Method and system for authenticating a user by means of a mobile device
First Claim
1. Method for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:
- i. reading a 2D-code displayed to the client computer by means of a 2D-code reader provided in said mobile device, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code;
ii. processing said codified challenge and computing a response to the challenge using a personal secret, said personal secret being a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp, said response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme;
iii. sending a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge;
iv. analyzing said elements of the tuple and determining the tuple is a valid tuple, when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid;
v. looking up in a users list stored in the authenticating system to see if the user identifier in the tuple is in said user list, and if the user identifier is in the users list, verifying if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.
1 Assignment
0 Petitions
Accused Products
Abstract
There is provided a method for authenticating a mobile device user against an authenticating system connected to a client computer accessible to said user. The authenticating system uses a communication channel to send to the client computer a logon screen. This logon screen contains a 2D-code embedding, a URL of the authenticating system and a challenge generated by the authenticating system. With a 2D-code reader in the user'"'"'s mobile device the URL and the challenge are decoded. The user then inputs a password and a response to the challenge is computed. The response is sent together with the user ID to the authenticating system. The authenticating system is able to ascertain that the response to the challenge necessarily comes from the user thereby verifying his identity. Once the user is authenticated, the authenticating system pushes to the client computer (identified by the challenge) a welcome screen.
-
Citations
11 Claims
-
1. Method for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:
-
i. reading a 2D-code displayed to the client computer by means of a 2D-code reader provided in said mobile device, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code; ii. processing said codified challenge and computing a response to the challenge using a personal secret, said personal secret being a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp, said response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme; iii. sending a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge; iv. analyzing said elements of the tuple and determining the tuple is a valid tuple, when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid; v. looking up in a users list stored in the authenticating system to see if the user identifier in the tuple is in said user list, and if the user identifier is in the users list, verifying if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. System for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:
-
a 2D-code reader in said mobile device for reading a 2D-code, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code; processing means in said mobile device for processing said codified challenge and computing a response to the challenge using a personal secret, the response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme;
wherein said personal secret is a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp;communication means between said mobile device and the authenticating system configured to, upon computing said response, send a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge; processing means in the authenticating system configured to analyze said elements of the tuple and determining the tuple is a valid tuple when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid the processing means are configured to; check in a users list stored in the authenticating system if the user identifier in the tuple is in said users list, and if the user identifier is in the users list the processing means are configured to; verify if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list; the authenticating system is configured to push a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is. - View Dependent Claims (9, 10, 11)
-
Specification