WO2007080458A1

WO2007080458A1 - The device screen as a single light source

Info

Publication number: WO2007080458A1
Application number: PCT/IB2006/050080
Authority: WO
Inventors: Hani Girgis
Original assignee: Hani Girgis
Priority date: 2006-01-10
Filing date: 2006-01-10
Publication date: 2007-07-19

Abstract

Problem: great need for a reliable, secure, fast and very easy-to-use smart authentication token technology that does not require expensive hardware to be distributed to users. Solution: Most mobile phones and PDA's today, even the very low-cost ones, have illuminating color screens and are able to display animations with greatly very fast frame rates such as 80 frame/second! Even the very old-fashion low-cost, but color, mobile phones are able to display animations at a frame rate of at least 35 frames per second. The current invention enables the use of such devices for easy secure authentication such as access to buildings, train tickets, e-payments, logon to a computer…etc. All of this without any change in the hardware of the user's mobile device. The mobile device after preparing the information to be transmitted which can include secure one-time-passcodes, would encode this information and treat the screen of the user's mobile device as a single strong color-light source to optically transmit the encoded data as colorful flashing light and repeat this flashing sequence continuously at the maximum speed of the device and its screen. The user simply taps any part of his mobile device's screen on the reader's 'eye opening' for less than a second in order to get authenticated! The reader is usually a very low-cost device that essentially has color-sensing capability. Compared to the readers of other smart authentication token technologies, like NFC, it is very low-cost and can be easily integrated in existing systems. Additionally, the system reliability and good qualities are preserved in-spite of the great discrepancies and variations among the users' color mobile devices as described in the invention description. The figure is a side-view showing (1) a user's device, (2) its screen, (3) the tiny low-cost reader, (4) the eye opening of the reader, (5) the terminal to which the reader is attached.

Description

THE DEVICE SCREEN AS A SINGLE LIGHT SOURCE

Technical Field

[1] Communication methods suitable for enabling mobile devices to be used as physical tokens for purposes such as identification, secure authentication, transaction authorization...etc.

Background Art

[2] Tap-and-Go level of usability: this level is satisfied in technologies like, Near Field

Communication, NFC. The NFC technology has been incorporated in some mobile phones: http://www.nfc-forum.org/ and Felica http://www.sony.net/Products/felica/

[3] RFID tags has also been coupled with mobile phones to achieve similar results:

WO2005086456 "ELECTRONIC PAYMENT SCHEMES IN A MOBILE ENVIRONMENT FOR SHORT-RANGE TRANSACTIONS"

[4] Displaying bar-code on the mobile device screen as an alternative to RFTD:

WO03071822 "MOBILE TELEPHONE USER EQUIPMENT, A METHOD OF DISPLAYING INFORMATION CORRESPONDING TO DATA IN A MOBILE TELEPHONE USER EQUIPMENT AND A TRANSACTION SYSTEM"

[5] Displaying spatial 2D bar-code (QR codes) in a scrolling way over time on the mobile device screen: JP2003006570 "NON-CONTACT COMMUNICATION SYSTEM"

[6] Displaying a plurality of two-dimensional barcode patterns one after the other, among with some anchor patterns, for high capacity data transmission from a screen: US2005263598 "Display apparatus, light receiving apparatus, communication system, and communication method"

Disclosure of Invention

Technical Problem

[7] Enabling the existing mobile devices of users to be used as smart tokens for authentication or authorization is very attractive, but have been hindered because of the unavailability of a suitable communication method between the existing mobile devices and the terminals.

[8] A suitable communication method should:

1. Not require hardware changes or hardware additions to the user's mobile device (to avoid the hardware expenses and the great distribution costs of the new hardware components)

2. Tolerate the vast variations among devices; namely: screen size, resolution, brightness, screen surface reflectivity and in the case where data transmission requires timely changes during transmission we then add the following parameters that should also be tolerated: screen refresh rate (some screens display 80 frames/second while others display 35 frames/second), device processor speed, variations in processing power allocated to an application during time (this is a very critical problem, because the operating system of the mobile device does not always allocate stable processing power to a running application, hence if animations are to be presented at the full processor speed of the mobile device, then the resulting frame-rate will not be stable by time during a single transmission process!).

