METHOD FOR AUTHENTICATION AND SIGNATURE OF A USER IN AN APPLICATION SERVICE, USING A MOBILE TELEPHONE AS A SECOND FACTOR IN ADDITION TO AND INDEPENDENTLY OF A FIRST FACTOR

US 20110016320A1
Filed: 01/27/2009
Published: 01/20/2011
Est. Priority Date: 01/28/2008
Status: Active Grant

First Claim

Patent Images

1. A method for the two-factor authentication of a user with an application service executed on an application server, wherein the first authentication factor is a PIN authentication code known only to the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by same, said reliability application being capable of generating, using said PIN authentication code and a secret key shared only with the reliable third party, a single-use authentication code for each authentication of the user with the application service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for the two-factor authentication of a user in an application service running on an application server. The first authentication factor is a PIN authentication code known only by the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by the same. The reliability application is capable of generating, using the PIN authentication code and a secret key shared only with the reliable third party, a single use authentication code for each authentication of the user in the application service.

313 Citations

20 Claims

1. A method for the two-factor authentication of a user with an application service executed on an application server, wherein the first authentication factor is a PIN authentication code known only to the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by same, said reliability application being capable of generating, using said PIN authentication code and a secret key shared only with the reliable third party, a single-use authentication code for each authentication of the user with the application service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. An authentication method according to claim 1, wherein the authentication of a user with an application service comprises the following steps:
    - following the entry of a PIN authentication code by the user, a step of generating a single-use authentication code by means of the reliability application installed on the mobile communication terminal of the user;
      
      a step of communicating the single-use authentication code thus obtained to the application service;
      
      a step of transmission by the application service of the single-use authentication code in a reduced form to the reliable third party;
      
      a step of verifying the single-use authentication code by the reliable third party;
      
      a step of notification of the result of the authentication by the reliable third party to the application service.
  - 3. An authentication method according to claim 1, wherein the first authentication factor, namely the PIN authentication code, is supplied to the user by the application service in a secure manner.
  - 4. An authentication method according to claim 1, wherein the first authentication factor, namely the PIN authentication code, is chosen by the user and communicated to the application service in a secure manner.
  - 5. An authentication method according to claim 1, wherein the secret key is created by the reliable third party and communicated to the reliability application in a secure manner.
  - 6. An authentication method according to claim 1, wherein the secret key is generated by the reliability application and communicated to the reliable third party in a secure manner.
  - 7. An authentication method according to claim 1, further comprising, prior to the authentication of the user, a step of registering the user with the server of the reliable third party, the said registration comprising the steps of:
    - registering the user with the server of the reliable third party;
      
      downloading and installing the reliability application in the mobile communication terminal;
      
      activating the said reliability application in order to make it functional for the subsequent operations of authentication of the user with the application server.
  - 8. An authentication method according to claim 7, wherein the registration phases up to the activation of a user with a reliable third party are performed via an application service and comprise the following steps:
    - a step of the user declaring his mobile number to the application service;
      
      a step of requesting by the application service the registration of the user with a reliable third party by communicating to him the mobile number of the user;
      
      a step of allocation of an authenticity code to the user by the reliable third party followed by a step of sending this authenticity code to the application service;
      
      a step of communicating the authenticity code to the user by the application service;
      
      a step of sending by the reliable third party of a message of the SMS type to the user, said message of the SMS type containing parameters for loading and installing the reliability application on the mobile communication terminal;
      
      a step of loading and installing the reliability application on the mobile communication terminal of the user;
      
      a step of activating the reliability application after verification ( ) of the authenticity code;
      
      a step of generation of a secret key by the reliability application;
      
      a step of secure transmission of the secret key and of said parameters to the server of the reliable third party;
      
      a step of verification of the elements received by the reliable third party and initialisation of the registers of the user;
      
      a step of sending by the reliable third party of a message of confirmation of activation to the reliability application.
  - 9. An authentication method according to claim 7, wherein the phase of registration and activation of a user are performed directly with a reliable third party and comprise the following steps:
    - a step of registering the user with the reliable third party;
      
      a step of the user declaring his mobile number by the user to the reliable third party and validation thereof;
      
      a step of communication of an authenticity code to the user by the reliable third party;
      
      a step of sending of a message of the SMS type by the reliable third party to the user containing parameters enabling him to load and install the reliability application on his mobile communication terminal;
      
      a step of loading and installing the reliability application on the mobile communication terminal of the user;
      
      a step of activation of the reliability application after verification of the authenticity code;
      
      a step of generation of a secret key by the reliability application;
      
      a step of secure transmission of the secret key and of said parameters to the server of the reliable third party;
      
      a step of verification of the elements received by the reliable third party and initialisation of the registers of the user;
      
      a step of sending an activation confirmation message to the reliability application by the reliable third party.
  - 10. An authentication method according to claim 8, wherein the reliability application is loaded and installed in a memory of the mobile communication terminal, so as to make it executable by a microprocessor of the mobile communication terminal.
  - 11. An authentication method according to claim 8, wherein the reliability application is loaded and installed in a memory of a SIM card, so as to make it executable by the microprocessor of the SIM card or of the mobile communication terminal.
  - 12. An authentication method according to claim 8, wherein the step of activation of the reliability application is executed at the time of the first execution of the reliability application and comprises the following steps:
    - display of the authenticity code on the screen of the mobile communication terminal for verification by the user of conformity thereof with the authenticity code displayed during the mobile communication terminal registration step;
      
