Method and Arrangement for Secure Authentication

US 20090119759A1
Filed: 10/03/2006
Published: 05/07/2009
Est. Priority Date: 10/03/2005
Status: Active Grant

First Claim

Patent Images

1. A method for secure transfer of data between two parties, a user and a second party comprising at least one of;

a first session for generating a unique and new authentication factor/user code adapted for user authentication, a second session for registering of the users authentication factor(s)/user code(s) at the second party and a third session for secure user authentication between the two parties for data transfer, the user being registered at the second party and the second party being a service provider, where the user at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and at least one client stored in a storage means (103) or partly stored in the storage means (103) adapted for user authentication (104), and where the at least one client includes capacity to generate and store random numbers characterised in that the first session comprises at least the steps of;

B.1) the at least one client generates a random number (107), using a generation capacity in the at least one client,C.1) the at least one client stores the random number in the at least one client and naming the stored random number a client reference,D.1) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100), and the at least one client fetches the client reference, andE.1) the at least one client uses a one or more calculating algorithms (105) stored in the at least one client where a representation of the code being unique to the personal terminal (100). and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code representing the user'"'"'s possession of the personal terminal (100).

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication (104), called a user code, and the service provider registering the user'"'"'s user code as an authentication factor is disclosed. The method is useful for various security services involving a user and a service provider in electronic channels where service providers are faced with the challenges of authenticating the users of their services.

43 Citations

View as Search Results

25 Claims

1. A method for secure transfer of data between two parties, a user and a second party comprising at least one of;
- a first session for generating a unique and new authentication factor/user code adapted for user authentication, a second session for registering of the users authentication factor(s)/user code(s) at the second party and a third session for secure user authentication between the two parties for data transfer, the user being registered at the second party and the second party being a service provider, where the user at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and at least one client stored in a storage means (103) or partly stored in the storage means (103) adapted for user authentication (104), and where the at least one client includes capacity to generate and store random numbers characterised in that the first session comprises at least the steps of;
  
  B.1) the at least one client generates a random number (107), using a generation capacity in the at least one client,C.1) the at least one client stores the random number in the at least one client and naming the stored random number a client reference,D.1) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100), and the at least one client fetches the client reference, andE.1) the at least one client uses a one or more calculating algorithms (105) stored in the at least one client where a representation of the code being unique to the personal terminal (100). and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code representing the user'"'"'s possession of the personal terminal (100).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method according to claim 1, characterised in that the second session, registering the user code at the second party comprises at least the steps of:
    - A.2) the second party requests the user to register the user code in a user data at the second party,B.2) providing the second party with authenticity information of the one or more clients (205), andC.2) a terminating step where the said user code is forwarded to the second party (206) and stored as a part of the user data associated with the user at the second party.
  - 3. A method according to claim 1, characterised in that the first session further comprises the alternative steps of:
    - step D.1) comprises the additional steps of requesting the user to enter a pass code on the personal terminal (100), and step E.1) comprises the additional step of inputting the pass code to the calculation algorithm (105), producing an output, a user code, which represents the user'"'"'s possession of the personal terminal (100) and the knowledge of the pass code.
  - 4. A method according to claim 1, characterised in that the third session comprises at least the steps of:
    - B.3) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100),C.3) the at least one client fetches a client reference, generated in a registration session between the first and the second party, andD.3) uses a one or more calculating algorithms stored in the at least one client where a representation of the code being unique to the personal terminal (100) and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code, which represents the user'"'"'s possession of the personal terminal (100) to the service provider.
  - 5. A method according to claim 4, characterised in that the third session further comprises at least an introductory step of:
    - A.3) providing the second party with authenticity information of the one or more clients; and
      
      E.3) a terminating step where the output from the one or more calculation algorithms on the personal terminal (100) is forwarded to the second party.
  - 6. A method according to claim 4, characterised in that step D.3) comprises the additional steps of:
    - the first party, enters a pass code on the personal terminal (100);
      
