User authentication system and user authentication method

US 20070079135A1
Filed: 10/02/2006
Published: 04/05/2007
Est. Priority Date: 10/04/2005
Status: Abandoned Application

First Claim

Patent Images

1. A user authentication system comprising:

a user terminal for entering information data for user authentication;

a mobile phone provided with a camera and decoding a code input from the camera;

a password issuing unit for generating a one-time password; and

a service providing unit for providing service to the user terminal and conducting operations for user authentication, which are connected to each other, wherein, when the user accesses the system via the user terminal, the service providing unit generates an encoded code with connection information of the password issuing unit contained therein; and

sends the code to the user terminal, wherein the mobile phone decodes the code displayed on the user terminal; and

accesses the password issuing unit using the connection information, wherein the password issuing unit generates a random one-time password; and

sends the one-time password to the service providing unit and also to the mobile phone accessing the password issuing unit, wherein the user terminal obtains the one-time password displayed on the mobile phone and user identification information for identifying the user; and

sends the one-time password and the user identification information as data of authentication information to the service providing unit, and wherein the service providing unit determines whether the one-time password sent from the user terminal is identical with the one-time password sent from the password issuing unit or not; and

, if both the two passwords are determined to be identical, the service providing unit permits the access of the user via the user terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication system capable of maintaining high-level security and of reducing a user'"'"'s load of operations necessary for login is provided. The user authentication system includes a user terminal, a mobile phone, a password issuing unit, and a service providing unit. When a user accesses the system via the user terminal, the service providing unit encodes connection information of the password issuing unit into a code, and sends the encoded code to the user terminal. The mobile phone decodes the code displayed on the user terminal, and accesses the password issuing unit using the connection information. The password issuing unit generates a one-time password, and sends the one-time password to the service providing unit and also to the mobile phone. The user terminal sends the one-time password displayed on the mobile phone and user identification information to the service providing unit. When the service providing unit determines that the two one-time passwords each sent from the user terminal and the password issuing unit are identical, the service providing unit permits the access of the user via the user terminal.

Citations

10 Claims

1. A user authentication system comprising:
- a user terminal for entering information data for user authentication;
  
  a mobile phone provided with a camera and decoding a code input from the camera;
  
  a password issuing unit for generating a one-time password; and
  
  a service providing unit for providing service to the user terminal and conducting operations for user authentication, which are connected to each other, wherein, when the user accesses the system via the user terminal, the service providing unit generates an encoded code with connection information of the password issuing unit contained therein; and
  
  sends the code to the user terminal, wherein the mobile phone decodes the code displayed on the user terminal; and
  
  accesses the password issuing unit using the connection information, wherein the password issuing unit generates a random one-time password; and
  
  sends the one-time password to the service providing unit and also to the mobile phone accessing the password issuing unit, wherein the user terminal obtains the one-time password displayed on the mobile phone and user identification information for identifying the user; and
  
  sends the one-time password and the user identification information as data of authentication information to the service providing unit, and wherein the service providing unit determines whether the one-time password sent from the user terminal is identical with the one-time password sent from the password issuing unit or not; and
  
  , if both the two passwords are determined to be identical, the service providing unit permits the access of the user via the user terminal.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The user authentication system according to claim 1, wherein the service providing unit generates a session ID for identifying a session between the user terminal and the service providing unit;
    - sends the session ID to the user terminal; and
      
      encodes the session ID in the code, wherein, when the mobile phone accesses the password issuing unit, the mobile phone sends the session ID, wherein, when the password issuing unit sends the one-time password to the service providing unit, the password issuing unit also sends the session ID to the service providing unit, wherein, when the user terminal sends the one-time password and the user identification information to the service providing unit, the user terminal also sends the session ID to the service providing unit, and wherein the service providing unit compares the two one-time passwords associated with each other, based on the session ID sent from the password issuing unit and the session ID sent from the user terminal.
  - 3. The user authentication system according to claim 2, wherein the mobile phone stores therein data on mobile phone identification information for identifying this mobile phone, and wherein, when the mobile phone accesses the password issuing unit, the password issuing unit in which all users'"'"' data on the mobile phone identification information is stored in advance requests the mobile phone to send the user'"'"'s data on the mobile phone identification information;
    - when the password issuing unit receives the user'"'"'s data on the mobile phone identification information from the mobile phone, the password issuing unit compares the received user'"'"'s data on the mobile phone identification information with all users'"'"' data on the mobile phone identification information stored therein; and
      
      , when there is any identical data in the mobile phone identification information, the present invention sends the one-time password to the mobile phone.
  - 4. The user authentication system according to claim 3, wherein the data on the mobile phone identification information is the phone number of the mobile phone, and wherein, when the password issuing unit sends the one-time password to the mobile phone, the password issuing unit sends the one-time password via a telephone network.
  - 5. The user authentication system according to claim 2, wherein, when the service providing unit in which all users'"'"' data on the user identification information is stored in advance receives the user'"'"'s data on the authentication information from the user terminal, the service providing unit compares the user'"'"'s data on the user identification information contained in the authentication information, with all users'"'"' data on the user identification information stored in the service providing unit;
    - and, if there is an identical data in the user identification information, the service providing unit compares the two one-time passwords.

