Nothing Special   »   [go: up one dir, main page]

GB2526315A - Security and verification device, method and system - Google Patents

Security and verification device, method and system Download PDF

Info

Publication number
GB2526315A
GB2526315A GB1408958.5A GB201408958A GB2526315A GB 2526315 A GB2526315 A GB 2526315A GB 201408958 A GB201408958 A GB 201408958A GB 2526315 A GB2526315 A GB 2526315A
Authority
GB
United Kingdom
Prior art keywords
token
key
graphical
counterpart
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1408958.5A
Other versions
GB201408958D0 (en
Inventor
Nigel Gordon Backhurst
Ithamar Ruben Adema
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INFORMATION ENGINEERING ASSOCIATES Ltd
Original Assignee
INFORMATION ENGINEERING ASSOCIATES Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by INFORMATION ENGINEERING ASSOCIATES Ltd filed Critical INFORMATION ENGINEERING ASSOCIATES Ltd
Priority to GB1408958.5A priority Critical patent/GB2526315A/en
Publication of GB201408958D0 publication Critical patent/GB201408958D0/en
Publication of GB2526315A publication Critical patent/GB2526315A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a method for the verification of parties to a transaction or the authentication of a user within a communications system. The method makes use of a portable computing device that captures a graphical image of a counterpart token and combines this with a token that may be either captured from a graphical image or generated from a user input. The counterpart token and the token are merged in accordance with predefined processes to produce a reveal token that can be displayed as a visual image on a portable computing device to reveal a code or message.