      on reception by the mobile communication terminal of confirmation by the user of agreement of the authenticity code displayed with the authenticity code expected;
      
      generation of a secret key by the reliability application;
      
      construction of a message, from the withdrawal identifier, of the secret key and the authenticity code;
      
      enciphering of said message by means of the public key of the reliable third party;
      
      positioning to zero of a single counter of single-use passwords of the mobile communication terminal;
      
      transmission of the message thus enciphered to the server of the reliable third party;
      
      on reception by the server of the reliable third party, deciphering of said enciphered message, using the private key of the reliable third party, so as to extract the secret key generated in the mobile and to share this same secret key between the reliability application and the server of the reliable third party;
      
      verification of the authenticity code extracted from the deciphered message;
      
      positioning to zero of a counter for single-use passwords at the server of the reliable third party;
      
      transmission to the mobile communication terminal of a message of correct completion of the activation of the reliability application.
  - 13. An authentication method according to claim 1, wherein the authentication of a user by means of the second authentication factor comprises:
    - a step of the user launching on his mobile communication terminal the previously activated reliability application and entering his PIN code on said mobile communication terminal;
      
      a step consisting of calculating the single-use authentication code in the mobile communication terminal by means of the reliability application, and then displaying the single-use authentication code thus calculated on the screen of the mobile communication terminal;
      
      a step consisting of requesting the user to enter at the application server his identifier and the single-use authentication code thus calculated;
      
      at the application server, a step consisting of recovering the mobile number and HPIN from the identifier stored by the user, and then calculating a reduced password and transmitting the mobile number and the reduced password to the server of the reliable third party;
      
      at the server of the reliable third party, a step consisting of calculating an increment value and then incrementing the value of said counter of the calculated increment value, and then a step of returning to the application server a signal OK if the increment is greater than zero, or a signal NOT OK in the contrary case;
      
      at the application server, if the signal received from the server of the reliable third party is OK, a step of notifying the user that his authentication with the application service is successful, and in the contrary case notifying the user that his authentication has failed and refusing him access to the application service.
  - 14. An authentication method according to claim 13, wherein the single-use authentication code is calculated according to a function of the PIN authentication code or H(PIN), of the counter of the mobile communication terminal and of the secret key shared with the server of the reliable third party.
  - 15. An authentication method according to claim 14, wherein the reduced password is calculated according to a function of HPIN and of the single-use authentication code.
  - 16. An authentication method according to claim 14, wherein the increment value is calculated according to a function F3 of the value of the counter of the server of the reliable third party, of the secret key and of the reduced password.
  - 17. A method for the signature of a transaction between an application server and a user previously registered and authenticated with said application server in accordance with an authentication method according to claim 1, further comprising the following steps:
    - a step of preparing, at the application server, a “
      
      good for execution”
      
      representing the transaction to be signed, followed by the transmission of the “
      
      good for execution” and
      
      the mobile number of the user to the server of the reliable third party;
      
      a step of generating a random challenge at the server of the reliable third party, and then a step consisting of preparing and sending the “
      
      good for execution” and
      
      the challenge to the mobile communication terminal of the user;
      
      after acceptance of the “
      
      good for execution”
      
      by the user and entry of his PIN code, a step of calculating, at the reliability application, a response to the sending of the “
      
      good for execution”
      
      by the reliable third party;
      
      after entry of the response by the user on the application service, calculation by the application server of a reduced responsetransmission by the application server of the mobile number and of the reduced response previously calculated, to the server of the reliable third party;
      
      at the server of the reliable third party, calculation of a result and, according to the value of said result indicating to the application service whether or not the user has validly signed the “
      
      good for execution”
      
      .
  - 18. A signature method according to claim 17, wherein said response to the sending of the “
    - good for execution”
      
      by the reliable third party is calculated by the reliability application according to a function of the “
      
      good for execution”
      
      , the challenge, the PIN, and the secret key.
  - 19. A signature method according to claim 17, that the wherein said reduced response is calculated by the application service according to a function of H(PIN), the “
    - good for execution” and
      
      said response.
  - 20. A signature method according to claim 17, wherein said result is a Boolean function of the challenge, of the secret key and of the reduced response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Paycool International Limited
Original Assignee
Paycool International Limited
Inventors
Gross, Christian, Bergsten, Ulrik, Thieblemont, Jacques

Granted Patent

US 8,819,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 9/3226   using a predetermined code,...

METHOD FOR AUTHENTICATION AND SIGNATURE OF A USER IN AN APPLICATION SERVICE, USING A MOBILE TELEPHONE AS A SECOND FACTOR IN ADDITION TO AND INDEPENDENTLY OF A FIRST FACTOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

313 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR AUTHENTICATION AND SIGNATURE OF A USER IN AN APPLICATION SERVICE, USING A MOBILE TELEPHONE AS A SECOND FACTOR IN ADDITION TO AND INDEPENDENTLY OF A FIRST FACTOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

313 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others