Method and Devices For User Authentication
First Claim
1. A method of authenticating a user using a communication terminal to access a server via a telecommunications network, the method comprising:
- receiving from the user a personal identification code;
generating a data set from secure session establishment protocol messages exchanged between the communication terminal and the server;
generating a transaction authentication number based on the data set, using the personal identification code;
transmitting the transaction authentication number from the communication terminal to the server; and
verifying in the server the transaction authentication number based on the secure session establishment protocol messages exchanged with the communication terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
For authenticating a user using a communication terminal (1) to access a server (4) via a telecommunications network, a personal identification code is received from the user From secure session establishment protocol messages exchanged (S1, S2, S3) between the communication terminal (1) and the server (4), a data set is generated (S4). Based on the data set, a transaction authentication number is generated (S52) using the personal identification code. The transaction authentication number is transmitted (S54) from the communication terminal (1) to the server (4). In the server (4), the transaction authentication number received is verified (S20) based on the secure session establishment protocol messages exchanged with the communication terminal (1). The transaction authentication number enables session aware user authentication that protects online users against real-time man-in-the-middle attacks.
-
Citations
47 Claims
-
1. A method of authenticating a user using a communication terminal to access a server via a telecommunications network, the method comprising:
-
receiving from the user a personal identification code; generating a data set from secure session establishment protocol messages exchanged between the communication terminal and the server; generating a transaction authentication number based on the data set, using the personal identification code; transmitting the transaction authentication number from the communication terminal to the server; and verifying in the server the transaction authentication number based on the secure session establishment protocol messages exchanged with the communication terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer program product comprising computer program code means for controlling one or more processors of a communication terminal, such that the communication terminal
receives from a user a personal identification code; -
generates a data set from secure session establishment protocol messages exchanged between the communication terminal and a server; generates a transaction authentication number based on the data set, using the personal identification code; and transmits the transaction authentication number to the server for verification. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computerized server, configured for exchanging data with a communication terminal via a telecommunications network, the server comprising a user authentication module configured
to receive a transaction authentication number from the communication terminal, the transaction authentication number being based on a personal identification code received from a user of the communication terminal and on a data set generated from secure session establishment protocol messages exchanged between the communication terminal and the server; - and
to verify the transaction authentication number received based on the secure session establishment protocol messages exchanged with the communication terminal. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- and
-
47. A method of changing a personal identification code by a user using a communication terminal to access a server via a telecommunications network, the method comprising:
-
receiving from the user an old personal identification code; receiving from the user a new personal identification code; generating a data set from secure session establishment protocol messages exchanged between the communication terminal and the server; generating in an authentication module associated with the communication terminal an authentication base number from the data set, using a secret token key associated with the authentication module; generating an identification change code from the authentication base number, the old personal identification code, and the new personal identification code; transmitting the identification change code from the communication terminal to the server; generating in the server an authentication base number from the secure session establishment protocol messages exchanged, using the secret token key; and deriving in the server the new personal identification code from the identification change code, using the old personal identification code and the authentication base number generated in the server.
-
Specification