Description

SECURITY AND VERIFICATION DEVICE, METHOD AND SYSTEM
Field of Invention
The present invention is in the field of security with respect to authentication and verification. Its main application, but not exclusive application, the present invention relates to a security device that is used to authenticate the identity of a user to a online system or service.
Background
In the modern cyber environment individuals often need to confirm their identity.
An instance of this is when using a online financial service where the user must know at least a online identity and a password to access their account. It is a frequent requirement of such systems that a secondary form of authentication is required such as a secure device to read a credit card's electronic chip and confirm the user's knowledge of the associated Personal Identification Number.
Alternatively biometric information, such as face or voice recognition or a fingerprint, may be used to confirm an identity.
A number of verification systems have been developed based on the work of Naor and Shamir as described in their paper of 1994 on Visual Cryptography (Encrypt 1994). A particularly effective method of Visual Cryptography is to be found in UK Patent Number: W0201 1033246A3 -A Device and Method for Obfuscating Visual Information.
Within these methods a specific code or value is encrypted or obfuscated between two visual elements, a graphical key token (held by the user) and a graphical counterpart token (supplied to the user to decrypt or make clear). When the two visual elements are correctly aligned information in this is made visible to the user that the user can then use to confirm that they are in possession of the key token so thereby confirming their identity.
This method of authentication has some problems especially related to the requirement to visually align the visual elements involved. Also many of the approaches to Visual Cryptography are highly limited with respect to the form or nature of the information that they are able to carry. This can be improved upon by using a mobile device within a system to increase security and remove error.
It is the purpose of the present invention to provide a security device, method and system that overcomes the disadvantages of the previous systems for Visual Cryptography based authentication and verification or at the least supplies a useful alternative to such systems.
Summary of Invention
I
According to a first aspect of the present invention, there is provided a method of decrypting and displaying information, the information to be decrypted being provided in the form of a graphical counterpart token, and the method comprising the steps of: * use of a digital image capture device to capture an image of the graphical counterpart token; * use of a computing device to apply a decryption function to the captured counterpart image, the decryption function being further applied to a graphical key token, and the decryption function returning an information -bearing decrypted image; * displaying the decrypted image on a display screen.
The method makes use of a digital image capture device and computing device to assist a user in performing the decryption step. The method may be performed on, for example, a mobile teLephone provided with appropriate software.
Preferable and/or optional features of the first aspect of the invention are set out in appended claims 2 to 9.
According to a second aspect of the invention, there is provided a system for verifying an association between a pair of items, the system comprising a key server, token output means, and a verification device including image capture means and a processor, * the key server being adapted to generate graphical key token and counterpart token pairs, each key-counterpart token pair containing encrypted verification information which can only be read when a decryption function is applied to the key-counterpart token pair; * the token output means being adapted to apply the graphical key token visibly to one of a pair of items, and to apply the graphical counterpart token visibly to the other of the pair of items; and * the verification device being adapted to capture an image of the counterpart token, capture an image of the key token, apply a decryption function to the token and counterpart, and output decrypted verification information.
I L.
The system is used to verify an association or relationship between a pair of items.
For example, it can be used to verify that a parcel being delivered is the parcel which was expected, because the key token is affixed to the parcel and the counterpart token is transmitted in advance to the recipient, for example by email. When the parcel arrives, the courier or the recipient can use a verification device (which may be a modern smartphone with appropriate software) to scan the key token on the parcel and the counterpart token transmitted in advance, and decrypt the verification information. Successful decryption confirms that the recipient is the correct recipient for the package, and that the delivery has in fact taken place. The decrypted verification information may be a simple message to provide assurance to the courier and recipient at the point of delivery, or in more sophisticated systems may be some form of unique code which can be transmitted back to, for example, a delivery hub, to provide assurance and evidence to management that delivery has correctly taken place.
Preferable and/or optional features of the second aspect of the invention are set out in appended claims 11 to 13.
According to a third aspect of the present invention, there is provided a system for authenticating a user, the system comprising an authentication server, a client workstation, and a verification device including image capture means, the authentication server and the client workstation being connected via communication means, * the authentication server including a database for storing key tokens and/or key seeds associated with user identifiers; * the authentication server being adapted to generate graphical counterpart tokens to correspond with key tokens, each counterpart token containing encrypted verification information, the verification information being readable only when the graphical counterpart token is decrypted using its corresponding key token, the authentication server generating a graphical counterpart token in response to an authentication request citing the user identifier associated with the key token; n * the authentication server being adapted to transmit generated graphical counterpart tokens to the client workstation, for visible display on a display screen of the client workstation; * the verification device being adapted to capture a digital image of the graphical counterpart token displayed on the display screen of the client workstation, decrypt the verification information contained within the counterpart token by applying a decryption function to the counterpart token and a key token, and output the verification information; * the authentication server being adapted to accept input of verification information, and to make a comparison between verification information previously encrypted into counterpart tokens, and to authenticate a session based on a positive comparison.
