Process of Authentication for an Access to a Web Site

US 20140109201A1
Filed: 03/08/2013
Published: 04/17/2014
Est. Priority Date: 09/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method of secure authentication based on the collecting of data representative of hardware components contained in a system (I.H.S), said process comprising a step of enrolment and a step of authentication comprising the steps:

connecting to a web site and receipt of a web page comprising a code being executable by a browser;

detecting and collecting a list of hardware components from the data collected by the operating system, in particular during the installation of drivers;

wherein the enrolment procedure further comprises the following steps;

displaying a list of hardware components resulting from said collecting and selection from a subset of said list in order to constitute a digital information of reference (DDNA) of the user system;

generating a digital information of reference (DDNA) from said subset, said digital information of reference resulting from a hash operation applied to the raw data composing the collected data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Process of reinforced authentication based on data collection of hardware components contained in a system having steps of enrolment authentication. A web site is connected to and a web page received. A list of hardware components is detected and collected. A subset of the list constituting digital information of reference (DDNA) is generated by a hash operation applied to the raw data. The DDNA is used with a received seed of an authentication server to generate a unique use password (OTP).

Citations

18 Claims

1. A method of secure authentication based on the collecting of data representative of hardware components contained in a system (I.H.S), said process comprising a step of enrolment and a step of authentication comprising the steps:
- connecting to a web site and receipt of a web page comprising a code being executable by a browser;
  
  detecting and collecting a list of hardware components from the data collected by the operating system, in particular during the installation of drivers;
  
  wherein the enrolment procedure further comprises the following steps;
  
  displaying a list of hardware components resulting from said collecting and selection from a subset of said list in order to constitute a digital information of reference (DDNA) of the user system;
  
  generating a digital information of reference (DDNA) from said subset, said digital information of reference resulting from a hash operation applied to the raw data composing the collected data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1 wherein said digital information of reference (DDNA) constitutes a fingerprint which is transmitted to an authentication server for being stored and serving for checking purposes.
  - 3. The method according to claim 1 wherein said digital information of reference (DDNA) is combined with a seed received from an authentication server in order to generate a unique use password (OTP).
  - 4. The method according to claim 3, wherein said seed is generated by a quantum generator.
  - 5. The method according to claim 3, wherein said OTP is further generated from a PIN code of the user, concatenated with said digital information of reference DDNA, and a random factor.
  - 6. The method according to claim 4, wherein said OTP is further generated from a PIN code of the user, concatenated with said digital information of reference DDNA, and a random factor.
  - 7. The method according to claim 4, wherein said OTP is further generated from a digital information of reference relating to the authentication server, which is concatenated with a PIN code of the user and said digital information of reference DDNA of the system of the user, and the random factor.
  - 8. The method according to claim 6, wherein said OTP is further generated from a timestamp, which is concatenated with said digital information of reference of the authentication server, the PIN and the digital information of reference DDNA of the system of the user, and the random factor.
  - 11. The computer-readable medium having computer-executable instructions for performing the method according to claim 1 wherein said digital information of reference (DDNA) constitutes a fingerprint which is transmitted to an authentication server for being stored and serving for checking purposes.
  - 12. The computer-readable medium having computer-executable instructions for performing the method according to claim 1 wherein said digital information of reference (DDNA) is combined with a seed received from an authentication server in order to generate a unique use password (OTP).
  - 13. The computer-readable medium having computer-executable instructions for performing the method according to claim 3, wherein said seed is generated by a quantum generator.
  - 14. The computer-readable medium having computer-executable instructions for performing the method according to claim 3, wherein said OTP is further generated from a PIN code of the user, concatenated with said digital information of reference DDNA, and a random factor.
  - 15. The computer-readable medium having computer-executable instructions for performing the method according to claim 4, wherein said OTP is further generated from a PIN code of the user, concatenated with said digital information of reference DDNA, and a random factor.
  - 16. The computer-readable medium having computer-executable instructions for performing the method according to claim 4, wherein said OTP is further generated from a digital information of reference relating to the authentication server, which is concatenated with a PIN code of the user and said digital information of reference DDNA of the system of the user, and the random factor.
  - 17. The computer-readable medium having computer-executable instructions for performing the method according to claim 6, wherein said OTP is further generated from a timestamp, which is concatenated with said digital information of reference of the authentication server, the PIN and the digital information of reference DDNA of the system of the user, and the random factor.

