Method of authenticating user access to network stations
First Claim
1. A method of authenticating a user ID by making use of a net entry apparatus (40) possessing a cryptography security mechanism to establish two-way communication with an authentication server (20) and an application server (30) through a host computer (10), involving a two stage authentication process, wherein the first-stage authentication is conducted between the net entry apparatus (40) and the authentication server (20), whereby the authentication server (20) obtains the basic data or user ID from the net entry apparatus (40) to generate a random number test key, and then sends it to the net entry apparatus (40);
- then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
then the authentication server (20) retrieves its own copy of the test key, adds an encryption with a symmetrical test key, and compares it with the test key received;
then if these two test keys correspond with each other, the authentication server (20) generates a network key and sends it to the host computer (10);
the second-stage authentication is conducted after the network key is received by the authentication server (20), whereby the authentication server (20) generates an encrypted token with the network key and sends it to the host computer (10);
then the host computer (10) issues the encrypted token to the application server (30) to which the user intends to gain access;
then the application server (30) receiving the encrypted token passes it back to the authentication server (20) for verification;
then the authentication server (20) decrypts the returned token with the network key and compares it with the original token;
then if the two tokens correspond with each other, the authentication server (20) notifies the application server (30) that the user ID is valid;
otherwise, the user ID is invalid if these two tokens do not match.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a user access to network stations is disclosed. Users of the new authentication system do not need to input passwords to gain access to the network stations for on-line transactions, as the authentication job is handled by the authentication server and the net entry apparatus through a host computer. A token is generated dynamically and sent to the application server to which the user intends to gain access, and the verification process is then activated between the authentication server and the application server, which then retrieves a symmetrical copy of the token to compare with the token passed from the application server. If both tokens match up, the user ID has passed the security check. Users are freed from having to memorize different user IDs and passwords to operate many network accounts, with no risk of losing network account numbers and passwords.
65 Citations
15 Claims
-
1. A method of authenticating a user ID by making use of a net entry apparatus (40) possessing a cryptography security mechanism to establish two-way communication with an authentication server (20) and an application server (30) through a host computer (10), involving a two stage authentication process, wherein
the first-stage authentication is conducted between the net entry apparatus (40) and the authentication server (20), whereby the authentication server (20) obtains the basic data or user ID from the net entry apparatus (40) to generate a random number test key, and then sends it to the net entry apparatus (40); - then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
then the authentication server (20) retrieves its own copy of the test key, adds an encryption with a symmetrical test key, and compares it with the test key received;
then if these two test keys correspond with each other, the authentication server (20) generates a network key and sends it to the host computer (10);
the second-stage authentication is conducted after the network key is received by the authentication server (20), whereby the authentication server (20) generates an encrypted token with the network key and sends it to the host computer (10);
then the host computer (10) issues the encrypted token to the application server (30) to which the user intends to gain access;
then the application server (30) receiving the encrypted token passes it back to the authentication server (20) for verification;
then the authentication server (20) decrypts the returned token with the network key and compares it with the original token;
then if the two tokens correspond with each other, the authentication server (20) notifies the application server (30) that the user ID is valid;
otherwise, the user ID is invalid if these two tokens do not match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- then the net entry apparatus (40) encrypts the test key with an embedded private key and sends it back to the authentication server (20);
-
10. A net entry apparatus (40) for use in authentication, comprising:
-
a microprocessor (41) for internal computation;
a connection interface (42) for linking up with the host computer (10);
an encryption unit (43) for creating encrypted data;
a system memory (44) for temporarily saving of user ID of the net entry apparatus (40) and random number test key. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification
-
- Resources
-
Current AssigneeChou Chin Industrial Co., Ltd.
-
Original AssigneeChou Chin Industrial Co., Ltd.
-
InventorsHuang, Yen-Hui
-
Application NumberUS10/643,721Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/182CPC Class CodesG06F 21/33 using certificatesG06F 2221/2115 Third partyH04L 2209/56 Financial cryptography, e.g...H04L 2463/102 applying security measure f...H04L 63/0442 wherein the sending and rec...H04L 63/0807 using tickets, e.g. Kerbero...H04L 9/0822 using key encryption keyH04L 9/3213 using tickets or tokens, e....
