NL2035159B1 - A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person - Google Patents
A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person Download PDFInfo
- Publication number
- NL2035159B1 NL2035159B1 NL2035159A NL2035159A NL2035159B1 NL 2035159 B1 NL2035159 B1 NL 2035159B1 NL 2035159 A NL2035159 A NL 2035159A NL 2035159 A NL2035159 A NL 2035159A NL 2035159 B1 NL2035159 B1 NL 2035159B1
- Authority
- NL
- Netherlands
- Prior art keywords
- user
- computing device
- biometric
- stored
- data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention is related to a computer-implemented method for generating and storing a digital user ID associated with a user for subsequent digital user 5 authentication purposes, wherein the method makes of use of a mobile user computing device comprising at least one processor, at least one memory unit, and at least one camera. The present invention is further related to a computer- implemented method for authenticating a preregistered person by using a mobile user computing device comprising at least one processor, at least one memory 10 unit, and at least one camera. The invention is further related to a user computing device, and a system for authenticating a preregistered person in a third-party system.
Description
A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person
The present invention is related to a computer-implemented method for generating and storing a digital user ID associated with a user for subsequent digital user authentication purposes, wherein the method makes of use of a mobile user computing device comprising at least one processor, at least one memory unit, and at least one camera. The present invention is further related to a computer- implemented method for authenticating a preregistered person by using a mobile user computing device comprising at least one processor, at least one memory unit, and at least one camera. The invention is further related to a user computing device, and a system for authenticating a preregistered person in a third-party system.
In recent years, the society is digitalizing in a fast pace where the use of (mobile) computing devices continue to grow. With this digitalizing society, it is getting less complicated to validate a person’s identity. Through the introduction of cloud computing systems, it has become more accessible for third party systems to provide an easily implementable authentication check. For example, banking establishments may make use of a, partially, digital authentication of a user which is inclined to open a bank account. The user may upload data stored on a passport, which may be done via scanning the passport for example. The prestored data of the passport may be authenticated against a picture taken by the user and uploaded to the same digital environment of the banking establishment. The bank will authenticate the identity of the person intending to open an account, and based on some background checks performed, open an account for the user in case the data meets an amount of similarity. In order to authenticate the person's identity, the bank stores the data related to the user in an encrypted environment. This allows the bank to remain access to said data, to which a user typically approves.
However, since in recent days, more and more third-party services require a person to authenticate themselves. Not only is this a rather cumbersome procedure, but it also makes the person more fragile to cyber security crimes, such as identity theft.
Over the years, a person may have their biometric data, or even data of their passport, stored with various third-party services. This data may be stored with the third party, such as in the form as an identity associated to a person. Since large numbers of persons may be enrolled to such third-party services, the third party may become a target to certain malicious persons, or groups of hackers. These hackers try to hack a third-party system, taking hostage of their data, including the data associated to a large number of persons. Although the persons may trust the cyber security measures of the third-party service, they also become victim of the hack, since their data is stored with said service. In some events, private, or even biometric data of the persons enrolled or registered with the third-party system may be stolen and/or used for malicious purposes by the hackers. This risk tends to grow as the number of services that need an authentication step starts to grow.
Especially since a person may need to register for every service separately.
Although initially the authentication was intentionally kept at a distance from the person using the service, in other to ensure the quality of the authentication, the downsides, such as risk of hacking and sharing of private and/or biometric data or identity information, start to overshadow the benefit of authentication performed by the third-party system. The increased use of identity information for providing services from a service provider to a customer (user or person) has been accompanied by an increased danger of central interception and theft of that information from the service provider. Identity theft occurs when someone uses, for example, password related data, a username, a Social Security number, a credit card number, or other identifying personal information of another without consent to commit fraud. Such fraud does often not only result in financial loss, but also a loss of trust, wherein both the service provider and the user can be considerably damaged. An additional downside of these third-party systems is that the person using the system generally has no idea of where their data is stored, and also no idea as to what happens with their data. It may be the case that a part of their data is sold by the third party.
Itis a first goal of the present invention to provide a method for generating a digital user ID for subsequent digital authentication purposes on a mobile user computing device that allows a person to maintain control over and/or without sharing sensitive personal data.
it is a second goal of the present invention to provide a method for authenticating an identity of a person without sharing and/or to maintain control of sensitive personal data. tis a third goal of the present invention to provide for a less complicated authenticating procedure of a preregistered person by using a mobile user computing device.
The present invention thereto proposes a computer-implemented method for generating and storing a digital user ID associated with a user for subsequent digital user authentication purposes, wherein the method makes of use of a mobile user computing device comprising at least one processor, at least one memory unit, and at least one camera, wherein the method comprises the steps of: i. retrieving, preferably via the mobile user computing device, prestored biometric personal data from at least one official identity document, such as a passport, associated with a user and storing said biometric personal data, preferably exclusively, onto the mobile user computing device, i. acquiring, by using the mobile user computing device, additional biometric data from said user, wherein said biometric data relate to a plurality of biometric modalities, wherein at least one of said biometric modalities constitutes a user liveness check by using the camera of the mobile computing device, and storing at least a part of said acquired additional biometric data onto the mobile user computing device, fii. comparing, by said mobile user computing device, at least a part of the biometric data stored during step i) and at least a part of the additional biometric data stored during step ii), iv. generating, by said mobile user computing device, a digital user ID in case comparison performed during step iii) meets a predetermined minimum degree of similarity, and locally storing the generated digital user ID on at least one memory unit of the mobile user computing device.
The present invention allows for generating and storing a digital user ID which may be used in subsequent authentication processes. The particular advantage of the present invention is that it allows a user to generate and to locally store a digital user ID for themselves, only by using the user’s (single) mobile user computing device. Hence, the mobile user device, which a user typically carries with themselves, holds only the digital user ID. Since the digital user ID is authenticated, the digital user ID may be validly used to authenticate a person during authentication processes of third-party systems. Another particular advantage of the present invention is that the prestored biometric personal data retrieved from the official identity document are stored on the mobile user computing device.