3. Not require too deliberate adjustment of the mobile device's position with respect to the reader in order for communication to occur; the usage process should be sufficiently very fast and easy (at least, near tap-and-go level of usability)

4. The reader device should be very low-cost so that it would not be the main barrier to wide acceptance, especially in cost-sensitive markets where the terminal cost is in fact very critical;

5. Other qualities that are very desirable in the suggested reader technologies: not require too much processing power, nor be too sophisticated so as to lower the e.g. manufacturing/production costs, nor be too fragile or bulky and integrate (or attach) without problems with the various terminals, e.g. portable terminals, self-service, door locks...etc.

[9] Comments on prior art:

1. Adding RFlD or NFC capability to mobile devices require changing or adding new hardware to the user's existing mobile devices, hence impede the market penetration due to time and cost of the hardware change / distribution

2. Displaying all types of ID or spatial (i.e. 2D) barcode or patterns, whether static or dynamic by time, on the user's mobile screen, severely suffer from the great variations among the screens of the users' existing devices: such as the reflection of the screen surface to light coming on it, screen resolution, pixel size... etc. Practical experiences showed that any simple cost-reasonable reader technology would be able to capture the spatial data from only a limited subset of the users' devices, otherwise the reader would be too sophisticated or too expensive. One solution that we can suggest, not for the current patent, is to capture video at sufficiently high resolution and high frame rates (to tolerate variations in screens' refresh rates along with time) and do some extensive image processing.

3. The second problem about displaying spatial patterns on the mobile screen is the need for deliberate adjustment of the screen with respect to the reader's sensors. It is never near to the "tap-and-go" experience. Doing automated reader adjustment, was hinted in US2005263598, but no suggestions on how to be done, and the same document also suggested that the reader would indicate to the user when the position is adjusted (the user should notice this and should fix the position as much as possible to allow for smooth transmission); the method in the US2005263598 is deliberately focused on high-capacity data transmission. It is suitable where a TV set for example is the source of data transmission. On the other hand, the technical area of the current application is concerned with very limited essential data that needs to be transmitted from a user's mobile device easily, quickly and reliably. [10] Due to the lack of such a suitable communication method, users today are issued traditional physical tokens, such as all types of contactless smartcards, NFC key-fobs, and various One Time Password devices with physical and/or short-range interfaces... etc. The result of this was that: the user would have to carry and keep so many, possibly bulky, tokens in his pocket! This is a significant issue that has been criticized severely after the mandate for the use of two-factor authentication in financial services, especially in the US before the end of 2006. As the user is usually already carrying with him a smart device, such as his mobile phone or PDA or even a smart mp3 player...etc., which is usually capable of making cryptography via software, or via the smartcard or chip already inside or attachable to the device, or a combination thereof, it would be very efficient and cost effective and also better for the user to use his existing personal mobile device for all identification, authentication and transactions authorizations rather than carrying additional bulky tokens with him.

Technical Solution

[11] To mitigate or solve problems mentioned in the technical problem section among other problems as well, hereby is disclosed a communication method, a reader apparatus and a smart token system: [ 12] The communication process :

1. Encode the data to be transmitted as light properties changes. Light properties are Hue, Saturation and Luminance or RGB. Grey scale communication is possible by setting the RGB values to be equal to each other all the time and changing them together as one value.

2. Specify a sufficiently significant portion of the screen (the bigger the portion, the better the efficiency — i.e. the best case is using the full screen). Treat this portion of the screen as a single light source (by for example setting all the pixels in this portion with the same RGB values). Treating this significant portion of the screen (optimally the whole screen) as a single light source results in significantly more powerful light signal and dramatically increases the communication efficiency. Even the worst quality screens will work well.

3. Transmit data by changing the light properties of this portion by time (treating the whole portion as a single light source). In the case where not all the screen was selected as the mentioned portion, then the other portions should not change its light properties by time (i.e. remain still) in order not to interfere with the data transmission coming from the chosen significant portion. If the full screen was used, then there is no problem and this is the best recommended usage. The benefits of using the whole screen or at least a significant portion of it, is that the communication will work well just by tapping any part of the screen on the reader (which is the receiving device).