The system can be used for authenticating a user to an online service, for example, online banking. From the user's point-of-view, they will attempt to log in to the service using a client workstation by providing a user identifier (e.g. a username) and possibly a password. They are then presented with a graphical counterpart token, which must be captured (e.g. photographed) by the verification device, which is able to decrypt the verification information which can then be entered into the client workstation for transmission back to the server. Correct return of the verification information proves that the user can decrypt the counterpart token, and therefore proves that the user has access to the key token.
Key tokens are pre-shared between the authentication server and users, and must be kept secret by both parties to ensure the security of the system. En some embodiments, the key token is stored secureLy on the verification device, and in other embodiments the key token is not stored, but is generated at the point of use by a key seed, which may be for example a passphrase or memorable code.
Preferable and/or optional features of the third aspect of the invention are set out in appended claims 15 to 20.
According to a fourth aspect of the invention, there is provided a method for the authentication of a user within an online system using a portable computing device to: To capture a graphical image of a counterpart token and the generation of a key token on the basis of user-supplied key seed information in such a way that the counterpart token and the key token can be merged to reveal decrypted verification information, * To capture both the graphical image of a counterpart token and of a key token and generate from these graphical images a counterpart token and a key token such that they can be merged to reveal decrypted verification information.
* To receive either or both the counterpart token and the key token by means of digital based communication in such a manner that some unique information is required to decode the counterpart token and the key token into a form where they can be merged to reveal a visual key.
It further provides a method for the verification of parties to a transaction where the parties may or may not be online by: * To capture both the graphical image of a counterpart token and of a key token and generate from these graphical images a counterpart token and a key token such that they can be merged to reveal decrypted verification information.
It can also be used to provide a method for the verification of the relationship between items or parties and items with respect to transaction being undertaken, such as verifying the delivery of parcels or that the an item is an expected item.
Preferable and/or optional features of the fourth aspect of the invention are set out in appended claims 22 to 30.
Detailed Description of Preferred Embodiments
Basis of system The invention provides a device, method and system for authenticating the identity of a user or verifying an association or relationship between parties or elements in a transaction. The system makes use of the implementation of Visual Cryptography on the basis of the modulo combination of the values held in an image grid. This grid may be represented either monochrome or polychrome images.
As is shown in Figure 1, the grid displayed as the image Al can be combined with the grid displayed as image A2 to give the resultant grid as displayed in the image -cF----------------'--'-' 4.3. Where a monochrome image is being implemented the combination is done using simple binary rules as shown in Figure 2.
This is an implementation of the XNOR binary operation. It is possible to use alternative binary operation instead of XNOR but this is the easiest to implement.
In the case of a polychrome grid a combinational operation is carried out on the byte level values of the colours displayed. For example: 255,0,0 Red + 0,255,0 Green 255,255,0 Yellow With reference to Figure 1, it may be seen that image Bi is combined with image B2 to form image B3 by combining corresponding elements / pixels of Bi and B2 according to the above described operation. For example, the top-leftmost pixel in Bi is red and the top-leftmost pixel in B2 is green. These pixels combine so that the top-leftmost pixel in B3 is yellow.
There are a number of sets of combinational rules that can be used to combine colour values dependent of whether an additive or subtractive colour combination approach is taken.
No matter which approach is taken, either monochrome or polychrome, all that is necessary to generate a visible image of a specific code or value (decrypted verification information) is to set the values in the counterpart token to such that they will interact with the values in the key token to produce the required result.
This is illustrated in Figure 3 and Figure 4. In each case, the key token is effectively random, and the counterpart token is then generated in order that it contains encrypted verification information which can be decrypted using the key token. In this way, the key token can be pre-shared between parties, and stored securely. The same key token can then be used to decrypt any counterpart token which may be generated using that key.
The verification information in Figure 3 is "D7Y8". It is a simple code which could be returned to the machine which generated the counterpart token in order to prove access to the key token and therefore ability to decrypt. Similarly, in Figure 4, the verification information is "TX4". It is envisaged and will be evident to the skilled person that in some embodiments the verification information may be beyond a simple code, and may include a human readable message, for example, "This confirms that the correct parcel has been delivered".
Device In order to merge the key token and counterpart token, a device is required. The structure of this device is shown in Figure 5.
The device consists of five elements, (5.A) a processor capable of doing computational processing, (5.B) an image capture system that can capture the image of either the key token or a counterpart token as required (this may be a camera), (5.C) a memory where digital representations of images may be stored together with programmatic instructions and variables, (5.D) a display which can present visual information to the user and (5.E) a means of user input of data. The device may also have but is not required to have a means for digital communication. It may be a multifunction device, such as a smart-phone.
Mode of Operation The device may be used in association with the key token and counterpart token in two ways: * Verification * Authentication Verification Mode "Verification mode" is designed to allow a relationship between two items to be verified. For example, it may be used to ensure that a parcel (a first item) is delivered to the holder of a delivery notification sent in advance (a second item).
In verification mode the images of the counterpart token and the key token must be available in a visual form that can be captured by the image capture system of the device. When the images are captured they are converted to a digital representation of the image in the form of either a Boolean array or a Byte array, the nature of the array being dependent of whether the tokens are polychrome or monochrome.