Hence, no need to share sensitive, valuable and personal data with a third-party system and/or with third parties. Sharing biometric data with a third party, which usually stores said data with the biometric data of other uses makes, as described before, the third party more prone to a hack, which may cause biometric data theft of the user from said third party, which is obviously undesired. The present invention allows the user to remain in control of the prestored biometric personal data by only storing it locally, on the memory unit of the mobile user computing device. The digital user ID is preferably stored encrypted on at least one memory unit of the mobile user computing device, more preferably on a secured area (protected area) of said at least one memory unit of the mobile user computing device. Preferably, the prestored biometric personal data comprises at least one high-resolution (colour) image of the face of associated with a user. However, it is conceivable that the prestored biometric personal data further comprises demographic and biometric information associated with the user, preferably fingerprint of at least one, preferably all fingers, an iris scan, a digital signature, a retinal scan. The mobile user computing device is significantly less susceptible for a (targeted) hack, since it merely holds biometric data associated to a single person.
Optionally, it is imaginable that family members of the user may create a second or third or fourth digital user ID on the device of said user, allowing the mobile user computing device to store a digital user ID of the family members of the user.
However, in this case, it is preferred that the different digital user ID's associated to the family members are stored on the mobile user device under e.g., different accounts and/or under different names. The present invention further allows to make repetitive use of authentication steps within a third party system, which in current third party systems is typically rather cumbersome to the user. The locally stored user ID may easily, and with low threshold, be used for local authentication of the user during use of a third party system, by authenticating the locally stored digital user ID against an image of the user for example. 5 The present invention not only allows for maintaining control over the prestored biometric personal data retrieved from the at least one official identity document, but also the acquired additional biometric data from the user is stored locally, preferably on the memory unit of the mobile user computing device, thereby giving the user full control and ownership of the biometric data. Preferably, step iii) is performed by the at least one processor of the mobile user computing device.
Since also the step of comparing is performed by the mobile user computing device, it is possible to generate an authenticated digital user ID essentially exclusively on the mobile user computing device. Hence, making it possible to establish a digital user ID, which is authenticated, locally on the mobile user computing device. As such, a user is not required to share any biometric data.
Another major benefit is that the digital user ID may be used with a wide range of third party systems which are compliant. Hence, eliminating the need for a user to generate a single user ID with all the separate third-party systems, and the associated risk of hacks of personal biometric data stored within said third party systems. By applying the method according to the present invention it is possible to locally generate a digital user ID. Here, local shall be understood as decentralized, preferably not making use of a public server network, or a server network that is used by a plurality of users. The latter in any case as to the biometric data.
Throughout this application, reference is made to basic personal data. This may be understood as simple personal data such as a name of a user or person. Such data can be freely shared since it does not constitute sensitive or may be less useful to malicious persons. Other examples of basic personal data may for example be date of birth, place of birth, optionally a basic image of a person, wherein no biometric data is associated with said basic image, a username, a place of residence, or the like. Biometric data may be understood as comprising at least some measurable and/or quantifiable characteristics of the person, such as a fingerprint, or key facial landmarks, or the like. Such type of data is preferably not shared with any third party, since it may cause identity theft if stolen from the third party, e.g., when hacked. Such basic personal data may be added, for example by the user, to the digital user ID as credentials. it is imaginable that step ii) acquiring additional biometric data from said user comprises the step of; recording of data at least one characteristic of the person, preferably by using the camera of the mobile user computing device, and; constructing, preferably by using the at least one processor of the mobile user computing device, biometric data, wherein said biometric data relate to a plurality of biometric modalities, related to the recorded data. Biometric data, in particular the biometric modalities may be understood as describing or defining measurable human characteristic, preferably wherein said biometric data, in particular the biometric modalities are stored and/or converted into one or more biometric data templates, which may comprise a set of stored biometric features. Since the biometric data may be highly sensitive, especially in the hands of malicious persons, it is generally not preferred to share said biometric data.
Preferably, during step ii) at least one biometric modality constitutes a selfie of the face of a user. The selfie may for example be recorded with the at least one camera of the mobile user computing device. It is imaginable that it is sufficient to record merely a face part, rather than the entire face, such as for example an upper part of the face, during step ii). Preferably, the face is uncovered, although it is also feasible to retrieve sufficient biometric facial information from a partially covered face, such as when a user is wearing a mouth mask, sunglasses, and/or a hat. if not, the entire face is recorded, or if the face is partially covered, it is essential that during step iii) a predetermined minimum degree of similarity may be detected by the mobile user computing device in order to guarantee a valid authentication of the identity of a user. Preferably, during step iii) a face recognition analysis is performed based on the acquired additional biometric data, preferably the selfie, during step ii) and the prestored biometric personal data retrieved during step i). It is preferred that the comparison performed is at least partially based on a depth perception face recognition. It has proven that facial recognition with depth perception may be able to detect deep fake pictures, and hence may provide a more reliable outcome of the comparison step of step iii). Preferably, during step ii) both at least one selfie of the face of a user and a user liveness check are acquired. This is beneficial for the step of comparing, since it may allow to validate the user is a living person, and to verily the face based on the selfie image. During step iii), it is preferred that at least the selfie is compared with the prestored biometric personal data of step i), in particular a high-resolution image thereof.
Itis imaginable that a biometric template of at least one biometric modality, preferably comprising a faceprint comprising data related to one or more facial landmark associated to a user’s face, such as face vectors, is stored on the mobile user computing device, wherein said biometric template is at least partially associated to user related biometric data. Hence, this may provide even further protection of the sensitive biometric data. The captured biometric modality acquired during step ii) is therefore preferably converted into a mathematical file and/or into one or more face vectors. Thus, the template is a digital and/or mathematical representation of features or characteristics of the acquired additional biometric source data during step ii). Not only does this occupy less storage of the memory unit, but it is also less valuable when stolen, in the event the mobile user computing device is hacked. Preferably, the biometric data retrieved and/or acquired, in particular the biometric template is encrypted prior to being stored on the memory unit. It is conceivable that the data is encrypted according to a public key infrastructure. Typically, at least a part of the biometric data collected during steps i) and ii) is preferably stored within a secure area (protected area) of at least one memory unit of the mobile user computing device. Once data, in particular based upon the generated digital user ID, is shared by the user computing device for authentication purposes, such as to get access to a services, these data are preferably encrypted with public key infrastructure (PKI) encryption keys.
According to a preferred embodiment during step ii) at least one biometric modality is a physiological biometric modality. Preferably at least one biometric modality is chosen from the group of: fingerprints, vein recognition, iris recognition, retina scanning, facial recognition, ear recognition, finger geometry (the size and position of fingers), palm prints, voice recognition. In addition, or alternatively, wherein during step ii) at least one biometric modality is a behavioural biometric modality, such as a keystroke recognition and/or -gait pattern recognition.
Preferably at least one biometric modality is recorded, by said user using at least one transducing component of the mobile user computing device during step ii).
Said at least one transducing component is preferably chosen from the group consisting of: a camera, a microphone, and/or a biometric sensor. The recording can for example take place by making and/or by recording and/or by capturing a facial image, such as a selfie, a facial video of an entire face or face part, an iris video, a voiceprint, a fingerprint, a hand gesture, a fingerprint, finger vein, or a photo of a finger allowing the determination of the minutiae of said finger and/or the vein(s) of said finger. It is also imaginable to record a voiceprint in a noisy environment and/or while wearing a mouth mask, scarf, or other mouth covering object. In this latter case it is preferred that a neural network and/or algorithm, running or performed by the processor of the mobile user computing device, is used for the biometric analysis is programmed and/or has learned and/or is fed with sufficient data to be able to process the recorded voiceprint (while wearing a mouth mask) for comparison (and/or storage) purposes. Hence, the software used to recognise the recorded biometric is preferably a kind of living or dynamic piece of software running on or performed by the processor of the mobile user computing device, meaning that it will continuously improve based on historical data that is submitted by users. As such, events like changes in accents if a user moves to a different part of a country is accounted for by the present invention. The user is preferably guided through the process for generating a digital user ID. One of the steps during this enrolment process is that the user may be guided in how to properly record a biometric characteristic associated to said user. Here, it is imaginable that at least one host computing device provides recording instructions to the user via the messenger application, wherein said recording instructions define one or more minimum requirements relating to the quality of the biometric characteristic to be recorded. It is also imaginable that this guidance can be provided to the user via the mobile user computing device. These minimum requirements can be presented and communicated in various ways to the user, such as by text, audio, pictures or video. In case recording of a picture or video is requested, then it is often preferred to show a virtual picture frame on the screen of the mobile user computing device, wherein, by using the camera of the mobile user computing device, the user should try to fit his or her face within said picture frame.
During and/or after this exercise, fiducial facial points are typically detected.
Alternatively, an example picture can be sent to the user, or (interactive) feedback can be provided to instruct the user what to do, e.g., “stand closer”, “stand further back”.
It is imaginable that the digital identity generated by the mobile user computing device is, at least partially stored, on a digital wallet of the mobile user computing device. Said digital wallet may be allocated on the memory unit for example and is typically very well encrypted to further prevent theft.
Preferably, during step i) the official identity document issued by a government is a passport, and/or an identity card, and/or an official identity document issued by a company or health service, such as a health insurance card a physical identity document, and/or a digital identity document. The official identity document to according to the purpose of the present invention shall comprise prestored biometric personal data associated with a user. Preferably the official identity document is compliant with the International Civil Aviation Organization (ICAO) DOC series 9303. Preferably, during step i) use is made of the mobile user computing device for retrieving data from the at least one official identity document. it is conceivable that during step i) at least one image of the at least one official identity document is made, preferably by using the mobile user computing device, wherein said image comprises biometric data associated to the identity of a person.
The image of the official identity document is preferably processed, for example by the processor of the mobile user computing device, to extract and/or deduce the prestored biometric personal data from the official identity document.
According to a preferred embodiment the official identity document comprises at least one chip, wherein the chip comprises at least a part of the prestored biometric data, wherein the user computing device is capable to retrieve at least a part of the prestored biometric data from said chip during step i). Preferably, wherein the mobile user computing device is configured for retrieving the prestored biometric data from the chip via near field communication (NFC). This is optionally combined with the step of making an image of the official identity document, to validate the prestored biometric personal data. Preferably, during step iii), comparing is performed essentially entirely and/or exclusively based on data stored locally on the mobile user computing device. Said data may include the retrieved prestored biometric personal data during step i) which are stored on the mobile user computing device. lt is in particular preferred to use the chip of the at least one official identity document since it allows for direct local storage on the mobile user computing device. it is imaginable and preferable that the method further comprises the step of:
Vv) removing at least a part of the biometric data stored and/or collected during step i) and/or step ii) from the mobile user computing device after completion of step iii) and/or iv).
That is, the retrieved biometric personal data from the at least one official identity document and the acquired additional biometric data during steps i) and ii) are used for comparing, in particular authenticating, the identity of a user, or at least a measure of similarity between the recorded biometric during step ii) against the prestored biometric of step i). If the comparison yields a predetermined minimum degree of similarity, a digital user ID may be generated, and stored on the memory unit of the mobile user computing device. After generating the digital user ID, the retrieved and acquired biometric data is not needed per se, and may therefore be deleted in order to further prevent theft of sensitive data. Hence, it is conceivable that after performing the method by and on the mobile user computing device, no biometric data associated with the user remain on the memory unit of the mobile user computing device. Preferably, wherein during step i) and/or step ii) and/or step iv), the retrieved and/or acquired and/or generated data, in particular biometric data associated with a user, is exclusively stored, at least temporarily, on the mobile user computing device. That is, essentially no data is leaving the mobile user computing device during the steps of the method. This prevents that sensitive of valuable data is shared with a third party, contributing to the fact that the user may be in control of the data.
According to a preferred embodiment, during step iii) one or more one-to-one image matching checks are performed on the mobile user computing device, preferably by the at least one processor of the mobile user computing device.
Preferably, during step iii) at least one selfie of the face of a user is compared with the high-quality (colour) image prestored on the passport of a user. it is conceivable that step ii) and step iii) at least partially overlap in time. Hence, it may be possible that a user uses the mobile user computing device to record, by using the mobile user computing device, a selfie of their face, which is subsequently compared (hence step iii), with a part of the prestored biometric personal data retrieved during step i). Since comparing of data may be done on the background, e.g., by a processor of the mobile user computing device, it is conceivable that the user records a liveness check during the comparison step iii).
As such, partial overlap in time may be established between steps ii) and iii).
However, in order to perform step iii), it is preferred that steps i) and ii) are each performed at least once. That is, for step iii}, comparable data must be available.
Preferably, during step ii) use is made only of the camera of the mobile user computing device for recording of additional biometric data.
