Method, arrangement and secure medium for authentication of a user
First Claim
1. Method for authenticating a user for access to protected areas, where an access code is read from a database stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, characterized in that the user is authenticated before the access code is read, a mediator program, particularly a Java program, is started, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program.
3 Assignments
0 Petitions
Accused Products
Abstract
When confidential data or areas of an EDP system (2) are accessed by a user (9), the user is granted access only if he registers (16) with the EDP system correctly with a user name and a password and, in addition, can identify himself as having access authorization using an access code (21), to which only he has access, from a database (5.2). The database is stored on a chip card (5), and access to the database has dual protection. Access to the access codes in the database is given only to that user who can correctly authenticate himself (12) to the chip card using biometric data, for example. In addition, the access codes in the database can be accessed only by a program (5.1) which is stored on the chip card and which can be activated only following correct authentication to the chip card by the user and which needs to have correctly authenticated itself (20) directly on the database using an ID incorporated in the program code.
91 Citations
13 Claims
- 1. Method for authenticating a user for access to protected areas, where an access code is read from a database stored on a security medium, particularly a chip card, and is transmitted to a data processing apparatus, characterized in that the user is authenticated before the access code is read, a mediator program, particularly a Java program, is started, a card program stored on the security medium is asked by the mediator program to read the access code, the mediator program is authenticated by the security medium, and, if the mediator program and the user have been correctly authenticated, the access code is read from the database by the card program, is transferred to the mediator program and is transmitted to the data processing apparatus by the mediator program.
- 7. Arrangement for authenticating a user for access to protected areas, comprising a data processing apparatus for authenticating the user, a security medium and first means for accessing the security medium, the security medium having a processor and a memory, characterized in that the memory stores a database having a plurality of access codes, a program for accessing the database and user-specific identification features for a user, in that an access code can be read from the database exclusively by the program, and the security medium has means for authenticating a mediator program which asks the program to read the access code, in that the arrangement has second means for ascertaining user-specific identification features, preferably biometric user data, and the arrangement has third means for comparing the ascertained user-specific identification features with the user-specific identification features stored on the security medium.
- 12. Security medium for authenticating a user for access to protected areas, comprising a processor and a memory, characterized in that the memory stores a database having a plurality of access codes, an individual program and user-specific identification features for a user, an access code can be read from the database exclusively by the individual program, and the security medium has means for authenticating a mediator program which asks the individual program to read an access code.
Specification