Universal authentication mechanism

US 20030046541A1
Filed: 08/22/2002
Published: 03/06/2003
Est. Priority Date: 09/04/2001
Status: Active Grant

First Claim

Patent Images

1. A method for authentication of a user to a service provider, wherein an application device requests a service for the user from the service provider and the service provider requests an authentication of the user by an authentication server before granting access to the requested service, wherein the following steps are performed:

transmission of a user identity identifying the user to the service provider;

transmission of a request for confirmation of the user identity to an authentication server with the request comprising the user identity and a service identity identifying the requested service to the authentication server;

transmission of a request for service authentication to an authentication device of the user with the request for service authentication indicating the requested service to the authentication device;

generation of a service authentication confirmation confirming the request for service authentication;

transmission of the service authentication confirmation to the authentication server;

analysis of the service authentication confirmation;

confirmation of the user identity to the service provider according to the result of the analysis;

granting of service access to the user by the service provider according to the confirmation of the user identity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).

176 Citations

25 Claims

1. A method for authentication of a user to a service provider, wherein an application device requests a service for the user from the service provider and the service provider requests an authentication of the user by an authentication server before granting access to the requested service, wherein the following steps are performed:
- transmission of a user identity identifying the user to the service provider;
  
  transmission of a request for confirmation of the user identity to an authentication server with the request comprising the user identity and a service identity identifying the requested service to the authentication server;
  
  transmission of a request for service authentication to an authentication device of the user with the request for service authentication indicating the requested service to the authentication device;
  
  generation of a service authentication confirmation confirming the request for service authentication;
  
  transmission of the service authentication confirmation to the authentication server;
  
  analysis of the service authentication confirmation;
  
  confirmation of the user identity to the service provider according to the result of the analysis;
  
  granting of service access to the user by the service provider according to the confirmation of the user identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein an authentication is performed between at least one pair of devices from a group comprising the pairs:
    - the application device and the service provider;
      
      the service provider and the authentication server;
      
      the authentication server and the authentication device.
  - 3. The method according to claim 1, wherein a verification of at least one of the identities is performed.
  - 4. The method according to claim 1, wherein an address of the authentication device is attributed to the user identity and the authentication server retrieves the address based on an analysis of the user identity.
  - 5. The method according to claim 1, wherein a keyword for identifying the authentication server to the authentication device is attributed to the user identity, the authentication server retrieves the keyword based on an analysis of the user identity and sends the keyword to the authentication device, which indicates the keyword.
  - 6. The method according to claim 5, wherein the keyword is included into the request for service authentication.
  - 7. The method according to claim 1, wherein an encryption or signature or time stamp is applied at least to one of the identities or confirmations or requests.
  - 8. The method according to claim 1, wherein the generation of the service authentication confirmation or the transmission of the service authentication confirmation requires an entering of a password.
  - 9. The method according to claim 1, wherein the authentication device is a mobile phone.
  - 10. The method according to claim 1, wherein the application device is a computer.
  - 11. The method according to claim 1, wherein the application device is a payment device.
  - 12. The method according to claim 1, wherein the application device is a physical access unit with a unit for data entry.

13. An authentication server comprising a receiving unit, a transmitting unit, and a processing unit, wherein the receiving unit is adapted to receive a request for confirmation of a user identity from a service provider with the request comprising the user identity and a service identity identifying a service of the service provider;
- the processing unit is adapted to generate a request for service authentication indicating the service to an authentication device of the user;
  
  the transmitting unit is adapted to send the request for service authentication to the authentication device;
  
  the receiving unit is adapted to receive a service authentication confirmation from the authentication device with the service authentication confirmation confirming the request for service authentication;
  
  the processing unit is adapted to execute an analysis of the received service authentication confirmation and to generate a confirmation of the user identity according to the result of the analysis, the confirmation of the user identity confirming the identity of the user to the service provider;
  
  the transmitting unit is adapted to send the confirmation of the user identity to the service provider.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The authentication server according to claim 13, wherein the processing unit is adapted to execute an authentication with at least one device from a group comprising the service provider and the authentication device and to exchange messages for the authentication via the receiving unit and the transmitting unit.
  - 15. The authentication server according to claim 13, wherein the processing unit is adapted to execute a verification of at least one of the identities.
  - 16. The authentication server according to claim 13, wherein an address of the authentication device is attributed to the user identity and the processing unit is adapted to retrieve the address from a database based on an analysis of the user identity.
  - 17. The authentication server according to claim 13, wherein a keyword for identifying the authentication server to the authentication device is attributed to the user identity, the processing unit is adapted to retrieve the keyword from a database based on an analysis of the user identity and the transmitting unit is adapted to send the keyword to the authentication device.
  - 18. The authentication server according to claim 13, wherein the processing unit is adapted to apply an encryption or signature or time stamp to at least one of the identities or confirmations or requests or to process encrypted or signed identities or confirmations or requests or to analyze a time stamp comprised in an identity or confirmation or request.
  - 19. The authentication server according to claim 13, wherein the receiving unit and the transmitting unit are connectable to a mobile communication system.

20. A computer program loadable into a processing unit of an authentication server, wherein the computer program is adapted to perform the steps of processing of a request for confirmation of a user identity from a service provider with the request comprising the user identity identifying a user and a service identity identifying a service of the service provider;
- generating a request for service authentication indicating the service to an authentication device of the user;
  
  initializing of a transmission of the request for service authentication to the authentication device;
  
  executing an analysis of a service authentication confirmation from the authentication device with the service authentication confirmation confirming the request for service authentication;
  
  generating a confirmation of the user identity according to the result of the analysis, the confirmation of the user identity confirming the identity of the user to the service provider;
  
  initializing a transmission of the confirmation of the user identity to the service provider.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The computer program according to claim 20, wherein the computer program is adapted to generate and process messages for an authentication with at least one device from a group comprising the service provider and the authentication device.
  - 22. The computer program according to claim 20, wherein the computer program is adapted to execute a verification of at least one of the identities.
  - 23. The computer program according to claim 20, wherein an address of the authentication device is attributed to the user identity and the computer program is adapted to retrieve the address from a database.
  - 24. The computer program according to claim 20, wherein a keyword is attributed to the user identity and the computer program is adapted to retrieve the keyword from a database and to initialize a transmission of the keyword to the authentication device.
  - 25. The computer program according to claim 20, wherein the computer program is adapted to apply an encryption or signature or time stamp to at least one of the identities or confirmations or request or to process encrypted or signed identities or to analyze a time stamp comprised in an identity or confirmation or request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Schuba, Marko, Holtmanns, Silke, Gerdes, Martin, Hartung, Frank

Granted Patent

US 7,188,360 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/43   wireless channels

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3273   for mutual authentication n...

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 4/00   Services specially adapted ...

H04W 74/00   Wireless channel access

H04W 8/26   Network addressing or numbe...

Universal authentication mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

176 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Universal authentication mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links