According to a preferred embodiment during step iii) use is made of single modal biometric data associated with a single biometric modality stored during step ii), and/or wherein during step iii) use is made of multimodal biometric data associated with a plurality of biometric modalities stored during step ii). Although it is preferred that use is made of multimodal biometric data, which may typically be harder to fool, it is conceivable that during step iii) merely single modal biometric data is used. Hence said single modal biometric data may be formed by a selfie of the face of a user. It is to this end imaginable that the selfie of the face of the user is captured, e.g., automatically, without the user required to do so, from the liveness check performed during step ii). For example, the liveness check may require the user to move their head left and right, and/or up and down, in order to be able to check the liveness. In this case it is possible that the mobile user computing device, e.g., by the processor, captures an image of the recorded video of the user moving their head, which screen capture may be sued as the single biometric modality stored during step ii).
Preferably, the mobile user computing device is a smartphone, and wherein preferably the at least one memory unit is a non-volatile memory unit. The mobile user computing device may alternatively be a tablet, a laptop, a desktop computer, a smartwatch or any other smart wearable device. To this end feature phones should be understood as a type or class of (mobile) phones that are visually and dimensionally similar to early generations of mobile phones. The feature phones typically comprise press-buttons based inputs, such as a menu button and an “ok”, and “back” button, and a small, typically non-touch display. The display may typically be a colour display. Moreover, the feature phones typically use an embedded operating system. A smartphone should be understood as a type or class of (mobile) phones that performs many functions of a computer, typically provided with a touchscreen interface, internet access, and an extensive mobile operating system that allows for running, and downloading applications, multimedia functionality, alongside the core phone functions such as voice calls and text messaging.
It is imaginable that the entire method as set forth above is performed by or runs at least partially on the processor of the mobile user computing device, for example in the form of an application, which the user may access via the mobile user computing device interface. By opening the application, the user may be able to perform the steps as described. Here it is conceivable that the processor is configured for requesting the user, hence via the mobile user computing device, to perform certain steps, possibly in a predetermined order. It may to this end be conceivable that upon starting the application for the first time, the user is presented with a screen which provides the user with the choice for starting the digital user ID generation process. Once the process is initiated, e.g., by clicking via a touchscreen or button of the mobile user computing device, the application may dictate the user to retrieve prestored biometric personal data associated with an official identity document issued by a government. In line with the ownership of the sensitive data, it is preferred that the owner or maker of the application has no access to the biometric data and/or the digital user ID stored by the user and on the mobile user computing device.
According to a second aspect the present invention provides a computer- implemented method for authenticating a preregistered person by using a mobile user computing device comprising at least one processor, at least one memory unit, and at least one camera, wherein the authentication method comprises the steps of: i. providing a third-party system requiring a person to authenticate themselves to permit access to a digital service and/or to a restricted environment, wherein third party system comprises prestored personal data and associated access rights associated with the preregistered person,
if. optionally sending an authentication request by said third party system to the mobile user computing device, wherein said authentication request comprises at least a part of the person data associated with the preregistered person, fi. requesting a person, via said mobile user computing device to record biometric data, such as a selfie and/or liveness check, iv. recording the requested biometric data by the person and by using the camera of the mobile user computing device,
V. authenticating, on and by the mobile user computing device, the recorded biometric data of said person against a digital user ID locally prestored on the mobile user computing device, wherein said locally stored digital user ID is preferably based on: a. both biometric personal data retrieved from at least one official identity document, such as a passport, associated with a user, and b. additional biometric data relating to a plurality of biometric modalities, wherein at least one of said biometric modalities preferably constitutes a user liveness check by using the camera of the mobile user computing device; and/or wherein said locally stored digital user ID is generated by applying the method according to any of the preceding claims,
Vi. in case the person is successfully authenticated during step v) generating authenticated basic personal data associated with said authenticated person, vii. comparing, on and by the mobile user computing device and/or by the third-party system, at least a part of the personal data associated with the preregistered person prestored in the third party system with the authenticated basic personal data generated during step vi), and viii. providing an authentication signal, by the user computing device and/or third party system, to the third party system in case the comparison performed during step vii) meets a predetermined minimum degree of similarity, and ix. granting said person, by the third-party system, predefined access to said digital service and/or to said restricted environment upon receiving the authentication signal provided during step viii) by the third party system.
This aspect of the present invention allows to use a prestored digital user ID for authenticating a preregistered person which may yield different benefits. First of all, it allows the person to remain in control of their biometric data. This is possible since the recorded biometric data during step iv) is recorded by, and preferably only stored on, the mobile user computing device. Since the digital user ID is prestored on the mobile user computing device, it is possible to perform an authentication step locally, hence on the mobile user computing device. As such, neither the prestored biometric personal data retrieved from the official identity document, nor the recorded or requested biometric data associated to the person need to be verified or send to the third-party system that requires an authentication. Preferably, the locally prestored digital user ID is generated applying the method according to the present invention. Apart from the fact that no biometric data associated with the person needs to be shared with the third-party system, another benefit of this aspect of the invention is that the person may be able to use a single prestored digital user ID on the mobile user computing device for a number of third party systems. Hence, the user may be able to use the single prestored digital user ID in relation to a plurality of third-party systems. The latter preferably whilst remaining in control of the biometric data that is shared with the third-party system. This is beneficial since it is cumbersome for a person to generate an authenticated identity with each of said services individually.
This aspect allows to authenticate an identity of a person that is requesting access to the digital service and/or restricted environment against a prestored digital user
ID, and additionally allows for comparing of the authenticated basic personal data with basic personal data of the preregistered person. The first allows for validating whether the person requesting access is in fact the person associated with the prestored digital user ID, hence an authenticating step. However, it is also needed to check whether said authenticated person is in fact the person that is preregistered. To this end, the latter step is performed. If both steps are successful, an authentication signal may be established which may grant access. Here, authenticated basic personal data may for example be a name of the person. Since this is not sensitive data, this may optionally be shared with the third-party system.
Preferably, during step v) and/or vi} authenticated basic personal data is stored on the mobile user device in case the authentication performed meets a predetermined minimum degree of similarity. This may additionally allow for later use of the authenticated basic personal data, for example as long as the mobile user computing device is not locked, since otherwise it may be difficult to guarantee the validity of the authenticated basic personal data. Preferably, the authenticated basic personal data is at least stored on the memory unit of the mobile user computing device up till, and preferably including, step viii). It is imaginable that essentially all biometric data related to the person is maintained on the mobile user computing device, in particular on the memory unit of the mobile user computing device. Since the biometric data related to the person may be sensitive, and dangerous if in the hands of a malicious person, it is preferred that the data is maintained on the mobile user computing device of the person instead of on a cloud computing device of a third party system together with biometric data associated to many other people registered with said third party system.
