Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
AN AUTHENTICATION SYSTEM WHEREIN AUGMENTED REALITY IS USED
Document Type and Number:
WIPO Patent Application WO/2018/212729
Kind Code:
A2
Abstract:
The present invention relates to a system (1) for making OTP (One Time Password) authentication -which is used in transactions such as payment and log-in made online- on the basis of location and device and by using augmented reality. The inventive system (1) consists of communication device (2), user database (3), transaction information authentication unit (4) and application server (5).

Inventors:
ATEŞ SANER (TR)
Application Number:
PCT/TR2017/000104
Publication Date:
November 22, 2018
Filing Date:
September 29, 2017
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
TURKCELL TECHNOLOGY RESEARCH AND DEVELOPMENT CO (TR)
International Classes:
G16B45/00
Foreign References:
JP2009064400A2009-03-26
Attorney, Agent or Firm:
ÖZSOY, Zeliha (TR)
Download PDF:
Claims:
CLAIMS

A system (1) wherein one-time password-based authentication is made by augmented reality; comprising

- at least one communication device (2) which is in communication with the data network (V), whereon application can be run, which can determine location information and create augmented reality image on thereof, and includes at least one camera;

at least one user database (3) which is keeps account, profile and financial records of users;

at least one transaction information authentication unit (4) which performs inquiry to the user database (3) in accordance with the transaction information received over the data network (V) and transmits the inquiry result to related units;

and characterized by

- at least one application server (5) which receives the transaction information transmitted by the user (K) over the communication device (2), the introductory information of the communication device (2) and the location information of the communication device (2); prepares a visual content to be displayed only by the camera of the communication device (2) and only on the location of the communication device (2) and transmits it to the communication device (2) over the data network (V) by using the location information of the communication device (2) in the event that validity of the transaction information of the transaction information authentication unit (4) is authenticated by using the transaction information; and receives the visual content authentication information of the user (K) transmitted by means of the communication device (2).

A system (1) according to Claim 1 ; characterized by the communication device (2) which determines location information by using GPS service.

3. A system (1) according to Claim 1 ; characterized by the user database (3) which keeps users' information under record according to the information of the transaction requested to be carried out by the user (K).

4. A system (1) according to Claim 1 ; characterized by the transaction information authentication unit (4) which receives and authenticates the login request information of the user (K) and the user's (K) account information to be used in login transaction as transaction information.

5. A system (1) according to Claim 1 ; characterized by the transaction information authentication unit (4) which receives and authenticates the payment request information of the user (K) and the user's (K) payment information to be used in payment transaction as transaction information.

6. A system (1) according to Claim 1 ; characterized by the application server (5) which receives the transaction information, the location information and the communication device (2) definition information -that it transmits over the communication device (2)- over the data network (V).

7. A system (1) according to Claim 1 ; characterized by the application server (5) which creates an augmented reality image of a nature such that it can be displayed by means of the communication device (2) camera, as a visual onetime password.

8. A system (1) according to Claim 1 ; characterized by the application server (5) which creates an augmented reality image of a nature such that it can be displayed on a map displayed on the communication device (2), at the point where it is located while the transaction information of the communication device (2) are being transmitted, as a visual one-time password. A system (1) according to Claim 1 ; characterized by the application server (5) which sets the visual one-time password, created by itself, so as to be displayed on the location where it is located while it is performing transmission of the transaction information of only the communication device (2) by using the location information received from the communication device (2).

Description:
AN AUTHENTICATION SYSTEM WHEREIN AUGMENTED REALITY

IS USED

Technical Field

The present invention relates to a system for making OTP (One Time Password) authentication -which is used in transactions such as payment and log-in carried out online- on the basis of location and device and by using augmented reality.

Background of the Invention

Today, a rapid increase is seen in the number of transactions carried out online depending on development of Internet technologies. The fact that service providers transfer the great majority of their services, provided to their users, to Internet environment supports this increase. However, security of transactions carried out over Internet becomes important in conjunction with this increase as well. Providing transaction security for persons or organizations rendering service to their users over Internet is among priorities together with banking and trade transactions transferred to Internet environment. One of the priority steps for transaction security is to perform identity authentication correctly of a user carrying out transaction. Authentication of an account holder when carrying out any transaction over Internet where transaction is carried out over virtual accounts, is necessary for precision transactions particularly, such as banking, e-commerce, etc.

