Secured authentication method for providing services on a data transmisson Network
First Claim
Patent Images
1. A method of accessing a service, via a data transmission network, using a user terminal (30) connected to said network, comprising:
- a step of the user connecting the user terminal (30) to an access network (AN), the access network, via a gateway (GW), being connected to the data transmission network, a management server being located on the data transmission network, wherein the access network is one of i) a local wireless network, ii) a public network, iii) a private network, iv) a public switched one network, and v) a private switched telephone network;
a step of the user subscribing to the service, including the management server generating a secure information container (TOKEN) associated with the user, the secure information container including i) a first encrypted set of authentication data (X0, X1, X2, X3) for accessing the service, and ii) a second encrypted set of data identifying the user (SID/PN) and defining access rights of the user to said service (RBF, UBF, TBF), said information container itself being encrypted prior to secure transmission so that the secure information container is an encrypted digital value of the first encrypted set of authentication data and the second encrypted set of data,said subscribing step further includes an act of payment (a) by the user to a payment server (20), andin return (b) to the payment (a), the user obtaining an activation for the subscribed service, the activation including a one-time use password (OTP) and a secret key, the user terminal transmitting the one time password and the secret key to the management server in order to receive the information container from the management server, the secret key being used by the management server to encrypt the information container, andthe information container comprisingi) the first set authentication data for accessing the service (X0, X1, X2, X3) constituting proof that the user'"'"'s access to the service is authorized, a value and a provenance of the authentication data being authentifiable and verifiable by the management server, the authentication data comprises a field representative of the management server producing the container, and electronic coins comprising bit strings having validity that can be verified, the electronic coins being represented by hash function collisions, andii) the second set data comprising at least one of a subscriber identification number and a telephone number of the user;
a step of the management server transmitting the secure information container, over the data transmission network, to the user terminal (d);
a step of the user terminal receiving the transmitted secure information container and storing the secure information container in the user terminal;
a step of accessing the subscribed service by sending a service access request from the user terminal to the management server (e), the service access request comprising the secure information container;
a step of receiving said service access request by the management server and the management server decrypting the secure information container using the secret key, then decrypting the first and second sets of data (f);
a step of the management server verifying validity of the decrypted first set of data (g); and
when said validity verification step is successful, a step of the management server authorizing access by the user to the service based on said defined access rights contained in the second set of data,wherein the service refers to any exchange of information, via a digital data transmission network or via a telecommunication data transmission network, between i) the user and another user, or ii) between the user and a service provider,wherein, with the method providing a secured authentication, the method accesses services requiring a secure exchange of information including any of i) a telephony over IP service, ii) a videotelephony service, iii) a service for downloading digital files, and iv) a payment service.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for accessing a service on a network, via a user terminal (30), includes a subscription phase wherein:
- a container is generated, including a first set of authentication data for accessing the service and a second set of useful data relating to access rights to the service the first and second sets of data being encrypted,
- the container is transmitted securely from the user terminal,
- and an access phase wherein:
- the container is transmitted securely from the terminal to a management server connected to the network, during a request for access,
- after decryption of the constituent data of the container, the server verifies the validity of the first set of data and, in the event that verification is successful, authorizes access to the service for its execution, based on the access rights.