According to a preferred embodiment the restricted environment is a physical environment, such as a hotel room, and/or a stadium, and/or an airport area, and/or a gym, and/or a bank, and/or a bar. Yet, it is also conceivable that the restricted environment is a digital environment, such as a digital bank environment, and/or a money transfer platform, and/or an investment platform and/or an insurance platform, and/or a digital governmental platform. As to a stadium and/or airport, it may be conceivable that the user is preregistered by buying a ticket (e.g., a ticket to a soccer match or concert, or plane ticket). This typically involves providing basic personal data, such as a name, to the third party system (stadium and/or airport), which may be saved by said system. Upon entering the stadium, the person may need to be authenticated, this may be done through using the mobile user computing device to perform the authentication step. In this example, it is also optionally possible that a camera of the third party system is used for making a picture, which may in a particular embodiment be authenticated by the third party system against a pre-authenticated image of a face of the user. For example, it is conceivable that the person records a picture (preferably a selfie), that is preferably prior to going to the stadium and/or airport, which is authenticated against the locally stored digital user ID. If the picture is authenticated, said picture may be shared with the third party system as part of the basic personal data. This may allow the third party system to, by taking an image of the person entering the stadium and/or airport, validate the identity of the person against the pre- authenticated picture.
Within the digital banking environment, the method according to the present invention may for example be applied when a person requests to log in on said platform, or if the person is arranging a transfer of money. The authentication according to the present invention may prevent someone other than the preregistered person from making unwanted actions. If a person has their banking application opened on their mobile, and puts their mobile phone away for a second, it could be possible that a third person may pick up the mobile phone and make a transfer. By using the method according to this aspect of the invention the person should authenticate on the point the transfer is made, hence said aforementioned unintended and unwanted transaction may be prevented since the person does not match the preregistered person. It is imaginable that the third-party system makes part and/or is connected to a server network, such as a cloud based server network, wherein the server network is configured to perform at least a part of step viii) and/or ix). Hence, according to the present invention it is important that step iv) and/or v) are performed on and by the mobile user computing device, since this allows for not sharing biometric data with the third-party system whilst still performing a qualitative authentication step. Steps viii) and/or ix) may to this end be performed either by the mobile user computing device and/or by the third-party system, such as said server network. During the latter two steps, it is compared whether the authenticated basic personal data, which is generated based on the outcome authentication step vi), matches the basic personal data of the preregistered person. This could for example be comparing an authenticated name of a person, with the preregistered name of a person. if the names match, this means the person requesting access is not only the authenticated, but also matches the preregistered person and hence access may be granted. Since step vii) involves only a comparison of basic personal data, it is not required to perform this step on the mobile user device. That is, basic personal data is typically used by the person on a day-to-day basis, or even to register (e.g., name, date of birth, or the like). Such data may not be very valuable to malicious persons and hence may be shared with and/or compared by the third-party system. in fact, during the preregistering, the person already has entered such basic personal data within the third-party system in order to (for example) book a hotel room, or a ticket to a stadium. Subjective to the outcome of comparison step vii), the third-party system may grant the person access (that is, in case the authenticated basic personal data matches the preregistered basic personal data).
Preferably the biometric data stored on the mobile user computing device is encrypted using a public key infrastructure. The person, i.e., the owner, of the biometric data that is stored on the memory unit of the mobile user computing device is in control of the data. As long as the private key is not shared by the person, only the person will be able to access the biometric data.
According to a different aspect the present invention provides for a user computing device comprising at least one processor, at least one memory unit, and at least one camera, wherein the processor is configured to allow a digital user ID to be stored locally onto at least one memory unit of the user computing device, preferably wherein said locally stored digital user ID is at least partially based on data relating to a plurality of biometric modalities, wherein at least one of said biometric modalities preferably constitutes a user liveness check by using the camera of the mobile user computing device and/or wherein said locally stored digital user ID is generated by applying the method according to the present invention, wherein the user computing device is configured for use in a method according to any of the preceding claims. As to the user computing device of the present invention, the same benefits as elucidated in the above apply mutatis mutandis. Said benefits also apply to specific aspects disclosed below. Preferably, wherein the digital user ID is stored on the memory unit of said user computing device, wherein said locally stored digital user ID is preferably based on: a. both biometric personal data retrieved from at least one official identity document, such as a passport, associated with a user, and b. additional biometric data relating to a plurality of biometric modalities, wherein at least one of said biometric modalities preferably constitutes a user liveness check by using the camera of the mobile user computing device; and preferably wherein said locally stored digital user ID is generated by applying the method according to the present invention.
Preferably, the user computing device comprises a communication module for retrieving data from an official identity document, in particular for retrieving prestored biometric personal data from said official identity document, such as a passport, in particular wherein said data is stored on a memory unit, such as a chip of said official identity document. Preferably, wherein the processor or an app stored on the memory unit of the user computing device is programmed to: i. authenticate, on said user computing device, recorded biometric data against a user ID locally stored on the user computing device, and/or i. comparing, by the user computing device, prestored personal data associated with a person with authenticated basic personal data associated to an authenticated person of step i), and/or ii. provide an authentication signal from the user computing device to the third party system in case the comparison performed during step ii) meets a predetermined minimum degree of similarity, wherein a third party system may grant predefined user access upon receiving the authentication signal.
According to another aspect the present invention provides for a system for authenticating a preregistered person in a third party system, comprising: - at least one user computing device, in particular according to the invention, comprising at least one memory unit, and at least one camera, and a digital user ID stored locally onto at least one memory unit of the user computing device, and - at least one third party system which requires a person to authenticate themselves to permit access to a digital service and/or to a restricted environment, wherein the at least one user computing device is configured for authenticating a user, on the user computing device, based on the locally stored digital user ID and a recorded biometric modality, and for providing an authentication signal to the third party system if the authentication meets a predetermined minimum degree of similarity. To this end, the same benefits apply as set forth with respect to the methods according to the present invention.