In common operation included in the state of the art, a one-time password application is used for identity authentication of the account holder. In this application, one-time passwords sent over SMS (Short Message Service) or a mobile application or obtained through the medium of a mobile application are used. In an application wherein one-time password is sent by SMS, a user is expected to complete the transaction by means of the password sent to the defined GSM (Global System for Mobile Communications) number of the user via short message for authentication. However, it is within the bounds of possibility to swindle by forwarding the password sent as a short message in this application. Similarly, risks, some like passwords obtained and/or displayed through a mobile application can be displayed by irrelevant people at a completely different location, are among risks brought about subsisting one-time password applications due to security vulnerabilities remaining in smart devices.

Subsisting security vulnerabilities in one-time password applications and which are emerging together with smart devices reveal that a one-time password application, wherein display format of one-time password is changed and location information where this one-time password can be displayed as taken into consideration thereto, is needed.

The Japanese patent document no. JP2009064400, an application in the state of the art, discloses a way of identity authentication with one-time password based upon a one-time password in an image format to be shown on a computer monitor to a user and to be displayed on a communication device via a camera for user carrying out online transactions.

Summary of the Invention

An objective of the present invention is to realize a security system wherein authentication of user identity is made by means of a one-time password displayed by augmented reality, in online transactions. Another objective of the present invention is to create a security system wherein identity authentication is made based on location of the user to be authenticated in online transactions. Detailed Description of the Invention

"An Authentication System Wherein Augmented Reality is Used" realized to fulfil the objectives of the present invention is shown in the figure attached, in which: Figure 1 is a schematic block diagram of the inventive system.

The components illustrated in the figure are individually numbered, where the numbers refer to the following: 1. System

2. Communication device

3. User database

4. Transaction information authentication unit

5. Application server

V: Data Network

K: User

The inventive system (1) wherein one-time password-based authentication is made by augmented reality comprises:

- at least one communication device (2) which is in communication with the data network (V), whereon application can be run, which can determine location information and create augmented reality image on thereof, and includes at least one camera; - at least one user database (3) which is keeps account, profile and financial records of users;

at least one transaction information authentication unit (4) which performs inquiry to the user database (3) in accordance with the transaction information received over the data network (V) and transmits the inquiry result to related units;

- at least one application server (5) which receives the transaction information transmitted by the user (K) over the communication device (2), the introductory information of the communication device (2) and the location information of the communication device (2); prepares a visual content to be displayed only by the camera of the communication device (2) and only on the location of the communication device (2) and transmits it to the communication device (2) over the data network (V) by using the location information of the communication device (2) in the event that validity of the transaction information of the transaction information authentication unit

(4) is authenticated by using the transaction information; and receives the visual content authentication information of the user (K) transmitted by means of the communication device (2) (Figure- 1). The communication device (2) included in the inventive system (1 ) is an electronic device whereon application can be run, which displays augmented reality contents and has at least one camera. The communication device (2) can determine the location information where it is located by means of any location service. In one embodiment of the invention, the communication device (2) determines the location information by using GPS (Global Positioning System) service. In one preferred embodiment of the invention, the communication device (2) is an electronic device such as smart phone and tablet.

The user database (3) keeps users' information under record preferably according to the information of the transaction requested to be carried out by the user (K). Virtual account information, profile information and financial information of users are kept in the user database (3).

The transaction information authentication unit (4) included in the inventive system (1 ) is in communication with the application server (5). The transaction information authentication unit (4) performs inquiry to the user database (3) by using the transaction information received from the application server (5). The transaction information, the login request information of the user (K) and the user's (K) account information to be used in login transaction are username and password in one embodiment of the invention. The transaction information, the payment request information of the user (K) and the payment information to be used in payment transaction are the user's (K) credit card information in another embodiment of the invention. In the event that the transaction information matches up with records in the database (3) (information of username, password are correct or credit card information are correct), the transaction information authentication unit (4) makes notification to the application server (5) about the fact that the authentication transaction for the transaction information is completed.

The application server (5) included in the inventive system (1) is in communication with the communication device (2) and the transaction information authentication unit (4). The application server (5) receives the transaction information, the location information and the communication device (2) definition information -that it transmits over the communication device (2)- over the data network (V). The application server (5) transmits the transaction information to the transaction information authentication unit (4) for authentication of transaction information. In the event that the transaction information authentication unit (4) makes notification about the fact that the authentication of transaction information has taken place, the application server (5) prepares an one-time password as a visual content. The visual one-time password prepared by the application server (5) is an augmented reality image of a nature such that it can be displayed by means of the communication device (2) camera. The image prepared by the application server (5) is an augmented reality image of a nature such that it can be displayed on a map displayed on the communication device (2), at the point where it is located while the transaction information of the communication device (2) are being transmitted. In one embodiment of the invention, the one-time password image comprises a text and/or a picture.

