Trust inheritance in network authentication
First Claim
1. A method for authenticating a user so that said user is able to access electronic services through an untrusted electronic terminal, said method comprising the steps of:
- (a) providing to an authentication interface a unique identifier of a trusted personal entity associated with said user;
(b) sending said unique identifier to at least one validation entity;
(c) identifying said unique identifier as an authentication request at said validation entity by an authentication application;
(d) looking up with said identifier in said validation entity whether said unique identifier is already registered in said validation entity;
a. if said user is registered with said validation entity, retrieving a password associated with said unique identifier, and sending said password to said personal entity;
b. if said user is not registered with said validation entity, said authentication application creating an account in said validation entity, generating a password and sending said password to said personal entity. (e) said user, after retrieving said password, providing said unique identifier and said password to said authentication interface, whereby an application permits access to electronic services through said electronic terminal and said application recording said electronic services to an account associated with said unique identifier.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing ad hoc controlled user access to wireless and wireline IP communication networks while maintaining privacy for users and traceability for network providers. The method includes an authentication interface accepting user credentials, and a validation entity for credential verification and access authorization. The credentials include a unique identifier and a system generated password. The unique identifier is associated with a personal entity of the user such as a cellular telephone. The password is transmitted to the user through a SMS message to his cellular telephone. The user'"'"'s Internet session is monitored by the system and all records are indexed by his cellular telephone number. The system and method therefore permit fast and traceable access for guest users at networks where they are were not previously known. Alternatively, users do not provide their unique identifiers such as cellular telephone numbers which are instead already stored in the system. A user provides a username and a one time password is generated by the system and sent to the user by SMS. This enables the system to validate the user'"'"'s identity as well as the user to validate the Internet resources'"'"' identity.
-
Citations
122 Claims
-
1. A method for authenticating a user so that said user is able to access electronic services through an untrusted electronic terminal, said method comprising the steps of:
-
(a) providing to an authentication interface a unique identifier of a trusted personal entity associated with said user;
(b) sending said unique identifier to at least one validation entity;
(c) identifying said unique identifier as an authentication request at said validation entity by an authentication application;
(d) looking up with said identifier in said validation entity whether said unique identifier is already registered in said validation entity;
a. if said user is registered with said validation entity, retrieving a password associated with said unique identifier, and sending said password to said personal entity;
b. if said user is not registered with said validation entity, said authentication application creating an account in said validation entity, generating a password and sending said password to said personal entity. (e) said user, after retrieving said password, providing said unique identifier and said password to said authentication interface, whereby an application permits access to electronic services through said electronic terminal and said application recording said electronic services to an account associated with said unique identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 122)
-
-
31. A system for authenticating a user so that said user is able to access electronic services through an untrusted electronic terminal, said user being associated with a trusted personal entity, said personal entity having a unique identifier, said system comprising:
-
(a) an authentication interface, said authentication interface being adapted to receive said unique identifier and to send said unique identifier to at least one validation entity;
(b) said validation entity adapted to receive said unique identifier and recognize said unique identifier and send a password associated with said unique identifier to said personal entity when an account associated with said personal entity already exists or create an account, generate a password and send said password to said personal entity if an account associated with said unique identifier is inexistent;
(c) whereby said authentication interface is further adapted to receive said unique identifier and said password and to enable access to said electronic services through said electronic terminal upon confirmation. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method of tracing untrusted electronic terminals to specific users, said method comprising the steps of:
-
(a) accessing an authentication interface through said electronic terminal and inputting a unique identifier of a personal entity associated with said user;
(b) sending said unique identifier to at least one validation entity;
(c) identifying said unique identifier as an authentication request at said validation entity;
(d) looking up with said identifier in said validation entity whether said unique identifier is already registered in said validation entity;
a. if said user is registered with said validation entity, retrieving a password associated with said unique identifier, and sending said password to said user;
b. if said user is not registered with said validation entity, said authentication application creating an account in said validation entity, generating a password and sending said password to said user;
(e) said user, after retrieving said password, providing said unique identifier and said password to said authentication interface, whereby an application permits access to electronic services and said application tracing said electronic services to an account associated with said unique identifier and said electronic terminal. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. A system for tracing untrusted electronic terminals to specific users so that said user is able to access electronic services through an electronic terminal, said user being associated with a personal entity, said personal entity having a unique identifier, said system comprising:
-
(a) an authentication interface, said authentication interface being adapted to receive said unique identifier and to send said unique identifier to at least one validation entity;
(b) said validation entity adapted to receive said unique identifier and recognize said unique identifier and send a password associated with said unique identifier to said personal entity when an account associated with said personal entity already exists or create an account, generate a password and send said password to said personal entity if an account associated with said unique identifier is inexistent;
(c) whereby said authentication interface is further adapted to receive said unique identifier and said password and to enable access to said electronic services through said electronic terminal upon confirmation. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80)
-
-
81. A method for authenticating a user known to a service provider so that said user is able to access electronic services through an electronic terminal, said method comprising the steps of:
-
(a) providing to an authentication interface a username;
(b) sending said username to at least one validation entity;
(c) identifying said username as an authentication request at said validation entity by an authentication application;
(d) looking up with said username in said validation entity whether said username is already registered in said validation entity;
a. if said username is registered with said validation entity and if a unique identifier of a personal entity associated with said user is already contained in said validation entity, generating a one-time password and sending said password to said personal entity using said unique identifier;
b. if said user is not registered with said validation entity or if a unique identifier is not already stored in the account, said authentication application rejecting user access;
(e) said user, after retrieving said password, providing said username and said password to said authentication interface, whereby an application permits access to electronic services through said electronic terminal and said application recording said electronic services to an account associated with said unique identifier. - View Dependent Claims (82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110)
-
-
111. A system for authenticating a known user so that said user is able to access electronic services through an electronic terminal, said user being associated with a username and a personal entity, said personal entity having a unique identifier, said system comprising:
-
(a) an authentication interface, said authentication interface being adapted to receive said username and to send said username to at least one validation entity;
(b) said validation entity adapted to receive said username and recognize said username and find said unique identifier associated with said user'"'"'s personal entity and generate a one-time password associated with said username and send said password to said user using said unique identifier when an account associated with said username already exists or reject user access if an account associated with said username is inexistent;
(c) whereby said authentication interface is further adapted to receive said username and said password and to enable access to said electronic services through said electronic terminal upon confirmation. - View Dependent Claims (112, 113, 114, 115, 116, 117, 118, 119, 120, 121)
-
Specification