The two digital representations are then merged to result in a third array known as the reveal array. This reveal array is then converted back into the image and displayed on the device's Display in a form that can be read by the user. The reveal array contains decrypted verification information which can be displayed as an image. Information revealed in the visual display can then be used to verify that two items are associated, and can be used to prove that the decryption step has taken place -which is only possible when both items are available in the same
place. For example:
The key token may be on a package that is to be delivered.
The counterpart token may be on a notice of delivery that has been sent to the recipient of the package.
By scanning and merging the token and counter token a specific code is revealed that: 1. Confirms that the recipient is the correct recipient for the package being delivered.
2. Confirms that the package is the correct package for delivery to that recipient.
3. That delivery has taken place, as the code can only be revealed if there has been delivery.
The above is given as an illustration of possible use and is not an exclusive or only use for the verification potential of the system. There is no requirement within this process for any online service to be present for either party involved.
In many embodiments of the verification system, there is no material difference between the type of token which may be a key token and the type of token which may be a counterpart token. All that is required is that the key-counterpart pair contains verification information which can only be read when the tokens are merged. This information may be split across the two tokens, or may be encrypted in the counterpart token, the key token consisting of essentially random key data.
Authentication Mode Authentication mode allows the use of a pre-shared secret key to authenticate a user by requiring them to use the key to decrypt a one-time graphical counterpart token which is presented to the user as part of a login process.
In authentication mode the counterpart token is generated on a server that has knowledge of the key token, this counterpart token is then displayed in image form on a visual display unit of a client workstation in the system for which authentication is required. The user will be asked to scan the displayed image with the verification device. Once the image has been scanned the user will be asked to enter their key seed. This is a code that is known to both the user and the authentication system. When the user enters their key seed this is used, in conjunction with device specific information also known to the authentication system, to generate the token. In other words, the verification device includes a key generation function which can deterministically generate keys in response to a key seed. The key seed may be in two parts, one part being stored securely on the device and the other part being input by the user when verification is required.
The key generation function may in fact be a decryption function which decrypts a stored encrypted key token using the key seed as a key.
The generated key token is then merged with the captured counterpart token and the resultant revealed verification information is displayed as an image on the device display. This will reveal a code or value to the user that they can then enter into the system they are seeking authentication on and the possession of the code (i.e. verification information) will confirm to the system that: 1. They are in possession of the key seed attributed to a specific user and input into the device by the user.
2. They are in possession of the device attributed to a specific user and within which is stored a second part of the key seed, or an encrypted key token or other user-specific key-generation function.
These two facts are used by the authentication system to authenticate the user.
System Description
The device is used as part of a system, there are two forms of systems that may be involved: * Verification Systems * Authentication Systems Verification Systems The verification system is based on the structure best illustrated in Figure 6.
At the core of the system is a server with an associated database. The server will generate validation information in accordance with such rules and principles as may be determined by the party or organisation that requires the codes. The validation information may be stored in a database and may be associated in the database with other information relating to the transaction or items which are to have their relationship validated.
When a token is required validation information is obtained from the database. A key token and counterpart token are generated for the validation code and these are sent to the Token Output system. The generated key token and counterpart token between them contain the validation code in encrypted form, which can be decrypted when the tokens are merged. The Token Output system will assign the key token or its counterpart token to the required form of output. Nothing within the system requires that a specific form of output be used. All that is required is that the eventual presentation of the key token or its counterpart token at the point of verification is done in a visual form so that the image of the key token or its counterpart token can be captured by the image capture device on the device.
There is no requirement in the system that the visual presentation of the key token or its counterpart token should be of the same size or on a specific media.
Upon capturing the images of the key token and the counterpart token the device will convert the images into Boolean or byte arrays dependent on the type of image. These arrays are then merged to produce a third array, the reveal array, which is then turned back into an image for display on the visual display unit of the device. This image will display a code or message that confirms that the two elements captured are compatible and, therefore, the transaction is verified.
There is nothing within the system that requires the device to be in communication with the server at the point of verification or at any other point in time. The device may require additional operations, such as the input of the verification information, to be undertaken and upon such may communicate this back to the server, but there is no requirement to do so. It is entirely possible to configure the verification operation in such a way that the verification information is a simple message confirming the verification and that the parties to the transaction need no further actions taken.
Authentication System The authentication system is based on the following structure: Authentication takes place as a two part service: 1. Device Registration and Installation 2. Authentication Process Device Re9istration and Installation Device registration includes a process of generating a secret key token and sharing that key token between the server and the verification device or user for future use in authenticating that user to the server.
The device is put in communication to the server. During this communication the following actions take place: a) The device is identified to the server and provides the server with some unique form of identification by which it can be recognised in the future, e.g. IMEI number.
b) The user details associated with this device are recorded on the server.
c) The server generates a key token which is passed to the device and saved in the devices local data.
d) A process of verification is carried out to confirm that the key token data has been correctly installed.
Authentication Process
I
V
