FIELD OF INVENTION

The invention relates to a document transfer method. More particularly, the invention relates to a secured offline document transfer via dynamic two-dimensional barcode.

BACKGROUND OF THE INVENTION

Two-dimensional (2D) barcodes comes in the shape of squares or rectangles that contain many small and individual dots. A single 2D barcode can hold a significant amount of information and may remain legible even when printed at a small size or etched onto a product. Nowadays, 2D barcodes are widely used in the industries of manufacturing, warehousing, logistics and healthcare for data transmitting purpose. However, it is a risk to share documents such as sensitive client and patient information where the encrypted information is not secured and can be decode by anyone with a barcode scanner. Therefore, it is crucial to provide a secure yet accessible document sharing method which can be applied widely in any industries.

Over the years, there are a few patented technologies related to the aforementioned document sharing method. Of interest in respect to secure information transfer via bar codes is disclosed in US9107065B2, this patent provides teachings on method for providing a document using a secure bar code includes encrypting the document to generate an encrypted document, and mixing together bits for a security credential with bits having a predetermined order. The security credential is for decrypting the encrypted documents. However, the drawback of this method could not include a time-stamp portion for preventing unauthorized reproduction of the barcode. On the other hand, another patent document US2013/0031623A1 discloses methods, systems, and computer-readable media for implementing a multi-factor authentication scheme utilizing barcodes images in computing devices, such as standard mobile devices and smartphones having no native hardware support for reading barcodes other than standard digital camera componentry for capturing digital images of real- world phenomena. However, the system could not perform authentication completely offline as it requires network connectivity ^' to a remote server for performing the final authentication. Subsequently, there is a need to fulfil the information security needs of confidentiality, integrity and non-repudiation without requiring network connectivity during the authentication process. This invention provides such a method.

SUMMARY OF INVENTION

The main objective of the invention is to provide a method for secure transmission of data between two mobile devices via at least one 2D barcode comprising the steps of encrypting a timestamp using a sender private key to form a signed timestamp by a first mobile device, converting a signed data block and the signed timestamp into at least one 2D barcode by the first mobile device; wherein the signed data block includes a data and a sender public key pre-signed by a first private key, displaying the 2D barcode by the first mobile device on a display unit for a second mobile device to scan and retrieve the 2D barcode, retrieving the signed data block and the signed timestamp by decoding the 2D barcode by the second mobile device, decoding the signed data block using a first public key to retrieve and verify the data and the sender public key by the second mobile device, decoding the signed timestamp using the verified sender public key to retrieve and verify the timestamp by the second mobile device and authenticating the validity of the data by determining if the current time falls within range of the verified timestamp by the second mobile device. Preferably, the data block is pre-signed by the steps of generating an asymmetric key pair which includes the sender private key and the sender public key by the first mobile device, transmitting the sender public key to a trusted party server by the first mobile data, encrypting the data and the sender public key using the first private key to form the signed data block by the trusted party server and transmitting the signed data block to the first mobile device by the trusted party server.

Preferably, the timestamp is a preset range of time for determining the validity of data.

Preferably, the mobile device further comprises means for establishing communication link with the trusted party server and the second mobile device.

Preferably, the mobile device further comprises built in mobile application or third party mobile application for facilitating the communication between the trusted party server and the mobile devices.

One skilled in the art will readily appreciate that the invention is well adapted to carry out the objects and obtain the ends and advantages mentioned, as well as those inherent therein. The embodiments described herein are not intended as limitations on the scope of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

For the purpose of facilitating an understanding of the invention, there is illustrated in the accompanying drawing the preferred embodiments from an inspection of which when considered in connection with the following description, the invention, its construction and operation and many of its advantages would be readily understood and appreciated.

Figure 1 is a flowchart illustrating the method for offline document transfer via

2D barcode.

Figure 2 is a diagram illustrating the enrolment of new sending mobile device.

DETAILED DESCRIPTION OF THE INVENTION

The invention will now be described in greater detail, by way of example, with reference to the drawings.