The present invention will be elucidated in more detail based on the following non- limitative figures, wherein:
- Figure 1 shows a non-limitative embodiment of a computer-implemented method for generating and storing a digital user ID; - Figure 2 shows a first embodiment of a computer-implemented method for authenticating a registered person; - Figure 3 shows a second embodiment of a computer-implemented method for authenticating a registered person; and - Figure 4 shows a third embodiment of a computer-implemented method for authenticating a registered person.
Figure 1 shows an embodiment for generating and storing a digital user ID which is associated with a user for subsequent authentication purposes 100. Some non- limitative examples of such authentication purposes are shown in the figures 2-4.
The computer-implemented method 100 makes use of a mobile user computing device 101. Said mobile user computing device 101, as shown in this embodiment, is a mobile phone 101, in particular a smartphone 101. Alternatively, it is also conceivable that a tablet of laptop, or other mobile device 101 belonging to a user is used for the same purpose. Preferably, the mobile user computing device 101 comprises at least one processor 102, which processor 102 may be configured for starting, running, and closing applications on said mobile user computing device 101. The mobile user computing device 101 further comprises at least one memory unit 103, such as an SD card, network storage, memory chip, or the like. However, the memory unit 103 preferably belongs or is part of to the mobile user computing device 101, or at least allows for local storage of data and/or information.
Preferably, the mobile user computing device 101 further comprises one or more recording devices 104, 105, such as a camera 104, for recording one or more biometric modalities related to the user. In order to generate the digital user ID 115, a user may retrieve prestored biometric personal data 107, 108, 109, 110 from at least one official identity document 106 associated with a user. In the embodiment depicted in this figure, the official identity is a passport 106, issued by a government. The passport 106 is of the newer type, which comprises an NFC chip 107. In addition, the passport comprises the data associated to a person such as a picture 108, basic information related to date of birth 110, place of birth 110, name, but also document related information 110, such as a document type, document number, or the like 110. A part of the information may be incorporated into a code 109, typically situated along an edge of the identity document, which may also be referred to as a machine readable zone 109. The user may use the mobile user computing device 101 to retrieve 116, preferably by scanning, the prestored biometric personal data 107, 108, 109, 110 from the official identity document 106.
This may be done through the NFC chip 107. Alternatively, or additionally, the user may use a camera 104 of the mobile user computing device 101 to scan the official identity document 106 and to retrieve 116 the personal biometric data 107, 108, 109, 110. The prestored biometric data 107, 108, 109, 110 retrieved 116 from the
NFC chip 107 of the passport is preferably stored onto a memory unit 103 of the mobile user computing device 101. Subsequently, the user may be requested to 117, or on own volition, record 111 biometric data 112 from themselves, for example by using a {selfie)camera 104 of the mobile user computing device 101, or by using a fingerprint scanner 105 of the mobile user computing device 101. It is explicitly noted here that the encircled portion 111, which reflects the step of recording 111 biometric data of the user, is performed on the same user computing device 101, hence only a single mobile user computing device 101 is used in the method according to the invention 100 shown here. It is merely for illustrative purposes that this is indicated as a separate mobile user computing device 101.
Preferably the recorded 111 and acquired biometric data related to the user comprises a plurality of biometric modalities, of which at least one constitutes a liveness check 112. The biometric data is stored onto the mobile user computing device 101, in particular the memory unit 103 thereof. It is conceivable that the biometric data is stored in an encrypted manner. Preferably, at least one biometric modality constitutes a selfie 112 of the face of the user. It is imaginable that not the selfie as such is stored onto the memory unit, but merely a biometric template, comprising a faceprint with data related to facial landmarks associated to the user's face. After retrieving 116 and storing of the prestored biometric personal data 107, 108, 109, 110 from the official identity document 106 and acquiring 112 and storing of recorded biometric data, the two are compared 118. Comparing 118 of the prestored biometric personal data 113 and the recorded biometric data 112 occurs on the mobile user computing device 101, in particular on a processor 102 thereof.
If comparing 118 of the prestored biometric personal data 113 and the recorded biometric data 112 yields a predetermine minimum degree of similarity, a digital user ID 115 is generated 114, preferably by the processor 102 of the mobile user computing device 101. Subsequently said generated digital user ID 115 is stored onto the mobile user computing device 101, preferably the memory unit 103 thereof. lt is conceivable that after generating 114 and storing the digital user ID 115 locally on the mobile user computing device 101, any data stored on the mobile user computing device that was recorder 112 and/or obtained 116 is deleted. As such, all steps elucidated above may occur on, or by, the mobile user computing device 101. In particular it is beneficial that during the entire process as set forth above, no data is to be shared with a third party. This may allow a user to maintain full control of all (biometric)data. Vulnerabilities in the storage of biometric data with third parties may be substantially eliminated. Moreover, it is less lucrative for hackers to attempt to steal the data, in particular since only data related to a singular person may be obtained, if at all. This allows for a safer generation of a validated digital user ID. The stored digital user ID may at a later point in time be used for authentication purposes within a third party system requiring authentication of a person. Since the user has its own digital authenticated user {D, the latter may be user by a wide variety of third party systems, where authentication within such third party environments requires only the local presence of the digital user ID. This is a significant improvement, since the user does not require to separately authenticate themselves with a wide range of third party systems, which enlarges the risks of data leaks in one of such systems since these systems typically comprise vast amounts of data related to a large number of people, making them an interesting target to malicious persons.
Figure 2 shows an embodiment of the present invention related to a computer- implemented method for authenticating a preregistered person by using a mobile user computing device 200. This particular figure shows an example of a user that is authenticated in order to be granted access to a hotel room 203 or an apartment 203. To this end, a person 201 may register 219 themselves, by using the mobile user computing device 202, with a third party system 203. In this example, a mobile phone 202 us used by the user 201 to access a webpage 204 of a hotel 203, where a check-in is performed. The check-in typically requires a person to register 218 certain data 205, such as a name of the person 205 that is checking-in, the dates from and to which the person would like to make use of the hotel room 205, and optionally information relating to services of the hotel 205, in this case the choice for half board stays. The personal data 205 is registered with the third party system 203, in this instance a cloud environment 216 of the hotel 203, such that the third party system 203 may associate a restricted environment 217 (e.g., hotel room, or breakfast room) as an access right to the preregistered user 205, possible for a restricted amount of time (e.g., the duration of the stay). It is possible that specific details, such as room number, are shared from the third party service 203 to the mobile user device 202. During preregistering 219, no biometric data is shared with the third party system 203, merely basic personal data 206 associated to the preregistered person 205 is shared with the third party system 203. The preregistered person 205 does not require to go to the reception, since the room is associated to the preregistered person 205. However, in order to avoid any person from accessing the room, an authentication of a person's ID is required.