In one embodiment of the invention, the communication device (2) is a device of a nature such that it enables the one-time password image -transmitted to itself- to be displayed on a map to be displayed on its screen, at the point whereto the current location of the communication device (2) corresponds on the map.

The application server (5) ensures that the visual password is displayed only by the communication device (2) camera belonging to the user (K) by using the introductory information of the communication device (2) as well while preparing the visual one-time password.

The application server (5) sets the visual one-time password, created by itself, so as to be displayed on the location where it is located while it is performing transmission of the transaction information of only the communication device (2) by using the location information received from the communication device (2). The application server (5) transmits the visual one-time password, created by itself, to the communication device (2) of the user (K) over the data network (V). In one embodiment of the invention, the communication device (2) activates the camera located on thereof automatically when the application server (5) transmits the visual one-time password to the communication device (2). The user sees the one-time password, which is dedicated to the communication device (2) and the location where s/he is located, over the camera that is activated automatically or opened by him/her or on a map displayed on the communication device (2) screen. The user (K) transmits the password seen from the communication device (2) camera to the application server (5) over an application interface running on the communication device (2). The application whereby the user (K) transmits the visual password to the application server (5) can be an application which is recorded on the communication device (2) and such as an operative bank application and it can also be an application such as a web browser which receives its interface from the application server (5) together with the visual one-time password. As it can be understood by a person skilled in the state of the art, while transmitting the visual password to the application server (5), the user (K) can perform text entry on the application interface or can transmit it to the application server (5) over the data network (V) by defining the visual password upon choosing the augmented reality image that s/he sees from the communication device (2) among the options.

The application server (5) compares the visual one-time password, which is transmitted by the user (K), with the visual one-time password created and transmitted to the communication device (2) by itself. In the event that the passwords match, the user (K) directs the user (K) to related units in order to carry out online transactions, upon completing the identity authentication by one-time password. With the inventive system (1), identity authentication is realized by using a onetime password display of which is provided by augmented reality in transactions carried out online. In the said system (1), the user (K) transmits his/her online transaction request to the application server (5) by means of the interface provided by the application running on the communication device (2) at first. The application server (5) receives the transaction information, the location information of the communication device (2) and the definition information of the communication device (2) together with the transaction request. The application server (5) transmits the transaction information received to the transaction information authentication unit (4). The transaction information authentication unit (4) performs inquiry to the user database (3) together with the account information received. In the event that there is a matchup between the transaction information and the data recorded in the user database (3) as a result of the inquiry, the transaction information authentication unit (4) makes notification to the application server (5) by realizing the authentication of the transaction information. The application server (5), receiving the notification that the authentication of the transaction information has been realized, creates an augmented reality image which is possible to be displayed only over the communication device (2) camera of the user (K) by using the introductory information of the communication device (2) and only on the location where it is located while it is transmitting the transaction information of the user (K). The application server (5) transmits the image created by itself to the communication device (2) over the data network (V) as an one-time password. The application server (5) ensures that the visual password, which is created by itself by using the location data of the communication device (2), is only displayed on the location where it is located while the communication device (2) is transmitting the transaction information. The application server (5) ensures that the camera on the communication device (2) is activated when it transmits the visual password or the user (K) opens the camera over the communication device (2) manually. The user (K) sees the visual password dedicated to the communication device (2) and the location on the camera that is activated automatically or opened manually or on a map displayed on the communication device (2) screen and creates input or selection in order to authenticate the password that s/he sees by means of the interface provided by the application running on the communication device (2). The communication device (2) transmits the visual password authentication input or selection received from the user (K), to the application server (5) over the data network (V). The application server (5) compares the user input or selection, transmitted by the communication device (2), with the augmented reality image created and transmitted to the communication device (2) by itself. In the event that a matchup is provided, the application server (5) directs the user (K) to related units in order to carry out his/her online transaction, upon completing the identity authentication by one-time password. It is possible to develop various embodiments of the inventive system (1), the invention cannot be limited to examples disclosed herein and it is essentially according to claims.