The invention provides a computer-implemented method and system to transfer any confidential data from one mobile device into multiple mobile devices via a 2D barcode as the method limits the validity period of the transferred confidential data such that the cloning of the confidential data is prevented. The 2D barcode is preferably an Aztec Code, QR code, AR code, NexCode or any combination thereof. Preferably, the confidential data includes social security number, credit card number, driver's license number, bank account number, protected health information or any combination thereof. The transferring of the confidential data is further protected by integrity validation and non-repudiation through signature verification between the sending and receiving devices. Preferably, the system is built up by a server and a plurality of mobile devices being linked together via a communication network. The server may comprises one or more heavy duty computers for processing the received data and transferring the received data to the mobile devices through the communication network, and any known devices or group of devices to provide sufficient capacity for data storing. Preferably, the mobile device is a personal digital assistants (PDA), smart phones, tablets, laptops, netbooks, phablets, phoblets, iPad, or any suitable means which capable of processing data, displaying data and scanning 2D barcode. Preferably, the mobile devices are categorised into two types, sender mobile devices and recipient mobile devices. Each sender mobile device is installed with a mobile application which is capable of encoding 2D-barcode containing sensitive information, whereas each recipient mobile device is installed with a mobile application which is capable of scanning and decoding the 2D-barcode from the sender mobile device. Graphical User Interface (GUI) is also provided to the types of mobile devices through the application for user to trigger a mode of operation.

The communication network is preferably a wireless network which may include but is not limited to a Code Division Multiple Access (CDMA) network, a General Packet Radio Service (GPRS) network for use in conjunction with Global System for Mobile Communication (GSM) network, and future third-generation (3G) network like Enhanced Data rates for GSM Evolution (EDGE) and Universal Mobile Telecommunications System (UMTS). It should be understood that although particular IP -based wireless networks have been described, the system could be utilized in any suitable type of wireless network.

Referring to Fig. 1, an enrolment process is illustrated. Every sender mobile devices will need to go through a one-time enrolment process to retrieve a signed data block containing verified information from a trusted party server. In step 101, a new sending mobile device 100 generates an asymmetric key pair, the key pair includes a sender private key and a sender public key. In step 102, the new sending mobile device 100 transmits the sender public key to a trusted party server for signing. In step 103, the trusted party server encrypts a data and the sender public key using a trusted party private key to form a signed data block. Lastly in step 104, the trusted party server transmits the signed data block back to the new sending mobile device 100 for the further data transferring process to be carried out.

Referring to Fig. 2, the method can be split into an encoding process and a decoding process. The encoding process includes the following steps. In step 201, a sending mobile device 100 encrypts a timestamp using a sender private key to form a signed timestamp. The term "timestamp" is refer to a preset range of time for the mobile device to determine the validity of data transferred. In step 202, the sending mobile device 100 converts a signed data block and timestamp into at least one 2D barcode, wherein the signed data block includes a data 200 and a sender public key pre-signed by the sender private key. In step 203, the sending mobile device 100 displays the 2D barcode on a display unit for a receiving mobile device to scan and retrieve the 2D barcode. The step 203 is where the encoding process ends and the starting of the decoding process. In step 204, the receiving mobile device retrieve the signed data block and the signed timestamp by decoding the 2D barcode. In steps 205 and 206, the receiving mobile device decodes the signed timestamp using the trusted party public key to retrieve and verify the data 200 and the sender public key. In step 207, the receiving mobile device decodes the signed timestamp using the verified sender public key to retrieve and verify the timestamp. Lastly in step 208, the receiving mobile device authenticates the validity of the data by determining if the current time falls within range of the verified timestamp.

The present disclosure includes as contained in the appended claims, as well as that of the foregoing description. Although this invention has been described in its preferred form with a degree of particularity, it is understood that the present disclosure of the preferred form has been made only by way of example and that numerous changes in the details of construction and the combination and arrangements of parts may be resorted to without departing from the scope of the invention.