The device does not need to be in communication with the server during authentication. During the process the following actions take place: a) The user identifies themselves to the server from a workstation, this may include any device that is in communication with the server into which the user can make user input and upon which a visual display of an image may be shown. The user may identify themselves using, for example, a username.
b) Upon identifying the user the server will look up the user details and generate or retrieve a copy of the pre-shared key token associated with that user.
c) The server will generate a random code to be used as the verification information for the authentication of the user.
d) Using the verification information the server will generate a counterpart token to the correct key token that will result, when the two are merged, in the revelation of the verification information in a graphic form.
e) The server will display the image of the counterpart token on the f) The user will use the device to capture an image of the displayed counterpart token.
g) The captured image will be converted to a binary array.
h) The binary array will be merged with stored key token to produce a reveal array.
i) The reveal array will be transformed into a visual image and displayed on the device thereby revealing the verification information.
j) The user will enter the verification information into the workstation for transmission to the server.
k) Upon receipt of the entered verification information by the server it will compare the entered value with the original value, if they match authentication has taken place.
variation on Token Storage As a variation on the requirement for the device to store a copy of the key token it is possible for the device to generate the key token as and when required using a key seed. This requires that the key token is generated from a series of values generate by a sequence generator that will always produce the same sequence of values from a specific key seed.
This has the advantage that the key seed used for the generation of the key token can be a combination of a value known to the user and a unique identifier of the device. Whenever a key token is required the user would be required to enter into the device the value known to them, this will be combined with the unique identifier of the device to produce a key seed. The key seed is then used to generate the key token.
I I
This approach means that: a) A piece of information known to the user is required to generate the key token.
b) A piece of information that uniquely identifies the device is required to generate the key token.
The successful combination of these two pieces of information means that: i. The user is identified as the user associated with the specific device.
ii. The device being used is the specific device associated with the user.
If this approach is taken the server only needs to store the user code and the device unique identifier to be able to generate the required key token.
Token Generation Tokens are generated by using a sequence generator that will supply a series of values when inputted with a key seed. Where tokens are being generated for a one off use, as in verification, this may be a random number sequence generator.
However, where tokens are subject to multiple use, as in authentication, this will have to be a deterministic sequence generator that will generate the same sequence of values from a specific key seed.
Within this context a key seed may be any value that is acceptable to the sequence generator.
A sequence generator within this context is an algorithm implemented in software that when given a specific input value to start (the seed value) will generate a sequence of numbers which may or may not be random or pseudo random in nature.
Each value generated by the sequence generator will be used to assign a value to a cell in the key token array. This is done by taking the generated value and applying a mathematical operation to it to provide a result that is of the required type to store in the token array, given the type of key token being generated.
For instance in the case of a monochrome token image the token array will be a Boolean array, this can be generated by assigning the values True or False to the array cells on the basis of if the generated value is odd or even.
In the case of a polychrome token image, using for example Red, Green and Blue, these values may be indicated by the integer values 0, 1, 2. These can be held in an integer array. The values can be assigned to the token cells by applying a modulo 3 operation to the generated value.
There are a number of other mathematical operations that could be used to achieve this purpose. 4 1 L.
Counterpart Token Generation The counterpart token is generated by carrying an array based mathematical operation on a master token and the token.
Master Token The master token is an array that, if rendered as an image, will show a code, value or message that is to be revealed to the user in the reveal token. In other words, the master token is the "plaintext" verification information which the user will eventually see when the key and counterpart tokens are merged and the information decrypted. There are many ways in which the master token can be produced but the normal way is: Generate verification information holding the required code, value or message.
Draw the verification information onto an image object.
Transform the image object into an array of the appropriate kind.
The transformation method used to transform the image object into an array will be dependent on the type of array that is being used to form the token.
Generation To generate the counterpart token the master token and the key token are merged using either a Boolean or Modulo operation. The nature of the operation will be dependent on the type of token being processed.
For example in a monochrome token the arrays are Boolean. A simple Boolean operation can be applied to the key token and the master token to produce the counterpart token. This is illustrated in Figure 8.
Whilst Figure 8 shows an application of the XNOR operator, other Boolean operators may be applied.
No matter what operations are used to combine the tokens the only requirement is that the procedure must be reversible by applying either the same operator or a known counter operator to the key and counterpart tokens to produce a reveal token which is the same as the original master token.
Reveal Token Generation The reveal token is generated by applying either the operator used to generate the counterpart or a known counter operator, to the key token and the counterpart token. This will produce an array which is the reveal token, as illustrated in Figure Generation and Revelation of Non-Boolean Based Token Elements Where the generation has been done using a non-Boolean array then the operations to combine arrays are carried out using modulo arithmetic, the modulo base being dependent on the type of value being carried in the array. The example in Figure shows a section of a key token, counterpart token and reveal token using an array with a base value of 256.
An array of this type would be typical of where Red -Green -Blue colour encoding is being implemented using a three 8 bit byte to hold the colour value of a pixel.
It is possible to apply the same principle to other forms of colour coding and other representations by using different base values for the modulo operations.

