Authentication method
First Claim
Patent Images
1. An authentication method comprising:
- requesting a user of a personal mobile terminal to enter a personal code into the personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request including transaction data of an action that requires user authentication;
displaying the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and
processing an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met including that the personal code is correct, producing a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action;
whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.
1 Assignment
0 Petitions
Accused Products
Abstract
There is disclosed an authentication method comprising requesting a user of a personal mobile terminal to enter a personal code into a personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request being related to an action that requires user authentication, and processing an entered personal code together with challenge data corresponding to the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met, producing a valid and signed authentication code that the user can provide in order to authenticate the action.
-
Citations
37 Claims
-
1. An authentication method comprising:
-
requesting a user of a personal mobile terminal to enter a personal code into the personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request including transaction data of an action that requires user authentication; displaying the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and processing an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met including that the personal code is correct, producing a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action; whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program stored on a web server for downloading to a mobile terminal, that, when executed by a personal mobile terminal, enables the personal mobile terminal to:
-
request a user of the mobile terminal to enter a personal code following receipt of an authentication request transmitted to the mobile terminal, the authentication request including transaction data of an action that requires user authentication; display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; process an entered personal code together with challenge data derived from the transaction data contained in the authentication request; and produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if one or more predetermined conditions are met, including that the personal code is correct; whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A personal mobile terminal comprising:
-
a request handler arranged to request a user of the mobile terminal to enter a personal code following receipt of an authentication request transmitted to the mobile terminal, the authentication request including transaction data of an action that requires user authentication; a data display engine arranged to display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and a data crypto engine arranged to process an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met, including that the personal code is correct, and produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if the one or more predetermined conditions are met; whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code. - View Dependent Claims (32, 33)
-
-
34. A system for authenticating actions comprising:
-
an action authentication server; and one or more personal mobile terminals belonging to respective ones of one or more users of the system, the action authentication server being configured to transmit an authentication request to a personal mobile terminal of a user in response to initiation of an action requiring authentication by a user, the authentication request including transaction data of the action; each users'"'"' personal mobile terminal being configured to; request the user of the personal mobile terminal to enter a personal code following receipt of the authentication request; display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; process an entered personal code together with challenge data derived from the transaction data contained in the authentication request corresponding to the authentication request; and produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if one or more predetermined conditions are met, including that the personal code is correct; whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code. - View Dependent Claims (35, 36, 37)
-
Specification