4. Changes in the light properties of the selected portion should be done at the highest possible speed; it is obvious that the limit is either the screen refresh rate limit or the device's processing power limit; whichever of them is slower would limit the transmission speed. Usually, very low-cost old devices have refresh rates near 35 frames per second, while all the new ones, with good screens, have a refresh rate of 80 frames per second, yet due to the limited processing power it is sometimes impossible to fully utilize this frame rate and the resulting frame rate would be something like 60 to 70 frames per second. Programmatically, it is very easy to transmit the data at the maximum full speed. No timers or synchronization is needed, the application just sends the "display" command to the screen and "block-waits" until control is returned back to the application indicating that what was sent to be displayed on the screen was actually displayed, now the application can send another command and so forth. This way, the maximum throughput ever possible is achieved without overusing the device's processor or battery.

5. The transmission of the data is repeated over and over again because the user's device does not know at this stage whether the reader (which is the receiving device) fully received the data or not.

6. The reader is a device that incorporates a light sensor that senses the light properties. The actual data is the "change" in the light properties, not the absolute values of the received light properties. This perfectly makes the current invention able to tolerate: a) all variations among devices with respect to the illumination power (or brightness), b) all variations among devices with respect to refresh rate, because the data is the "change" in the light properties, rather than absolute values that are captured at synchronous time instances, c) for the same reason, the current invention tolerates any instability in the display rate due to unstable processing power allocated to the application by the device's operating system (this is a significant issue in practice and the current invention solves it).

7. The reader continues to decode data (which is the quantized change in the light properties) until it is able to receive the full message. Of course the reader does not need to wait until a start of message delimiter to come before capturing the message; the reader can just capture every bit, even in the middle of the message, and when the full length is formed then the whole message is received. This saves 50% of the time needed to receive the message.

8. The reader could notify the user when the message is received via for example a beep or light or any other means.

9. The terminal to which the reader is connected (whether integrated or attached) can use the information received to identify and/or authenticate the user

10. Since, the mobile screen can only transmit data, then if further communication needs to be done between the user's device and the terminal, then the terminal can use the identity and/or the physical address of the user's mobile device (which was sent directly or deduced from the optically transmitted message from the user's device) in order to connect back to the said user's mobile device via another communication channel. In this case the user's mobile device must have communications capability. Examples of these communication channels, would be SMS or GPRS or whatever sort of wireless communication.

11. In some cases this other communication channel does not support pushing information to the user, i.e. the user has to pull information and cannot receive data asynchronously; in this case there need to be a registry service to which the user's mobile device would poll on it; the polling process can start immediately with the first repetition of the optical transmission, because after this time only the terminal could have been able to communicate with the mobile device; meanwhile the terminal would register itself on the same registry in order for the terminal to find it and continue the communication.

12. This way two-way communication is achieved between the user's mobile device and a terminal, just by tapping even a part of the user's mobile screen on the "eye opening" of the reader. The optical transmission is almost a tap- and-go experience! It takes less than a second and the reader is sometimes able to read the data even before the user actually taps his screen on the reader. It is an incredibly reliable, fast and easy method.

[ 13] The reader apparatus:

1. Plays three main roles: a) the light sensing, which is usually analog b) the dif- ferentiation, i.e. noting the change rather than the absolute values of properties, c) the quantization which ultimately brings the encoded data

2. The first role is implemented by any light-sensing mechanism, like for example simple light sensors. In cases where color was chosen to carry information, then the light-sensing mechanism must also be able to detect the color properties of light (i.e. at least hue, and optionally saturation in addition to the already well-known luminous which is detectable without color sensing), or in another scheme, the values of the Red, Green and Blue. In all cases the sensing mechanism reads the analog characteristics of light.

3. The second and third roles can be interchanged in many ways. One way is to be able to calculate the properties differences while the sensed values are still analog! This is realizable through for example comparators, which would even directly produce digital output.

4. The other option is to digitize the sensed values first, via for example A/D converter, and then do the differentiation (or comparison) or whatever sort of more deliberate processing in digital form.

