WO2006013363A1 (en) | Haptic input and haptic output in a communications networks | |
| CN109407528A (en) | Safety access method, device, server and storage medium | |
| US20020081179A1 (en) | Smart card of a terminal, a terminal using a smart card, and an improved method for identifying a user by means of a smart card | |
| CN106060027B (en) | Method, apparatus, equipment and the system verified based on identifying code | |
| CN105407070A (en) | Logging-in authorization method and device | |
| CN107145771B (en) | Application program unlocking method and device and terminal | |
| EP1788754A2 (en) | Mobile communication terminal for wireless internet access and wireless internet access method | |
| WO2004111806A1 (en) | A method, an arrangement, a terminal, a data processing device and a computer program for user identification | |
| CN106211156B (en) | WiFi network connection method, device, terminal device and WiFi access point | |
| CN108391323A (en) | Equipment interconnected method, device and electronic equipment | |
| EP2282563A1 (en) | Method for releasing a mobile communication card for the use of a servcie of a mobile communication network and user equipment for interaction with a mobile communication network | |
| FR2832825A1 (en) | Securing access to a digital resource, uses display with array of patterns from which user selects to generate numeric access code which is stored in a memory that must be presented to allow access | |
| KR100950662B1 (en) | A method of certifying smart card for Identification Module using Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| DPEN | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101) | ||
| 122 | Ep: pct application non-entry in european phase |