Method and Arrangement for Secure Authentication
First Claim
1. A method for secure transfer of data between two parties, a user and a second party comprising at least one of;
- a first session for generating a unique and new authentication factor/user code adapted for user authentication, a second session for registering of the users authentication factor(s)/user code(s) at the second party and a third session for secure user authentication between the two parties for data transfer, the user being registered at the second party and the second party being a service provider, where the user at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and at least one client stored in a storage means (103) or partly stored in the storage means (103) adapted for user authentication (104), and where the at least one client includes capacity to generate and store random numbers characterised in that the first session comprises at least the steps of;
B.1) the at least one client generates a random number (107), using a generation capacity in the at least one client,C.1) the at least one client stores the random number in the at least one client and naming the stored random number a client reference,D.1) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100), and the at least one client fetches the client reference, andE.1) the at least one client uses a one or more calculating algorithms (105) stored in the at least one client where a representation of the code being unique to the personal terminal (100). and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code representing the user'"'"'s possession of the personal terminal (100).
7 Assignments
0 Petitions
Accused Products
Abstract
A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication (104), called a user code, and the service provider registering the user'"'"'s user code as an authentication factor is disclosed. The method is useful for various security services involving a user and a service provider in electronic channels where service providers are faced with the challenges of authenticating the users of their services.
43 Citations
25 Claims
-
1. A method for secure transfer of data between two parties, a user and a second party comprising at least one of;
- a first session for generating a unique and new authentication factor/user code adapted for user authentication, a second session for registering of the users authentication factor(s)/user code(s) at the second party and a third session for secure user authentication between the two parties for data transfer, the user being registered at the second party and the second party being a service provider, where the user at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and at least one client stored in a storage means (103) or partly stored in the storage means (103) adapted for user authentication (104), and where the at least one client includes capacity to generate and store random numbers characterised in that the first session comprises at least the steps of;
B.1) the at least one client generates a random number (107), using a generation capacity in the at least one client, C.1) the at least one client stores the random number in the at least one client and naming the stored random number a client reference, D.1) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100), and the at least one client fetches the client reference, and E.1) the at least one client uses a one or more calculating algorithms (105) stored in the at least one client where a representation of the code being unique to the personal terminal (100). and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code representing the user'"'"'s possession of the personal terminal (100). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- a first session for generating a unique and new authentication factor/user code adapted for user authentication, a second session for registering of the users authentication factor(s)/user code(s) at the second party and a third session for secure user authentication between the two parties for data transfer, the user being registered at the second party and the second party being a service provider, where the user at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and at least one client stored in a storage means (103) or partly stored in the storage means (103) adapted for user authentication (104), and where the at least one client includes capacity to generate and store random numbers characterised in that the first session comprises at least the steps of;
-
20. An arrangement for secure user authentication (104) between two parties, where the first party is a user which at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and storage means (103) adapted to store one or more clients or adapted to partly store one or more clients adapted for user authentication (104), where the second party is a service provider characterised in that the one or more clients at least comprises:
-
one or more calculation algorithms (105), input parameters from a code being unique (106), associated with the personal terminal (100) and residing in the personal terminal (100), such as IMEI number, a MAC, a processor number, an electronic product code—
EPC or a SIM serial number—
SSN,means adapted to generate and store random numbers (107) in the one or more client, means adapted to identify itself to the second party and to identify the second party (108), and means for secure communication with a server (102). - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification