Authentication Method

US 20140245391A1
Filed: 10/30/2012
Published: 08/28/2014
Est. Priority Date: 10/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user to a transaction at a terminal, comprising the steps of:

transmitting a user identification from the terminal to a transaction partner via a first communication channel,providing an authentication step in which an authentication device uses a second communication channel for checking an authentication function that is implemented in a mobile device of the user,as a criterion for deciding whether the authentication to the transaction shall be granted or denied, having the authentication device check whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel,providing that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction,providing that said response from the second communication channel includes information that the authentication function is active, andthereafter providing that the authentication function is automatically deactivated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a user to a transaction at a terminal (10), wherein a user identification is transmitted from the terminal (10) to a transaction partner (12) via a first communication channel (14), and an authentication device (18) uses a second communication channel (20) for checking an authentication function that is implemented in a mobile device (16) of the user, and, as a criterion for deciding whether the authentication to the transaction shall be granted or denied, the authentication device (18) checks whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel, and the authentication function is normally inactive and is activated by the user only preliminarily for the transaction, the response from the second communication channel (20) includes the information that the authentication function is active, and the authentication function is automatically deactivated.

Citations

26 Claims

1. A method of authenticating a user to a transaction at a terminal, comprising the steps of:
- transmitting a user identification from the terminal to a transaction partner via a first communication channel,providing an authentication step in which an authentication device uses a second communication channel for checking an authentication function that is implemented in a mobile device of the user,as a criterion for deciding whether the authentication to the transaction shall be granted or denied, having the authentication device check whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel,providing that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction,providing that said response from the second communication channel includes information that the authentication function is active, andthereafter providing that the authentication function is automatically deactivated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method according to claim 1, wherein the step of thereafter providing that the authentication function is automatically deactivated includes the step of deactivating the authentication function after a predetermined time interval after at least one of:
    - activation thereof andwhen an active state thereof has been checked.
  - 3. The method according to claim 1, wherein said authentication step includes the step of logging-on the mobile device to a mobile communications network that provides the second communication channel.
  - 4. The method according to claim 3, further including the step of having the mobile communications network permit the authentication device to detect the logged-on state of the mobile device and hence an active state of the authentication function by checking only a communication register of the network, without having to communicate with the mobile device.
  - 5. The method according to claim 1, further comprising the step of having the authentication device determine a current location of the mobile device and denying the authentication of the user when the locations of the terminal and of the mobile device do not fulfil a predetermined spatial relationship.
  - 6. The method according to claim 5, wherein the second communication channel involves a mobile communications network supporting Location Based Services, and further comprising the step of having the authentication device use these Location Based Services for locating the mobile device.
  - 7. The method according to claim 5, further comprising the step of having the mobile device detect its own location and send location information to the authentication device.
  - 8. The method according to claim 1, further comprising the steps of:
    - having the authentication device determine a current location of the mobile device and authenticate the user when the locations of the terminal and of the mobile device fulfil a predetermined spatial relationship, andchecking the active state of the authentication function in the mobile device only when said spatial relationship is not fulfilled.
  - 9. The method according to claim 1, wherein the authentication device is remote from the transaction partner and further comprising the steps of:
    - having the authentication device communicate with the transaction partner via a third communication channel,storing information linking the user identification to an address of the mobile device in the mobile communications network only in the authentication device, andhaving the authentication device notify to the transaction partner only whether or not the user is authenticated, without disclosing any further data pertaining the user and the mobile device.
  - 10. The method according to claim 1, further comprising the step of transmitting a password to the transaction partner via the authentication device.
  - 11. The method according to claim 10, further comprising the steps of one of storing and generating the password in the mobile device and transmitting the password to the authentication device.
  - 12. The method according to claim 10, further comprising the step of one of storing and converting the password in the authentication device.
  - 13. The method according to claim 1, further comprising the steps of:
    - interfacing the mobile device to an identity token of the user to read identity data therefrom, andtransmitting these identity data to the authentication device via the second communication channel.
  - 14. A mobile device for use with the authentication method according to claim 1, comprising:
    - a wireless transceiver,an ON-switch andan electronic controller that implements said authentication function and is configured to activate the authentication function in response to the ON-switch being operated and to deactivate the authentication function one of;
      
      after it has been active for a predetermined time intervalafter its state has been checked.
  - 15. The device according to claim 14, further comprising:
    - a rechargeable battery anda connector for connecting the battery to a voltage source.
  - 16. The device according to claim 15, comprising a display for indicating the charge state of the battery.
  - 17. The device according to claim 15, wherein the connector is one ofa USB connector anda micro-USB connector.
  - 18. The device according to claim 15, wherein the connector is a male connector covered by a removable cap that includes two female connectors permitting to connect the male connector to a voltage source via one of the female connectors while the other of the female connectors is coupled to the male connector.
  - 19. The device according to claim 14, comprising a positioning function for wireless detection of its own position, wherein the authentication function includes a function of sending a detected location via the transceiver.
  - 20. The device according to claim 14, wherein the authentication function consists only of activating and deactivating the transceiver.
  - 21. The device according to claim 14, comprising a body that encapsulates at least the controller and prevents access thereto.
  - 22. The device according to claim 14, comprising a self-destruction function configured to be activated by an attempt of enforced access.
  - 23. The device according to claim 14, wherein the transceiver constitutes an only data input and output port of the controller.
  - 24. The device according to claim 14, comprising a storage for a plurality of mobile addresses, and an input including the ON-switch and adapted to selectively activate one of a plurality of authentication functions each of which is assigned to a different one of said mobile addresses.
  - 25. The device according to claim 14, comprising a storage for a plurality of mobile addresses, wherein the controller is configured to select one out of the plurality of mobile addresses according to a predetermined algorithm.
  - 26. The device according to claim 14, comprising an acoustic transducer for providing an acoustic feedback signal upon at least one of activation and deactivation of the authentication function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Money and Data Protection Lizenz GmbH & Co. KG (Money and Data Protection Lizenz Verwaltungs GmbH)
Original Assignee
Money and Data Protection Lizenz GmbH & Co. KG (Money and Data Protection Lizenz Verwaltungs GmbH)
Inventors
Adenuga, Dominic

Granted Patent

US 9,246,903 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

G06Q 20/425   using two different network...

G07F 7/1025   Identification of user by a...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/18   using different networks or...

H04W 12/63   Location-dependent; Proximi...

Authentication Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links