5. Relying on the "change" rather than quantization helps in two things, first: eliminates the need for clock synchronization between the device and the terminal, second: eliminates the effect of variations between user's devices with respect to the screen brightness (illumination power), because what affects the data is the change in illumination, not the absolute value of illumination. There are some user's devices with very good illuminating screens are brighter in black than a low-cost phone when its screen is totally white! So, there is no inter-device reference between black and white; hence the "change" method is very useful. The cost of the "change" method is that we loose a state of the possible states to guarantee that there will always be a change even in the case when the original data is the same: i.e., for example if we have eight states of light properties, then we have only seven possible changes (not eight), because repeating the same state will not be detectable by the receiver. Again, the reason for this is because there is no explicit clock. There is also no implicit clock because the user's device could be slow, and could have unstable clock, then it will not be efficient to use the slowest possible clock ever that would be accurate to calculate on most devices. Some devices are able to present 80 frames per second, this is very useful and should not be missed in order to support old devices. Change based communications guarantees full speed of every user's device to be utilized, at the low- cost of losing one of the possible states.

6. Even this state loss can be avoided at the cost of more processing. Since, the maximum refresh rate is between 30 to 120 frames per second, then changes can be detected and an implicit clock can be interpolated. In this case, the data should be well scrambled during the encoding stage to ensure than no too much repetition of the same state which would affect the clock accuracy. However, we are in favor of the "change" method as it ensures simpler and more assured transmission accuracy.

7. Now, coming to another questions: which properties of light whose change represent the data? For purpose of clarification, we hereby mention two examples of the many possibilities:

8. In case of non-color data transmission, which is the simplest case, there is only one characteristic to be measured, which is the luminance. In order to be able to use the change in data rather than absolute value, then there must be at least three states (i.e. three grey-scales) not just black/white representing zero/ one or the opposite. A practical example of the three luminance values are Black, Grey and White, i.e. near zero luminance, average luminance and high luminance. But as we argued before, this is relative from one screen to another. So a perfectly differential method would always depend on the change rather than on an absolute threshold. Choosing the transition from Grey to White as one and from Grey to Black as zero, then in order to transmit 01101, it will be encoded as Grey, Black, Grey, White, Grey, white, Grey, Black, Grey White. From the receiver point of view, it will receive luminance values from the A/D of the 8-bit sensor something like the following: 98, 42, 102, 157, 96, 152, 101, 39, 102, 144...etc. Now it is obvious that by noting the transition (up and down) we can directly get the 01101 that was sent. If another user's device whose illumination is very bad, it would look something like 58, 21, 61, 118, 63, 112, 59, 18, 51, 114; doing the same simple differential comparison ensures the data is perfectly retrieved. Also, an important thing to notice that there is always a transition (from grey to white or from grey to black) which means that there is a clear clocking information (no implicit clock is needed) so a fast mobile would transmit fast and a slow mobile would transmit slow and the reader tolerates them without any problem. Of course as described before, we can optimize and eliminate the need for the grey state and rely on processing the signals with respect to time and the known range of transfer rate (30 frames per second upto 100 frames per second) and be able to detect signals like: 21, 118, 118, 24, 114 can still be received as 01101 using the more elaborate signal processing (which can even be done by relying on the terminal processor rather than the reader itself). 9. Another example using color light; we will use the RGB scheme for illustration rather than Hue, Saturation, Illumination. From the device screen side we set all the pixels of the screen (or a the maximum possible significant portion of it) to a single specific RGB values (exactly as we did in the previous example, but this time the RGB values can be different). From the receiver point of view, the sensing component reads three analog values: Red, Green and Blue. These values represent the light properties. Of course their absolute values are never exactly equal to the ones sent from the user's mobile screen, but they are strongly related, depending on many factors including the distance. Now, we can send more information from the same single light source (the device's screen), because we have three orthogonal values: RGB. If we choose to use only two levels per color, then we get eight possibilities for the RGB values (0,0,0), (0,0,l),(0,l,0),(0,l,l),(l,0,0), (l,0,l),(l,l,0),(l,l,l). If we want explicit clocking (no estimation), then we will have only seven possible transitions. Otherwise we can rely on estimated clock and use the eight possibilities. We strongly recommend explicit clocking to guarantee clock invariance. From another side, to be invariant with respect to the device illumination, and screen tint, we can also make three states for every color rather than two states, exactly like the Black/ Grey/White example. But this is expensive, because it requires the return to the middle state before moving to one or zero (i.e. loosing half the frame rate) which is quite expensive and can be easily tolerated by a digital signal processor, by detecting the different values upon which it is swinging before deciding the thresholds. [14] The smart authentication token system: it utilizes the normal mobile phones or mobile devices that people already have. So instead of distributing new physical smart tokens like Near Field Communication (NFC) key fobs or contact-less smartcards, the users will be able to use their existing mobile phones as an easy-to-use reliable authentication token! The breakthrough is that this invention does not require any hardware modification in the users' existing mobile devices. The system relies on a simple very low-cost chromatic light-sensing reader; the reader is extremely low-cost compared to the readers of all other types of smart authentication tokens. [15] A second very important and incredible breakthrough is that the user does not need to adjust the orientation of the mobile device on the reader neither scroll the mobile device screen on the reader; all what is needed is to tap any part of the screen of his mobile device on the reader's light sensor for a second or so! The current invention is eventually the breakthrough quick Tap-and-Go technology that does not require any change in the hardware of the user's mobile device. [16] This invention has three main components: 1- The user's mobile device adapted with the smart authentication token software (this could be an interoperable J2ME application or for communities where the users' devices already incorporate interoperable open platform smartcards as in the case of GSM phones, the software adaptation can be made to the smartcard, it can also be a combination thereof, e.g. A J2ME and a smartcard application communicating with each other via a JSR 177; it can also be a native application or even a firmware update on the device or any type of software adaptation to the user's mobile device); Also the user's mobile device must have a color screen in order to be able to transmit the flashing color signals on the screen (almost all new mobile devices today have color screens); 2- The reader, which is mainly a color light sensing device; it can be made of just three simple light sensors with color caps on them among with a few comparators or Analog to Digital converters, or it can be more sophisticated with high-tech color-photo sensor module with direct digital output; the reader would connect to the terminal or host through for example USB or I2C or whatever standard or proprietary communication channel. On the other extreme side, if the environment already contains a color video camera with sufficiently high frame capture rate, it can also be used as a reader! The resolution of the camera is totally irrelevant, a single pixel resolution is enough but it must be colored with very high frame capture rate. There are many embodiment options for the reader device. It can for example be embedded in an optical mouse to enable the same inventive authentication technology on the PC and the Internet. Another interesting implementation of the reader is to making it very thin flat to fit in the plastic body of a chip card, today this is very possible through thin-film batteries. This anonymous card after acquiring the one-time-authentication information from the user's mobile device, this reader-card can be inserted in the normal smartcard reader of the terminal to authenticate the user once. Also another embodiment would be a normal color light- sensing device that connects to the host through the smartcard reader interface that is already available in the host (i.e. terminal) in order to support traditional smartcards; these last two implementation/embodiment options ensure that the changes required in the host are minimized. 3- The authentication service, which could be as simple as a computer adapted with the authentication software and has the reader connected to it or it can be a network service composed of communication link(s), possibly hardware security modules, HSMs, and multiple computers and terminals, adapted with software to collectively perform the authentication service.

[17] As it is obvious from the brief description above that the communication from the user's mobile device and the reader is unidirectional, i.e. from the mobile device to the reader, and this is usually sufficient for authentication applications. The data transmitted can contain: 1. An ID. (mandatory)

2. A cryptographic one time password (whether time-based or counter-based) or a digital signature or the like, (mandatory in case of authentication without connect-back capability)

3. Other auxiliary data like for example, counters or a copy of the user's device time-stamp or other protocol specific data, (optional)

4. It can also include additional semantic data as things related to what I want to be authenticated for or what I am requesting authorization for. (optional)

5. A connect-back ID or number so as to be contacted on another communication channel for further specification of a transaction or in case of exceptions. Or even for further authentication, (optional)

6. Other more detailed ID related data, for example a complete digital copy of the user's National ID (optional, useful when the verification system is offline, i.e. this data could be looked up from a server and does not necessarily need to be transmitted from the user's mobile device)

7. Verification related data, e.g. the user's signed certificate (optional, useful when the verification system is offline, i.e. this data could be looked up from a server and does not necessarily need to be transmitted from the user's mobile device