6. A user authentication method in a user authentication system comprising:
- a user terminal for entering information data for user authentication;
  
  a mobile phone provided with a camera and decoding a code inputted from the camera;
  
  a password issuing unit for generating a one-time password; and
  
  a service providing unit for providing service to the user terminal and conducting operations for user authentication, which are connected to each other, the user authentication method comprising;
  
  (a) the step in which, when the user accesses the system via the user terminal, the service providing unit generates an encoded code with connection information of the password issuing unit contained therein; and
  
  sends the code to the user terminal, (b) the step in which the mobile phone obtains and decodes the code displayed on the user terminal; and
  
  accesses the password issuing unit using the connection information, (c) the step in which the password issuing unit generates a random one-time password; and
  
  sends the one-time password to the service providing unit and also to the mobile phone accessing the password issuing unit, (d) the step in which the user terminal obtains the one-time password displayed on the mobile phone and user identification information for identifying the user; and
  
  sends the one-time password and the user identification information as the authentication information to the service providing unit, and (e) the step in which the service providing unit compares the one-time password sent from the user terminal with the one-time password sent from the password issuing unit; and
  
  , when the two one-time passwords are identical, the service providing unit permits the access of the user via the user terminal.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The user authentication method according to claim 6, wherein, in the step (a), the service providing unit generates a session ID for identifying a session between the user terminal and the service providing unit;
    - sends the session ID to the user terminal; and
      
      encodes the session ID in the code, wherein, in the step (b), the mobile phone further sends the session ID, wherein, in the step (c), the password issuing unit further sends the session ID obtained in the step (b) to the service providing unit, wherein, in the step (d), the user terminal further sends the session ID obtained in the step (a), and wherein, in the step (e), the service providing unit compares the two one-time passwords associated with each other, based on the session ID sent from the password issuing unit and the session ID sent from the user terminal.
  - 8. The user authentication method according to claim 7, wherein the mobile phone stores therein data on mobile phone identification information for identifying this mobile phone, and the password issuing unit stores therein in advance all users'"'"' data on the mobile phone identification information, and wherein, in the step (c), the password issuing unit requests the mobile phone accessing the system to send the user'"'"'s data on the mobile phone identification information;
    - when the password issuing unit receives the user'"'"'s data on the mobile phone identification information from the mobile phone, the password issuing unit compares the received user'"'"'s data on mobile phone identification information with all users'"'"' data on the mobile phone identification information stored in the password issuing unit; and
      
      , when there is an identical data in the mobile phone identification information, the password issuing unit sends the one-time password to the service providing unit and the mobile phone.
  - 9. The user authentication method according to claim 8, wherein the data on the mobile phone identification information is the phone number of the mobile phone, and wherein, in the step (c), when the password issuing unit sends the one-time password to the mobile phone, the password issuing unit sends the one-time password via a telephone network.
  - 10. The user authentication method according to claim 7, wherein the service providing unit stores therein all users'"'"' data on the user identification information in advance, and wherein, in the step (e), the service providing unit compares the user'"'"'s data on the user identification information contained in the authentication information with all users'"'"' data on the user identification information stored in the service providing unit;
    - and, when there is an identical data in the user identification information, the service providing unit further compares the one-time passwords.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forval Technology, Inc.
Original Assignee
Forval Technology, Inc.
Inventors
Saito, William

Application Number

US11/540,535
Publication Number

US 20070079135A1
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

G06Q 20/40   Authorisation, e.g. identif...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/1025   Identification of user by a...

G07F 7/1091   Use of an encrypted form of...

H04L 2209/80   Wireless

H04L 63/0838   using one-time-passwords

H04L 63/102   Entity profiles

H04L 9/3228   One-time or temporary data,...

H04W 12/06   Authentication

H04W 12/65   Environment-dependent, e.g....

H04W 12/72   Subscriber identity

H04W 12/77   Graphical identity

User authentication system and user authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication system and user authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links