Claims (30)

  1. CLAIMS1. A method of decrypting and displaying information, the information to be decrypted being provided in the form of a graphical counterpart token, and the method comprising the steps oi * use of a digital image capture device to capture an image of the graphical counterpart token; * use of a computing device to apply a decryption function to the captured counterpart image, the decryption function being further applied to a graphical key token, and the decryption function returning an information-bearing decrypted image; * displaying the decrypted image on a display screen.
  2. 2. A method as claimed in claim 1, in which the graphical key token is captured using the digital image capture device.
  3. 3. A method as claimed in claim 1, in which the key token is generated by means of the computing device applying a key token generation function to at least one key token seed value.
  4. 4. A method as claimed in claim 3, in which at least one of the key token seed value(s) is input by a user.
  5. 5. A method as claimed in claim 3 or claim 4, in which at least one of the key token seed value(s) is stored on the computing device.
  6. 6. A method as claimed in any of the preceding claims, in which captured or generated key tokens and counterparts are stored as a set of numerical values, each value representing a region of the respective image.
  7. 7. A method as claimed in claim 6, in which the decryption function includes the application of an XNOR operation to each element-pair in the respective sets of numerical values, each element-pair including a number representing a region of the graphical key token and a number representing a corresponding region of the graphical counterpart token.
  8. 8. A method as claimed in claim 6, in which the decryption frmnction includes the application of a modulo addition operation to each element-pair in the respective sets of numerical values, each element-pair including a number representing a region of the graphical key token and a number representing a corresponding region of the graphical counterpart token.
  9. 9. A method as daimed in any of the preceding claims, in which the image capture device is a digital camera.
  10. 10. A system for verifying an association between a pair of items, the system comprising a key server, token output means, and a verification device including image capture means, and a processor, the key server being adapted to generate graphical key token and counterpart token pairs, each key-counterpart token pair containing encrypted verification information which can only be read when a decryption function is applied to the key-counterpart token pair; * the token output means being adapted to apply the graphical key token visibly to one of a pair of items, and to apply the graphical counterpart token visibly to the other of the pair of items; and * the verification device being adapted to capture an image of the counterpart token, capture an image of the key token, apply a decryption function to the token and counterpart, and output decrypted verification information.
  11. 11. A system as claimed in claim 10, in which the verification device further includes display means, and is adapted to visibly display the decrypted verification information.
  12. 12. A system as claimed in claim 10 or claim 11, in which the verification device is adapted to perform the method of any of claims t to 9.
  13. 13. A system as claimed in any of claims 10 to 12, in which the pair of items includes a package to be delivered and a notice of delivery to be sent in advance to the intended recipient.
  14. 14. A system as claimed in any of claims 10 to 13, in which the sewer is adapted to store verification information in a database when token-counterpart pairs are generated.
  15. 15. A system as claimed in claim 14, in which the verification device is adapted to transmit the decrypted verification information to the server for comparison with information previously stored in the database.
  16. 16. A system for authenticating a user, the system comprising an authentication sewer, a client workstation, and a verification device including image capture means, the authentication server and the client workstation being connected via communication means, * the authentication server including a database for storing key tokens and/or key seeds associated with user identifiers; * the authentication server being adapted to generate graphical counterpart tokens to correspond with key tokens, each counterpart token containing encrypted verification information, the verification information being readable only when the graphical counterpart token is decrypted using its corresponding key token, the authentication server generating a graphical counterpart token in response to an authentication request citing the user identifier associated with the key token; * the authentication server being adapted to transmit generated graphical counterpart tokens to the client workstation, for visible display on a display screen of the client workstation; * the verification device being adapted to capture a digital image of the graphical counterpart token displayed on the display screen of the client workstation, decrypt the verification information contained within the counterpart token by applying a decryption function to the counterpart token and a key token, and output the verification information; * the authentication server being adapted to accept input of verification S information, and to make a comparison between verification information previously encrypted into counterpart tokens, and to authenticate a session based on a positive comparison.
  17. 17. A system as claimed in claim 16, in which the verification device includes 0 storage for storing a copy of a key token associated with a user of the device, for use with the decryption function.
  18. 18. A system as claimed in claim 16, in which the verification device includes user input means for accepting a key seed, and in which the verification device is adapted to apply a key token generation function to an input key seed, the key token generation function outputting a key token for use with the decryption function.
  19. 19. A system as claimed in claim 18, in which the verification device further includes storage means for storing one part of a two-part key seed, and in which the verification device is adapted to apply a key token generation function to a key seed which is made up of a first part which is input via the user input means and a second part which is stored in the storage means.
  20. 20. A system as claimed in any of claims 16 to 19, in which the verification information is a random or pseudo-random value which is generated by the sewer and stored in the database such that it is associated with the coresponding key token.
  21. 21. A system as claimed in any of daims 16 to 20, in which the sewer accepts input of the verification information via the client workstation.
  22. 22. A system as claimed in any of claims 16 to 21, in which the verification device is adapted to perform the method of any of claims 1 to 9.
  23. 23. A method for authenticating or verifying a user within a system, induding: * The use of a portable computing device with image capture capabilities * The capture of a graphical presentation of a token or counter-token * The merging of a graphical counter token and a token to generate a reveal token that can be graphically displayed to reveal a visual key or message.* The display of the reveal token in graphical form on the portable device.0 * The generation of the graphical counter-token by a server from a token and a master token which contains the key or message.
  24. 24. A method as claimed in claim 23 by which the graphical counter-token is captured from a terminal displaying the graphical counter-token.
  25. 25. A method as claimed in claim 23 or 24 by which the token is captured from a graphical image before being merged with the graphical counter token.
  26. 26. A method as claimed in any of claims 23 to 25 by which the terminal obtains the graphical counter-token from the server.
  27. 27. A method as claimed in any of claims 23 to 26 by which the token is generated by the portable computing device on the basis of a key or code entered by the user.
  28. 28. A method as claimed in any of claims 23 to 27 by which the token is generated by the server and supplied on the basis of a key or code known to the server and the user.
  29. 29. A method as claimed in any of claims 23 to 28 by which the token is generated by the server and supplied on the basis of a key or code randomly or non-randomly generated by the server,