[18] The above examples are not meant as specifications but as a way to illustrate one possible embodiment. For example, there could be other additional data transmitted from the user's device to the reader that is outside the identification/authentication scope. [19] It is worth to note that the user's color mobile device is not required to have any other communication capability than the one described in the invention (through the color screen of the device)! [20] Yet, having another communication capability, as for example GPRS or SMS or whatever, would enable other options in addition to mere authentication, such as the authorization of some macro-payment transaction. [21] In the field of user authentication, this invention replaces the following technologies:

1. The RFID: the ID is communicated from the user' s mobile device to the reader via the screen being used as a single light source

2. The One Time Password, OTP, smart tokens and the like, including those that have a PIN pad or two-factor or three-factor authentication capabilities: the OTP is prepared on the user's mobile device and transmitted to the reader via the user's mobile device screen which is even more secure and much faster; also the user might be required to enter his PIN or password or provide any other authentication factor(s) on his device before he would have access to the smart token application

3. NFC smart tokens and NFC smartcards and the like: two-way communication can be achieved either manually on the user's mobile device or through another communication channel that the user's mobile device is capable to make. Usually this other communication channel is more expensive than the "free" tap-and-go communication from the user's mobile device screen to the reader. [22] It is also worth to note that the user's mobile device that has a color screen can eventually be a wearable device, such as a watch or an mp3 player with a color screen or a smart key-chain or fob with a color screen or a smart necklace or even a video enabled eye-glasses!

Advantageous Effects

[23] For the communication system, the most important advantage is that tapping a part of the screen near or on the reader's eye would result in reliable quick and easy data transmission perfectly suited for transferring limited data quickly and easily without position adjustment, without zoom adjustment without focus adjustment...etc. Just simple light sensor(s) and extremely very limited processing. Obviously the user does not need to rotate or correctly adjust or orient the screen of his device on the reader. The reader can be a small eye opening (probably 1 or 2 cm in diameter!). It is not a wide camera that should capture the full screen of the user's device. All what we need is just a part of the user's screen. It is a significantly big leap with regards to usability. [24] The current invention incredibly tolerates the variations and discrepancies among the users' devices. For example the variations in the size of the screen does not break the system, the type of the screen technology and its illumination power and the screen tint does not break the system, the screen refresh rate does not break the system, even the processing power of the user device itself and its clock rate does not break the system! The invention is immune from the effects of almost all discrepancies among users' devices. The invention is also incredibly robust; it would still work even if the processing power of the user device is unstable! This is not a rare case, in practice the users' devices, mobile phones and PDA's, do not run a Real Time Operating System (RTOS) so the processing power that an application gets is terribly affected by other applications running on the device including the operating system itself; so, the chromatic light flashing software running on the user device would not receive stable processing power and hence the light signals coming from the screen are not guaranteed to be synchronous. The invention is even immune from the effects of such terrible instability in the processing power. [25] The use of this inventive optical transmission technology to enable the user's mobile devices to be used instead of smart tokens is a very critical breakthrough. It means saving all the costs of the unnecessary tokens and rely on just one token, the mobile device. Thanks to Global Platform, formerly the Visa Open Platform, which allows multiple smartcard applications from different institutions to reside securely on the same smart card or token. Fortunately, most mobile phones and many PDA's and users' devices already have a Global Platform smart chip, which means that the hardware and the security platform are already available.

Description of Drawings

[26] Figure 1 : Side view of a user's mobile device about to be tapped on a tiny reader integrated in a terminal