      the said pass code is used as an additional input to the calculation algorithm, producing an output, a user code, which represents the user'"'"'s possession of the personal terminal (100) and, the knowledge of the pass code.
  - 7. A method according to claim 1, characterised in that the at least one client is residing partly on the personal terminal (100) and partly on a proxy server (109).
  - 8. A method according to claim 7, characterised in that the first, second and third session comprises on the personal terminal (100) at least the steps ofA.4) providing the proxy server (109) with authenticity information of the at least one client, andB.4) the at least one client fetches a code being unique, associated with the personal terminal (100) and residing in the personal terminal (100), and forwards the said code to the proxy server (109).
  - 9. A method according to claim 8, characterised in that step B.4) comprises the additional steps of:
    - the user enters a pass code on the personal terminal (100), the said pass code is forwarded to the proxy server (109).
  - 10. A method according to claim 7, characterised in that the first, second and third session comprises on the proxy server at least the steps of:
    - A.5) receiving from the at least one client on the personal terminal (100) the code being unique, associated with the personal terminal (100) and residing in the personal terminal (100),B.5) the at least one client on the proxy server (109) fetches a client reference, generated in the first session, andC.5) use a one or more calculating algorithms stored in the at least one client on the proxy server (109) where a representation of the code being unique to the personal terminal (100) and the client reference are inputted to the one or more calculation algorithms, producing an output, a user code, which represents the user'"'"'s possession of the personal terminal (100) to the Service provider.
  - 11. A method according to claim 10, characterised in that step B.5) comprises the additional step of receiving from the at least one client on the personal terminal (100) a pass code, and step C.5) comprises the additional step of using the said pass code as additional input to the calculation algorithm, producing an output, a user code, representing the user'"'"'s possession of the personal terminal (100) and the knowledge of the pass code.
  - 12. A method according to claim 1, characterised in that the third session comprises at least the steps of:
    - A.6) inputting an information element (301) to the personal terminal (100)B.6) producing the said user code (302) on the at least one clientC.6) inputting the said user code and the information element to the one or more calculation algorithm, producing an output (303), the signed element.
  - 13. A method according to claim 12, characterised in that where the second party has stored in a user file the user name and one or more user codes of the user, and has access to the same one or more calculation algorithms as the one or more clients present on the proxy (109) or on the personal terminal (100) of the user, and has access to the information element, and there is at least one communication channel between the personal terminal (100) and the second party, then the third session further comprises at least the step of:
    - D.6) the user name is forwarded (304) from the user to the second party,E.6) the signed element is forwarded (304) to the second party,F.6) the second party inputs the user code stored in the user file and the information element to the one or more calculation algorithm, producing an output (305), the signed elementG.6) the second party comparing (306) the signed element outputted from the one or more calculation algorithms and the signed element forwarded from the user. and if the two elements are equal the user is authenticated.
  - 14. A method according to claim 12, characterised in establishing for the second and third session a two channel communication between the first and the second party where the first channel, channel1 (404), is between the personal terminal (100) and the second party, the second channel, channel2 (405), is between a second terminal accessible for the first party and the second party.
  - 15. A method according to claim 14, characterised in that forwarding the user name from the user to the second party in channel2 (405), forwarding the information element from the second party to the user in channel2 (405) and forwarding the signed element from the first party to the second party in channel1 (404).
  - 16. A method according to claim 14, characterised in that forwarding the user name from the user to the second party in channel2 (405), forwarding the information element from the second party to the user in channel1 (404) and forwarding the signed element from the user to the second party in channel1 (404).
  - 17. A method according to claim 14, characterised in that forwarding the user name from the user to the second party in channel2 (405), forwarding the information element from the second party to the user in channel1 (404) and forwarding the signed element from the user to the second party in channel2 (405).
  - 18. A method according to claim 1, characterised by using an IMEI number, a MAC, a processor number, an Electronic Product Code—
    - EPC or a SIM serial number—
      
      SSN, as the code being unique, associated with the personal terminal (100) and residing in the personal terminal (100).
  - 19. A method according to claim 1, characterised in that the user uses any user input to the personal terminal (100) such as alphanumeric and numeric characters, representation of voice or biometric data as the pass code.

20. An arrangement for secure user authentication (104) between two parties, where the first party is a user which at least uses a personal terminal (100) comprising at least a central processing unit (101), communication means (102), and storage means (103) adapted to store one or more clients or adapted to partly store one or more clients adapted for user authentication (104), where the second party is a service provider characterised in that the one or more clients at least comprises:
- one or more calculation algorithms (105),input parameters from a code being unique (106), associated with the personal terminal (100) and residing in the personal terminal (100), such as IMEI number, a MAC, a processor number, an electronic product code—
  
  EPC or a SIM serial number—
  
  SSN,means adapted to generate and store random numbers (107) in the one or more client, means adapted to identify itself to the second party and to identify the second party (108), andmeans for secure communication with a server (102).
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. An arrangement according to claim 20, characterised in that the arrangement further comprises input parameters from the user, such as alphanumeric and numeric characters, representation of voice or biometric data.
  - 22. An arrangement according to claim 20, characterised in that the arrangement further comprises a second terminal for unidirectional or bidirectional communication between the user and the second party.
  - 23. An arrangement according to claim 20, characterised by further comprising a proxy server comprising at least:
    - means to receive input parameters from the one or more clients on the personal terminal (100),a one or more calculation algorithms (105),means adapted to generate and store random numbers (107) in the one or more client.means (110) adapted to identify itself to the one or more clients on the personal terminal (100) and to identify the one or more clients on the personal terminal (100).means adapted to identify itself to the second party and to identify the second party,means for secure communication with a server (111).
  - 24. An arrangement according to claim 20, characterised in that the personal terminal (100) is one of the following:
    - a mobile telephone such as a GSM or UMTS telephone, a PDA comprising communication means (102), a computer entertainment terminal compromising communication means (102) or a portable computer comprising communication means (102).
  - 25. An arrangement according to claim 20, characterised in that the personal terminal (100) is adapted to download the one or more clients using wireless or wired communication means (102).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Encap AS (Signicat AS)
Original Assignee
Encap AS (Signicat AS)
Inventors
Taugbol, Petter

Granted Patent

US 8,335,925 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

Method and Arrangement for Secure Authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Arrangement for Secure Authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links