  30. 30. A method as claimed in any of claims 23 to 29 by which the token and the counter-token are comprised of lighter or darker tokens or colours the relationship of such being dependent on the specific algorithm being applied for the encoding and decoding of the elements.S31. A method as claimed in any of claims 23 to 30 wherein the merged tokens reveal the visual key by the application of a XNOR or modulo operation to the values held in the aray representation of the tokens.32. A method as claimed in any of claims 23 to 31 by which the server utilises the token and a master token to generate the counterpart token.33. Computer readable code which, when executed on a computer or computing device, is configured to perform the method of any of the above claims.34. A method or system for the verification of a correspondence between two items as described herein, with reference to and as illustrated in the accompanying drawings.35. A method or system for the authentication of a user as described herein, with reference to and as illustrated in the accompanying drawings.Amendments to the claims have ben filed as follows:CLAIMSI. A method of decrypting and displaying information, the information to be decrypted being provided in the form of a graphical counterpart token, and the method comprising the steps of * use of a digital image capture device to capture an image of the graphical counterpart token; * use of a computing device to apply a decryption function to the captured counterpart image and a graphical key token, the decryption function returning an information-bearing decrypted image; * displaying the decrypted image on a display screen.2. A method as claimed in claim 1, in which the graphical key token is captured using the digital image capture device.3. A method as claimed in claim I, in which the key token is generated by means of the computing device app'ying a key token generation function to at least one key token seed value.0 20 4. A method as claimed in claim 3, in which at least one of the key token seed value(s) is input by a user.5. A method as claimed in claim 3 or claim 4, in which at least one of the key token seed value(s) is stored on the computing device.6. A method as claimed in any of the preceding claims, in which captured or generated key tokens and counterparts are stored as a set of numerical values, each value representing a region of the respective image.7. A method as claimed in claim 6, in which the decryption frmnction includes the application of an XNOR operation to each &ement-pair in the respective sets of numerical values, each element-pair including a number representing a region of the graphical key token and a number representing a corresponding region of the graphical counterpart token.8. A method as claimed in claim 6, in which the decryption frmnction includes the application of a modulo addition operation to each element-pair in the respective sets of numerical values, each element-pair including a number representing a region of the graphical key token and a number representing a corresponding region of the graphical counterpart token.9. A method as daimed in any of the preceding claims, in which the image capture device is a digital camera.10. A system for verifying an association between a pair of items, the system comprising a key server, token output means, and a verification device including image capture means, and a processor, the key server being adapted to generate graphical key token and counterpart token pairs, each key-counterpart token pair containing encrypted verification information which can only be read when a decryption function is applied to the key-counterpart token pair; * the token output means being adapted to apply the graphical key token visibly to one of a pair of items, and to apply the graphical counterpart token visibly to the other of the pair of items; and * the verification device being adapted to capture an image of the counterpart token, capture an image of the key token, apply a decryption function to the token and counterpart, and output decrypted verification information.11. A system as claimed in claim 10, in which the verification device further includes display means, and is adapted to visibly display the decrypted verification information.12. A system as claimed in claim 10 or claim 11, in which the verification device is adapted to perform the method of any of claims t to 9.13. A system as claimed in any of claims 10 to 12, in which the pair of items includes a package to be delivered and a notice of delivery to be sent in advance to the intended recipient.14. A system as claimed in any of claims 10 to 13, in which the sewer is adapted to store verification information in a database when token-counterpart pairs are generated.15. A system as claimed in claim 14, in which the verification device is adapted to transmit the decrypted verification information to the server for comparison with information previously stored in the database.16. A system for authenticating a user, the system comprising an authentication sewer, a client workstation, and a verification device including image capture means, the authentication server and the client workstation being connected via communication means, * the authentication server including a database for storing key tokens and/or key seeds associated with user identifiers; * the authentication server being adapted to generate graphical counterpart tokens to correspond with key tokens, each counterpart token containing encrypted verification information, the verification information being readable only when the graphical counterpart token is decrypted using its corresponding key token, the authentication server generating a graphical counterpart token in response to an authentication request citing the user identifier associated with the key token; * the authentication server being adapted to transmit generated graphical counterpart tokens to the client workstation, for visible display on a display screen of the client workstation; * the verification device being adapted to capture a digital image of the graphical counterpart token displayed on the display screen of the client workstation, decrypt the verification information contained within the counterpart token by applying a decryption function to the counterpart token and a key token, and output the verification information; * the authentication server being adapted to accept input of verification S information, and to make a comparison between verification information previously encrypted into counterpart tokens, and to authenticate a session based on a positive comparison.17. A system as claimed in claim 16, in which the verification device includes 0 storage for storing a copy of a key token associated with a user of the device, for use with the decryption function.18. A system as claimed in claim 16, in which the verification device includes user input means for accepting a key seed, and in which the verification device is adapted to apply a key token generation function to an input key seed, the key token generation function outputting a key token for use with the decryption function.19. A system as claimed in claim 18, in which the verification device further includes storage means for storing one part of a two-part key seed, and in which the verification device is adapted to apply a key token generation function to a key seed which is made up of a first part which is input via the user input means and a second part which is stored in the storage means.20. A system as claimed in any of claims 16 to 19, in which the verification information is a random or pseudo-random value which is generated by the sewer and stored in the database such that it is associated with the coresponding key token.21. A system as claimed in any of daims 16 to 20, in which the sewer accepts input of the verification information via the client workstation.22. A system as claimed in any of claims 16 to 21, in which the verification device is adapted to perform the method of any of claims 1 to 9.23. A method for authenticating or verifying a user within a system, induding: * The use of a portable computing device with image capture capabilities * The capture of a graphical presentation of a token or counter-token * The merging of a graphical counter token and a token to generate a reveal token that can be graphically displayed to reveal a visual key or message.* The display of the reveal token in graphical form on the portable device.0 * The generation of the graphical counter-token by a server from a token and a master token which contains the key or message.24. A method as claimed in claim 23 by which the graphical counter-token is captured from a terminal displaying the graphical counter-token.25. A method as claimed in claim 23 or 24 by which the token is captured from a graphical image before being merged with the graphical counter token.26. A method as claimed in any of claims 23 to 25 by which the terminal obtains the graphical counter-token from the server.27. A method as claimed in any of claims 23 to 26 by which the token is generated by the portable computing device on the basis of a key or code entered by the user.28. A method as claimed in any of claims 23 to 27 by which the token is generated by the server and supplied on the basis of a key or code known to the server and the user.29. A method as claimed in any of claims 23 to 28 by which the token is generated by the server and supplied on the basis of a key or code randomly or non-randomly generated by the server, 30. A method as claimed in any of claims 23 to 29 by which the token and the counter-token are comprised of lighter or darker tokens or colours the relationship of such being dependent on the specific algorithm being applied for the encoding and decoding of the elements.S31. A method as claimed in any of claims 23 to 30 wherein the merged tokens reveal the visual key by the application of a XNOR or modulo operation to the values held in the aray representation of the tokens.32. A method as claimed in any of claims 23 to 31 by which the server utilises the token and a master token to generate the counterpart token.33. Computer readable code which, when executed on a computer or computing device, is configured to perform the method of any of the above claims.34. A method or system for the verification of a correspondence between two items as described herein, with reference to and as illustrated in the accompanying drawings.35. A method or system for the authentication of a user as described herein, with reference to and as illustrated in the accompanying drawings.
GB1408958.5A 2014-05-20 2014-05-20 Security and verification device, method and system Withdrawn GB2526315A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1408958.5A GB2526315A (en) 2014-05-20 2014-05-20 Security and verification device, method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1408958.5A GB2526315A (en) 2014-05-20 2014-05-20 Security and verification device, method and system