1. User's mobile device

2. The screen of the user's mobile device faced down towards the reader

3. The inventive reader of the optical signals

4. The "eye opening" of the reader

5. The terminal

Best Mode

[27] Impressive results of this invention, is because the use of the "zero dimensional" protocol (i.e. using the screen as a single light source for transmitting data). The result of this is that the reader hardware became also very simple, to the extent that it can be simply made very flat to the extent to be embedded in a smartcard body. Let's imagine a person who has a virtual credit card on his mobile phone using the current invention. This person goes to a restaurant and after eating, the waiter comes to him and presents to him a bill. But the person does not have a traditional physical smartcard based credit card. So the waiter brings out a proxy credit card, which is merely our tiny flat reader in a card shape. The user selects his card application on his mobile, enters his ATM PIN and selects "use card" to start flashing his ID among with a one time secret, and taps the (card-shaped) reader on the phone's screen. The card-shaped reader beeps immediately, in less than a second, indicating successful reading of the data. The waiter uses the card-shaped reader (i.e. the proxy card) on the restaurant normal POS terminal which is inside. The POS terminals thinks that it is a normal credit card. The transactions gets routed through the inter-bank network, like for example visa or mastercard, and reaches the issuer bank of the user's card. The issuer bank knows that this card number is actually a virtual card and that he must be using it in a restaurant, so the bank would immediately push a message to the user asking him to authorize this specific transaction whose details are now presented on the user's screen. If the user presses yes, the transaction continues and the successful reply returns back to the restaurant's POS terminal. It is easiesr than ever and most secure than ever and most economic than ever!

[28] The proxy card does not pose any security risk because it holds a one time password for a one time authorization. Time can also be one of the factors in the calculation of this crypto one time password. But in all ways, even if time was not a factor and even if just the ID was transferred, because of the call back mechanism that the bank made with his customer, the user's consent on his mobile device guarantees the highest ever possible level of logical security ever made!

[29] In situations where call back is needed anyway, what actually needs to be transmitted optically is just the ID, exactly like an RFlD. But it can additionally have cryptographic secrets that enable authentication, especially in the case where the call back communication is expensive and the institution that will establish the call does not want to make this call back unless they are sure that it is their legitimate customer who is trying to make a transaction.

Mode for Invention

[30] The invention can be used as a one-time-password authentication token for corporate physical access or for train tickets or memberships. This does not require call back. It works even on devices that does not support communications, like even iPOD mp3 players that have color screens.

Industrial Applicability

[31] This invention is an invaluable industrial breakthrough in the smart tokens industry.

Most people today already have smart mobile devices, and the reader is very simple, practical, low-cost and reliable. The initial implementation prototypes of the invention showed the unmatched reliability, easy of use, quick tap-and-go usability!

Claims

[1] An easy, extremely low-cost yet very reliable, identification and/or secure authentication process: 1) prepare the essential data which include, identification field(s) and/or cryptographic authentication field(s), among with any additional field(s) such that the total size of the said essential data is very limited, 2) encode the said essential data as color properties of a single light source that changes its properties (RGB or Hue/Saturation/Luminance) by time, optionally applying error correction/detection mechanisms in the said encoding of the said data, 3) optically transmit the said encoded data on the largest possible portion of at least one of the color screens of the user's color-screened mobile device such that the said largest possible portion in the said color screen represents the said single light source rather than a spatial ID or 2D patterns or codes, 4) while the said color screen is flashing and repeating the said optical transmission, tap or bring close even any part of the said color screen with the eye opening of a light signal receiver capable of capturing the color properties of light over time, 5) decode the said captured color properties so as to get the said essential data, and optionally notify the said user of successful capturing of the said essential data 6) process the said essential data to identify and/or authenticate the said user or even give requested authorization(s) 7) optionally further communicate back with the said user and/or his said color-screened mobile device through another communication channel, to further authenticate the identified said user or, to get the said user's further authorization on one or more transactions or, to deliver service(s) to the said user or, a combination thereof, which in turns might require the said user to transmit further data over the said optical transmission channel.

[2] An identification and/or authentication token system where a) the user's software adapted color-screened mobile device acts as an identification tag or a smart token and may require PIN entry and b) the color screen of the said user's software adapted color-screened mobile device plays the role of a colored light source for transmitting non-spatial colored light signals that change over time and c) a signal receiver device capable, through an attached or integrated light sensing hardware, of capturing the color light properties over time and possibly capable also of detecting and decoding non-spatial colored light signals transmitted by the said color screen of the said user's software adapted color- screened mobile device d) a transaction terminal that integrates or connects with the said signal receiver device and obtains the decoded messages either directly from the said signal receiver or by further processing the said captured color light properties e) identification and/or authentication and/or authorization service(s), which can either be network service(s) reachable by the said transaction terminal or local service(s) residing in the said transaction terminal.