News
Predictive QR Code® is officially a patented technology!
Date: 04/04/2024
Image-based Predictive Authentication System
"Because authentication via Predictive QRCode®, an image-based implementation of predictive authentication, is the future of Virtual Cards for smartphones, for physical authentication via mobile devices, and also because this technology can compete with today's most popular techniques such as NFC or BLE"
Author:
Antonmarco Catania
Filed in December 2021, published in June 2023, in March 2024 the patent for Predictive QR Code®, an authentication technology that revolutionizes how images are authenticated, particularly mobile-to-mobile authentication, has been approved.
Abstract
Identity is the new perimeter of Security, and authentication is the very key part of the process that must ensure it.
When it comes to people, physical authentication is made possible through technological and biometric tools. Among the physical tools, certainly those that make use of smartphones are the ones that are increasingly used the most. Smartphones are electronic devices with very high computational capabilities available to almost all citizens.
In addition, smartphones are seen as an "increasingly personal" device, which is accessed by means of increasingly sophisticated security keys, including biometric keys, and which, especially for the information and documents it contains, is not surrendered even for short periods of time and is unlikely to be left unattended or, worse, forgotten.
In this paper we analyze the Predictive QR Code® technology - a registered trademark of Euklis srl - which implements the predictive authentication system based on images whose Italian patent was filed on 6/12/2021, international patent n. PCT/IB2022/061813, was published on June 15, 2023, and officially GRANTED on 3/26/2024 under the n. 102021000030803 which is well suited to implement a secure and efficient authentication system making use of smartphones.
After describing the technology, its advantages are discussed in relation to other physical authentication technologies that make use of smartphones as well, such as NFC or via BLE and the latest systems with dynamic QR Codes.
The analysis and comparison of this technology with those on the market today, which allow physical authentication by means of smartphones, is carried out taking into consideration both strictly technological and performance areas as well as social, economic, convenience and ease of use.
The made analysis has shown how the Predictive QR Code® technology is today a concrete answer to the limits of authentication through simple QR Code but also more advantageous in many aspects, which are analyzed in the article, compared to other technologies currently more widespread, particularly in relation to Mobile To Mobile authentication.
In conclusion, it can be argued that the use of Predictive QR Code technology may have, in the years to come, very important applications in even heterogeneous areas yet including physical authentication, for:
- Access control, time and attendance, access to remote sites and events
- Nominative tickets and subscriptions
- Electronic payment systems
- Work safety and security
Image based authentication and Predictive QR Code®
For a variety of different needs, image coding systems have long been structured for objects and individuals that need to be classified and identified uniquely and quickly for control operators. With the development of information technology, there came the emergence and rapid development of the encoding of information by barcode, which is the encoding of a succession of parallel bars containing all the data of interest according to binary logic. Associated with bar coding is also a numerical coding system, aimed at facilitating the correct reading of information in the event of malfunction - or absence - of a special reader. Such a system, which is also still in use, has made inventory management much easier than systems based solely on human expertise, but it has clearly presented some critical issues from the outset.
First of all, the system constructed in this way allows only synthetic and reduced information to be managed, due to insurmountable mathematical limitations, resulting in the need - in most cases - to require connection to a remote data processing and display system. This results in important and costly security issues.
Secondly, such a code is easily reproducible and in fact was perhaps the main purpose of its genesis, given the development typically achieved in the world of consumer products.
The need for synthetic and secure systems that contain more information led to the development of the so-called QR-code, an information encoding system based on the transformation of data into a combination of empty and filled spaces within a square frame. This encoding allows a larger amount of data to be absorbed and reduces the need for connections to external data storage systems, as it is possible to incorporate a large amount of data into the image thus constructed. It is also possible, of course, to provide for such data to coincide exclusively with a connection to an external site, or even for the reported data to be validated by external entities via a remote server, resulting in the need for an external connection.Rispetto alle proprietà di raccolta di informazioni contenuta in un codice a barre, pertanto, è notevolmente cresciuta la quantità di dati disponibili sull’immagine, senza che venga richiesto maggiore spazio a disposizione per riprodurla sulle superfici in cui essa viene applicata.
The QR code system, which has proved to be particularly useful and has quickly been considered an effective tool for recognizing the identity of people, vehicles and objects of any kind, has certainly solved many problems related to the production (and storage) of official paper documents, thus offering considerable support for security protection as well.
Today all smart phones are natively equipped with the technology to interpret QR codes.
Process systems for authenticating a user in a telematics connection have also been implemented. For example, US 2019/149537 identifies the QR code system per se as a system for recognizing a user during accreditation to a blockchain-managed page.
However, to date, the use of a QR-code presents two major security problems. Most obviously, the system is easily duplicated: the QR code, like the bar code, is reproduced sequentially on product packaging, as well as-for more sensitive applications-being transmitted to interested third parties by photostatic copying or even just photographic reproduction.
The use of the QR Code - static - as a means of authenticating people is extremely widespread today, simply by seeing its use, for example, for train or airplane tickets or for temporary access permits.
It is common experience that the QR Code is not a secure system to authenticate someone. It usually also requires two-factor checking, such as also verifying ID.
Image-based Predictive Authentication
A predictive image authentication system consists, for example, of a mobile phone device, such as a smartphone or tablet, equipped internally with a code creation device based on the transposition and transformation in the form of images of unique information. The aforementioned codes transpose predefined unique information and transform it - according to a specific predefined algorithm - into an image that can be recorded and/or displayed on the screen.
The code creation device is therefore essentially a data processing application aimed at producing the encoded image, such as a QR code, based on public elements and a private encryption key. In this way, the device can create one or more unique QR codes.
The image thus produced and presented on the screen is recognized and read by an image reading and transmission device. The image reading and transmitting device, having identified the forwarding request, in turn transmits the data to a code creation and validation device, consisting of a server equipped internally with a code creation application.
The application provided on the code creation and validation device presents identical methodology to that provided in the code creation and presentation device, so that a certain and complete comparison of the data derived from the phone with the data provided by the machine can take place. Once the comparison is finished, the device for transposing and comparing the information contained on the QR code issues an admissibility signal.
Since authentication by a single static image or a single QR code, is possible but not secure, an additional layer of security is required. Therefore, there is a function in the code creation device for which a sequence of codes presented as images for example of QR codes is created at programmable intervals that are displayed on the screen and must be read by the image reading and transmitting device so that the code creation and validation device can recognize and validate them.
Understandably, these are very limited intervals such that they cannot be duplicated for fraudulent authentication, for example, 500ms.
Each of the images or QR codes thus generated, which are in fact not identifiable by the user or third parties, may be private QR codes, or PQRcodes.
Predictive QR Code®
Predictive QR Code® technology is thus one of the possible applications of predictive authentication by images.
The elements that make up the system are one smartphone that presents the Predictive QR Code, i.e., the infinite sequence of QR Codes, continuously different, changing according to rules and keys and changing factors, such as absolute time, regulated by service provider; the authentication system, which can be another smartphone on which an authentication app is installed or a QR Code reader connected locally to a Predictive QR Code-enabled controller; and a portal on which credentials are recorded.
The connection between the device to be authenticated, as well as the controller and the portal, is required only at the time of configuration. In other words, the system can operate in offline mode.
The reliability of the authentication process is also ensured by the fact that among the methods of construction of the Predictive QR is also considered the unique number of the mobile device - example IMEI/Unique Number associated with the terminal - and, optionally, the mutual geolocation of the devices.
Applications with Predictive QR Code®
Systems using PQR Code consist of a device that allows a subject to be authenticated, typically a Smartphone, which presents the Predictive QR Code on the screen and a device that reads the PQR Code and provides an authentication response.
The authenticating device can be another smartphone or a QR Code reader connected to a controller.
In order to allow the screen of a smartphone to present infinite QR Codes that change every 500ms with predictive logic, there are two ways: A) by means of a mobile app that can be downloaded from the App Stores B) by connecting to a portal that generates PQCodes.
Predictive QR Code® APP
In this case, the user, downloads the provider's mobile app of the service, access or payment for which authentication is required; registers his device to the portal thanks to a PIN received from the service provider, for example, via SMS.
From then on, one's smartphone app is able to generate PQR Codes, which identify it without the need to connect to the portal and in the absence of Internet connectivity.
Optionally, registration of the device to the Service Provider's portal can take place via an enrollment protocol with multifactor authentication that prevents the possibility of registering a device other than the one associated with the phone number under which the user was registered.
Advatntages of Predictive QR Code®
Predictive QR Code is a unique and secure authentication technology.
The advantages of the Predictive QR Code are many:
- It is a smarphone authentication system that works offline, without the need for an Internet connection
- It works exclusively from a smartphone, the smartphone of the owner to whom it has been attributed
- The encoding system, the methodical presentation of the Predictive QR Code is from the service provider not the technology manufacturer
- It is secure, since it cannot be copied since it consists of an infinite sequence of QR Codes valid for only 500 ms
- It works similarly on common Android or iOS smartphones
- It allows authentication in less than a second
- Does not require additional HW
- Can be verified by another smartphone or by a QR Code reader connected to a controller with the Predictive QR Code feature enabled
- It is hardware independent and can also be verified by camera
- It can also work, in degraded mode, with a printed QR Code
Conclusion
That of Predictive QR Code is a technology that presents many application opportunities for the future not only because of the technological aspects that make it comparable-and in many cases superior-to other smartphone authentication technologies that have already been on the market for some time, but also because of economic and operational aspects.
Realizing authentication applications using Predictive QR Codes, rather NFC, turns out to be a much simpler and more open approach, since NFC technology, in the iOS case is only available for proprietary payment systems.
Making authentication applications through Predictive QR Code, rather than through Apps that make use of BLE, turns out to be a much more secure and reliable approach since "wireless" technology is less "controllable" for authentication application.
Predictive QR Code is an image-based predictive authentication technology that is completely independent of hardware. Smartphones, QR Code readers, fin even video camera can be used as capture devices.
Finally, an image authentication system, a reader among the types listed above, based on predictive QR Codes, can work-though with a degraded level of security but known to the provider who might allow it under certain conditions-also in dynamic QR Code mode and even static printed QR Codes.