Publications (2)

Publication Number Publication Date
GB201408958D0 GB201408958D0 (en) 2014-07-02
GB2526315A true GB2526315A (en) 2015-11-25

Family

ID=51135160

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1408958.5A Withdrawn GB2526315A (en) 2014-05-20 2014-05-20 Security and verification device, method and system

Country Status (1)

Country Link
GB (1) GB2526315A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6178243B1 (en) * 1995-08-27 2001-01-23 Aliroo Ltd User-controlled document processing
EP2096858A2 (en) * 2008-02-28 2009-09-02 Fujitsu Limited Image decrypting apparatus, image encrypting apparatus, and image decrypting method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6178243B1 (en) * 1995-08-27 2001-01-23 Aliroo Ltd User-controlled document processing
EP2096858A2 (en) * 2008-02-28 2009-09-02 Fujitsu Limited Image decrypting apparatus, image encrypting apparatus, and image decrypting method

Also Published As

Publication number Publication date
GB201408958D0 (en) 2014-07-02

Similar Documents

Publication Publication Date Title
US10305688B2 (en) Method, apparatus, and system for cloud-based encryption machine key injection
JP4866863B2 (en) Security code generation method and user device
US9223994B2 (en) Secure transaction method from a non-secure terminal
CN108199835B (en) Multi-party combined private key decryption method
TWI489847B (en) Data encryption method, data verification method and electronic apparatus
CN101765996A (en) Remote Authentication And Transaction Signatures
KR20060051957A (en) Encrypted data distributing method, encryption device, decryption device, encryption program and decryption program
IL292177A (en) Digital signature generation using a cold wallet
CN111262852B (en) Business card signing and issuing method and system based on block chain
CN115883052A (en) Data encryption method, data decryption method, device and storage medium
Mohan et al. Secure visual cryptography scheme with meaningful shares
KR20180135779A (en) Method for digital signature based on quantum key distribution and system performing the same
US20220224530A1 (en) System for restoring lost private key
CN113079002B (en) Data encryption method, data decryption method, key management method, medium, and device
US20030097559A1 (en) Qualification authentication method using variable authentication information
US8261088B2 (en) Secret authentication system
CN114866317B (en) Multi-party data security calculation method and device, electronic equipment and storage medium
GB2526315A (en) Security and verification device, method and system
Incze Pixel Sieve method for secret sharing & visual cryptography
CN112788046A (en) Method and system for encrypting transmission information
CN112769759A (en) Information processing method, information gateway, server and medium
WO2011052180A1 (en) Encrypted message transmission device, program, encrypted message transmission method and authentication system
TWI576779B (en) Method and Method of Payment Authentication System for Internet of Things
KR20210017153A (en) A generic transformation technique from public key encryption to public key encryption with equality test in the random oracle model
WO2023181163A1 (en) Collation system, collation device, collation method, and program

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)