To this end, a user may use a user computing device 203, preferably the same as used to preregister, to request access 207 to the room.
Upon requesting access 207, for example by making contact with a, preferably communicative, lock of the hotel room 217 an authentication request may emerge on the mobile user computing device of the user.
To this end, the hotel room may share the basic personal data
206 associated to the preregistered person 205 with the mobile user computing device 202. On the mobile user computing device 202 biometric data 211 may be recorded 212 by the person, such as by using the camera 212 of the mobile user computing device 202. Also here, it is to be explicitly noted that the separate mobile user computing device 202 shown is the same as indicated on the top left.
Hence,
also here only a single mobile user computing device 202 is used for performing the method.
Thus, the same single mobile user computing device 202 is used for registering 219 and for authenticating 212. The identity of the person may be authenticated 210 based on the recorded biometric data 211 and a digital user ID 215 that is locally stored 214 on the mobile user computing device 202. Preferably wherein said locally stored digital user ID 215 is obtained via the method as indicated in figure 1. If the recorded biometric data 211 has a predetermined degree of similarity compared to the locally stored digital user ID 215, the identity of the person may be realized.
The authenticated basic personal data, corresponding to the conditional outcome of the authentication step 210, is compared against the prestored basic personal data 206 provided to the third party service 203. In case a predetermined minimum degree of similarity is observed between the authenticated basic personal data and the preregistered basic personal data 206, an authentication signal 209 is provided by the user computing device 202, said signal may grant the person predefined access to the restricted hotel room 217. In this example, the mobile user computing device 202 is used to request access to the hotel room 217, for example by means of an app of the hotel, which is running on 213 the mobile user computing device 202. By holding the mobile user computing device against a lock, or other part, of the hotel room 217, the person may request access. However, in order to prevent anyone from being able to obtain access, it is required that the identity of the person is authenticated 210, as well as comparing that the authenticated identity matches the identity of the preregistered person 206 associated to the specific room. In this embodiment, essentially all checking steps are conducted on the mobile user computing device 202. That is, access is requested 207, in response to which access request, basic personal data 206 associated to the room 217 are, optionally in an encrypted manner, send 207 to the mobile user computing device 202. On the mobile user computing device 202, the person is requested to authenticate 210 themselves, by recording biometric data of themselves 211, which is authenticated 210 against a locally stored digital user ID 215. The recorded biometric data is only stored 214 on the mobile user computing device 202 and needs not to be shared with the third party system (hotel) 203. If the recorded biometric data 211 matches the digital user ID 215, the person is successfully authenticated 210. Authenticated basic personal data 206, such as a name, may be retrieved by the mobile user computing device 202 upon successful authentication 210. Said authenticated basic personal data may be compared with the preregistered basic personal data 206 received in response to the access request. If the basic personal data matches, an authentication or access signal 209 may be generated by the user computing device 202, and subsequently send to the hotel room 217. The hotel room 217, as the third party system may grant access to the room upon receiving said authentication signal 209. The main benefit is that no biometric of the person needs to be shared with the third party system 203, which allows the person to remain in full control of the biometric data. The only data that needs to be shared is the basic personal data, or a part thereof, in order to allow a comparison between an authenticated person and the preregistered person. This may also be based on specific characters of the basic personal data.
Figure 3 shows a slightly different embodiment of the same third party system 303 as indicated in figure 2. However, some steps slightly differ compared to the embodiment indicated in figure 2. The person similarly registers 319 themselves using e.g., a webpage 304 and/or an application of a third party system 303 via the user computing device 302. Basic personal data 306a related to the preregistered person 205 may be stored, e.g., in a cloud environment 316 of the third party system 303. Similarly, the third party system 303, which in this instance is the hotel, may allocate a specific room to the preregistered person, and optionally restricted access to certain parts of the hotel, based on the data 305 of the preregistration.
The person 305 does not require to go through the reception, since the room is allocated on the basis of the preregistration 319. A hotel room 317 may be communicated to the person via the cloud environment to the app or a mailing service on the mobile user computing device 302. Upon requesting access 307 to the specific room 317 associated to the preregistered person 306a, the third party system 303 needs to ensure that the person asking access 307 matches the preregistered person 306a. To this end, the person may require authenticating themselves on the mobile user computing device 302, e.g., based upon an authentication request 307 from the third party system 303. To this end, the person may, in particular on said mobile user computing device 302, record 312 biometric data 311 of themselves, which is authenticated 310a against a locally stored digital user ID 315. Also here, it is to be explicitly noted that the separate mobile user computing device 302 shown is the same as indicated on the top left. Hence, also here only a single mobile user computing device 302 is used for performing the method 300. Thus, the same single mobile user computing device 302 is used for registering 319 and for authenticating 312. If the recorded biometric data 311 meets a predetermined minimum degree of similarity, authenticated basic personal data 306b (e.g., name, age, gender) may be shared 309a, possibly in an encrypted manner, with the cloud service 316 of the third party system (hotel). Here, the authenticated basic personal data 306b may be compared 310b with the basic personal data 306a related to the preregistered person 205. If the basic personal data 306a meets a predetermined minimum degree of similarity compared 310b to the authenticated basic personal data 306b, an authentication signal 309b may be generated, in this case by the third party system 303, in order to grant the person access to the restricted environment (hotel room) 317. Hence, also in this embodiment, no biometric data needs to be shared with the third party system 303.
Figure 4 shows a different embodiment of the present invention related to a computer-implemented method for authenticating a preregistered person by using a mobile user computing device 400. Here, the third party system 403 may be an app 404 running on the mobile user computing device 402, for example a banking application 404. A person 401 may access the banking application 404 through the mobile user computing device 401. Possibly, an access code is entered in order to enter the banking application 404. In the banking application, the person may be allowed to perform several actions such as checking a savings account, making a (money) transfer 405, or adapting the settings.
In order to increase safety of the banking application 404, it is preferred to apply a better identity check for making money transfers 405. To this end, the method according to the present invention may be used.
That is, if the person 401 is willing to make a money transfer 405, a transfer request 405 is preregistered, corresponding to an amount to be transferred to a predetermined banking account, by the person 401. In other to prevent that money transfers can be made by malicious persons on the mobile user computing device 401 of another person, an authentication step 410a may be included to establish the money transfer.
For example, basic personal data 406a may be preregistered, e.g., in the app 404 running on the mobile user computing device
402, or on the memory unit 414 of the mobile user computing device 402, or even on a cloud service 416 corresponding to the banking application 404. Upon the money transfer request 405, the person is requested 407 to record 412 biometric data 411, for example by using the camera 412 of the mobile user computing device 402. The recorded biometric data 411 is authenticated 410a against a locally stored digital user ID 415, which may be stored on the memory unit 414 of the user computing device 402. Preferably, said locally stored digital user ID 415 is obtained according to the embodiment shown in figure 1. If, the recorded biometric data 411 matches, up to a predefined minimum degree of similarity, the locally stored digital user ID 415, authenticated basic personal data 406b related to the authenticated person may be shared 409a with the banking app.
Also here, it is to be explicitly noted that the separate mobile user computing device 402 shown is the same as indicated on the top left.
Hence, also here only a single mobile user computing device 402 is used for performing the method 400. Thus, the same single mobile user computing device 402 is used for registering and for authenticating 412. In the banking app, preferably said authenticated basic personal data 406b is compared with the prestored basic personal data 406a.
If the latter two match up to a predefined minimum degree of similarity, an authentication signal 409b may be generated, either by the banking app 404 or the mobile user computing device 402 which may grant the person access to a certain restricted action, in this case making the money transfer 405. It is conceivable that the authentication signal comprises a (digital) certificate 408 which may be stored on the mobile user computing device 401 as a record of authenticated money transfer.
Alternative to the embodiment shown here, it is also conceivable that upon requesting a money transfer 405, prestored basic personal data 406a is shared with the mobile user computing device 402, and the step of comparing 410b the authenticated basic personal data 406b with the prestored basic personal data 406a is performed on the mobile user computing device 402. In this instance, the authentication signal 409b may for example be a simple “go or no-go” type of signal.
The above-described inventive concepts are illustrated by several illustrative embodiments. It is conceivable that individual inventive concepts, including inventive details, may be applied without, in so doing, also applying other details of the described embodiments. It is not necessary to elaborate on examples of all conceivable combinations of the above-described inventive concepts, as a person skilled in the art will understand numerous inventive concepts can be (recombined in order to arrive at a specific application and/or alternative embodiment.
The ordinal numbers used in this document, like “first”, “second”, and “third” are used only for identification purposes. Hence, the use of expressions like a “second” component, does therefore not necessarily require the co-presence of a “first” component. By "complementary" components is meant that these components are configured to co-act with each other. However, to this end, these components do not necessarily have to have complementary forms. The verb “comprise” and conjugations thereof used in this patent publication are understood to mean not only “comprise”, but are also understood to mean the phrases “contain”, “substantially consist of”, “formed by” and conjugations thereof.
Claims (27)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| NL2035159A NL2035159B1 (en) | 2023-06-23 | 2023-06-23 | A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person |
| PCT/NL2024/050329 WO2024263035A1 (en) | 2023-06-23 | 2024-06-24 | A computer implemented method for generating and storing a digital user id associated with a user and use thereof for authenticating a person |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| NL2035159A NL2035159B1 (en) | 2023-06-23 | 2023-06-23 | A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| NL2035159B1 true NL2035159B1 (en) | 2025-01-07 |
Family
ID=88207748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| NL2035159A NL2035159B1 (en) | 2023-06-23 | 2023-06-23 | A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person |
Country Status (2)
| Country | Link |
|---|---|
| NL (1) | NL2035159B1 (en) |
| WO (1) | WO2024263035A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140337930A1 (en) * | 2013-05-13 | 2014-11-13 | Hoyos Labs Corp. | System and method for authorizing access to access-controlled environments |
| US10698995B2 (en) * | 2014-08-28 | 2020-06-30 | Facetec, Inc. | Method to verify identity using a previously collected biometric image/data |
| US20210117524A1 (en) * | 2018-04-23 | 2021-04-22 | Amadeus S.A.S. | Biometric authentication method, system, and computer program |
-
2023
- 2023-06-23 NL NL2035159A patent/NL2035159B1/en active
-
2024
- 2024-06-24 WO PCT/NL2024/050329 patent/WO2024263035A1/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140337930A1 (en) * | 2013-05-13 | 2014-11-13 | Hoyos Labs Corp. | System and method for authorizing access to access-controlled environments |
| US10698995B2 (en) * | 2014-08-28 | 2020-06-30 | Facetec, Inc. | Method to verify identity using a previously collected biometric image/data |
| US20210117524A1 (en) * | 2018-04-23 | 2021-04-22 | Amadeus S.A.S. | Biometric authentication method, system, and computer program |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024263035A1 (en) | 2024-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12248549B2 (en) | Biometric authentication | |
| US9262615B2 (en) | Methods and systems for improving the security of secret authentication data during authentication transactions | |
| US10042993B2 (en) | Access control through multifactor authentication with multimodal biometrics | |
| US9189612B2 (en) | Biometric verification with improved privacy and network performance in client-server networks | |
| US9213811B2 (en) | Methods and systems for improving the security of secret authentication data during authentication transactions | |
| AU2013205396B2 (en) | Methods and Systems for Conducting Smart Card Transactions | |
| US8959359B2 (en) | Methods and systems for improving the security of secret authentication data during authentication transactions | |
| JP7364057B2 (en) | Information processing device, system, face image update method and program | |
| US12212564B2 (en) | Mobile enrollment using a known biometric | |
| US10482225B1 (en) | Method of authorization dialog organizing | |
| Papaioannou et al. | User authentication and authorization for next generation mobile passenger ID devices for land and sea border control | |
| US20210365531A1 (en) | Method and electronic device for authenticating a user | |
| US12273338B2 (en) | Identity verification through a centralized biometric database | |
| NL2035159B1 (en) | A computer implemented method for generating and storing a digital user ID associated with a user and use thereof for authenticating a person | |
| WO2022084444A1 (en) | Methods, systems and computer program products, for use in biometric authentication | |
| US12141255B2 (en) | Method for authenticating a user on client equipment | |
| JP2012003657A (en) | Biological information registration method and system | |
| Metri et al. | MOBILE BIOMETRICS: MULTIMODEL BIOMETRICS FOR MOBILE PLATFORM |