METHOD USING A SINGLE AUTHENTICATION DEVICE TO AUTHENTICATE A USER TO A SERVICE PROVIDER AMONG A PLURALITY OF SERVICE PROVIDERS AND DEVICE FOR PERFORMING SUCH A METHOD
First Claim
1. A method for authenticating a user to a service provider, among a plurality of service providers each having a user account for said user, said method using a single authentication device identified by a device identifier and comprising the steps of:
- transmitting, from the authentication device to the service provider, an authentication request comprising at least said device identifier;
preparing, by the service provider, provider authentication data on the basis of pairing data shared by both said authentication device and said service provider;
sending said provider authentication data from the service provider to the authentication device;
authenticating at the authentication device said provider authentication data;
in response to a positive authentication of the provider authentication data, preparing device authentication data based on any of said pairing data by the authentication device, and sending said device authentication data to the service provider;
verifying the authenticity of the device authentication data by the service provider and in response to a positive authentication of the device authentication data, validating the authentication of said user;
whereinsaid authentication device comprises a provider record for each of said service providers with whom the user is registered by having a user account, each provider record comprises a pairing key and first data, said pairing key and said first data being shared with the service provider to which said provider record refers;
said provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key; and
authenticating said provider authentication data is performed at the authentication device by the steps ofdecrypting said first cryptogram by means of the pairing key stored in one of said provider records;
comparing the decrypted first cryptogram with first data resulting from pairing data stored in said provider record;
if the comparison does not indicate a match, then repeating the previous decryption and comparison steps by using the pairing key of another provider record until each of said provider records stored in the authentication device has been processed.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a user to a provider, among a plurality of providers. The method uses an authentication device comprising, for each of provider, a record comprising a pairing key and first data, both as shared data. Provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key. Authenticating provider authentication data is performed at the authentication device by the steps of decrypting said first cryptogram by means of the pairing key stored in one of said records, then comparing the result of this decryption with first data resulting from pairing data stored in said record, if the comparison does not indicate a match, then processing again the previous decryption and comparison steps by using the pairing key of another record until each of said records stored in the authentication device has been processed.
39 Citations
14 Claims
-
1. A method for authenticating a user to a service provider, among a plurality of service providers each having a user account for said user, said method using a single authentication device identified by a device identifier and comprising the steps of:
-
transmitting, from the authentication device to the service provider, an authentication request comprising at least said device identifier; preparing, by the service provider, provider authentication data on the basis of pairing data shared by both said authentication device and said service provider; sending said provider authentication data from the service provider to the authentication device; authenticating at the authentication device said provider authentication data; in response to a positive authentication of the provider authentication data, preparing device authentication data based on any of said pairing data by the authentication device, and sending said device authentication data to the service provider; verifying the authenticity of the device authentication data by the service provider and in response to a positive authentication of the device authentication data, validating the authentication of said user; wherein said authentication device comprises a provider record for each of said service providers with whom the user is registered by having a user account, each provider record comprises a pairing key and first data, said pairing key and said first data being shared with the service provider to which said provider record refers; said provider authentication data comprises a first cryptogram obtained by encrypting said first data with said pairing key; and authenticating said provider authentication data is performed at the authentication device by the steps of decrypting said first cryptogram by means of the pairing key stored in one of said provider records; comparing the decrypted first cryptogram with first data resulting from pairing data stored in said provider record; if the comparison does not indicate a match, then repeating the previous decryption and comparison steps by using the pairing key of another provider record until each of said provider records stored in the authentication device has been processed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An Authentication device for authenticating a user to a service provider among a plurality of service providers, comprising:
-
a non-volatile secured memory for storing secret and/or shared data; a unique device identifier stored in the memory; a use interface for user data input; a display; and a crypto-processor for performing cryptographic and logical operations and for managing functions and all components of the authentication device; wherein the memory is organized for storing, in an orderly manner, data relating to a plurality of service providers and the crypto-processor is able 5 to retrieve data relating to each of said service providers for processing them in a distinct manner. - View Dependent Claims (12, 13, 14)
-
Specification