48 Citations
13 Claims
-
1. A method of accessing a service, via a data transmission network, using a user terminal (30) connected to said network, comprising:
-
a step of the user connecting the user terminal (30) to an access network (AN), the access network, via a gateway (GW), being connected to the data transmission network, a management server being located on the data transmission network, wherein the access network is one of i) a local wireless network, ii) a public network, iii) a private network, iv) a public switched one network, and v) a private switched telephone network; a step of the user subscribing to the service, including the management server generating a secure information container (TOKEN) associated with the user, the secure information container including i) a first encrypted set of authentication data (X0, X1, X2, X3) for accessing the service, and ii) a second encrypted set of data identifying the user (SID/PN) and defining access rights of the user to said service (RBF, UBF, TBF), said information container itself being encrypted prior to secure transmission so that the secure information container is an encrypted digital value of the first encrypted set of authentication data and the second encrypted set of data, said subscribing step further includes an act of payment (a) by the user to a payment server (20), and in return (b) to the payment (a), the user obtaining an activation for the subscribed service, the activation including a one-time use password (OTP) and a secret key, the user terminal transmitting the one time password and the secret key to the management server in order to receive the information container from the management server, the secret key being used by the management server to encrypt the information container, and the information container comprising i) the first set authentication data for accessing the service (X0, X1, X2, X3) constituting proof that the user'"'"'s access to the service is authorized, a value and a provenance of the authentication data being authentifiable and verifiable by the management server, the authentication data comprises a field representative of the management server producing the container, and electronic coins comprising bit strings having validity that can be verified, the electronic coins being represented by hash function collisions, and ii) the second set data comprising at least one of a subscriber identification number and a telephone number of the user; a step of the management server transmitting the secure information container, over the data transmission network, to the user terminal (d); a step of the user terminal receiving the transmitted secure information container and storing the secure information container in the user terminal; a step of accessing the subscribed service by sending a service access request from the user terminal to the management server (e), the service access request comprising the secure information container; a step of receiving said service access request by the management server and the management server decrypting the secure information container using the secret key, then decrypting the first and second sets of data (f); a step of the management server verifying validity of the decrypted first set of data (g); and when said validity verification step is successful, a step of the management server authorizing access by the user to the service based on said defined access rights contained in the second set of data, wherein the service refers to any exchange of information, via a digital data transmission network or via a telecommunication data transmission network, between i) the user and another user, or ii) between the user and a service provider, wherein, with the method providing a secured authentication, the method accesses services requiring a secure exchange of information including any of i) a telephony over IP service, ii) a videotelephony service, iii) a service for downloading digital files, and iv) a payment service. - View Dependent Claims (2)
-
-
3. A method of accessing a service, via a data transmission network, using a user terminal connected to said network, comprising:
-
a step of the user connecting the user terminal to an access network, the access network, via a gateway, being connected to the data transmission network, a management server being located on the data transmission network; a step of the user subscribing to the service, including the management server generating a secure information container associated with the user, the secure information container including i) a first encrypted set of authentication data for accessing the service, and ii) a second encrypted set of data identifying the user and defining access rights of the user to said service, said information container itself being encrypted prior to secure transmission so that the secure information container is an encrypted digital value of the first encrypted set of authentication data and the second encrypted set of data, the information container comprises i) the first set authentication data for accessing the service constituting proof that the user'"'"'s access to the service is authorized, a value and a provenance of the authentication data being authentifiable and verifiable by the management server, the authentication data comprises a field representative of the management server producing the container, and ii) the second set data comprising at least a subscriber identification number; a step of the management server transmitting the secure information container, over the data transmission network, to the user terminal; a step of the user terminal receiving the transmitted secure information container and storing the secure information container in the user terminal; a step of accessing the subscribed service by sending a service access request from the user terminal to the management server, the service access request comprising the secure information container; a step of receiving said service access request by the management server and the management server decrypting the first and second sets of data; a step of the management server verifying validity of the decrypted first set of data; and when said validity verification step is successful, a step of the management server authorizing access by the user to the service based on said defined access rights contained in the second set of data, wherein the service refers to any exchange of information requiring strong authentication and a high level of security, via the data transmission network, i) between the user and another user, or ii) between the user and a service provider. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeJean-Luc Leleu
-
Original AssigneeJean-Luc Leleu
-
InventorsLeleu, Jean-luc
-
Primary Examiner(s)Kramer, James
-
Assistant Examiner(s)MCINTYRE, CHARLES AARON
-
Application NumberUS11/659,836Publication NumberTime in Patent Office2,727 DaysField of Search705/64, 705/59US Class Current705/59CPC Class CodesG06Q 20/1235 with control of digital rig...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/346 Cards serving only as infor...G06Q 20/351 Virtual cardsG06Q 20/355 Personalisation of cards fo...G06Q 20/385 using an alias or single-us...G07F 17/0014 for vending, access and use...G07F 7/1008 Active credit-cards provide...H04L 2209/56 Financial cryptography, e.g...H04L 2209/76 Proxy, i.e. using intermedi...H04L 2209/80 Wireless network architectu...H04L 63/0823 using certificates cryptogr...H04L 9/32 including means for verifyi...H04L 9/3228 One-time or temporary data,...H04L 9/3234 involving additional secure...
