Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal

US 7,149,895 B1
Filed: 02/01/2000
Issued: 12/12/2006
Est. Priority Date: 02/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A server being equipped for establishing a trustworthy connection between a user and a terminal via a user input device, the server comprising:

a communication component for establishing and conducting communications along a first trusted connection between the server and the terminal and along a second trusted connection between the server and said user input device;

receiver means for receiving at least one authentication request from said terminal based on user input to said terminal;

at least one authentication component for verifying the authenticity of the terminal; and

a message generation component for generating at least one user-specific terminal authenticity output message in response to said user input for delivery to said user input device along said second trusted connection without delivery of said message along the first trusted connection between the terminal and the server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is related to a system which allows a user to authenticate unknown terminals. The invention uses a first authentication step wherein the terminal authenticates itself to a server. Depending on whether the personal device has its own output means, such as a loudspeaker or a screen, the final message, whether the terminal can be trusted or not, can be output on the personal device or on the terminal itself. In the case where the device has no output means of its own, this message can originate in the device and be transmitted from there to the terminal. The user can input authentication information into his personal device, which can then be fully or partially transmitted to the terminal. In the end, the terminal may use the transmitted information to give out the authenticity output message. After the first authentication step follows a second authentication step, wherein the server authenticates itself to the personal device, if there is one. Upon success of both authentication steps, the authenticity output message can be given to the user.

Citations

16 Claims

1. A server being equipped for establishing a trustworthy connection between a user and a terminal via a user input device, the server comprising:
- a communication component for establishing and conducting communications along a first trusted connection between the server and the terminal and along a second trusted connection between the server and said user input device;
  
  receiver means for receiving at least one authentication request from said terminal based on user input to said terminal;
  
  at least one authentication component for verifying the authenticity of the terminal; and
  
  a message generation component for generating at least one user-specific terminal authenticity output message in response to said user input for delivery to said user input device along said second trusted connection without delivery of said message along the first trusted connection between the terminal and the server.
- View Dependent Claims (2, 3)
- - 2. The server according to claim 1 further comprising a session key creation component for creating a session key to be communicated to said terminal.
  - 3. The server according to claim 1 further comprising at least one storage location for storing at least one user-specific authenticity output message and wherein said message generation component accesses the stored at least one user-specific authenticity output message for display to the user at said terminal.

4. A method for establishing a trustworthy connection between a user via a personal user device and a terminal which is connected to and authenticatable by at least one server which is authenticatable by said user device, the method comprising:
- said server authenticating said terminal in response to user input at said terminal;
  
  establishing a first authenticated trusted connection between said server and said terminal upon success of said authenticating;
  
  said server authenticating itself to said user device;
  
  establishing a second trusted connection between said server and said user device; and
  
  said server providing, in response to said user input, a terminal authenticity message to said user device via said established second trusted connection confirming the established authenticity of said terminal without communicating the terminal authenticity message along the first connection between the terminal and the server.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 5. The method according to claim 4 further comprising communicating a user-specific terminal authenticity message to said user.
  - 6. The method according to claim 5 wherein said communicating comprises displaying said message by said device.
  - 7. The method according to claim 6 wherein the device outputs the terminal authenticity message including at least one of visible, audible and tactile information.
  - 8. The method according to claim 7 wherein the message is output only partially by the device, according to a preselection by the user.
  - 9. The method according to claim 5 wherein stored predetermined authentication information (vec) is communicated from the device to the terminal for creating there an authenticity output message (m_o).
  - 10. The method according to claim 4 wherein said providing a terminal authenticity message comprises accessing at least one stored user-specific message.
  - 11. The method according to claim 4 wherein said providing a terminal authenticity message comprises exchanging a predetermined set of messages with said user.
  - 12. The method, according to claim 4 further comprising the device authenticating itself to the terminal.
  - 13. The method according to claim 4 further comprising the device requesting that the user authenticate himself.
  - 14. The method according to claim 4 further comprising authenticating the device to the server.
  - 15. The method according to claim 4 further comprising authenticating the user.

16. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for a server to establish a trustworthy connection between a user via a user device and a terminal, said method steps comprising:
- said server authenticating said terminal in response to user input at said terminal;
  
  establishing a first authenticated trusted connection between said server and said terminal upon success of said authenticating;
  
  said server authenticating itself to said user device;
  
  establishing a second trusted connection between said server and said user device; and
  
  said serving providing, in response to said user input, a terminal authenticity message to said user device via said established second trusted connection confirming the established authenticity of said terminal without communicating the terminal authenticity message along the first connection between the terminal and the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Waidner, Michael, Debar, Herve C., Asokan, Nadarajah, Steiner, Michael
Primary Examiner(s)
Louis-Jacques, Jacques
Assistant Examiner(s)
Simitoski, Michael J.

Application Number

US09/496,065
Time in Patent Office

2,506 Days
Field of Search

713/169, 713/170, 713/172, 713/173, 713/180, 713/186, 713/159, 713/168, 705/33, 705/41, 705/67, 705/73, 380/30, 380/2.78, 380/33, 380/234, 235/380, 726/29
US Class Current

713/159
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3674   involving authentication

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 63/0442   wherein the sending and rec...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links