Digital signage devices, such as kiosks with display screens, are used in retail shops to display information for customers. For instance, a digital signage device may display advertisements at a grocery store for items that are on sale. In some cases, a user computing device, such as a mobile phone, tablet, or watch, can interact with the digital signage device. Continuing the grocery store example, a grocer may wish to provide targeted advertisements to specific customers on a digital signage device displayed in the grocery store. However, for privacy reasons, targeted data, including user data, cannot usually be displayed on the digital signage device without first authenticating the mobile device to the digital signage device.
Authentication of a user computing device to a digital signage device is often done with a quick response (QR) code. For example, a user may scan a displayed QR code, take a picture of a QR code, or open a QR code to authenticate the user computing device to the digital signage device. However, QR codes require user interaction that is cumbersome, and prohibitive to some users. Furthermore, login forms are sometimes used to authenticate a user computing device, but are cumbersome and time consuming to fill out, and for privacy reasons should not be filled out in public.
Other solutions to authenticate a user computing device to a digital signage device broadcast a beacon (e.g., from the digital signage device) to the user computing devices. The beacon includes an identifier that is shared between different user computing devices. Therefore, though adequate for general data (e.g., generic advertisements), beacon broadcasting does not meet security requirements for user-specific data. Consequently, existing methods of authenticating a user computing device to a digital signage device are too cumbersome and/or insecure, and are thus not suitable to many applications where sensitive or private user data is exposed to the digital signage device.