Method of authenticating user access to network stations
First Claim
1. A method of authenticating a user ID by making use of a net entry apparatus (40) possessing a cryptography security mechanism to establish two-way communication with an authentication server (20) and an application server (30) through a host computer (10), involving a two stage authentication process, wherein the first-stage authentication is conducted between the net entry apparatus (40) and the authentication server (20), whereby the authentication server (20) obtains the basic data or user ID from the net entry apparatus (40) to generate a random number test key, and then sends it to the net entry apparatus (40);
- then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
then the authentication server (20) retrieves its own copy of the test key, adds an encryption with a symmetrical test key, and compares it with the test key received;
then if these two test keys correspond with each other, the authentication server (20) generates a network key and sends it to the host computer (10);
the second-stage authentication is conducted after the network key is received by the authentication server (20), whereby the authentication server (20) generates an encrypted token with the network key and sends it to the host computer (10);
then the host computer (10) issues the encrypted token to the application server (30) to which the user intends to gain access;
then the application server (30) receiving the encrypted token passes it back to the authentication server (20) for verification;
then the authentication server (20) decrypts the returned token with the network key and compares it with the original token;
then if the two tokens correspond with each other, the authentication server (20) notifies the application server (30) that the user ID is valid;
otherwise, the user ID is invalid if these two tokens do not match.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a user access to network stations is disclosed. Users of the new authentication system do not need to input passwords to gain access to the network stations for on-line transactions, as the authentication job is handled by the authentication server and the net entry apparatus through a host computer. A token is generated dynamically and sent to the application server to which the user intends to gain access, and the verification process is then activated between the authentication server and the application server, which then retrieves a symmetrical copy of the token to compare with the token passed from the application server. If both tokens match up, the user ID has passed the security check. Users are freed from having to memorize different user IDs and passwords to operate many network accounts, with no risk of losing network account numbers and passwords.
65 Citations
15 Claims
-
1. A method of authenticating a user ID by making use of a net entry apparatus (40) possessing a cryptography security mechanism to establish two-way communication with an authentication server (20) and an application server (30) through a host computer (10), involving a two stage authentication process, wherein
the first-stage authentication is conducted between the net entry apparatus (40) and the authentication server (20), whereby the authentication server (20) obtains the basic data or user ID from the net entry apparatus (40) to generate a random number test key, and then sends it to the net entry apparatus (40); - then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
then the authentication server (20) retrieves its own copy of the test key, adds an encryption with a symmetrical test key, and compares it with the test key received;
then if these two test keys correspond with each other, the authentication server (20) generates a network key and sends it to the host computer (10);
the second-stage authentication is conducted after the network key is received by the authentication server (20), whereby the authentication server (20) generates an encrypted token with the network key and sends it to the host computer (10);
then the host computer (10) issues the encrypted token to the application server (30) to which the user intends to gain access;
then the application server (30) receiving the encrypted token passes it back to the authentication server (20) for verification;
then the authentication server (20) decrypts the returned token with the network key and compares it with the original token;
then if the two tokens correspond with each other, the authentication server (20) notifies the application server (30) that the user ID is valid;
otherwise, the user ID is invalid if these two tokens do not match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
-
10. A net entry apparatus (40) for use in authentication, comprising:
-
a microprocessor (41) for internal computation;
a connection interface (42) for linking up with the host computer (10);
an encryption unit (43) for creating encrypted data;
a system memory (44) for temporarily saving of user ID of the net entry apparatus (40) and random number test key. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification