METHOD, SERVER AND SYSTEM FOR AUTHENTICATION OF A PERSON

US 20140227999A1
Filed: 06/28/2012
Published: 08/14/2014
Est. Priority Date: 08/05/2011
Status: Active Grant

First Claim

Patent Images

1. A method for the authentication of a person, the person being known beforehand by an authentication server to own a telecommunications equipment having a unique identifier and being known as having a personal access code, the method comprising:

the server receiving (51) an authentication request from a terminal via a first data network;

the server sending (53) an identification code to the terminal by the first data network;

transferring (57) the identification code from the terminal to the telecommunications equipment;

the server receiving (59), from the telecommunications equipment via a second data network, the identification code in association with the unique identifier;

the server generating (61) a single-use authentication token and sending (63) the latter to the telecommunications equipment via the second data network; and

returning (64) the single-use authentication token to the server by the telecommunications equipment via the second data network; and

in parallel;

acquiring (67) by the terminal, via an acquisition request of the personal access code input by the person; and

the server receiving (69) the personal access code coming from the terminal via the first data network;

authentication (71) of the person is obtained by the server if the identification code, the unique identifier, the authentication token and the personal access code correspond to the elements detained by the server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for authentication of a person previously known by a server to own a telephone having a unique identifier and to possess an access code, which method involves: the server sending (53) an identification code to a terminal on request by the latter via a first network; transferring (57) the identification code to the telephone; the server receiving (59), from the telephone via a second network, the identification code in association with the unique identifier; the server (61) generating a single-use authentication token and sending (63) the latter to the telephone; returning (64) the token to the server; and, in parallel: acquiring (67) via the terminal the access code input by the person; and sending (69) said access code to the server; authentication (71) of the person is obtained by the server if the identification code, the unique identifier, the authentication token and the access code correspond.

21 Citations

View as Search Results

10 Claims

1. A method for the authentication of a person, the person being known beforehand by an authentication server to own a telecommunications equipment having a unique identifier and being known as having a personal access code, the method comprising:
- the server receiving (51) an authentication request from a terminal via a first data network;
  
  the server sending (53) an identification code to the terminal by the first data network;
  
  transferring (57) the identification code from the terminal to the telecommunications equipment;
  
  the server receiving (59), from the telecommunications equipment via a second data network, the identification code in association with the unique identifier;
  
  the server generating (61) a single-use authentication token and sending (63) the latter to the telecommunications equipment via the second data network; and
  
  returning (64) the single-use authentication token to the server by the telecommunications equipment via the second data network; and
  
  in parallel;
  
  acquiring (67) by the terminal, via an acquisition request of the personal access code input by the person; and
  
  the server receiving (69) the personal access code coming from the terminal via the first data network;
  
  authentication (71) of the person is obtained by the server if the identification code, the unique identifier, the authentication token and the personal access code correspond to the elements detained by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, characterized in that it further comprises a sub-method for enrolment of the person comprising:
    - the server receiving (31, 33) the unique identifier of the telecommunications equipment and at least a biographic data of the person from the telecommunications equipment via the second communications network;
      
      the server sending (35) a single-use password to the telecommunications equipment by the second communications network and display (37) of the single-use password by the telecommunications equipment;
      
      acquiring (39) the single-use password on a second terminal by its input by the person;
      
      the server receiving the single use password from the second terminal via and a third telecommunications networkcreating (43) and sharing (45) the personal access code between the person and the server via the second terminaland the third telecommunications network.
  - 3. The method according to claim 2, characterized in that a confidential biographic data is transferred to the server by the second terminal via the third telecommunications network after reception of the single-use password by the server and before the creation of the personal access code;
  - 4. The method according to claim 3, characterized in that the confidential biographic data comprises bank card data.
  - 5. The method according to claim 2, characterized in that the enrolment sub-method further comprises, after the creation and sharing of the personal access code:
    - the server sending an identification code linked to the enrolment to the second terminal by the third data network;
      
      transfer of the identification code from the terminal to the telecommunications equipment;
      
      reception of the identification code in association with the unique identifier of the equipment by the server coming from the telecommunications equipment via the second data network;
  - 6. The method according to claim 1, characterized in that the transfer of the identification code from the terminal to the telecommunications equipment is achieved bydisplaying a pictogram on the terminal andacquiring the displayed image by a photographic apparatus of the telecommunications equipment.
  - 7. The method according to claim 1, characterized in that the telecommunications equipment intercepts the sending communication of the single-use authentication token and automatically returns it without the person intervening by using two different communication channels.
  - 8. A person authentication server for the execution of the steps of the method according to claim 1, the server comprising:
    - a memory for storing biographic information of the person, the biographic information comprising at least a unique identifier of a telecommunications equipment which the person owns and a personal access code;
      
      a first interface (5) for communicating with a terminal (21) via a first data network (3);
      
      a second interface (9) for communicating with the telecommunications equipment (25) via a second data network (7);
      
      a generator (11) of identification codes capable of generating an identification code upon request of the terminal and sending the generated identification code to the terminal and receiving the identification code in association with the unique identifier coming from the telecommunications equipment;
      
      a generator (13) of single-use authentication tokens capable of generating a single-use authentication token and sending it to the telecommunications equipment and then receiving it from the telecommunications equipment;
      
      a input application generator (15) capable of sending the terminal a personal access code input screen and receiving the input personal access code from the terminal;
      
      a comparator (17) of the identification code, of the unique identifier, the authentication token, and thepersonal access code coming from the terminal or from the telecommunications equipment with the equivalent elements detained by the server, the authentication of the person being achieved if the set of comparisons is positive.
  - 9. An authentication system comprising an authentication server according to claim 8, a terminal connected to the server by a first communications network and a telecommunications equipment connected to the server by a second telecommunications network, the terminal further comprising a man-machine interface making it possible to display information and input a personal access code and the telecommunications equipment further comprising a means for inputting information displayed by the terminal and a unique identifier.
  - 10. A computer program product embedded on non-transitory medium comprising instructions of program code for executing steps of the method according to claim 1 when the program is executed on an authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ONEY Bank
Original Assignee
Banque Accord (Aumarché SAS)
Inventors
Ferlin, Benoit Charles Maurice Fernand

Granted Patent

US 10,045,210 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/067   using one-time keys cryptog...

H04L 63/0838   using one-time-passwords

H04L 63/18   using different networks or...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3215   using a plurality of channe...

H04W 12/06   Authentication

H04W 12/77   Graphical identity

METHOD, SERVER AND SYSTEM FOR AUTHENTICATION OF A PERSON

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

METHOD, SERVER AND SYSTEM FOR AUTHENTICATION OF A PERSON

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others