Method and system for authenticating a user by means of a mobile device

US 8,261,089 B2
Filed: 09/17/2009
Issued: 09/04/2012
Est. Priority Date: 09/17/2008
Status: Active Grant

First Claim

Patent Images

1. Method for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:

i. reading a 2D-code displayed to the client computer by means of a 2D-code reader provided in said mobile device, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code;

ii. processing said codified challenge and computing a response to the challenge using a personal secret, said personal secret being a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp, said response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme;

iii. sending a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge;

iv. analyzing said elements of the tuple and determining the tuple is a valid tuple, when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid;

v. looking up in a users list stored in the authenticating system to see if the user identifier in the tuple is in said user list, and if the user identifier is in the users list, verifying if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is provided a method for authenticating a mobile device user against an authenticating system connected to a client computer accessible to said user. The authenticating system uses a communication channel to send to the client computer a logon screen. This logon screen contains a 2D-code embedding, a URL of the authenticating system and a challenge generated by the authenticating system. With a 2D-code reader in the user'"'"'s mobile device the URL and the challenge are decoded. The user then inputs a password and a response to the challenge is computed. The response is sent together with the user ID to the authenticating system. The authenticating system is able to ascertain that the response to the challenge necessarily comes from the user thereby verifying his identity. Once the user is authenticated, the authenticating system pushes to the client computer (identified by the challenge) a welcome screen.

67 Citations

View as Search Results

11 Claims

1. Method for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:
- i. reading a 2D-code displayed to the client computer by means of a 2D-code reader provided in said mobile device, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code;
  
  ii. processing said codified challenge and computing a response to the challenge using a personal secret, said personal secret being a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp, said response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme;
  
  iii. sending a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge;
  
  iv. analyzing said elements of the tuple and determining the tuple is a valid tuple, when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid;
  
  v. looking up in a users list stored in the authenticating system to see if the user identifier in the tuple is in said user list, and if the user identifier is in the users list, verifying if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. Method according to claim 1, wherein said personal secret is stored in the mobile device and accessed upon entering a password.
  - 3. Method according to claim 1, wherein the step of processing said codified challenge and computing a response comprises:
    - requesting the user of the mobile device to enter a password in order to access a personal secret stored in the mobile device;
      
      upon entering said password, retrieving said personal secret;
      
      computing a response to the challenge embedded in the 2D-code using said personal secret.
  - 4. Method according to claim 1, wherein said personal secret is provided by a trusted server, which computes said personal secret using a master secret and said user identifier and said time stamp.
  - 5. Method according to claim 1, wherein the step of analyzing the elements of the tuple is carried out by the authenticating system and performed using public cryptographic primitives.
  - 6. Method according to claim 1, wherein said 2D-code reader is a camera.
  - 7. Method according to claim 1, wherein said 2D-code is any graphical representation of data following a predetermined shape, and which can be read and decoded with a 2D-code reader.

8. System for authenticating a user of a mobile device against a remote authenticating system which is connected to at least a client computer accessible to said user, which comprises:
- a 2D-code reader in said mobile device for reading a 2D-code, wherein at least a URL address of the authenticating system and a codified challenge generated by authenticating system are embedded in said 2D-code;
  
  processing means in said mobile device for processing said codified challenge and computing a response to the challenge using a personal secret, the response to the challenge is computed using a digital signature algorithm according to an Identity Based Encryption scheme;
  
  wherein said personal secret is a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp;
  
  communication means between said mobile device and the authenticating system configured to, upon computing said response, send a message to the authenticating system, said message including a tuple whose elements are at least said user identifier, said challenge and said response to the challenge;
  
  processing means in the authenticating system configured to analyze said elements of the tuple and determining the tuple is a valid tuple when the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid the processing means are configured to;
  
  check in a users list stored in the authenticating system if the user identifier in the tuple is in said users list, and if the user identifier is in the users list the processing means are configured to;
  
  verify if the challenge in the tuple is in a session list stored in the authenticating system, and if the challenge is in the session list;
  
  the authenticating system is configured to push a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.
- View Dependent Claims (9, 10, 11)
- - 9. System according to claim 8, wherein said personal secret is stored in the mobile device and accessed upon entering a password.
  - 10. System according to claim 8, wherein said personal secret is provided by a trusted server, which is configured to compute said personal secret using a master secret and said user identifier and said time stamp.
  - 11. System according to claim 8, wherein said 2D-code reader is a camera.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gmv Soluciones Globales Internet SA
Original Assignee
Gmv Soluciones Globales Internet SA
Inventors
Celis De La Hoz, Pedro, Leon Cobos, Juan Jesus
Primary Examiner(s)
Dinh, Minh

Application Number

US12/562,111
Publication Number

US 20100070759A1
Time in Patent Office

1,083 Days
Field of Search

None
US Class Current

713/185
CPC Class Codes

G06F 21/43   wireless channels

G06Q 20/3276   using a pictured code, e.g....

G06Q 20/4097   using mutual authentication...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04W 12/77   Graphical identity

Method and system for authenticating a user by means of a mobile device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating a user by means of a mobile device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links