9. The method of authentication based on the data collection representative of hardware-components contained in a data processing system (I.H.S.) of a user, said system communicating with a web site and an authentication server, said process comprising the following steps:
- requesting connection to said web site through a software browser transmitted by said system;
  
  receiving from said system of a web page and an executable code by a software browser in response to said connection;
  
  requesting connection through the software browser transmitted to said authentication server in order to request the authentication parameters serving for the generation of a OTP;
  
  transmitting said authentication server of an information representative of a list of the types of hardwares and eligible components for the calculation of digital information of reference (DNA) and reception by said system of data processing (I.H.S.);
  
  requesting challenge transmitted by said system to that the authentication server;
  
  generating said authentication server of a first challenge;
  
  transmitting said system of the user of an authentication information to said authentication server, said information comprises;
  
  the LOGIN of the user;
  
  a hash of the PIN code of the user;
  
  the identifier of the first received challenge;
  
  checking by said authentication server of said authentication information transmitted by said system of the user;
  
  in the event of success of said verification, requesting said system of the user of the description and the type of fingerprints (DDNA) stored on said authentication server, said fingerprints (DDNA) being associated with hardwares likely to be present in the system of the user;
  
  transmitting said system of the user by said authentication server of the description and the type of the fingerprints of the digital information of reference (DDNA) stored on said server;
  
  determining a list of hardwares to be tested on said system of the user;
  
  for each hardware component corresponding to said list, achieve the following steps;
  
  transmission of a request for challenge to said authentication server;
  
  reception of a challenge of said authentication server;
  
  transmission of a response including;
  
  the identifier of connection (login) associated to the connection to the web sitea fingerprint based on said digital information of reference (DDNA) of the tested hardware component;
  
  a hash;
  
  checking the authentication elements by the authentication server and transmission of a response to said system of the user comprising an identifier of session (sessionID2);
  
  transmitting by the system of the user of a request for passport associated to said identifier of session (session ID2);
  
  transmitting by said authentication server of the passport in an encrypted form;
  
  decoding by said user of the system of said passport and access to said web site.

10. A computer-readable medium having computer-executable instructions for performing a method of secure authentication based on the collecting of data representative of hardware components contained in a system (I.H.S), said process comprising a step of enrolment and a step of authentication comprising the steps:
- connecting to a web site and receipt of a web page comprising a code being executable by a browser;
  
  detecting and collecting a list of hardware components from the data collected by the operating system, in particular during the installation of drivers;
  
  wherein the enrolment procedure further comprises the following steps;
  
  displaying a list of hardware components resulting from said collecting and selection from a subset of said list in order to constitute a digital information of reference (DDNA) of the user system;
  
  generating a digital information of reference (DDNA) from said subset, said digital information of reference resulting from a hash operation applied to the raw data composing the collected data.

18. The computer-readable medium having computer-executable instructions for performing the method of authentication based on the data collection representative of hardware components contained in a data processing system (I.H.S.) of a user, said system communicating with a web site and an authentication server, said process comprising the following steps:
- requesting connection to said web site through a software browser transmitted by said system;
  
  receiving from said system of a web page and an executable code by a software browser in response to said connection;
  
  requesting connection through the software browser transmitted to said authentication server in order to request the authentication parameters serving for the generation of a OTP;
  
  transmitting said authentication server of an information representative of a list of the types of hardwares and eligible components for the calculation of digital information of reference (DNA) and reception by said system of data processing (I.H.S.);
  
  requesting challenge transmitted by said system to that the authentication server;
  
  generating said authentication server of a first challenge;
  
  transmitting said system of the user of an authentication information to said authentication server, said information comprises;
  
  the LOGIN of the user;
  
  a hash of the PIN code of the user;
  
  the identifier of the first received challenge;
  
  checking by said authentication server of said authentication information transmitted by said system of the user;
  
  in the event of success of said verification, requesting said system of the user of the description and the type of fingerprints (DDNA) stored on said authentication server, said fingerprints (DDNA) being associated with hardwares likely to be present in the system of the user;
  
  transmitting said system of the user by said authentication server of the description and the type of the fingerprints of the digital information of reference (DDNA) stored on said server;
  
  determining a list of hardwares to be tested on said system of the user;
  
  for each hardware component corresponding to said list, achieve the following steps;
  
  transmission of a request for challenge to said authentication server;
  
  reception of a challenge of said authentication server;
  
  transmission of a response including;
  
  the identifier of connection (login) associated to the connection to the web sitea fingerprint based on said digital information of reference (DDNA) of the tested hardware component;
  
  a hash;
  
  checking the authentication elements by the authentication server and transmission of a response to said system of the user comprising an identifier of session (session ID2);
  
  transmitting by the system of the user of a request for passport associated to said identifier of session (session ID2);
  
  transmitting by said authentication server of the passport in an encrypted form;
  
  decoding by said user of the system of said passport and access to said web site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amadeus S.A.S. (Amadeus Global Travel Distribution S.A.), Loginpeople SA
Original Assignee
Loginpeople SA
Inventors
Israel, Maurice

Granted Patent

US 9,055,061 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/6218   to a system of files or obj...

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06F 2221/2129   Authenticate client device ...

G06F 2221/2151   Time stamp

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 9/321   involving a third party or ...

H04L 9/3228   One-time or temporary data,...

H04L 9/3271   using challenge-response

Process of Authentication for an Access to a Web Site

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Process of Authentication for an Access to a Web Site

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links