Secured Authentication Method for Providing Services on a Data Transmisson Network

US 20080176533A1
Filed: 08/05/2005
Published: 07/24/2008
Est. Priority Date: 08/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method for accessing a service on a data transmission network, by means of a user terminal (30) connected to said network, characterised in that it includes:

a) a phase for subscribing to said service, wherein;

an information container (TOKEN) associated with the user is generated, including a first set of authentication data (X0, X1, X2, X3) for accessing the service and a second set of useful data relating to said user (SID/PN) and to access rights to said service (RBF, UBF, TBF), said first and second sets of data being encrypted, and wherein,said container is transmitted (d) securely on said user terminal (30), andb) a phase for accessing said terminal whereinsaid container is transmitted (e) securely from said user terminal (30) to at least one management server (40) connected to the network during a request to access said service, and wherein,after decryption of the constituent data of said container, the server (40) verifies (g) the validity of said first set of authentication data and, in the event that verification is successful, authorises (h) access to the service for its execution, based on said access rights for the second set of data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for accessing to a network service by means of a user'"'"'s terminal (30) involving an application phase which consists in generating a container (TOKEN) containing a first authentication data set (X0, X1, X2 X3) for accessing to a service and a second useful data set related to access rights for said service (RBF, UBF, TBF), in securely transmitting (d) said container to said terminal and an access phase which consists in securely transmitting (e) the container from said terminal to a managing server (40) which is connected to the network while an access request, after deciphering (f) data of said container, in verifying (g) the validity of the first data set by the server and, following the successful verification, in authorising (h) the access to the service for performing it according to said access rights.

38 Citations

View as Search Results

23 Claims

1. A method for accessing a service on a data transmission network, by means of a user terminal (30) connected to said network, characterised in that it includes:
- a) a phase for subscribing to said service, wherein;
  
  an information container (TOKEN) associated with the user is generated, including a first set of authentication data (X0, X1, X2, X3) for accessing the service and a second set of useful data relating to said user (SID/PN) and to access rights to said service (RBF, UBF, TBF), said first and second sets of data being encrypted, and wherein,said container is transmitted (d) securely on said user terminal (30), andb) a phase for accessing said terminal whereinsaid container is transmitted (e) securely from said user terminal (30) to at least one management server (40) connected to the network during a request to access said service, and wherein,after decryption of the constituent data of said container, the server (40) verifies (g) the validity of said first set of authentication data and, in the event that verification is successful, authorises (h) access to the service for its execution, based on said access rights for the second set of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. Method of claim 1, characterised in that the phase for subscribing to the service includes payment (a) for said service by the user (10) via a payment server (20).
  - 3. Method of claim 2, characterised in that the subscription phase further includes the furnishing (b) of a one-time use password (OTP) by the payment server (20) to the user (10), the transmission (c) of said password to the management server (40) triggering the secure transmission (d) of the container (TOKEN) of said server (40) to said terminal (30).
  - 4. Method as claimed in claim 1, characterised in that, after the service has been executed, a step for updating (i) the useful data of the container (TOKEN) relating to the access rights to the service is advantageously implemented on the server (40), said updated data being backed up on the management server (40).
  - 5. Method of claim 4, characterised in that, following this update, the first and second sets of data of the container are encrypted (j) on the server (40), then said updated container is transmitted (k) securely from the management server (40) to the user terminal (30) for a subsequent service access phase.
  - 6. Method as claimed in claim 1, characterised in that the secure transmission (d) of the container consists in transmitting the constituent data of said container in encrypted form, via application of a symmetrical encryption algorithm using a secret key (K₀, K1, K2) shared by the user terminal (30) and the server (40).
  - 7. Method of claim 6, characterised in that the secret key used is renewed per parameterable period.
  - 8. Method as claimed in claim 5, characterised in that the renewal of the secret key consists in transmitting a new key at the same time as the container, during its secure transmission from the server (40) to the user terminal (30) for a subsequent service access phase.
  - 9. Method as claimed in claim 6, characterised in that the symmetrical encryption algorithm used on the terminal (30) and the server (40) is of the RC4 type.
  - 10. Method as claimed in claim 1, characterised in that the encryption of the constituent data of the container, prior to its secure transmission, is preferably obtained via application of a public key algorithm to said data, the corresponding private key being stored only on the server (40).
  - 11. Method of claim 10, characterised in that the encryption algorithm is an RSA-type algorithm.
  - 12. Method as claimed in claim 1, characterised in that the first set of authentication data (X0, X1, X2, X3) is represented by hash function collisions.
  - 13. Method of claim 12, characterised in that the verification step on the server (40) consists in ascertaining that the authentication data (X0, X1, X2, X3) actually forms hash function collisions.
  - 14. Method as claimed in any claim 1, characterised in that the verification step consists in verifying the correspondence of the authentication data (X0, X1, X2, X3) coming from the container with authentication data referenced in a user database for this user.
  - 15. Method as claimed in claim 1, characterised in that an element for invoicing the cost of the service is generated on the server (40), after said service has been executed, using the useful data of the container relating to the access rights to the service for the user, the authentication data being associated with said invoicing element generated as proof that the access to said service has been authorised.
  - 16. Method of claim 15, characterised in that the invoicing element is stored with a view to being used for subsequent financial compensation.
  - 17. Method as claimed in claim 1, characterised in that the service accessed is a voice over IP service.
  - 18. Method of claim 17, characterised in that the transmission of the container from the user terminal (30) to the server (40) or from the server to the user terminal for accessing the service is integrated into a protocol enabling voice over IP transmissions.
  - 19. Method of claim 18, characterised in that the protocol is an SIP protocol.
  - 20. Method as claimed in claim 1, characterised in that the transmission of the container (TOKEN) from the user terminal (30) to the management server (40) is carried out by means of an intermediate network gateway, said gateway implementing a step for preliminary verification of the validity of the container, prior to it being routed to said server.
  - 21. Method of claim 20, characterised in that the step for preliminary verification of the validity of the container (TOKEN) consists in verifying the validity of a third set of authentication data of said container.
  - 22. A server (40) connected to a data transmission network for accessing a service by means of a user terminal (30) connected to said network, characterised in that it includes means for implementing the steps of the method as claimed in claim 1.
  - 23. Server of claim 22, characterised in that it is of the SIP proxy type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jean-Luc Leleu
Original Assignee
Jean-Luc Leleu
Inventors
Leleu, Jean-Luc

Granted Patent

US 8,359,273 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06Q 20/1235   with control of digital rig...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/346   Cards serving only as infor...

G06Q 20/351   Virtual cards

G06Q 20/355   Personalisation of cards fo...

G06Q 20/385   using an alias or single-us...

G07F 17/0014   for vending, access and use...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 9/32   including means for verifyi...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

Secured Authentication Method for Providing Services on a Data Transmisson Network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Secured Authentication Method for Providing Services on a Data Transmisson Network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others